Changeset - 091e99b29fd4
Parent rev.
Child rev.
[Not reviewed]
beta
0 4 0
Marcin Kuzminski - 13 years ago 2012-09-04 01:45:57
marcin@python-works.com
auto-healing of permissions for default user after upgrading from some old versions.
4 files changed with 44 insertions and 7 deletions:
docs/changelog.rst
8
2
rhodecode/lib/db_manage.py
31
3
rhodecode/model/db.py
4
1
rhodecode/model/permission.py
1
1
0 comments (0 inline, 0 general)
docs/changelog.rst
Show inline comments
 
.. _changelog:
 

			




	
	
	
		
 
=========

			




	
	
	
		
 
Changelog

			




	
	
	
		
 
=========

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
1.4.1 (**2012-XX-XX**)

			




	
	
	
		
 
1.4.1 (**2012-09-04**)

			




	
	
	
		
 
----------------------

			




	
	
	
		
 

			




	
	
	
		
 
:status: in-progress

			




	
	
	
		
 
:branch: beta

			




	
	
	
		
 

			




	
	
	
		
 
news

			




	
	
	
		
 
++++

			




	
	
	
		
 

			




	
	
	
		
 
- always put a comment about code-review status change even if user send

			




	
	
	
		
 
  empty data 

			




	
	
	
		
 
- modified_on column saves repository update and it's going to be used

			




	
	
	
		
 
  later for light version of main page ref #500

			




	
	
	
		
 

			




	
	
	
		
 
fixes

			




	
	
	
		
 
+++++

			




	
	
	
		
 

			




	
	
	
		
 
- fixed migrations of permissions that can lead to inconsistency issue

			




	
	
	
		
 
- fixed migrations of permissions that can lead to inconsistency.

			




	
	
	
		
 
  Some users sent feedback that after upgrading from older versions issues with updating

			




	
	
	
		
 
  default permissions occured. RhodeCode detects that now and resets default user

			




	
	
	
		
 
  permission to initial state if there is a need for that. Also forces users to set

			




	
	
	
		
 
  the default value for new forking permission. 

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
1.4.0 (**2012-09-03**)

			




	
	
	
		
 
----------------------

			




	
	
	
		
 

			




	
	
	
		
 
news

			




	
	
	
		
 
++++

			




	
	
	
		
 
 

			




	
	
	
		
 
- new codereview system

			




	
	
	
		
 
- email map, allowing users to have multiple email addresses mapped into

			




	
	
	
		
 
  their accounts

			




	
	
	
		
 
- improved git-hook system. Now all actions for git are logged into journal

			




	
	
	
		
 
  including pushed revisions, user and IP address

			




	
	
	
		
 
- changed setup-app into setup-rhodecode and added default options to it.

			




	
	
	
		
 
- new git repos are created as bare now by default

			




	
	
	
		
 
- #464 added links to groups in permission box

			




	
	
	
		
 
- #465 mentions autocomplete inside comments boxes

			




	
	
	
		
 
- #469 added --update-only option to whoosh to re-index only given list

			




	
	
	
		
 
  of repos in index 

			




	
	
	
		
 
- rhodecode-api CLI client

			




	
	
	
		
 
- new git http protocol replaced buggy dulwich implementation.

			




	
	
	
		
 
  Now based on pygrack & gitweb

			




	
	
	
		
 
- Improved RSS/ATOM feeds. Discoverable by browsers using proper headers, and 

			




	
	
	
		
 
  reformated based on user suggestions. Additional rss/atom feeds for user

			




	
	
	
		
 
  journal

			




	
	
	
		
 
- various i18n improvements

			




	
	
	
		
 
- #478 permissions overview for admin in user edit view

			




	
	
	
		
 
- File view now displays small gravatars off all authors of given file

			




	
	
	
		
 
- Implemented landing revisions. Each repository will get landing_rev attribute

			




	
	
	
		
 
  that defines 'default' revision/branch for generating readme files

			




	
	
	
		
 
- Implemented #509, RhodeCode enforces SSL for push/pulling if requested at 

			




	
	
	
		
 
  earliest possible call.

			




	
	
	
		
 
- Import remote svn repositories to mercurial using hgsubversion.

			




	
	
	
		
 
- Fixed #508 RhodeCode now has a option to explicitly set forking permissions

			




	
	
	
		
 
- RhodeCode can use alternative server for generating avatar icons

			




	
	
	
		
 
- implemented repositories locking. Pull locks, push unlocks. Also can be done

			




	
	
	
		
 
  via API calls

			




	
	
	
		
 
- #538 form for permissions can handle multiple users at once 

			




	
	
	
		
 

			




	
	
	
		
 
fixes

			




	
	
	
		
 
+++++

			




	
	
	
		
 

			




	
	
	
		
 
- improved translations

			




	
	
	
		
 
- fixes issue #455 Creating an archive generates an exception on Windows

			




	
	
	
		
 
- fixes #448 Download ZIP archive keeps file in /tmp open and results 

			




	
	
	
		
 
  in out of disk space

			




	
	
	
		
 
- fixes issue #454 Search results under Windows include proceeding

			




	
	
	
		
 
  backslash

			




        

    


    
    

    

        

                

                    rhodecode/lib/db_manage.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -210,97 +210,104 @@ class DbManage(object):

			




	
	
	
		
 

			




	
	
	
		
 
                notify('fixing old PUSH hook')

			




	
	
	
		
 
                _push = RhodeCodeUi.get_by_key('pretxnchangegroup.push_logger')

			




	
	
	
		
 
                if _push:

			




	
	
	
		
 
                    _push.ui_key = RhodeCodeUi.HOOK_PUSH

			




	
	
	
		
 
                    Session().add(_push)

			




	
	
	
		
 

			




	
	
	
		
 
                notify('installing new pre-push hook')

			




	
	
	
		
 
                hooks4 = RhodeCodeUi()

			




	
	
	
		
 
                hooks4.ui_section = 'hooks'

			




	
	
	
		
 
                hooks4.ui_key = RhodeCodeUi.HOOK_PRE_PUSH

			




	
	
	
		
 
                hooks4.ui_value = 'python:rhodecode.lib.hooks.pre_push'

			




	
	
	
		
 
                Session().add(hooks4)

			




	
	
	
		
 

			




	
	
	
		
 
                notify('installing new pre-pull hook')

			




	
	
	
		
 
                hooks6 = RhodeCodeUi()

			




	
	
	
		
 
                hooks6.ui_section = 'hooks'

			




	
	
	
		
 
                hooks6.ui_key = RhodeCodeUi.HOOK_PRE_PULL

			




	
	
	
		
 
                hooks6.ui_value = 'python:rhodecode.lib.hooks.pre_pull'

			




	
	
	
		
 
                Session().add(hooks6)

			




	
	
	
		
 

			




	
	
	
		
 
                notify('installing hgsubversion option')

			




	
	
	
		
 
                # enable hgsubversion disabled by default

			




	
	
	
		
 
                hgsubversion = RhodeCodeUi()

			




	
	
	
		
 
                hgsubversion.ui_section = 'extensions'

			




	
	
	
		
 
                hgsubversion.ui_key = 'hgsubversion'

			




	
	
	
		
 
                hgsubversion.ui_value = ''

			




	
	
	
		
 
                hgsubversion.ui_active = False

			




	
	
	
		
 
                Session().add(hgsubversion)

			




	
	
	
		
 

			




	
	
	
		
 
                notify('installing hg git option')

			




	
	
	
		
 
                # enable hggit disabled by default

			




	
	
	
		
 
                hggit = RhodeCodeUi()

			




	
	
	
		
 
                hggit.ui_section = 'extensions'

			




	
	
	
		
 
                hggit.ui_key = 'hggit'

			




	
	
	
		
 
                hggit.ui_value = ''

			




	
	
	
		
 
                hggit.ui_active = False

			




	
	
	
		
 
                Session().add(hggit)

			




	
	
	
		
 

			




	
	
	
		
 
                notify('re-check default permissions')

			




	
	
	
		
 
                default_user = User.get_by_username(User.DEFAULT_USER)

			




	
	
	
		
 
                perm = Permission.get_by_key('hg.fork.repository')

			




	
	
	
		
 
                reg_perm = UserToPerm()

			




	
	
	
		
 
                reg_perm.user = default_user

			




	
	
	
		
 
                reg_perm.permission = perm

			




	
	
	
		
 
                Session().add(reg_perm)

			




	
	
	
		
 

			




	
	
	
		
 
            def step_7(self):

			




	
	
	
		
 
                pass

			




	
	
	
		
 
                perm_fixes = self.klass.reset_permissions(User.DEFAULT_USER)

			




	
	
	
		
 
                Session().commit()

			




	
	
	
		
 
                if perm_fixes:

			




	
	
	
		
 
                    notify('There was an inconsistent state of permissions '

			




	
	
	
		
 
                           'detected for default user. Permissions are now '

			




	
	
	
		
 
                           'reset to the default value for default user. '

			




	
	
	
		
 
                           'Please validate and check default permissions '

			




	
	
	
		
 
                           'in admin panel')

			




	
	
	
		
 

			




	
	
	
		
 
        upgrade_steps = [0] + range(curr_version + 1, __dbversion__ + 1)

			




	
	
	
		
 

			




	
	
	
		
 
        # CALL THE PROPER ORDER OF STEPS TO PERFORM FULL UPGRADE

			




	
	
	
		
 
        _step = None

			




	
	
	
		
 
        for step in upgrade_steps:

			




	
	
	
		
 
            notify('performing upgrade step %s' % step)

			




	
	
	
		
 
            getattr(UpgradeSteps(self), 'step_%s' % step)()

			




	
	
	
		
 
            self.sa.commit()

			




	
	
	
		
 
            _step = step

			




	
	
	
		
 

			




	
	
	
		
 
        notify('upgrade to version %s successful' % _step)

			




	
	
	
		
 

			




	
	
	
		
 
    def fix_repo_paths(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Fixes a old rhodecode version path into new one without a '*'

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        paths = self.sa.query(RhodeCodeUi)\

			




	
	
	
		
 
                .filter(RhodeCodeUi.ui_key == '/')\

			




	
	
	
		
 
                .scalar()

			




	
	
	
		
 

			




	
	
	
		
 
        paths.ui_value = paths.ui_value.replace('*', '')

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            self.sa.add(paths)

			




	
	
	
		
 
            self.sa.commit()

			




	
	
	
		
 
        except:

			




	
	
	
		
 
            self.sa.rollback()

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def fix_default_user(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Fixes a old default user with some 'nicer' default values,

			




	
	
	
		
 
        used mostly for anonymous access

			




	
	
	
		
 
        """

			




	
	
	
		
 
        def_user = self.sa.query(User)\

			




	
	
	
		
 
                .filter(User.username == 'default')\

			




	
	
	
		
 
                .one()

			




	
	
	
		
 

			




	
	
	
		
 
        def_user.name = 'Anonymous'

			




	
	
	
		
 
        def_user.lastname = 'User'

			




	
	
	
		
 
        def_user.email = 'anonymous@rhodecode.org'

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            self.sa.add(def_user)

			




	
	
	
		
 
            self.sa.commit()

			




	
	
	
		
 
        except:

			




	
	
		
 
@@ -433,96 +440,118 @@ class DbManage(object):

			




	
	
	
		
 
        # enable hgsubversion disabled by default

			




	
	
	
		
 
        hgsubversion = RhodeCodeUi()

			




	
	
	
		
 
        hgsubversion.ui_section = 'extensions'

			




	
	
	
		
 
        hgsubversion.ui_key = 'hgsubversion'

			




	
	
	
		
 
        hgsubversion.ui_value = ''

			




	
	
	
		
 
        hgsubversion.ui_active = False

			




	
	
	
		
 
        self.sa.add(hgsubversion)

			




	
	
	
		
 

			




	
	
	
		
 
        # enable hggit disabled by default

			




	
	
	
		
 
        hggit = RhodeCodeUi()

			




	
	
	
		
 
        hggit.ui_section = 'extensions'

			




	
	
	
		
 
        hggit.ui_key = 'hggit'

			




	
	
	
		
 
        hggit.ui_value = ''

			




	
	
	
		
 
        hggit.ui_active = False

			




	
	
	
		
 
        self.sa.add(hggit)

			




	
	
	
		
 

			




	
	
	
		
 
    def create_ldap_options(self, skip_existing=False):

			




	
	
	
		
 
        """Creates ldap settings"""

			




	
	
	
		
 

			




	
	
	
		
 
        for k, v in [('ldap_active', 'false'), ('ldap_host', ''),

			




	
	
	
		
 
                    ('ldap_port', '389'), ('ldap_tls_kind', 'PLAIN'),

			




	
	
	
		
 
                    ('ldap_tls_reqcert', ''), ('ldap_dn_user', ''),

			




	
	
	
		
 
                    ('ldap_dn_pass', ''), ('ldap_base_dn', ''),

			




	
	
	
		
 
                    ('ldap_filter', ''), ('ldap_search_scope', ''),

			




	
	
	
		
 
                    ('ldap_attr_login', ''), ('ldap_attr_firstname', ''),

			




	
	
	
		
 
                    ('ldap_attr_lastname', ''), ('ldap_attr_email', '')]:

			




	
	
	
		
 

			




	
	
	
		
 
            if skip_existing and RhodeCodeSetting.get_by_name(k) != None:

			




	
	
	
		
 
                log.debug('Skipping option %s' % k)

			




	
	
	
		
 
                continue

			




	
	
	
		
 
            setting = RhodeCodeSetting(k, v)

			




	
	
	
		
 
            self.sa.add(setting)

			




	
	
	
		
 

			




	
	
	
		
 
    def fixup_groups(self):

			




	
	
	
		
 
        def_usr = User.get_by_username('default')

			




	
	
	
		
 
        for g in RepoGroup.query().all():

			




	
	
	
		
 
            g.group_name = g.get_new_name(g.name)

			




	
	
	
		
 
            self.sa.add(g)

			




	
	
	
		
 
            # get default perm

			




	
	
	
		
 
            default = UserRepoGroupToPerm.query()\

			




	
	
	
		
 
                .filter(UserRepoGroupToPerm.group == g)\

			




	
	
	
		
 
                .filter(UserRepoGroupToPerm.user == def_usr)\

			




	
	
	
		
 
                .scalar()

			




	
	
	
		
 

			




	
	
	
		
 
            if default is None:

			




	
	
	
		
 
                log.debug('missing default permission for group %s adding' % g)

			




	
	
	
		
 
                ReposGroupModel()._create_default_perms(g)

			




	
	
	
		
 

			




	
	
	
		
 
    def reset_permissions(self, username):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Resets permissions to default state, usefull when old systems had

			




	
	
	
		
 
        bad permissions, we must clean them up

			




	
	
	
		
 

			




	
	
	
		
 
        :param username:

			




	
	
	
		
 
        :type username:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        default_user = User.get_by_username(username)

			




	
	
	
		
 
        if not default_user:

			




	
	
	
		
 
            return

			




	
	
	
		
 

			




	
	
	
		
 
        u2p = UserToPerm.query()\

			




	
	
	
		
 
            .filter(UserToPerm.user == default_user).all()

			




	
	
	
		
 
        fixed = False

			




	
	
	
		
 
        if len(u2p) != len(User.DEFAULT_PERMISSIONS):

			




	
	
	
		
 
            for p in u2p:

			




	
	
	
		
 
                Session().delete(p)

			




	
	
	
		
 
            fixed = True

			




	
	
	
		
 
            self.populate_default_permissions()

			




	
	
	
		
 
        return fixed

			




	
	
	
		
 

			




	
	
	
		
 
    def config_prompt(self, test_repo_path='', retries=3, defaults={}):

			




	
	
	
		
 
        _path = defaults.get('repos_location')

			




	
	
	
		
 
        if retries == 3:

			




	
	
	
		
 
            log.info('Setting up repositories config')

			




	
	
	
		
 

			




	
	
	
		
 
        if _path is not None:

			




	
	
	
		
 
            path = _path

			




	
	
	
		
 
        elif not self.tests and not test_repo_path:

			




	
	
	
		
 
            path = raw_input(

			




	
	
	
		
 
                 'Enter a valid absolute path to store repositories. '

			




	
	
	
		
 
                 'All repositories in that path will be added automatically:'

			




	
	
	
		
 
            )

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            path = test_repo_path

			




	
	
	
		
 
        path_ok = True

			




	
	
	
		
 

			




	
	
	
		
 
        # check proper dir

			




	
	
	
		
 
        if not os.path.isdir(path):

			




	
	
	
		
 
            path_ok = False

			




	
	
	
		
 
            log.error('Given path %s is not a valid directory' % path)

			




	
	
	
		
 

			




	
	
	
		
 
        elif not os.path.isabs(path):

			




	
	
	
		
 
            path_ok = False

			




	
	
	
		
 
            log.error('Given path %s is not an absolute path' % path)

			




	
	
	
		
 

			




	
	
	
		
 
        # check write access

			




	
	
	
		
 
        elif not os.access(path, os.W_OK) and path_ok:

			




	
	
	
		
 
            path_ok = False

			




	
	
	
		
 
            log.error('No write permission to given path %s' % path)

			




	
	
	
		
 

			




	
	
	
		
 
        if retries == 0:

			




	
	
	
		
 
            sys.exit('max retries reached')

			




	
	
	
		
 
        if path_ok is False:

			




	
	
	
		
 
            retries -= 1

			




	
	
	
		
 
            return self.config_prompt(test_repo_path, retries)

			




	
	
	
		
 

			




	
	
	
		
 
        return path

			




	
	
	
		
 

			




	
	
	
		
 
    def create_settings(self, path):

			




	
	
	
		
 

			




	
	
	
		
 
        self.create_ui_settings()

			




	
	
	
		
 

			




	
	
	
		
 
        #HG UI OPTIONS

			




	
	
	
		
 
        web1 = RhodeCodeUi()

			




	
	
	
		
 
        web1.ui_section = 'web'

			




	
	
	
		
 
        web1.ui_key = 'push_ssl'

			




	
	
	
		
 
        web1.ui_value = 'false'

			




	
	
	
		
 

			




	
	
		
 
@@ -560,66 +589,65 @@ class DbManage(object):

			




	
	
	
		
 
        sett6 = RhodeCodeSetting('stylify_metatags', False)

			




	
	
	
		
 

			




	
	
	
		
 
        self.sa.add(web1)

			




	
	
	
		
 
        self.sa.add(web2)

			




	
	
	
		
 
        self.sa.add(web3)

			




	
	
	
		
 
        self.sa.add(web4)

			




	
	
	
		
 
        self.sa.add(paths)

			




	
	
	
		
 
        self.sa.add(sett1)

			




	
	
	
		
 
        self.sa.add(sett2)

			




	
	
	
		
 
        self.sa.add(sett3)

			




	
	
	
		
 
        self.sa.add(sett4)

			




	
	
	
		
 
        self.sa.add(sett5)

			




	
	
	
		
 
        self.sa.add(sett6)

			




	
	
	
		
 

			




	
	
	
		
 
        self.create_ldap_options()

			




	
	
	
		
 

			




	
	
	
		
 
        log.info('created ui config')

			




	
	
	
		
 

			




	
	
	
		
 
    def create_user(self, username, password, email='', admin=False):

			




	
	
	
		
 
        log.info('creating user %s' % username)

			




	
	
	
		
 
        UserModel().create_or_update(username, password, email,

			




	
	
	
		
 
                                     firstname='RhodeCode', lastname='Admin',

			




	
	
	
		
 
                                     active=True, admin=admin)

			




	
	
	
		
 

			




	
	
	
		
 
    def create_default_user(self):

			




	
	
	
		
 
        log.info('creating default user')

			




	
	
	
		
 
        # create default user for handling default permissions.

			




	
	
	
		
 
        UserModel().create_or_update(username='default',

			




	
	
	
		
 
                              password=str(uuid.uuid1())[:8],

			




	
	
	
		
 
                              email='anonymous@rhodecode.org',

			




	
	
	
		
 
                              firstname='Anonymous', lastname='User')

			




	
	
	
		
 

			




	
	
	
		
 
    def create_permissions(self):

			




	
	
	
		
 
        # module.(access|create|change|delete)_[name]

			




	
	
	
		
 
        # module.(none|read|write|admin)

			




	
	
	
		
 

			




	
	
	
		
 
        for p in Permission.PERMS:

			




	
	
	
		
 
            if not Permission.get_by_key(p[0]):

			




	
	
	
		
 
                new_perm = Permission()

			




	
	
	
		
 
                new_perm.permission_name = p[0]

			




	
	
	
		
 
                new_perm.permission_longname = p[0]

			




	
	
	
		
 
                self.sa.add(new_perm)

			




	
	
	
		
 

			




	
	
	
		
 
    def populate_default_permissions(self):

			




	
	
	
		
 
        log.info('creating default user permissions')

			




	
	
	
		
 

			




	
	
	
		
 
        default_user = User.get_by_username('default')

			




	
	
	
		
 

			




	
	
	
		
 
        for def_perm in ['hg.register.manual_activate', 'hg.create.repository',

			




	
	
	
		
 
                         'hg.fork.repository', 'repository.read']:

			




	
	
	
		
 
        for def_perm in User.DEFAULT_PERMISSIONS:

			




	
	
	
		
 

			




	
	
	
		
 
            perm = self.sa.query(Permission)\

			




	
	
	
		
 
             .filter(Permission.permission_name == def_perm)\

			




	
	
	
		
 
             .scalar()

			




	
	
	
		
 
            if not perm:

			




	
	
	
		
 
                raise Exception(

			




	
	
	
		
 
                  'CRITICAL: permission %s not found inside database !!'

			




	
	
	
		
 
                  % def_perm

			




	
	
	
		
 
                )

			




	
	
	
		
 
            if not UserToPerm.query()\

			




	
	
	
		
 
                .filter(UserToPerm.permission == perm)\

			




	
	
	
		
 
                .filter(UserToPerm.user == default_user).scalar():

			




	
	
	
		
 
                reg_perm = UserToPerm()

			




	
	
	
		
 
                reg_perm.user = default_user

			




	
	
	
		
 
                reg_perm.permission = perm

			




	
	
	
		
 
                self.sa.add(reg_perm)

			




        

    


    
    

    

        

                

                    rhodecode/model/db.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -244,97 +244,100 @@ class RhodeCodeUi(Base, BaseModel):

			




	
	
	
		
 
    ui_active = Column("ui_active", Boolean(), nullable=True, unique=None, default=True)

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def get_by_key(cls, key):

			




	
	
	
		
 
        return cls.query().filter(cls.ui_key == key).scalar()

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def get_builtin_hooks(cls):

			




	
	
	
		
 
        q = cls.query()

			




	
	
	
		
 
        q = q.filter(cls.ui_key.in_([cls.HOOK_UPDATE, cls.HOOK_REPO_SIZE,

			




	
	
	
		
 
                                     cls.HOOK_PUSH, cls.HOOK_PRE_PUSH,

			




	
	
	
		
 
                                     cls.HOOK_PULL, cls.HOOK_PRE_PULL]))

			




	
	
	
		
 
        return q.all()

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def get_custom_hooks(cls):

			




	
	
	
		
 
        q = cls.query()

			




	
	
	
		
 
        q = q.filter(~cls.ui_key.in_([cls.HOOK_UPDATE, cls.HOOK_REPO_SIZE,

			




	
	
	
		
 
                                      cls.HOOK_PUSH, cls.HOOK_PRE_PUSH,

			




	
	
	
		
 
                                      cls.HOOK_PULL, cls.HOOK_PRE_PULL]))

			




	
	
	
		
 
        q = q.filter(cls.ui_section == 'hooks')

			




	
	
	
		
 
        return q.all()

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def get_repos_location(cls):

			




	
	
	
		
 
        return cls.get_by_key('/').ui_value

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def create_or_update_hook(cls, key, val):

			




	
	
	
		
 
        new_ui = cls.get_by_key(key) or cls()

			




	
	
	
		
 
        new_ui.ui_section = 'hooks'

			




	
	
	
		
 
        new_ui.ui_active = True

			




	
	
	
		
 
        new_ui.ui_key = key

			




	
	
	
		
 
        new_ui.ui_value = val

			




	
	
	
		
 

			




	
	
	
		
 
        Session().add(new_ui)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class User(Base, BaseModel):

			




	
	
	
		
 
    __tablename__ = 'users'

			




	
	
	
		
 
    __table_args__ = (

			




	
	
	
		
 
        UniqueConstraint('username'), UniqueConstraint('email'),

			




	
	
	
		
 
        Index('u_username_idx', 'username'),

			




	
	
	
		
 
        Index('u_email_idx', 'email'),

			




	
	
	
		
 
        {'extend_existing': True, 'mysql_engine': 'InnoDB',

			




	
	
	
		
 
         'mysql_charset': 'utf8'}

			




	
	
	
		
 
    )

			




	
	
	
		
 
    DEFAULT_USER = 'default'

			




	
	
	
		
 

			




	
	
	
		
 
    DEFAULT_PERMISSIONS = [

			




	
	
	
		
 
        'hg.register.manual_activate', 'hg.create.repository',

			




	
	
	
		
 
        'hg.fork.repository', 'repository.read'

			




	
	
	
		
 
    ]

			




	
	
	
		
 
    user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

			




	
	
	
		
 
    username = Column("username", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

			




	
	
	
		
 
    password = Column("password", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

			




	
	
	
		
 
    active = Column("active", Boolean(), nullable=True, unique=None, default=True)

			




	
	
	
		
 
    admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)

			




	
	
	
		
 
    name = Column("firstname", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

			




	
	
	
		
 
    lastname = Column("lastname", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

			




	
	
	
		
 
    _email = Column("email", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

			




	
	
	
		
 
    last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)

			




	
	
	
		
 
    ldap_dn = Column("ldap_dn", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

			




	
	
	
		
 
    api_key = Column("api_key", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

			




	
	
	
		
 
    inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)

			




	
	
	
		
 

			




	
	
	
		
 
    user_log = relationship('UserLog', cascade='all')

			




	
	
	
		
 
    user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')

			




	
	
	
		
 

			




	
	
	
		
 
    repositories = relationship('Repository')

			




	
	
	
		
 
    user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')

			




	
	
	
		
 
    repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')

			




	
	
	
		
 
    repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')

			




	
	
	
		
 

			




	
	
	
		
 
    group_member = relationship('UsersGroupMember', cascade='all')

			




	
	
	
		
 

			




	
	
	
		
 
    notifications = relationship('UserNotification', cascade='all')

			




	
	
	
		
 
    # notifications assigned to this user

			




	
	
	
		
 
    user_created_notifications = relationship('Notification', cascade='all')

			




	
	
	
		
 
    # comments created by this user

			




	
	
	
		
 
    user_comments = relationship('ChangesetComment', cascade='all')

			




	
	
	
		
 
    #extra emails for this user

			




	
	
	
		
 
    user_emails = relationship('UserEmailMap', cascade='all')

			




	
	
	
		
 

			




	
	
	
		
 
    @hybrid_property

			




	
	
	
		
 
    def email(self):

			




	
	
	
		
 
        return self._email

			




	
	
	
		
 

			




	
	
	
		
 
    @email.setter

			




	
	
	
		
 
    def email(self, val):

			




	
	
	
		
 
        self._email = val.lower() if val else None

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def firstname(self):

			




	
	
	
		
 
        # alias for future

			




	
	
	
		
 
        return self.name

			




	
	
	
		
 

			




	
	
	
		
 
    @property

			




	
	
	
		
 
    def emails(self):

			




	
	
	
		
 
        other = UserEmailMap.query().filter(UserEmailMap.user==self).all()

			




	
	
	
		
 
        return [self.email] + [x.email for x in other]

			




        

    


    
    

    

        

                

                    rhodecode/model/permission.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -32,97 +32,97 @@ from rhodecode.lib.caching_query import 

			




	
	
	
		
 

			




	
	
	
		
 
from rhodecode.model import BaseModel

			




	
	
	
		
 
from rhodecode.model.db import User, Permission, UserToPerm, UserRepoToPerm,\

			




	
	
	
		
 
    UserRepoGroupToPerm

			




	
	
	
		
 

			




	
	
	
		
 
log = logging.getLogger(__name__)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class PermissionModel(BaseModel):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Permissions model for RhodeCode

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    cls = Permission

			




	
	
	
		
 

			




	
	
	
		
 
    def get_permission(self, permission_id, cache=False):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Get's permissions by id

			




	
	
	
		
 

			




	
	
	
		
 
        :param permission_id: id of permission to get from database

			




	
	
	
		
 
        :param cache: use Cache for this query

			




	
	
	
		
 
        """

			




	
	
	
		
 
        perm = self.sa.query(Permission)

			




	
	
	
		
 
        if cache:

			




	
	
	
		
 
            perm = perm.options(FromCache("sql_cache_short",

			




	
	
	
		
 
                                          "get_permission_%s" % permission_id))

			




	
	
	
		
 
        return perm.get(permission_id)

			




	
	
	
		
 

			




	
	
	
		
 
    def get_permission_by_name(self, name, cache=False):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Get's permissions by given name

			




	
	
	
		
 

			




	
	
	
		
 
        :param name: name to fetch

			




	
	
	
		
 
        :param cache: Use cache for this query

			




	
	
	
		
 
        """

			




	
	
	
		
 
        perm = self.sa.query(Permission)\

			




	
	
	
		
 
            .filter(Permission.permission_name == name)

			




	
	
	
		
 
        if cache:

			




	
	
	
		
 
            perm = perm.options(FromCache("sql_cache_short",

			




	
	
	
		
 
                                          "get_permission_%s" % name))

			




	
	
	
		
 
        return perm.scalar()

			




	
	
	
		
 

			




	
	
	
		
 
    def update(self, form_result):

			




	
	
	
		
 
        perm_user = self.sa.query(User)\

			




	
	
	
		
 
                        .filter(User.username ==

			




	
	
	
		
 
                                form_result['perm_user_name']).scalar()

			




	
	
	
		
 
        u2p = self.sa.query(UserToPerm).filter(UserToPerm.user ==

			




	
	
	
		
 
                                               perm_user).all()

			




	
	
	
		
 
        if len(u2p) != 4:

			




	
	
	
		
 
        if len(u2p) != len(User.DEFAULT_PERMISSIONS):

			




	
	
	
		
 
            raise Exception('Defined: %s should be 4  permissions for default'

			




	
	
	
		
 
                            ' user. This should not happen please verify'

			




	
	
	
		
 
                            ' your database' % len(u2p))

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            # stage 1 change defaults

			




	
	
	
		
 
            for p in u2p:

			




	
	
	
		
 
                if p.permission.permission_name.startswith('repository.'):

			




	
	
	
		
 
                    p.permission = self.get_permission_by_name(

			




	
	
	
		
 
                                       form_result['default_perm'])

			




	
	
	
		
 
                    self.sa.add(p)

			




	
	
	
		
 

			




	
	
	
		
 
                elif p.permission.permission_name.startswith('hg.register.'):

			




	
	
	
		
 
                    p.permission = self.get_permission_by_name(

			




	
	
	
		
 
                                       form_result['default_register'])

			




	
	
	
		
 
                    self.sa.add(p)

			




	
	
	
		
 

			




	
	
	
		
 
                elif p.permission.permission_name.startswith('hg.create.'):

			




	
	
	
		
 
                    p.permission = self.get_permission_by_name(

			




	
	
	
		
 
                                        form_result['default_create'])

			




	
	
	
		
 
                    self.sa.add(p)

			




	
	
	
		
 

			




	
	
	
		
 
                elif p.permission.permission_name.startswith('hg.fork.'):

			




	
	
	
		
 
                    p.permission = self.get_permission_by_name(

			




	
	
	
		
 
                                        form_result['default_fork'])

			




	
	
	
		
 
                    self.sa.add(p)

			




	
	
	
		
 

			




	
	
	
		
 
            _def_name = form_result['default_perm'].split('repository.')[-1]

			




	
	
	
		
 
            #stage 2 update all default permissions for repos if checked

			




	
	
	
		
 
            if form_result['overwrite_default'] == True:

			




	
	
	
		
 
                _def = self.get_permission_by_name('repository.' + _def_name)

			




	
	
	
		
 
                # repos

			




	
	
	
		
 
                for r2p in self.sa.query(UserRepoToPerm)\

			




	
	
	
		
 
                               .filter(UserRepoToPerm.user == perm_user)\

			




	
	
	
		
 
                               .all():

			




	
	
	
		
 
                    r2p.permission = _def

			




	
	
	
		
 
                    self.sa.add(r2p)

			




	
	
	
		
 
                # groups

			




	
	
	
		
 
                _def = self.get_permission_by_name('group.' + _def_name)

			




	
	
	
		
 
                for g2p in self.sa.query(UserRepoGroupToPerm)\

			




	
	
	
		
 
                               .filter(UserRepoGroupToPerm.user == perm_user)\

			




	
	
	
		
 
                               .all():

			




	
	
	
		
 
                    g2p.permission = _def

			




	
	
	
		
 
                    self.sa.add(g2p)

			




	
	
	
		
 

			




	
	
	
		
 
            # stage 3 set anonymous access

			




	
	
	
		
 
            if perm_user.username == 'default':

			




	
	
	
		
 
                perm_user.active = bool(form_result['anonymous'])

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.