def edit_advanced(self, user_id):
user_id = safe_int(user_id)
user = c.user = User.get_or_404(user_id)
if user.username == User.DEFAULT_USER:
h.flash(_("You can't edit this user"), category='warning')
return redirect(url('users'))
c.active = 'advanced'
c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
c.personal_repo_group = RepoGroup.get_by_group_name(user.username)
c.first_admin = User.get_first_super_admin()
defaults = user.get_dict()
# Interim workaround if the user participated on any pull requests as a
# reviewer.
has_review = bool(PullRequestReviewers.query().filter(
PullRequestReviewers.user_id == user_id).first())
c.can_delete_user = not has_review
c.can_delete_user_message = _(
'The user participates as reviewer in pull requests and '
'cannot be deleted. You can set the user to '
'"inactive" instead of deleting it.') if has_review else ''
return htmlfill.render(render('admin/users/user_edit.html'),
defaults=defaults,
encoding="UTF-8",
force_defaults=False)
def __load_data(self, group_id):
"""
Load defaults settings for edit, and update
:param group_id:
"""
repo_group = RepoGroup.get_or_404(group_id)
data = repo_group.get_dict()
data['group_name'] = repo_group.name
# fill owner
if repo_group.user:
data.update({'user': repo_group.user.username})
else:
replacement_user = User.get_first_super_admin().username
data.update({'user': replacement_user})
# fill repository group users
for p in repo_group.repo_group_to_perm:
data.update(
{'u_perm_%s' % p.user.user_id: p.permission.permission_name})
# fill repository group user groups
for p in repo_group.users_group_to_perm:
data.update({
'g_perm_%s' % p.users_group.users_group_id:
p.permission.permission_name
})
# html and form expects -1 as empty parent group
data['group_parent_id'] = data['group_parent_id'] or -1
return data
def enforce_groups(self, user, groups, extern_type=None):
user = self._get_user(user)
log.debug('Enforcing groups %s on user %s', groups, user)
current_groups = user.group_member
# find the external created groups
externals = [
x.users_group for x in current_groups
if 'extern_type' in x.users_group.group_data
]
# calculate from what groups user should be removed
# externals that are not in groups
for gr in externals:
if gr.users_group_name not in groups:
log.debug('Removing user %s from user group %s', user, gr)
self.remove_user_from_group(gr, user)
# now we calculate in which groups user should be == groups params
owner = User.get_first_super_admin().username
for gr in set(groups):
existing_group = UserGroup.get_by_group_name(gr)
if not existing_group:
desc = 'Automatically created from plugin:%s' % extern_type
# we use first admin account to set the owner of the group
existing_group = UserGroupModel().create(
gr, desc, owner, group_data={'extern_type': extern_type})
# we can only add users to special groups created via plugins
managed = 'extern_type' in existing_group.group_data
if managed:
log.debug('Adding user %s to user group %s', user, gr)
UserGroupModel().add_user_to_group(existing_group, user)
else:
log.debug('Skipping addition to group %s since it is '
'not managed by auth plugins' % gr)
def test_rss_with_auth_token(self, backend):
auth_token = User.get_first_super_admin().feed_token
assert auth_token != ''
response = self.app.get(
url(controller='feed',
action='rss',
repo_name=backend.repo_name,
auth_token=auth_token))
assert response.content_type == "application/rss+xml"
assert """<rss version="2.0">""" in response
def __load_defaults(self, user_group_id):
"""
Load defaults settings for edit, and update
:param user_group_id:
"""
user_group = UserGroup.get_or_404(user_group_id)
data = user_group.get_dict()
# fill owner
if user_group.user:
data.update({'user': user_group.user.username})
else:
replacement_user = User.get_first_super_admin().username
data.update({'user': replacement_user})
return data
def test_access_not_whitelisted_page_via_auth_token(
self, test_name, auth_token):
whitelist = self._get_api_whitelist([])
with mock.patch.dict('rhodecode.CONFIG', whitelist):
assert [] == whitelist['api_access_controllers_whitelist']
if test_name == 'proper_auth_token':
# use builtin if api_key is None
auth_token = User.get_first_super_admin().api_key
with fixture.anon_access(False):
self.app.get(url(controller='changeset',
action='changeset_raw',
repo_name=HG_REPO,
revision='tip',
api_key=auth_token),
status=302)
def map_groups(path):
"""
Given a full path to a repository, create all nested groups that this
repo is inside. This function creates parent-child relationships between
groups and creates default perms for all new groups.
:param paths: full path to repository
"""
from rhodecode.model.repo_group import RepoGroupModel
sa = meta.Session()
groups = path.split(Repository.NAME_SEP)
parent = None
group = None
# last element is repo in nested groups structure
groups = groups[:-1]
rgm = RepoGroupModel(sa)
owner = User.get_first_super_admin()
for lvl, group_name in enumerate(groups):
group_name = '/'.join(groups[:lvl] + [group_name])
group = RepoGroup.get_by_group_name(group_name)
desc = '%s group' % group_name
# skip folders that are now removed repos
if REMOVED_REPO_PAT.match(group_name):
break
if group is None:
log.debug('creating group level: %s group_name: %s', lvl,
group_name)
group = RepoGroup(group_name, parent)
group.group_description = desc
group.user = owner
sa.add(group)
perm_obj = rgm._create_default_perms(group)
sa.add(perm_obj)
sa.flush()
parent = group
return group
def _get_defaults(self, repo_name):
"""
Gets information about repository, and returns a dict for
usage in forms
:param repo_name:
"""
repo_info = Repository.get_by_repo_name(repo_name)
if repo_info is None:
return None
defaults = repo_info.get_dict()
defaults['repo_name'] = repo_info.just_name
groups = repo_info.groups_with_parents
parent_group = groups[-1] if groups else None
# we use -1 as this is how in HTML, we mark an empty group
defaults['repo_group'] = getattr(parent_group, 'group_id', -1)
keys_to_process = ({
'k': 'repo_type',
'strip': False
}, {
'k': 'repo_enable_downloads',
'strip': True
}, {
'k': 'repo_description',
'strip': True
}, {
'k': 'repo_enable_locking',
'strip': True
}, {
'k': 'repo_landing_rev',
'strip': True
}, {
'k': 'clone_uri',
'strip': False
}, {
'k': 'repo_private',
'strip': True
}, {
'k': 'repo_enable_statistics',
'strip': True
})
for item in keys_to_process:
attr = item['k']
if item['strip']:
attr = remove_prefix(item['k'], 'repo_')
val = defaults[attr]
if item['k'] == 'repo_landing_rev':
val = ':'.join(defaults[attr])
defaults[item['k']] = val
if item['k'] == 'clone_uri':
defaults['clone_uri_hidden'] = repo_info.clone_uri_hidden
# fill owner
if repo_info.user:
defaults.update({'user': repo_info.user.username})
else:
replacement_user = User.get_first_super_admin().username
defaults.update({'user': replacement_user})
# fill repository users
for p in repo_info.repo_to_perm:
defaults.update(
{'u_perm_%s' % p.user.user_id: p.permission.permission_name})
# fill repository groups
for p in repo_info.users_group_to_perm:
defaults.update({
'g_perm_%s' % p.users_group.users_group_id:
p.permission.permission_name
})
return defaults
def repo2db_mapper(initial_repo_list, remove_obsolete=False):
"""
maps all repos given in initial_repo_list, non existing repositories
are created, if remove_obsolete is True it also checks for db entries
that are not in initial_repo_list and removes them.
:param initial_repo_list: list of repositories found by scanning methods
:param remove_obsolete: check for obsolete entries in database
"""
from rhodecode.model.repo import RepoModel
from rhodecode.model.scm import ScmModel
from rhodecode.model.repo_group import RepoGroupModel
from rhodecode.model.settings import SettingsModel
sa = meta.Session()
repo_model = RepoModel()
user = User.get_first_super_admin()
added = []
# creation defaults
defs = SettingsModel().get_default_repo_settings(strip_prefix=True)
enable_statistics = defs.get('repo_enable_statistics')
enable_locking = defs.get('repo_enable_locking')
enable_downloads = defs.get('repo_enable_downloads')
private = defs.get('repo_private')
for name, repo in initial_repo_list.items():
group = map_groups(name)
unicode_name = safe_unicode(name)
db_repo = repo_model.get_by_repo_name(unicode_name)
# found repo that is on filesystem not in RhodeCode database
if not db_repo:
log.info('repository %s not found, creating now', name)
added.append(name)
desc = (repo.description if repo.description != 'unknown' else
'%s repository' % name)
db_repo = repo_model._create_repo(
repo_name=name,
repo_type=repo.alias,
description=desc,
repo_group=getattr(group, 'group_id', None),
owner=user,
enable_locking=enable_locking,
enable_downloads=enable_downloads,
enable_statistics=enable_statistics,
private=private,
state=Repository.STATE_CREATED)
sa.commit()
# we added that repo just now, and make sure we updated server info
if db_repo.repo_type == 'git':
git_repo = db_repo.scm_instance()
# update repository server-info
log.debug('Running update server info')
git_repo._update_server_info()
db_repo.update_commit_cache()
config = db_repo._config
config.set('extensions', 'largefiles', '')
ScmModel().install_hooks(db_repo.scm_instance(config=config),
repo_type=db_repo.repo_type)
removed = []
if remove_obsolete:
# remove from database those repositories that are not in the filesystem
for repo in sa.query(Repository).all():
if repo.repo_name not in initial_repo_list.keys():
log.debug("Removing non-existing repository found in db `%s`",
repo.repo_name)
try:
RepoModel(sa).delete(repo, forks='detach', fs_remove=False)
sa.commit()
removed.append(repo.repo_name)
except Exception:
# don't hold further removals on error
log.error(traceback.format_exc())
sa.rollback()
def splitter(full_repo_name):
_parts = full_repo_name.rsplit(RepoGroup.url_sep(), 1)
gr_name = None
if len(_parts) == 2:
gr_name = _parts[0]
return gr_name
initial_repo_group_list = [
splitter(x) for x in initial_repo_list.keys() if splitter(x)
]
# remove from database those repository groups that are not in the
# filesystem due to parent child relationships we need to delete them
# in a specific order of most nested first
all_groups = [x.group_name for x in sa.query(RepoGroup).all()]
nested_sort = lambda gr: len(gr.split('/'))
for group_name in sorted(all_groups, key=nested_sort, reverse=True):
if group_name not in initial_repo_group_list:
repo_group = RepoGroup.get_by_group_name(group_name)
if (repo_group.children.all()
or not RepoGroupModel().check_exist_filesystem(
group_name=group_name, exc_on_failure=False)):
continue
log.info(
'Removing non-existing repository group found in db `%s`',
group_name)
try:
RepoGroupModel(sa).delete(group_name, fs_remove=False)
sa.commit()
removed.append(group_name)
except Exception:
# don't hold further removals on error
log.exception('Unable to remove repository group `%s`',
group_name)
sa.rollback()
raise
return added, removed