kallithea Changeset - 091e99b29fd4

Changeset - 091e99b29fd4

Parent rev.

Child rev.

[Not reviewed]

beta

0 4 0

Marcin Kuzminski - 13 years ago 2012-09-04 01:45:57
marcin@python-works.com

auto-healing of permissions for default user after upgrading from some old versions.

4 files changed with 44 insertions and 7 deletions:

docs/changelog.rst

rhodecode/lib/db_manage.py

rhodecode/model/db.py

rhodecode/model/permission.py

0 comments (0 inline, 0 general)

docs/changelog.rst

➞

Show inline comments

 .. _changelog:
 =========
 Changelog
 =========
-.4.1 (**2012-XX-XX**)
+.4.1 (**2012-09-04**)
 ----------------------
 :status: in-progress
 :branch: beta
 news
 ++++
 - always put a comment about code-review status change even if user send
   empty data
 - modified_on column saves repository update and it's going to be used
   later for light version of main page ref #500
 fixes
 +++++
 - fixed migrations of permissions that can lead to inconsistency issue
 - fixed migrations of permissions that can lead to inconsistency.
   Some users sent feedback that after upgrading from older versions issues with updating
   default permissions occured. RhodeCode detects that now and resets default user
   permission to initial state if there is a need for that. Also forces users to set
   the default value for new forking permission.
 .4.0 (**2012-09-03**)
 ----------------------
 news
 ++++
 - new codereview system
 - email map, allowing users to have multiple email addresses mapped into
   their accounts
 - improved git-hook system. Now all actions for git are logged into journal

rhodecode/lib/db_manage.py

➞

Show inline comments

@@ @@ -246,25 +246,32 @@ class DbManage(object): @@
                 hggit.ui_active = False
                 Session().add(hggit)
                 notify('re-check default permissions')
                 default_user = User.get_by_username(User.DEFAULT_USER)
                 perm = Permission.get_by_key('hg.fork.repository')
                 reg_perm = UserToPerm()
                 reg_perm.user = default_user
                 reg_perm.permission = perm
                 Session().add(reg_perm)
             def step_7(self):
                 pass
                 perm_fixes = self.klass.reset_permissions(User.DEFAULT_USER)
                 Session().commit()
                 if perm_fixes:
                     notify('There was an inconsistent state of permissions '
                            'detected for default user. Permissions are now '
                            'reset to the default value for default user. '
                            'Please validate and check default permissions '
                            'in admin panel')
         upgrade_steps = [0] + range(curr_version + 1, __dbversion__ + 1)
         # CALL THE PROPER ORDER OF STEPS TO PERFORM FULL UPGRADE
         _step = None
         for step in upgrade_steps:
             notify('performing upgrade step %s' % step)
             getattr(UpgradeSteps(self), 'step_%s' % step)()
             self.sa.commit()
             _step = step
         notify('upgrade to version %s successful' % _step)
@@ @@ -469,24 +476,46 @@ class DbManage(object): @@
             g.group_name = g.get_new_name(g.name)
             self.sa.add(g)
             # get default perm
             default = UserRepoGroupToPerm.query()\
                 .filter(UserRepoGroupToPerm.group == g)\
                 .filter(UserRepoGroupToPerm.user == def_usr)\
                 .scalar()
             if default is None:
                 log.debug('missing default permission for group %s adding' % g)
                 ReposGroupModel()._create_default_perms(g)
     def reset_permissions(self, username):
         """
         Resets permissions to default state, usefull when old systems had
         bad permissions, we must clean them up
         :param username:
         :type username:
         """
         default_user = User.get_by_username(username)
         if not default_user:
             return
         u2p = UserToPerm.query()\
             .filter(UserToPerm.user == default_user).all()
         fixed = False
         if len(u2p) != len(User.DEFAULT_PERMISSIONS):
             for p in u2p:
                 Session().delete(p)
             fixed = True
             self.populate_default_permissions()
         return fixed
     def config_prompt(self, test_repo_path='', retries=3, defaults={}):
         _path = defaults.get('repos_location')
         if retries == 3:
             log.info('Setting up repositories config')
         if _path is not None:
             path = _path
         elif not self.tests and not test_repo_path:
             path = raw_input(
                  'Enter a valid absolute path to store repositories. '
                  'All repositories in that path will be added automatically:'
+            )
@@ @@ -596,26 +625,25 @@ class DbManage(object): @@
         for p in Permission.PERMS:
             if not Permission.get_by_key(p[0]):
                 new_perm = Permission()
                 new_perm.permission_name = p[0]
                 new_perm.permission_longname = p[0]
                 self.sa.add(new_perm)
     def populate_default_permissions(self):
         log.info('creating default user permissions')
         default_user = User.get_by_username('default')
         for def_perm in ['hg.register.manual_activate', 'hg.create.repository',
                          'hg.fork.repository', 'repository.read']:
         for def_perm in User.DEFAULT_PERMISSIONS:
             perm = self.sa.query(Permission)\
              .filter(Permission.permission_name == def_perm)\
              .scalar()
             if not perm:
                 raise Exception(
                   'CRITICAL: permission %s not found inside database !!'
                   % def_perm
+                )
             if not UserToPerm.query()\
                 .filter(UserToPerm.permission == perm)\
                 .filter(UserToPerm.user == default_user).scalar():

rhodecode/model/db.py

➞

Show inline comments

@@ @@ -280,25 +280,28 @@ class RhodeCodeUi(Base, BaseModel): @@
 class User(Base, BaseModel):
     __tablename__ = 'users'
     __table_args__ = (
         UniqueConstraint('username'), UniqueConstraint('email'),
         Index('u_username_idx', 'username'),
         Index('u_email_idx', 'email'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     DEFAULT_USER = 'default'
     DEFAULT_PERMISSIONS = [
         'hg.register.manual_activate', 'hg.create.repository',
         'hg.fork.repository', 'repository.read'
+    ]
     user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     username = Column("username", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     password = Column("password", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     active = Column("active", Boolean(), nullable=True, unique=None, default=True)
     admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
     name = Column("firstname", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     lastname = Column("lastname", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     _email = Column("email", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
     ldap_dn = Column("ldap_dn", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     api_key = Column("api_key", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)

rhodecode/model/permission.py

➞

Show inline comments

@@ @@ -68,25 +68,25 @@ class PermissionModel(BaseModel): @@
             .filter(Permission.permission_name == name)
         if cache:
             perm = perm.options(FromCache("sql_cache_short",
                                           "get_permission_%s" % name))
         return perm.scalar()
     def update(self, form_result):
         perm_user = self.sa.query(User)\
                         .filter(User.username ==
                                 form_result['perm_user_name']).scalar()
         u2p = self.sa.query(UserToPerm).filter(UserToPerm.user ==
                                                perm_user).all()
-        if len(u2p) != 4:
+        if len(u2p) != len(User.DEFAULT_PERMISSIONS):
             raise Exception('Defined: %s should be 4  permissions for default'
                             ' user. This should not happen please verify'
                             ' your database' % len(u2p))
         try:
             # stage 1 change defaults
             for p in u2p:
                 if p.permission.permission_name.startswith('repository.'):
                     p.permission = self.get_permission_by_name(
                                        form_result['default_perm'])
                     self.sa.add(p)

0 comments (0 inline, 0 general)