def get_users_group(self, apiuser, group_name): """" Get users group by name :param apiuser: :param group_name: """ users_group = UsersGroup.get_by_group_name(group_name) if not users_group: return None members = [] for user in users_group.members: user = user.user members.append(dict(id=user.user_id, username=user.username, firstname=user.name, lastname=user.lastname, email=user.email, active=user.active, admin=user.admin, ldap=user.ldap_dn)) return dict(id=users_group.users_group_id, name=users_group.users_group_name, active=users_group.users_group_active, members=members)
def add_user_to_users_group(self, apiuser, group_name, user_name): """" Add a user to a group :param apiuser :param group_name :param user_name """ try: users_group = UsersGroup.get_by_group_name(group_name) if not users_group: raise JSONRPCError('unknown users group %s' % group_name) try: user = User.get_by_username(user_name) except NoResultFound: raise JSONRPCError('unknown user %s' % user_name) ugm = UsersGroupModel().add_user_to_group(users_group, user) return dict(id=ugm.users_group_member_id, msg='created new users group member') except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to create users group member')
def revoke_users_group_permission(self, apiuser, repo_name, group_name): """ Revoke permission for users group on given repository :param repo_name: :param group_name: """ try: repo = Repository.get_by_repo_name(repo_name) if repo is None: raise JSONRPCError('unknown repository %s' % repo) user_group = UsersGroup.get_by_group_name(group_name) if user_group is None: raise JSONRPCError('unknown users group %s' % user_group) RepoModel().revoke_users_group_permission(repo=repo_name, group_name=group_name) Session.commit() return dict( msg='Revoked perm for group: %s in repo: %s' % ( group_name, repo_name ) ) except Exception: log.error(traceback.format_exc()) raise JSONRPCError( 'failed to edit permission %(repo)s for %(usersgr)s' % dict( usersgr=group_name, repo=repo_name ) )
def remove_user_from_users_group(self, apiuser, group_name, username): """ Remove user from a group :param apiuser :param group_name :param username """ try: users_group = UsersGroup.get_by_group_name(group_name) if not users_group: raise JSONRPCError('unknown users group %s' % group_name) user = User.get_by_username(username) if user is None: raise JSONRPCError('unknown user %s' % username) success = UsersGroupModel().remove_user_from_group(users_group, user) msg = 'removed member %s from users group %s' % (username, group_name) msg = msg if success else "User wasn't in group" Session.commit() return dict(success=success, msg=msg) except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to remove user from group')
def get_users_group(self, apiuser, group_name): """" Get users group by name :param apiuser: :param group_name: """ users_group = UsersGroup.get_by_group_name(group_name) if not users_group: return None members = [] for user in users_group.members: user = user.user members.append(dict(id=user.user_id, username=user.username, firstname=user.name, lastname=user.lastname, email=user.email, active=user.active, admin=user.admin, ldap=user.ldap_dn)) return dict(id=users_group.users_group_id, group_name=users_group.users_group_name, active=users_group.users_group_active, members=members)
def add_user_to_users_group(self, apiuser, group_name, username): """" Add a user to a users group :param apiuser: :param group_name: :param username: """ try: users_group = UsersGroup.get_by_group_name(group_name) if not users_group: raise JSONRPCError('unknown users group %s' % group_name) user = User.get_by_username(username) if user is None: raise JSONRPCError('unknown user %s' % username) ugm = UsersGroupModel().add_user_to_group(users_group, user) success = True if ugm != True else False msg = 'added member %s to users group %s' % (username, group_name) msg = msg if success else 'User is already in that group' Session.commit() return dict( id=ugm.users_group_member_id if ugm != True else None, success=success, msg=msg ) except Exception: log.error(traceback.format_exc()) raise JSONRPCError('failed to add users group member')
def test_enable_repository_read_on_group(self): self.log_user() users_group_name = TEST_USERS_GROUP + 'another2' response = self.app.post(url('users_groups'), {'users_group_name': users_group_name, 'active':True}) response.follow() ug = UsersGroup.get_by_group_name(users_group_name) self.checkSessionFlash(response, 'created users group %s' % users_group_name) response = self.app.put(url('users_group_perm', id=ug.users_group_id), {'create_repo_perm': True}) response.follow() ug = UsersGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.repository') # check if user has this perm perms = UsersGroupToPerm.query()\ .filter(UsersGroupToPerm.users_group == ug).all() perms = [[x.__dict__['users_group_id'], x.__dict__['permission_id'],] for x in perms] self.assertEqual( perms, [[ug.users_group_id, p.permission_id]] ) # DELETE ! ug = UsersGroup.get_by_group_name(users_group_name) ugid = ug.users_group_id response = self.app.delete(url('users_group', id=ug.users_group_id)) response = response.follow() gr = self.Session.query(UsersGroup)\ .filter(UsersGroup.users_group_name == users_group_name).scalar() self.assertEqual(gr, None) p = Permission.get_by_key('hg.create.repository') perms = UsersGroupToPerm.query()\ .filter(UsersGroupToPerm.users_group_id == ugid).all() perms = [[x.__dict__['users_group_id'], x.__dict__['permission_id'],] for x in perms] self.assertEqual( perms, [] )
def validate_python(self, value, state): if value in ["default"]: msg = M(self, "invalid_group", state) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg)) # check if group is unique old_ugname = None if edit: old_id = old_data.get("users_group_id") old_ugname = UsersGroup.get(old_id).users_group_name if old_ugname != value or not edit: is_existing_group = UsersGroup.get_by_group_name(value, case_insensitive=True) if is_existing_group: msg = M(self, "group_exist", state, usersgroup=value) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg)) if re.match(r"^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$", value) is None: msg = M(self, "invalid_usersgroup_name", state) raise formencode.Invalid(msg, value, state, error_dict=dict(users_group_name=msg))
def validate_python(self, value, state): if value in ['default']: raise formencode.Invalid(_('Invalid group name'), value, state) #check if group is unique old_ugname = None if edit: old_ugname = UsersGroup.get( old_data.get('users_group_id')).users_group_name if old_ugname != value or not edit: if UsersGroup.get_by_group_name(value, cache=False, case_insensitive=True): raise formencode.Invalid(_('This users group ' 'already exists') , value, state) if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None: raise formencode.Invalid(_('Group name may only contain ' 'alphanumeric characters ' 'underscores, periods or dashes ' 'and must begin with alphanumeric ' 'character'), value, state)
def validate_python(self, value, state): if value in ['default']: raise formencode.Invalid(_('Invalid group name'), value, state) #check if group is unique old_ugname = None if edit: old_ugname = UsersGroup.get( old_data.get('users_group_id')).users_group_name if old_ugname != value or not edit: if UsersGroup.get_by_group_name(value, cache=False, case_insensitive=True): raise formencode.Invalid(_('This users group ' 'already exists'), value, state) if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None: raise formencode.Invalid( _('RepoGroup name may only contain alphanumeric characters ' 'underscores, periods or dashes and must begin with ' 'alphanumeric character'), value, state )
def grant_users_group_permission(self, apiuser, repo_name, group_name, perm): """ Grant permission for users group on given repository, or update existing one if found :param repo_name: :param group_name: :param perm: """ try: repo = Repository.get_by_repo_name(repo_name) if repo is None: raise JSONRPCError('unknown repository %s' % repo) user_group = UsersGroup.get_by_group_name(group_name) if user_group is None: raise JSONRPCError('unknown users group %s' % user_group) RepoModel().grant_users_group_permission(repo=repo_name, group_name=group_name, perm=perm) Session.commit() return dict( msg='Granted perm: %s for group: %s in repo: %s' % ( perm, group_name, repo_name ) ) except Exception: log.error(traceback.format_exc()) raise JSONRPCError( 'failed to edit permission %(repo)s for %(usersgr)s' % dict( usersgr=group_name, repo=repo_name ) )
def update(self, repo_name, form_data): try: cur_repo = self.get_by_repo_name(repo_name, cache=False) # update permissions for member, perm, member_type in form_data["perms_updates"]: if member_type == "user": r2p = ( self.sa.query(RepoToPerm) .filter(RepoToPerm.user == User.by_username(member)) .filter(RepoToPerm.repository == cur_repo) .one() ) r2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar() self.sa.add(r2p) else: g2p = ( self.sa.query(UsersGroupRepoToPerm) .filter(UsersGroupRepoToPerm.users_group == UsersGroup.get_by_group_name(member)) .filter(UsersGroupRepoToPerm.repository == cur_repo) .one() ) g2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar() self.sa.add(g2p) # set new permissions for member, perm, member_type in form_data["perms_new"]: if member_type == "user": r2p = RepoToPerm() r2p.repository = cur_repo r2p.user = User.by_username(member) r2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar() self.sa.add(r2p) else: g2p = UsersGroupRepoToPerm() g2p.repository = cur_repo g2p.users_group = UsersGroup.get_by_group_name(member) g2p.permission = self.sa.query(Permission).filter(Permission.permission_name == perm).scalar() self.sa.add(g2p) # update current repo for k, v in form_data.items(): if k == "user": cur_repo.user = User.by_username(v) elif k == "repo_name": cur_repo.repo_name = form_data["repo_name_full"] elif k == "repo_group": cur_repo.group_id = v else: setattr(cur_repo, k, v) self.sa.add(cur_repo) if repo_name != form_data["repo_name_full"]: # rename repository self.__rename_repo(old=repo_name, new=form_data["repo_name_full"]) self.sa.commit() except: log.error(traceback.format_exc()) self.sa.rollback() raise
def get_by_name(self, name, cache=False, case_insensitive=False): return UsersGroup.get_by_group_name(name, cache, case_insensitive)
def update(self, repo_name, form_data): try: cur_repo = self.get_by_repo_name(repo_name, cache=False) # update permissions for member, perm, member_type in form_data['perms_updates']: if member_type == 'user': r2p = self.sa.query(RepoToPerm)\ .filter(RepoToPerm.user == User.get_by_username(member))\ .filter(RepoToPerm.repository == cur_repo)\ .one() r2p.permission = self.sa.query(Permission)\ .filter(Permission.permission_name == perm).scalar() self.sa.add(r2p) else: g2p = self.sa.query(UsersGroupRepoToPerm)\ .filter(UsersGroupRepoToPerm.users_group == UsersGroup.get_by_group_name(member))\ .filter(UsersGroupRepoToPerm.repository == cur_repo).one() g2p.permission = self.sa.query(Permission)\ .filter(Permission.permission_name == perm).scalar() self.sa.add(g2p) # set new permissions for member, perm, member_type in form_data['perms_new']: if member_type == 'user': r2p = RepoToPerm() r2p.repository = cur_repo r2p.user = User.get_by_username(member) r2p.permission = self.sa.query(Permission)\ .filter(Permission. permission_name == perm)\ .scalar() self.sa.add(r2p) else: g2p = UsersGroupRepoToPerm() g2p.repository = cur_repo g2p.users_group = UsersGroup.get_by_group_name(member) g2p.permission = self.sa.query(Permission)\ .filter(Permission. permission_name == perm)\ .scalar() self.sa.add(g2p) # update current repo for k, v in form_data.items(): if k == 'user': cur_repo.user = User.get_by_username(v) elif k == 'repo_name': pass elif k == 'repo_group': cur_repo.group_id = v else: setattr(cur_repo, k, v) new_name = cur_repo.get_new_name(form_data['repo_name']) cur_repo.repo_name = new_name self.sa.add(cur_repo) if repo_name != new_name: # rename repository self.__rename_repo(old=repo_name, new=new_name) self.sa.commit() return cur_repo except: log.error(traceback.format_exc()) self.sa.rollback() raise
def test_enable_repository_read_on_group(self): self.log_user() users_group_name = TEST_USERS_GROUP + 'another2' response = self.app.post(url('users_groups'), {'users_group_name': users_group_name, 'active': True}) response.follow() ug = UsersGroup.get_by_group_name(users_group_name) self.checkSessionFlash(response, 'created users group %s' % users_group_name) ## ENABLE REPO CREATE ON A GROUP response = self.app.put(url('users_group_perm', id=ug.users_group_id), {'create_repo_perm': True}) response.follow() ug = UsersGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.repository') p2 = Permission.get_by_key('hg.fork.none') # check if user has this perms, they should be here since # defaults are on perms = UsersGroupToPerm.query()\ .filter(UsersGroupToPerm.users_group == ug).all() self.assertEqual( [[x.users_group_id, x.permission_id, ] for x in perms], [[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id]] ) ## DISABLE REPO CREATE ON A GROUP response = self.app.put(url('users_group_perm', id=ug.users_group_id), {}) response.follow() ug = UsersGroup.get_by_group_name(users_group_name) p = Permission.get_by_key('hg.create.none') p2 = Permission.get_by_key('hg.fork.none') # check if user has this perms, they should be here since # defaults are on perms = UsersGroupToPerm.query()\ .filter(UsersGroupToPerm.users_group == ug).all() self.assertEqual( sorted([[x.users_group_id, x.permission_id, ] for x in perms]), sorted([[ug.users_group_id, p.permission_id], [ug.users_group_id, p2.permission_id]]) ) # DELETE ! ug = UsersGroup.get_by_group_name(users_group_name) ugid = ug.users_group_id response = self.app.delete(url('users_group', id=ug.users_group_id)) response = response.follow() gr = self.Session.query(UsersGroup)\ .filter(UsersGroup.users_group_name == users_group_name).scalar() self.assertEqual(gr, None) p = Permission.get_by_key('hg.create.repository') perms = UsersGroupToPerm.query()\ .filter(UsersGroupToPerm.users_group_id == ugid).all() perms = [[x.users_group_id, x.permission_id, ] for x in perms] self.assertEqual( perms, [] )