def delete_user(request, apiuser, userid):
"""
Deletes the specified user from the |RCE| user database.
This command can only be run using an |authtoken| with admin rights to
the specified repository.
.. important::
Ensure all open pull requests and open code review
requests to this user are close.
Also ensure all repositories, or repository groups owned by this
user are reassigned before deletion.
This command takes the following options:
:param apiuser: This is filled automatically from the |authtoken|.
:type apiuser: AuthUser
:param userid: Set the user to delete.
:type userid: str or int
Example output:
.. code-block:: bash
id : <id_given_in_input>
result: {
"msg" : "deleted user ID:<userid> <username>",
"user": null
}
error: null
Example error output:
.. code-block:: bash
id : <id_given_in_input>
result : null
error : {
"failed to delete user ID:<userid> <username>"
}
"""
if not has_superadmin_permission(apiuser):
raise JSONRPCForbidden()
user = get_user_or_error(userid)
try:
UserModel().delete(userid)
Session().commit()
return {
'msg': 'deleted user ID:%s %s' % (user.user_id, user.username),
'user': None
}
except Exception:
log.exception("Error occurred during deleting of user")
raise JSONRPCError('failed to delete user ID:%s %s' %
(user.user_id, user.username))
def get_users(request, apiuser):
"""
Lists all users in the |RCE| user database.
This command can only be run using an |authtoken| with admin rights to
the specified repository.
This command takes the following options:
:param apiuser: This is filled automatically from the |authtoken|.
:type apiuser: AuthUser
Example output:
.. code-block:: bash
id : <id_given_in_input>
result: [<user_object>, ...]
error: null
"""
if not has_superadmin_permission(apiuser):
raise JSONRPCForbidden()
result = []
users_list = User.query().order_by(User.username) \
.filter(User.username != User.DEFAULT_USER) \
.all()
for user in users_list:
result.append(user.get_api_data(include_secrets=True))
return result
def get_server_info(request, apiuser):
"""
Returns the |RCE| server information.
This includes the running version of |RCE| and all installed
packages. This command takes the following options:
:param apiuser: This is filled automatically from the |authtoken|.
:type apiuser: AuthUser
Example output:
.. code-block:: bash
id : <id_given_in_input>
result : {
'modules': [<module name>,...]
'py_version': <python version>,
'platform': <platform type>,
'rhodecode_version': <rhodecode version>
}
error : null
"""
if not has_superadmin_permission(apiuser):
raise JSONRPCForbidden()
return ScmModel().get_server_info(request.environ)
def rescan_repos(request, apiuser, remove_obsolete=Optional(False)):
"""
Triggers a rescan of the specified repositories.
* If the ``remove_obsolete`` option is set, it also deletes repositories
that are found in the database but not on the file system, so called
"clean zombies".
This command can only be run using an |authtoken| with admin rights to
the specified repository.
This command takes the following options:
:param apiuser: This is filled automatically from the |authtoken|.
:type apiuser: AuthUser
:param remove_obsolete: Deletes repositories from the database that
are not found on the filesystem.
:type remove_obsolete: Optional(``True`` | ``False``)
Example output:
.. code-block:: bash
id : <id_given_in_input>
result : {
'added': [<added repository name>,...]
'removed': [<removed repository name>,...]
}
error : null
Example error output:
.. code-block:: bash
id : <id_given_in_input>
result : null
error : {
'Error occurred during rescan repositories action'
}
"""
if not has_superadmin_permission(apiuser):
raise JSONRPCForbidden()
try:
rm_obsolete = Optional.extract(remove_obsolete)
added, removed = repo2db_mapper(ScmModel().repo_scan(),
remove_obsolete=rm_obsolete)
return {'added': added, 'removed': removed}
except Exception:
log.exception('Failed to run repo rescann')
raise JSONRPCError(
'Error occurred during rescan repositories action'
)
def get_ip(request, apiuser, userid=Optional(OAttr('apiuser'))):
"""
Displays the IP Address as seen from the |RCE| server.
* This command displays the IP Address, as well as all the defined IP
addresses for the specified user. If the ``userid`` is not set, the
data returned is for the user calling the method.
This command can only be run using an |authtoken| with admin rights to
the specified repository.
This command takes the following options:
:param apiuser: This is filled automatically from |authtoken|.
:type apiuser: AuthUser
:param userid: Sets the userid for which associated IP Address data
is returned.
:type userid: Optional(str or int)
Example output:
.. code-block:: bash
id : <id_given_in_input>
result : {
"server_ip_addr": "<ip_from_clien>",
"user_ips": [
{
"ip_addr": "<ip_with_mask>",
"ip_range": ["<start_ip>", "<end_ip>"],
},
...
]
}
"""
if not has_superadmin_permission(apiuser):
raise JSONRPCForbidden()
userid = Optional.extract(userid, evaluate_locals=locals())
userid = getattr(userid, 'user_id', userid)
user = get_user_or_error(userid)
ips = UserIpMap.query().filter(UserIpMap.user == user).all()
return {
'server_ip_addr': request.rpc_ip_addr,
'user_ips': ips
}
def test_forbidden_method(request, apiuser):
raise JSONRPCForbidden()
def create_user_group(
request, apiuser, group_name, description=Optional(''),
owner=Optional(OAttr('apiuser')), active=Optional(True)):
"""
Creates a new user group.
This command can only be run using an |authtoken| with admin rights to
the specified repository.
This command takes the following options:
:param apiuser: This is filled automatically from the |authtoken|.
:type apiuser: AuthUser
:param group_name: Set the name of the new user group.
:type group_name: str
:param description: Give a description of the new user group.
:type description: str
:param owner: Set the owner of the new user group.
If not set, the owner is the |authtoken| user.
:type owner: Optional(str or int)
:param active: Set this group as active.
:type active: Optional(``True`` | ``False``)
Example output:
.. code-block:: bash
id : <id_given_in_input>
result: {
"msg": "created new user group `<groupname>`",
"user_group": <user_group_object>
}
error: null
Example error output:
.. code-block:: bash
id : <id_given_in_input>
result : null
error : {
"user group `<group name>` already exist"
or
"failed to create group `<group name>`"
}
"""
if not has_superadmin_permission(apiuser):
if not HasPermissionAnyApi('hg.usergroup.create.true')(user=apiuser):
raise JSONRPCForbidden()
if UserGroupModel().get_by_name(group_name):
raise JSONRPCError("user group `%s` already exist" % (group_name,))
try:
if isinstance(owner, Optional):
owner = apiuser.user_id
owner = get_user_or_error(owner)
active = Optional.extract(active)
description = Optional.extract(description)
ug = UserGroupModel().create(
name=group_name, description=description, owner=owner,
active=active)
Session().commit()
return {
'msg': 'created new user group `%s`' % group_name,
'user_group': ug.get_api_data()
}
except Exception:
log.exception("Error occurred during creation of user group")
raise JSONRPCError('failed to create group `%s`' % (group_name,))
def update_user(
request,
apiuser,
userid,
username=Optional(None),
email=Optional(None),
password=Optional(None),
firstname=Optional(None),
lastname=Optional(None),
active=Optional(None),
admin=Optional(None),
extern_type=Optional(None),
extern_name=Optional(None),
):
"""
Updates the details for the specified user, if that user exists.
This command can only be run using an |authtoken| with admin rights to
the specified repository.
This command takes the following options:
:param apiuser: This is filled automatically from |authtoken|.
:type apiuser: AuthUser
:param userid: Set the ``userid`` to update.
:type userid: str or int
:param username: Set the new username.
:type username: str or int
:param email: Set the new email.
:type email: str
:param password: Set the new password.
:type password: Optional(str)
:param firstname: Set the new first name.
:type firstname: Optional(str)
:param lastname: Set the new surname.
:type lastname: Optional(str)
:param active: Set the new user as active.
:type active: Optional(``True`` | ``False``)
:param admin: Give the user admin rights.
:type admin: Optional(``True`` | ``False``)
:param extern_name: Set the authentication plugin user name.
Using LDAP this is filled with LDAP UID.
:type extern_name: Optional(str)
:param extern_type: Set the authentication plugin type.
:type extern_type: Optional(str)
Example output:
.. code-block:: bash
id : <id_given_in_input>
result: {
"msg" : "updated user ID:<userid> <username>",
"user": <user_object>,
}
error: null
Example error output:
.. code-block:: bash
id : <id_given_in_input>
result : null
error : {
"failed to update user `<username>`"
}
"""
if not has_superadmin_permission(apiuser):
raise JSONRPCForbidden()
user = get_user_or_error(userid)
# only non optional arguments will be stored in updates
updates = {}
try:
store_update(updates, username, 'username')
store_update(updates, password, 'password')
store_update(updates, email, 'email')
store_update(updates, firstname, 'name')
store_update(updates, lastname, 'lastname')
store_update(updates, active, 'active')
store_update(updates, admin, 'admin')
store_update(updates, extern_name, 'extern_name')
store_update(updates, extern_type, 'extern_type')
user = UserModel().update_user(user, **updates)
Session().commit()
return {
'msg': 'updated user ID:%s %s' % (user.user_id, user.username),
'user': user.get_api_data(include_secrets=True)
}
except DefaultUserException:
log.exception("Default user edit exception")
raise JSONRPCError('editing default user is forbidden')
except Exception:
log.exception("Error occurred during update of user")
raise JSONRPCError('failed to update user `%s`' % (userid, ))
def create_user(request,
apiuser,
username,
email,
password=Optional(''),
firstname=Optional(''),
lastname=Optional(''),
active=Optional(True),
admin=Optional(False),
extern_name=Optional('rhodecode'),
extern_type=Optional('rhodecode'),
force_password_change=Optional(False)):
"""
Creates a new user and returns the new user object.
This command can only be run using an |authtoken| with admin rights to
the specified repository.
This command takes the following options:
:param apiuser: This is filled automatically from the |authtoken|.
:type apiuser: AuthUser
:param username: Set the new username.
:type username: str or int
:param email: Set the user email address.
:type email: str
:param password: Set the new user password.
:type password: Optional(str)
:param firstname: Set the new user firstname.
:type firstname: Optional(str)
:param lastname: Set the new user surname.
:type lastname: Optional(str)
:param active: Set the user as active.
:type active: Optional(``True`` | ``False``)
:param admin: Give the new user admin rights.
:type admin: Optional(``True`` | ``False``)
:param extern_name: Set the authentication plugin name.
Using LDAP this is filled with LDAP UID.
:type extern_name: Optional(str)
:param extern_type: Set the new user authentication plugin.
:type extern_type: Optional(str)
:param force_password_change: Force the new user to change password
on next login.
:type force_password_change: Optional(``True`` | ``False``)
Example output:
.. code-block:: bash
id : <id_given_in_input>
result: {
"msg" : "created new user `<username>`",
"user": <user_obj>
}
error: null
Example error output:
.. code-block:: bash
id : <id_given_in_input>
result : null
error : {
"user `<username>` already exist"
or
"email `<email>` already exist"
or
"failed to create user `<username>`"
}
"""
if not has_superadmin_permission(apiuser):
raise JSONRPCForbidden()
if UserModel().get_by_username(username):
raise JSONRPCError("user `%s` already exist" % (username, ))
if UserModel().get_by_email(email, case_insensitive=True):
raise JSONRPCError("email `%s` already exist" % (email, ))
# generate random password if we actually given the
# extern_name and it's not rhodecode
if (not isinstance(extern_name, Optional)
and Optional.extract(extern_name) != 'rhodecode'):
# generate temporary password if user is external
password = PasswordGenerator().gen_password(length=16)
try:
user = UserModel().create_or_update(
username=Optional.extract(username),
password=Optional.extract(password),
email=Optional.extract(email),
firstname=Optional.extract(firstname),
lastname=Optional.extract(lastname),
active=Optional.extract(active),
admin=Optional.extract(admin),
extern_type=Optional.extract(extern_type),
extern_name=Optional.extract(extern_name),
force_password_change=Optional.extract(force_password_change),
)
Session().commit()
return {
'msg': 'created new user `%s`' % username,
'user': user.get_api_data(include_secrets=True)
}
except Exception:
log.exception('Error occurred during creation of user')
raise JSONRPCError('failed to create user `%s`' % (username, ))
def create_repo_group(request, apiuser, group_name, description=Optional(''),
owner=Optional(OAttr('apiuser')),
copy_permissions=Optional(False)):
"""
Creates a repository group.
* If the repository group name contains "/", all the required repository
groups will be created.
For example "foo/bar/baz" will create |repo| groups "foo" and "bar"
(with "foo" as parent). It will also create the "baz" repository
with "bar" as |repo| group.
This command can only be run using an |authtoken| with admin
permissions.
:param apiuser: This is filled automatically from the |authtoken|.
:type apiuser: AuthUser
:param group_name: Set the repository group name.
:type group_name: str
:param description: Set the |repo| group description.
:type description: str
:param owner: Set the |repo| group owner.
:type owner: str
:param copy_permissions:
:type copy_permissions:
Example output:
.. code-block:: bash
id : <id_given_in_input>
result : {
"msg": "Created new repo group `<repo_group_name>`"
"repo_group": <repogroup_object>
}
error : null
Example error output:
.. code-block:: bash
id : <id_given_in_input>
result : null
error : {
failed to create repo group `<repogroupid>`
}
"""
schema = RepoGroupSchema()
try:
data = schema.deserialize({
'group_name': group_name
})
except colander.Invalid as e:
raise JSONRPCError("Validation failed: %s" % (e.asdict(),))
group_name = data['group_name']
if isinstance(owner, Optional):
owner = apiuser.user_id
group_description = Optional.extract(description)
copy_permissions = Optional.extract(copy_permissions)
# get by full name with parents, check if it already exist
if RepoGroup.get_by_group_name(group_name):
raise JSONRPCError("repo group `%s` already exist" % (group_name,))
(group_name_cleaned,
parent_group_name) = RepoGroupModel()._get_group_name_and_parent(
group_name)
parent_group = None
if parent_group_name:
parent_group = get_repo_group_or_error(parent_group_name)
if not HasPermissionAnyApi(
'hg.admin', 'hg.repogroup.create.true')(user=apiuser):
# check if we have admin permission for this parent repo group !
# users without admin or hg.repogroup.create can only create other
# groups in groups they own so this is a required, but can be empty
parent_group = getattr(parent_group, 'group_name', '')
_perms = ('group.admin',)
if not HasRepoGroupPermissionAnyApi(*_perms)(
user=apiuser, group_name=parent_group):
raise JSONRPCForbidden()
try:
repo_group = RepoGroupModel().create(
group_name=group_name,
group_description=group_description,
owner=owner,
copy_permissions=copy_permissions)
Session().commit()
return {
'msg': 'Created new repo group `%s`' % group_name,
'repo_group': repo_group.get_api_data()
}
except Exception:
log.exception("Exception occurred while trying create repo group")
raise JSONRPCError(
'failed to create repo group `%s`' % (group_name,))