Changeset - 091e99b29fd4
Parent rev.
Child rev.
[Not reviewed]
beta
0 4 0
Marcin Kuzminski - 13 years ago 2012-09-04 01:45:57
marcin@python-works.com
auto-healing of permissions for default user after upgrading from some old versions.
4 files changed with 44 insertions and 7 deletions:
docs/changelog.rst
8
2
rhodecode/lib/db_manage.py
31
3
rhodecode/model/db.py
4
1
rhodecode/model/permission.py
1
1
0 comments (0 inline, 0 general)
docs/changelog.rst
Show inline comments
 
.. _changelog:
 

			




	
	
	
		
 
=========

			




	
	
	
		
 
Changelog

			




	
	
	
		
 
=========

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
1.4.1 (**2012-XX-XX**)

			




	
	
	
		
 
1.4.1 (**2012-09-04**)

			




	
	
	
		
 
----------------------

			




	
	
	
		
 

			




	
	
	
		
 
:status: in-progress

			




	
	
	
		
 
:branch: beta

			




	
	
	
		
 

			




	
	
	
		
 
news

			




	
	
	
		
 
++++

			




	
	
	
		
 

			




	
	
	
		
 
- always put a comment about code-review status change even if user send

			




	
	
	
		
 
  empty data 

			




	
	
	
		
 
- modified_on column saves repository update and it's going to be used

			




	
	
	
		
 
  later for light version of main page ref #500

			




	
	
	
		
 

			




	
	
	
		
 
fixes

			




	
	
	
		
 
+++++

			




	
	
	
		
 

			




	
	
	
		
 
- fixed migrations of permissions that can lead to inconsistency issue

			




	
	
	
		
 
- fixed migrations of permissions that can lead to inconsistency.

			




	
	
	
		
 
  Some users sent feedback that after upgrading from older versions issues with updating

			




	
	
	
		
 
  default permissions occured. RhodeCode detects that now and resets default user

			




	
	
	
		
 
  permission to initial state if there is a need for that. Also forces users to set

			




	
	
	
		
 
  the default value for new forking permission. 

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
1.4.0 (**2012-09-03**)

			




	
	
	
		
 
----------------------

			




	
	
	
		
 

			




	
	
	
		
 
news

			




	
	
	
		
 
++++

			




	
	
	
		
 
 

			




	
	
	
		
 
- new codereview system

			




	
	
	
		
 
- email map, allowing users to have multiple email addresses mapped into

			




	
	
	
		
 
  their accounts

			




	
	
	
		
 
- improved git-hook system. Now all actions for git are logged into journal

			




	
	
	
		
 
  including pushed revisions, user and IP address

			




	
	
	
		
 
- changed setup-app into setup-rhodecode and added default options to it.

			




	
	
	
		
 
- new git repos are created as bare now by default

			




	
	
	
		
 
- #464 added links to groups in permission box

			




	
	
	
		
 
- #465 mentions autocomplete inside comments boxes

			




	
	
	
		
 
- #469 added --update-only option to whoosh to re-index only given list

			




	
	
	
		
 
  of repos in index 

			




	
	
	
		
 
- rhodecode-api CLI client

			




	
	
	
		
 
- new git http protocol replaced buggy dulwich implementation.

			




	
	
	
		
 
  Now based on pygrack & gitweb

			




	
	
	
		
 
- Improved RSS/ATOM feeds. Discoverable by browsers using proper headers, and 

			




	
	
	
		
 
  reformated based on user suggestions. Additional rss/atom feeds for user

			




        

    


    
    

    

        

                

                    rhodecode/lib/db_manage.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -234,49 +234,56 @@ class DbManage(object):

			




	
	
	
		
 
                hgsubversion.ui_section = 'extensions'

			




	
	
	
		
 
                hgsubversion.ui_key = 'hgsubversion'

			




	
	
	
		
 
                hgsubversion.ui_value = ''

			




	
	
	
		
 
                hgsubversion.ui_active = False

			




	
	
	
		
 
                Session().add(hgsubversion)

			




	
	
	
		
 

			




	
	
	
		
 
                notify('installing hg git option')

			




	
	
	
		
 
                # enable hggit disabled by default

			




	
	
	
		
 
                hggit = RhodeCodeUi()

			




	
	
	
		
 
                hggit.ui_section = 'extensions'

			




	
	
	
		
 
                hggit.ui_key = 'hggit'

			




	
	
	
		
 
                hggit.ui_value = ''

			




	
	
	
		
 
                hggit.ui_active = False

			




	
	
	
		
 
                Session().add(hggit)

			




	
	
	
		
 

			




	
	
	
		
 
                notify('re-check default permissions')

			




	
	
	
		
 
                default_user = User.get_by_username(User.DEFAULT_USER)

			




	
	
	
		
 
                perm = Permission.get_by_key('hg.fork.repository')

			




	
	
	
		
 
                reg_perm = UserToPerm()

			




	
	
	
		
 
                reg_perm.user = default_user

			




	
	
	
		
 
                reg_perm.permission = perm

			




	
	
	
		
 
                Session().add(reg_perm)

			




	
	
	
		
 

			




	
	
	
		
 
            def step_7(self):

			




	
	
	
		
 
                pass

			




	
	
	
		
 
                perm_fixes = self.klass.reset_permissions(User.DEFAULT_USER)

			




	
	
	
		
 
                Session().commit()

			




	
	
	
		
 
                if perm_fixes:

			




	
	
	
		
 
                    notify('There was an inconsistent state of permissions '

			




	
	
	
		
 
                           'detected for default user. Permissions are now '

			




	
	
	
		
 
                           'reset to the default value for default user. '

			




	
	
	
		
 
                           'Please validate and check default permissions '

			




	
	
	
		
 
                           'in admin panel')

			




	
	
	
		
 

			




	
	
	
		
 
        upgrade_steps = [0] + range(curr_version + 1, __dbversion__ + 1)

			




	
	
	
		
 

			




	
	
	
		
 
        # CALL THE PROPER ORDER OF STEPS TO PERFORM FULL UPGRADE

			




	
	
	
		
 
        _step = None

			




	
	
	
		
 
        for step in upgrade_steps:

			




	
	
	
		
 
            notify('performing upgrade step %s' % step)

			




	
	
	
		
 
            getattr(UpgradeSteps(self), 'step_%s' % step)()

			




	
	
	
		
 
            self.sa.commit()

			




	
	
	
		
 
            _step = step

			




	
	
	
		
 

			




	
	
	
		
 
        notify('upgrade to version %s successful' % _step)

			




	
	
	
		
 

			




	
	
	
		
 
    def fix_repo_paths(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Fixes a old rhodecode version path into new one without a '*'

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        paths = self.sa.query(RhodeCodeUi)\

			




	
	
	
		
 
                .filter(RhodeCodeUi.ui_key == '/')\

			




	
	
	
		
 
                .scalar()

			




	
	
	
		
 

			




	
	
	
		
 
        paths.ui_value = paths.ui_value.replace('*', '')

			




	
	
	
		
 

			




	
	
		
 
@@ -457,48 +464,70 @@ class DbManage(object):

			




	
	
	
		
 
                    ('ldap_attr_login', ''), ('ldap_attr_firstname', ''),

			




	
	
	
		
 
                    ('ldap_attr_lastname', ''), ('ldap_attr_email', '')]:

			




	
	
	
		
 

			




	
	
	
		
 
            if skip_existing and RhodeCodeSetting.get_by_name(k) != None:

			




	
	
	
		
 
                log.debug('Skipping option %s' % k)

			




	
	
	
		
 
                continue

			




	
	
	
		
 
            setting = RhodeCodeSetting(k, v)

			




	
	
	
		
 
            self.sa.add(setting)

			




	
	
	
		
 

			




	
	
	
		
 
    def fixup_groups(self):

			




	
	
	
		
 
        def_usr = User.get_by_username('default')

			




	
	
	
		
 
        for g in RepoGroup.query().all():

			




	
	
	
		
 
            g.group_name = g.get_new_name(g.name)

			




	
	
	
		
 
            self.sa.add(g)

			




	
	
	
		
 
            # get default perm

			




	
	
	
		
 
            default = UserRepoGroupToPerm.query()\

			




	
	
	
		
 
                .filter(UserRepoGroupToPerm.group == g)\

			




	
	
	
		
 
                .filter(UserRepoGroupToPerm.user == def_usr)\

			




	
	
	
		
 
                .scalar()

			




	
	
	
		
 

			




	
	
	
		
 
            if default is None:

			




	
	
	
		
 
                log.debug('missing default permission for group %s adding' % g)

			




	
	
	
		
 
                ReposGroupModel()._create_default_perms(g)

			




	
	
	
		
 

			




	
	
	
		
 
    def reset_permissions(self, username):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Resets permissions to default state, usefull when old systems had

			




	
	
	
		
 
        bad permissions, we must clean them up

			




	
	
	
		
 

			




	
	
	
		
 
        :param username:

			




	
	
	
		
 
        :type username:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        default_user = User.get_by_username(username)

			




	
	
	
		
 
        if not default_user:

			




	
	
	
		
 
            return

			




	
	
	
		
 

			




	
	
	
		
 
        u2p = UserToPerm.query()\

			




	
	
	
		
 
            .filter(UserToPerm.user == default_user).all()

			




	
	
	
		
 
        fixed = False

			




	
	
	
		
 
        if len(u2p) != len(User.DEFAULT_PERMISSIONS):

			




	
	
	
		
 
            for p in u2p:

			




	
	
	
		
 
                Session().delete(p)

			




	
	
	
		
 
            fixed = True

			




	
	
	
		
 
            self.populate_default_permissions()

			




	
	
	
		
 
        return fixed

			




	
	
	
		
 

			




	
	
	
		
 
    def config_prompt(self, test_repo_path='', retries=3, defaults={}):

			




	
	
	
		
 
        _path = defaults.get('repos_location')

			




	
	
	
		
 
        if retries == 3:

			




	
	
	
		
 
            log.info('Setting up repositories config')

			




	
	
	
		
 

			




	
	
	
		
 
        if _path is not None:

			




	
	
	
		
 
            path = _path

			




	
	
	
		
 
        elif not self.tests and not test_repo_path:

			




	
	
	
		
 
            path = raw_input(

			




	
	
	
		
 
                 'Enter a valid absolute path to store repositories. '

			




	
	
	
		
 
                 'All repositories in that path will be added automatically:'

			




	
	
	
		
 
            )

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            path = test_repo_path

			




	
	
	
		
 
        path_ok = True

			




	
	
	
		
 

			




	
	
	
		
 
        # check proper dir

			




	
	
	
		
 
        if not os.path.isdir(path):

			




	
	
	
		
 
            path_ok = False

			




	
	
	
		
 
            log.error('Given path %s is not a valid directory' % path)

			




	
	
	
		
 

			




	
	
	
		
 
        elif not os.path.isabs(path):

			




	
	
	
		
 
            path_ok = False

			




	
	
	
		
 
            log.error('Given path %s is not an absolute path' % path)

			




	
	
		
 
@@ -584,42 +613,41 @@ class DbManage(object):

			




	
	
	
		
 
    def create_default_user(self):

			




	
	
	
		
 
        log.info('creating default user')

			




	
	
	
		
 
        # create default user for handling default permissions.

			




	
	
	
		
 
        UserModel().create_or_update(username='default',

			




	
	
	
		
 
                              password=str(uuid.uuid1())[:8],

			




	
	
	
		
 
                              email='anonymous@rhodecode.org',

			




	
	
	
		
 
                              firstname='Anonymous', lastname='User')

			




	
	
	
		
 

			




	
	
	
		
 
    def create_permissions(self):

			




	
	
	
		
 
        # module.(access|create|change|delete)_[name]

			




	
	
	
		
 
        # module.(none|read|write|admin)

			




	
	
	
		
 

			




	
	
	
		
 
        for p in Permission.PERMS:

			




	
	
	
		
 
            if not Permission.get_by_key(p[0]):

			




	
	
	
		
 
                new_perm = Permission()

			




	
	
	
		
 
                new_perm.permission_name = p[0]

			




	
	
	
		
 
                new_perm.permission_longname = p[0]

			




	
	
	
		
 
                self.sa.add(new_perm)

			




	
	
	
		
 

			




	
	
	
		
 
    def populate_default_permissions(self):

			




	
	
	
		
 
        log.info('creating default user permissions')

			




	
	
	
		
 

			




	
	
	
		
 
        default_user = User.get_by_username('default')

			




	
	
	
		
 

			




	
	
	
		
 
        for def_perm in ['hg.register.manual_activate', 'hg.create.repository',

			




	
	
	
		
 
                         'hg.fork.repository', 'repository.read']:

			




	
	
	
		
 
        for def_perm in User.DEFAULT_PERMISSIONS:

			




	
	
	
		
 

			




	
	
	
		
 
            perm = self.sa.query(Permission)\

			




	
	
	
		
 
             .filter(Permission.permission_name == def_perm)\

			




	
	
	
		
 
             .scalar()

			




	
	
	
		
 
            if not perm:

			




	
	
	
		
 
                raise Exception(

			




	
	
	
		
 
                  'CRITICAL: permission %s not found inside database !!'

			




	
	
	
		
 
                  % def_perm

			




	
	
	
		
 
                )

			




	
	
	
		
 
            if not UserToPerm.query()\

			




	
	
	
		
 
                .filter(UserToPerm.permission == perm)\

			




	
	
	
		
 
                .filter(UserToPerm.user == default_user).scalar():

			




	
	
	
		
 
                reg_perm = UserToPerm()

			




	
	
	
		
 
                reg_perm.user = default_user

			




	
	
	
		
 
                reg_perm.permission = perm

			




	
	
	
		
 
                self.sa.add(reg_perm)

			




        

    


    
    

    

        

                

                    rhodecode/model/db.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -268,49 +268,52 @@ class RhodeCodeUi(Base, BaseModel):

			




	
	
	
		
 
    def get_repos_location(cls):

			




	
	
	
		
 
        return cls.get_by_key('/').ui_value

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def create_or_update_hook(cls, key, val):

			




	
	
	
		
 
        new_ui = cls.get_by_key(key) or cls()

			




	
	
	
		
 
        new_ui.ui_section = 'hooks'

			




	
	
	
		
 
        new_ui.ui_active = True

			




	
	
	
		
 
        new_ui.ui_key = key

			




	
	
	
		
 
        new_ui.ui_value = val

			




	
	
	
		
 

			




	
	
	
		
 
        Session().add(new_ui)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class User(Base, BaseModel):

			




	
	
	
		
 
    __tablename__ = 'users'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        UniqueConstraint('username'), UniqueConstraint('email'),

			




	
	
	
		
 
        Index('u_username_idx', 'username'),

			




	
	
	
		
 
        Index('u_email_idx', 'email'),

			




	
	
	
		
 
        {'extend_existing': True, 'mysql_engine': 'InnoDB',

			




	
	
	
		
 
         'mysql_charset': 'utf8'}

			




	
	
	
		
 
    )

			




	
	
	
		
 
    DEFAULT_USER = 'default'

			




	
	
	
		
 

			




	
	
	
		
 
    DEFAULT_PERMISSIONS = [

			




	
	
	
		
 
        'hg.register.manual_activate', 'hg.create.repository',

			




	
	
	
		
 
        'hg.fork.repository', 'repository.read'

			




	
	
	
		
 
    ]

			




	
	
	
		
 
    user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

			




	
	
	
		
 
    username = Column("username", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

			




	
	
	
		
 
    password = Column("password", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

			




	
	
	
		
 
    active = Column("active", Boolean(), nullable=True, unique=None, default=True)

			




	
	
	
		
 
    admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)

			




	
	
	
		
 
    name = Column("firstname", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

			




	
	
	
		
 
    lastname = Column("lastname", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

			




	
	
	
		
 
    _email = Column("email", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

			




	
	
	
		
 
    last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)

			




	
	
	
		
 
    ldap_dn = Column("ldap_dn", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

			




	
	
	
		
 
    api_key = Column("api_key", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

			




	
	
	
		
 
    inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)

			




	
	
	
		
 

			




	
	
	
		
 
    user_log = relationship('UserLog', cascade='all')

			




	
	
	
		
 
    user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')

			




	
	
	
		
 

			




	
	
	
		
 
    repositories = relationship('Repository')

			




	
	
	
		
 
    user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')

			




	
	
	
		
 
    repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')

			




	
	
	
		
 
    repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')

			




	
	
	
		
 

			




	
	
	
		
 
    group_member = relationship('UsersGroupMember', cascade='all')

			




	
	
	
		
 

			




	
	
	
		
 
    notifications = relationship('UserNotification', cascade='all')

			




        

    


    
    

    

        

                

                    rhodecode/model/permission.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -56,49 +56,49 @@ class PermissionModel(BaseModel):

			




	
	
	
		
 
            perm = perm.options(FromCache("sql_cache_short",

			




	
	
	
		
 
                                          "get_permission_%s" % permission_id))

			




	
	
	
		
 
        return perm.get(permission_id)

			




	
	
	
		
 

			




	
	
	
		
 
    def get_permission_by_name(self, name, cache=False):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Get's permissions by given name

			




	
	
	
		
 

			




	
	
	
		
 
        :param name: name to fetch

			




	
	
	
		
 
        :param cache: Use cache for this query

			




	
	
	
		
 
        """

			




	
	
	
		
 
        perm = self.sa.query(Permission)\

			




	
	
	
		
 
            .filter(Permission.permission_name == name)

			




	
	
	
		
 
        if cache:

			




	
	
	
		
 
            perm = perm.options(FromCache("sql_cache_short",

			




	
	
	
		
 
                                          "get_permission_%s" % name))

			




	
	
	
		
 
        return perm.scalar()

			




	
	
	
		
 

			




	
	
	
		
 
    def update(self, form_result):

			




	
	
	
		
 
        perm_user = self.sa.query(User)\

			




	
	
	
		
 
                        .filter(User.username ==

			




	
	
	
		
 
                                form_result['perm_user_name']).scalar()

			




	
	
	
		
 
        u2p = self.sa.query(UserToPerm).filter(UserToPerm.user ==

			




	
	
	
		
 
                                               perm_user).all()

			




	
	
	
		
 
        if len(u2p) != 4:

			




	
	
	
		
 
        if len(u2p) != len(User.DEFAULT_PERMISSIONS):

			




	
	
	
		
 
            raise Exception('Defined: %s should be 4  permissions for default'

			




	
	
	
		
 
                            ' user. This should not happen please verify'

			




	
	
	
		
 
                            ' your database' % len(u2p))

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            # stage 1 change defaults

			




	
	
	
		
 
            for p in u2p:

			




	
	
	
		
 
                if p.permission.permission_name.startswith('repository.'):

			




	
	
	
		
 
                    p.permission = self.get_permission_by_name(

			




	
	
	
		
 
                                       form_result['default_perm'])

			




	
	
	
		
 
                    self.sa.add(p)

			




	
	
	
		
 

			




	
	
	
		
 
                elif p.permission.permission_name.startswith('hg.register.'):

			




	
	
	
		
 
                    p.permission = self.get_permission_by_name(

			




	
	
	
		
 
                                       form_result['default_register'])

			




	
	
	
		
 
                    self.sa.add(p)

			




	
	
	
		
 

			




	
	
	
		
 
                elif p.permission.permission_name.startswith('hg.create.'):

			




	
	
	
		
 
                    p.permission = self.get_permission_by_name(

			




	
	
	
		
 
                                        form_result['default_create'])

			




	
	
	
		
 
                    self.sa.add(p)

			




	
	
	
		
 

			




	
	
	
		
 
                elif p.permission.permission_name.startswith('hg.fork.'):

			




	
	
	
		
 
                    p.permission = self.get_permission_by_name(

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.