Changeset - 09dc083f461f
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Mads Kiilerich - 9 years ago 2016-09-12 17:41:19
madski@unity3d.com
api: drop odd creation of password when extern_name is set

The check of extern_name and the interpretation of it seems odd.

Also, there is no point in setting a random password. It can't be retrieved and
used, and not setting a password is more secure.
1 file changed with 0 insertions and 4 deletions:
kallithea/controllers/api/api.py
4
0 comments (0 inline, 0 general)
kallithea/controllers/api/api.py
Show inline comments
 
@@ -296,772 +296,768 @@ class ApiController(JSONRPCController):
 
                msg='Cache for repository `%s` was invalidated' % (repoid,),
 
                repository=repo.repo_name
 
            )
 
        except Exception:
 
            log.error(traceback.format_exc())
 
            raise JSONRPCError(
 
                'Error occurred during cache invalidation action'
 
            )
 

			




	
	
	
		
 
    # permission check inside

			




	
	
	
		
 
    def lock(self, apiuser, repoid, locked=Optional(None),

			




	
	
	
		
 
             userid=Optional(OAttr('apiuser'))):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Set locking state on given repository by given user. If userid param

			




	
	
	
		
 
        is skipped, then it is set to id of user who is calling this method.

			




	
	
	
		
 
        If locked param is skipped then function shows current lock state of

			




	
	
	
		
 
        given repo. This command can be executed only using api_key belonging

			




	
	
	
		
 
        to user with admin rights or regular user that have admin or write

			




	
	
	
		
 
        access to repository.

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser: filled automatically from apikey

			




	
	
	
		
 
        :type apiuser: AuthUser

			




	
	
	
		
 
        :param repoid: repository name or repository id

			




	
	
	
		
 
        :type repoid: str or int

			




	
	
	
		
 
        :param locked: lock state to be set

			




	
	
	
		
 
        :type locked: Optional(bool)

			




	
	
	
		
 
        :param userid: set lock as user

			




	
	
	
		
 
        :type userid: Optional(str or int)

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : {

			




	
	
	
		
 
            'repo': '<reponame>',

			




	
	
	
		
 
            'locked': <bool: lock state>,

			




	
	
	
		
 
            'locked_since': <int: lock timestamp>,

			




	
	
	
		
 
            'locked_by': <username of person who made the lock>,

			




	
	
	
		
 
            'lock_state_changed': <bool: True if lock state has been changed in this request>,

			




	
	
	
		
 
            'msg': 'Repo `<reponame>` locked by `<username>` on <timestamp>.'

			




	
	
	
		
 
            or

			




	
	
	
		
 
            'msg': 'Repo `<repository name>` not locked.'

			




	
	
	
		
 
            or

			




	
	
	
		
 
            'msg': 'User `<user name>` set lock state for repo `<repository name>` to `<new lock state>`'

			




	
	
	
		
 
          }

			




	
	
	
		
 
          error :  null

			




	
	
	
		
 

			




	
	
	
		
 
        ERROR OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : null

			




	
	
	
		
 
          error :  {

			




	
	
	
		
 
            'Error occurred locking repository `<reponame>`

			




	
	
	
		
 
          }

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 
        repo = get_repo_or_error(repoid)

			




	
	
	
		
 
        if HasPermissionAnyApi('hg.admin')(user=apiuser):

			




	
	
	
		
 
            pass

			




	
	
	
		
 
        elif HasRepoPermissionAnyApi('repository.admin',

			




	
	
	
		
 
                                     'repository.write')(user=apiuser,

			




	
	
	
		
 
                                                         repo_name=repo.repo_name):

			




	
	
	
		
 
            # make sure normal user does not pass someone else userid,

			




	
	
	
		
 
            # he is not allowed to do that

			




	
	
	
		
 
            if not isinstance(userid, Optional) and userid != apiuser.user_id:

			




	
	
	
		
 
                raise JSONRPCError(

			




	
	
	
		
 
                    'userid is not the same as your user'

			




	
	
	
		
 
                )

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            raise JSONRPCError('repository `%s` does not exist' % (repoid,))

			




	
	
	
		
 

			




	
	
	
		
 
        if isinstance(userid, Optional):

			




	
	
	
		
 
            userid = apiuser.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        user = get_user_or_error(userid)

			




	
	
	
		
 

			




	
	
	
		
 
        if isinstance(locked, Optional):

			




	
	
	
		
 
            lockobj = Repository.getlock(repo)

			




	
	
	
		
 

			




	
	
	
		
 
            if lockobj[0] is None:

			




	
	
	
		
 
                _d = {

			




	
	
	
		
 
                    'repo': repo.repo_name,

			




	
	
	
		
 
                    'locked': False,

			




	
	
	
		
 
                    'locked_since': None,

			




	
	
	
		
 
                    'locked_by': None,

			




	
	
	
		
 
                    'lock_state_changed': False,

			




	
	
	
		
 
                    'msg': 'Repo `%s` not locked.' % repo.repo_name

			




	
	
	
		
 
                }

			




	
	
	
		
 
                return _d

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                userid, time_ = lockobj

			




	
	
	
		
 
                lock_user = get_user_or_error(userid)

			




	
	
	
		
 
                _d = {

			




	
	
	
		
 
                    'repo': repo.repo_name,

			




	
	
	
		
 
                    'locked': True,

			




	
	
	
		
 
                    'locked_since': time_,

			




	
	
	
		
 
                    'locked_by': lock_user.username,

			




	
	
	
		
 
                    'lock_state_changed': False,

			




	
	
	
		
 
                    'msg': ('Repo `%s` locked by `%s` on `%s`.'

			




	
	
	
		
 
                            % (repo.repo_name, lock_user.username,

			




	
	
	
		
 
                               json.dumps(time_to_datetime(time_))))

			




	
	
	
		
 
                }

			




	
	
	
		
 
                return _d

			




	
	
	
		
 

			




	
	
	
		
 
        # force locked state through a flag

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            locked = str2bool(locked)

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                if locked:

			




	
	
	
		
 
                    lock_time = time.time()

			




	
	
	
		
 
                    Repository.lock(repo, user.user_id, lock_time)

			




	
	
	
		
 
                else:

			




	
	
	
		
 
                    lock_time = None

			




	
	
	
		
 
                    Repository.unlock(repo)

			




	
	
	
		
 
                _d = {

			




	
	
	
		
 
                    'repo': repo.repo_name,

			




	
	
	
		
 
                    'locked': locked,

			




	
	
	
		
 
                    'locked_since': lock_time,

			




	
	
	
		
 
                    'locked_by': user.username,

			




	
	
	
		
 
                    'lock_state_changed': True,

			




	
	
	
		
 
                    'msg': ('User `%s` set lock state for repo `%s` to `%s`'

			




	
	
	
		
 
                            % (user.username, repo.repo_name, locked))

			




	
	
	
		
 
                }

			




	
	
	
		
 
                return _d

			




	
	
	
		
 
            except Exception:

			




	
	
	
		
 
                log.error(traceback.format_exc())

			




	
	
	
		
 
                raise JSONRPCError(

			




	
	
	
		
 
                    'Error occurred locking repository `%s`' % repo.repo_name

			




	
	
	
		
 
                )

			




	
	
	
		
 

			




	
	
	
		
 
    def get_locks(self, apiuser, userid=Optional(OAttr('apiuser'))):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Get all repositories with locks for given userid, if

			




	
	
	
		
 
        this command is run by non-admin account userid is set to user

			




	
	
	
		
 
        who is calling this method, thus returning locks for himself.

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser: filled automatically from apikey

			




	
	
	
		
 
        :type apiuser: AuthUser

			




	
	
	
		
 
        :param userid: User to get locks for

			




	
	
	
		
 
        :type userid: Optional(str or int)

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : {

			




	
	
	
		
 
            [repo_object, repo_object,...]

			




	
	
	
		
 
          }

			




	
	
	
		
 
          error :  null

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        if not HasPermissionAnyApi('hg.admin')(user=apiuser):

			




	
	
	
		
 
            # make sure normal user does not pass someone else userid,

			




	
	
	
		
 
            # he is not allowed to do that

			




	
	
	
		
 
            if not isinstance(userid, Optional) and userid != apiuser.user_id:

			




	
	
	
		
 
                raise JSONRPCError(

			




	
	
	
		
 
                    'userid is not the same as your user'

			




	
	
	
		
 
                )

			




	
	
	
		
 

			




	
	
	
		
 
        ret = []

			




	
	
	
		
 
        if isinstance(userid, Optional):

			




	
	
	
		
 
            user = None

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            user = get_user_or_error(userid)

			




	
	
	
		
 

			




	
	
	
		
 
        # show all locks

			




	
	
	
		
 
        for r in Repository.get_all():

			




	
	
	
		
 
            userid, time_ = r.locked

			




	
	
	
		
 
            if time_:

			




	
	
	
		
 
                _api_data = r.get_api_data()

			




	
	
	
		
 
                # if we use userfilter just show the locks for this user

			




	
	
	
		
 
                if user is not None:

			




	
	
	
		
 
                    if safe_int(userid) == user.user_id:

			




	
	
	
		
 
                        ret.append(_api_data)

			




	
	
	
		
 
                else:

			




	
	
	
		
 
                    ret.append(_api_data)

			




	
	
	
		
 

			




	
	
	
		
 
        return ret

			




	
	
	
		
 

			




	
	
	
		
 
    @HasPermissionAnyDecorator('hg.admin')

			




	
	
	
		
 
    def get_ip(self, apiuser, userid=Optional(OAttr('apiuser'))):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Shows IP address as seen from Kallithea server, together with all

			




	
	
	
		
 
        defined IP addresses for given user. If userid is not passed data is

			




	
	
	
		
 
        returned for user who's calling this function.

			




	
	
	
		
 
        This command can be executed only using api_key belonging to user with

			




	
	
	
		
 
        admin rights.

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser: filled automatically from apikey

			




	
	
	
		
 
        :type apiuser: AuthUser

			




	
	
	
		
 
        :param userid: username to show ips for

			




	
	
	
		
 
        :type userid: Optional(str or int)

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
            id : <id_given_in_input>

			




	
	
	
		
 
            result : {

			




	
	
	
		
 
                         "server_ip_addr": "<ip_from_clien>",

			




	
	
	
		
 
                         "user_ips": [

			




	
	
	
		
 
                                        {

			




	
	
	
		
 
                                           "ip_addr": "<ip_with_mask>",

			




	
	
	
		
 
                                           "ip_range": ["<start_ip>", "<end_ip>"],

			




	
	
	
		
 
                                        },

			




	
	
	
		
 
                                        ...

			




	
	
	
		
 
                                     ]

			




	
	
	
		
 
            }

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 
        if isinstance(userid, Optional):

			




	
	
	
		
 
            userid = apiuser.user_id

			




	
	
	
		
 
        user = get_user_or_error(userid)

			




	
	
	
		
 
        ips = UserIpMap.query().filter(UserIpMap.user == user).all()

			




	
	
	
		
 
        return dict(

			




	
	
	
		
 
            server_ip_addr=self.ip_addr,

			




	
	
	
		
 
            user_ips=ips

			




	
	
	
		
 
        )

			




	
	
	
		
 

			




	
	
	
		
 
    # alias for old

			




	
	
	
		
 
    show_ip = get_ip

			




	
	
	
		
 

			




	
	
	
		
 
    @HasPermissionAnyDecorator('hg.admin')

			




	
	
	
		
 
    def get_server_info(self, apiuser):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        return server info, including Kallithea version and installed packages

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser: filled automatically from apikey

			




	
	
	
		
 
        :type apiuser: AuthUser

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : {

			




	
	
	
		
 
            'modules': [<module name>,...]

			




	
	
	
		
 
            'py_version': <python version>,

			




	
	
	
		
 
            'platform': <platform type>,

			




	
	
	
		
 
            'kallithea_version': <kallithea version>

			




	
	
	
		
 
          }

			




	
	
	
		
 
          error :  null

			




	
	
	
		
 
        """

			




	
	
	
		
 
        return Setting.get_server_info()

			




	
	
	
		
 

			




	
	
	
		
 
    def get_user(self, apiuser, userid=Optional(OAttr('apiuser'))):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Gets a user by username or user_id, Returns empty result if user is

			




	
	
	
		
 
        not found. If userid param is skipped it is set to id of user who is

			




	
	
	
		
 
        calling this method. This command can be executed only using api_key

			




	
	
	
		
 
        belonging to user with admin rights, or regular users that cannot

			




	
	
	
		
 
        specify different userid than theirs

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser: filled automatically from apikey

			




	
	
	
		
 
        :type apiuser: AuthUser

			




	
	
	
		
 
        :param userid: user to get data for

			




	
	
	
		
 
        :type userid: Optional(str or int)

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
            id : <id_given_in_input>

			




	
	
	
		
 
            result: None if user does not exist or

			




	
	
	
		
 
                    {

			




	
	
	
		
 
                        "user_id" :     "<user_id>",

			




	
	
	
		
 
                        "api_key" :     "<api_key>",

			




	
	
	
		
 
                        "api_keys":     "[<list of all API keys including additional ones>]"

			




	
	
	
		
 
                        "username" :    "<username>",

			




	
	
	
		
 
                        "firstname":    "<firstname>",

			




	
	
	
		
 
                        "lastname" :    "<lastname>",

			




	
	
	
		
 
                        "email" :       "<email>",

			




	
	
	
		
 
                        "emails":       "[<list of all emails including additional ones>]",

			




	
	
	
		
 
                        "ip_addresses": "[<ip_address_for_user>,...]",

			




	
	
	
		
 
                        "active" :      "<bool: user active>",

			




	
	
	
		
 
                        "admin" :       "<bool: user is admin>",

			




	
	
	
		
 
                        "extern_name" : "<extern_name>",

			




	
	
	
		
 
                        "extern_type" : "<extern type>

			




	
	
	
		
 
                        "last_login":   "<last_login>",

			




	
	
	
		
 
                        "permissions": {

			




	
	
	
		
 
                            "global": ["hg.create.repository",

			




	
	
	
		
 
                                       "repository.read",

			




	
	
	
		
 
                                       "hg.register.manual_activate"],

			




	
	
	
		
 
                            "repositories": {"repo1": "repository.none"},

			




	
	
	
		
 
                            "repositories_groups": {"Group1": "group.read"}

			




	
	
	
		
 
                         },

			




	
	
	
		
 
                    }

			




	
	
	
		
 

			




	
	
	
		
 
            error:  null

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 
        if not HasPermissionAnyApi('hg.admin')(user=apiuser):

			




	
	
	
		
 
            # make sure normal user does not pass someone else userid,

			




	
	
	
		
 
            # he is not allowed to do that

			




	
	
	
		
 
            if not isinstance(userid, Optional) and userid != apiuser.user_id:

			




	
	
	
		
 
                raise JSONRPCError(

			




	
	
	
		
 
                    'userid is not the same as your user'

			




	
	
	
		
 
                )

			




	
	
	
		
 

			




	
	
	
		
 
        if isinstance(userid, Optional):

			




	
	
	
		
 
            userid = apiuser.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        user = get_user_or_error(userid)

			




	
	
	
		
 
        data = user.get_api_data()

			




	
	
	
		
 
        data['permissions'] = AuthUser(user_id=user.user_id).permissions

			




	
	
	
		
 
        return data

			




	
	
	
		
 

			




	
	
	
		
 
    @HasPermissionAnyDecorator('hg.admin')

			




	
	
	
		
 
    def get_users(self, apiuser):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Lists all existing users. This command can be executed only using api_key

			




	
	
	
		
 
        belonging to user with admin rights.

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser: filled automatically from apikey

			




	
	
	
		
 
        :type apiuser: AuthUser

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
            id : <id_given_in_input>

			




	
	
	
		
 
            result: [<user_object>, ...]

			




	
	
	
		
 
            error:  null

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        result = []

			




	
	
	
		
 
        users_list = User.query().order_by(User.username) \

			




	
	
	
		
 
            .filter(User.username != User.DEFAULT_USER) \

			




	
	
	
		
 
            .all()

			




	
	
	
		
 
        for user in users_list:

			




	
	
	
		
 
            result.append(user.get_api_data())

			




	
	
	
		
 
        return result

			




	
	
	
		
 

			




	
	
	
		
 
    @HasPermissionAnyDecorator('hg.admin')

			




	
	
	
		
 
    def create_user(self, apiuser, username, email, password=Optional(''),

			




	
	
	
		
 
                    firstname=Optional(''), lastname=Optional(''),

			




	
	
	
		
 
                    active=Optional(True), admin=Optional(False),

			




	
	
	
		
 
                    extern_name=Optional(EXTERN_TYPE_INTERNAL),

			




	
	
	
		
 
                    extern_type=Optional(EXTERN_TYPE_INTERNAL)):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Creates new user. Returns new user object. This command can

			




	
	
	
		
 
        be executed only using api_key belonging to user with admin rights.

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser: filled automatically from apikey

			




	
	
	
		
 
        :type apiuser: AuthUser

			




	
	
	
		
 
        :param username: new username

			




	
	
	
		
 
        :type username: str or int

			




	
	
	
		
 
        :param email: email

			




	
	
	
		
 
        :type email: str

			




	
	
	
		
 
        :param password: password

			




	
	
	
		
 
        :type password: Optional(str)

			




	
	
	
		
 
        :param firstname: firstname

			




	
	
	
		
 
        :type firstname: Optional(str)

			




	
	
	
		
 
        :param lastname: lastname

			




	
	
	
		
 
        :type lastname: Optional(str)

			




	
	
	
		
 
        :param active: active

			




	
	
	
		
 
        :type active: Optional(bool)

			




	
	
	
		
 
        :param admin: admin

			




	
	
	
		
 
        :type admin: Optional(bool)

			




	
	
	
		
 
        :param extern_name: name of extern

			




	
	
	
		
 
        :type extern_name: Optional(str)

			




	
	
	
		
 
        :param extern_type: extern_type

			




	
	
	
		
 
        :type extern_type: Optional(str)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
            id : <id_given_in_input>

			




	
	
	
		
 
            result: {

			




	
	
	
		
 
                      "msg" : "created new user `<username>`",

			




	
	
	
		
 
                      "user": <user_obj>

			




	
	
	
		
 
                    }

			




	
	
	
		
 
            error:  null

			




	
	
	
		
 

			




	
	
	
		
 
        ERROR OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : null

			




	
	
	
		
 
          error :  {

			




	
	
	
		
 
            "user `<username>` already exist"

			




	
	
	
		
 
            or

			




	
	
	
		
 
            "email `<email>` already exist"

			




	
	
	
		
 
            or

			




	
	
	
		
 
            "failed to create user `<username>`"

			




	
	
	
		
 
          }

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        if User.get_by_username(username):

			




	
	
	
		
 
            raise JSONRPCError("user `%s` already exist" % (username,))

			




	
	
	
		
 

			




	
	
	
		
 
        if User.get_by_email(email):

			




	
	
	
		
 
            raise JSONRPCError("email `%s` already exist" % (email,))

			




	
	
	
		
 

			




	
	
	
		
 
        if Optional.extract(extern_name):

			




	
	
	
		
 
            # generate temporary password if user is external

			




	
	
	
		
 
            password = PasswordGenerator().gen_password(length=8)

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            user = UserModel().create_or_update(

			




	
	
	
		
 
                username=Optional.extract(username),

			




	
	
	
		
 
                password=Optional.extract(password),

			




	
	
	
		
 
                email=Optional.extract(email),

			




	
	
	
		
 
                firstname=Optional.extract(firstname),

			




	
	
	
		
 
                lastname=Optional.extract(lastname),

			




	
	
	
		
 
                active=Optional.extract(active),

			




	
	
	
		
 
                admin=Optional.extract(admin),

			




	
	
	
		
 
                extern_type=Optional.extract(extern_type),

			




	
	
	
		
 
                extern_name=Optional.extract(extern_name)

			




	
	
	
		
 
            )

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
            return dict(

			




	
	
	
		
 
                msg='created new user `%s`' % username,

			




	
	
	
		
 
                user=user.get_api_data()

			




	
	
	
		
 
            )

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise JSONRPCError('failed to create user `%s`' % (username,))

			




	
	
	
		
 

			




	
	
	
		
 
    @HasPermissionAnyDecorator('hg.admin')

			




	
	
	
		
 
    def update_user(self, apiuser, userid, username=Optional(None),

			




	
	
	
		
 
                    email=Optional(None), password=Optional(None),

			




	
	
	
		
 
                    firstname=Optional(None), lastname=Optional(None),

			




	
	
	
		
 
                    active=Optional(None), admin=Optional(None),

			




	
	
	
		
 
                    extern_type=Optional(None), extern_name=Optional(None)):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        updates given user if such user exists. This command can

			




	
	
	
		
 
        be executed only using api_key belonging to user with admin rights.

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser: filled automatically from apikey

			




	
	
	
		
 
        :type apiuser: AuthUser

			




	
	
	
		
 
        :param userid: userid to update

			




	
	
	
		
 
        :type userid: str or int

			




	
	
	
		
 
        :param username: new username

			




	
	
	
		
 
        :type username: str or int

			




	
	
	
		
 
        :param email: email

			




	
	
	
		
 
        :type email: str

			




	
	
	
		
 
        :param password: password

			




	
	
	
		
 
        :type password: Optional(str)

			




	
	
	
		
 
        :param firstname: firstname

			




	
	
	
		
 
        :type firstname: Optional(str)

			




	
	
	
		
 
        :param lastname: lastname

			




	
	
	
		
 
        :type lastname: Optional(str)

			




	
	
	
		
 
        :param active: active

			




	
	
	
		
 
        :type active: Optional(bool)

			




	
	
	
		
 
        :param admin: admin

			




	
	
	
		
 
        :type admin: Optional(bool)

			




	
	
	
		
 
        :param extern_name:

			




	
	
	
		
 
        :type extern_name: Optional(str)

			




	
	
	
		
 
        :param extern_type:

			




	
	
	
		
 
        :type extern_type: Optional(str)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
            id : <id_given_in_input>

			




	
	
	
		
 
            result: {

			




	
	
	
		
 
                      "msg" : "updated user ID:<userid> <username>",

			




	
	
	
		
 
                      "user": <user_object>,

			




	
	
	
		
 
                    }

			




	
	
	
		
 
            error:  null

			




	
	
	
		
 

			




	
	
	
		
 
        ERROR OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : null

			




	
	
	
		
 
          error :  {

			




	
	
	
		
 
            "failed to update user `<username>`"

			




	
	
	
		
 
          }

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        user = get_user_or_error(userid)

			




	
	
	
		
 

			




	
	
	
		
 
        # only non optional arguments will be stored in updates

			




	
	
	
		
 
        updates = {}

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 

			




	
	
	
		
 
            store_update(updates, username, 'username')

			




	
	
	
		
 
            store_update(updates, password, 'password')

			




	
	
	
		
 
            store_update(updates, email, 'email')

			




	
	
	
		
 
            store_update(updates, firstname, 'name')

			




	
	
	
		
 
            store_update(updates, lastname, 'lastname')

			




	
	
	
		
 
            store_update(updates, active, 'active')

			




	
	
	
		
 
            store_update(updates, admin, 'admin')

			




	
	
	
		
 
            store_update(updates, extern_name, 'extern_name')

			




	
	
	
		
 
            store_update(updates, extern_type, 'extern_type')

			




	
	
	
		
 

			




	
	
	
		
 
            user = UserModel().update_user(user, **updates)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
            return dict(

			




	
	
	
		
 
                msg='updated user ID:%s %s' % (user.user_id, user.username),

			




	
	
	
		
 
                user=user.get_api_data()

			




	
	
	
		
 
            )

			




	
	
	
		
 
        except DefaultUserException:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise JSONRPCError('editing default user is forbidden')

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise JSONRPCError('failed to update user `%s`' % (userid,))

			




	
	
	
		
 

			




	
	
	
		
 
    @HasPermissionAnyDecorator('hg.admin')

			




	
	
	
		
 
    def delete_user(self, apiuser, userid):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        deletes given user if such user exists. This command can

			




	
	
	
		
 
        be executed only using api_key belonging to user with admin rights.

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser: filled automatically from apikey

			




	
	
	
		
 
        :type apiuser: AuthUser

			




	
	
	
		
 
        :param userid: user to delete

			




	
	
	
		
 
        :type userid: str or int

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
            id : <id_given_in_input>

			




	
	
	
		
 
            result: {

			




	
	
	
		
 
                      "msg" : "deleted user ID:<userid> <username>",

			




	
	
	
		
 
                      "user": null

			




	
	
	
		
 
                    }

			




	
	
	
		
 
            error:  null

			




	
	
	
		
 

			




	
	
	
		
 
        ERROR OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : null

			




	
	
	
		
 
          error :  {

			




	
	
	
		
 
            "failed to delete user ID:<userid> <username>"

			




	
	
	
		
 
          }

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 
        user = get_user_or_error(userid)

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            UserModel().delete(userid)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
            return dict(

			




	
	
	
		
 
                msg='deleted user ID:%s %s' % (user.user_id, user.username),

			




	
	
	
		
 
                user=None

			




	
	
	
		
 
            )

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise JSONRPCError('failed to delete user ID:%s %s'

			




	
	
	
		
 
                               % (user.user_id, user.username))

			




	
	
	
		
 

			




	
	
	
		
 
    # permission check inside

			




	
	
	
		
 
    def get_user_group(self, apiuser, usergroupid):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Gets an existing user group. This command can be executed only using api_key

			




	
	
	
		
 
        belonging to user with admin rights or user who has at least

			




	
	
	
		
 
        read access to user group.

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser: filled automatically from apikey

			




	
	
	
		
 
        :type apiuser: AuthUser

			




	
	
	
		
 
        :param usergroupid: id of user_group to edit

			




	
	
	
		
 
        :type usergroupid: str or int

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
            id : <id_given_in_input>

			




	
	
	
		
 
            result : None if group not exist

			




	
	
	
		
 
                     {

			




	
	
	
		
 
                       "users_group_id" : "<id>",

			




	
	
	
		
 
                       "group_name" :     "<groupname>",

			




	
	
	
		
 
                       "active":          "<bool>",

			




	
	
	
		
 
                       "members" :  [<user_obj>,...]

			




	
	
	
		
 
                     }

			




	
	
	
		
 
            error : null

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 
        user_group = get_user_group_or_error(usergroupid)

			




	
	
	
		
 
        if not HasPermissionAnyApi('hg.admin')(user=apiuser):

			




	
	
	
		
 
            # check if we have at least read permission for this user group !

			




	
	
	
		
 
            _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)

			




	
	
	
		
 
            if not HasUserGroupPermissionAny(*_perms)(

			




	
	
	
		
 
                    user=apiuser, user_group_name=user_group.users_group_name):

			




	
	
	
		
 
                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

			




	
	
	
		
 

			




	
	
	
		
 
        data = user_group.get_api_data()

			




	
	
	
		
 
        return data

			




	
	
	
		
 

			




	
	
	
		
 
    # permission check inside

			




	
	
	
		
 
    def get_user_groups(self, apiuser):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Lists all existing user groups. This command can be executed only using

			




	
	
	
		
 
        api_key belonging to user with admin rights or user who has at least

			




	
	
	
		
 
        read access to user group.

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser: filled automatically from apikey

			




	
	
	
		
 
        :type apiuser: AuthUser

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
            id : <id_given_in_input>

			




	
	
	
		
 
            result : [<user_group_obj>,...]

			




	
	
	
		
 
            error : null

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        result = []

			




	
	
	
		
 
        _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)

			




	
	
	
		
 
        extras = {'user': apiuser}

			




	
	
	
		
 
        for user_group in UserGroupList(UserGroup.get_all(),

			




	
	
	
		
 
                                        perm_set=_perms, extra_kwargs=extras):

			




	
	
	
		
 
            result.append(user_group.get_api_data())

			




	
	
	
		
 
        return result

			




	
	
	
		
 

			




	
	
	
		
 
    @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')

			




	
	
	
		
 
    def create_user_group(self, apiuser, group_name, description=Optional(''),

			




	
	
	
		
 
                          owner=Optional(OAttr('apiuser')), active=Optional(True)):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Creates new user group. This command can be executed only using api_key

			




	
	
	
		
 
        belonging to user with admin rights or an user who has create user group

			




	
	
	
		
 
        permission

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser: filled automatically from apikey

			




	
	
	
		
 
        :type apiuser: AuthUser

			




	
	
	
		
 
        :param group_name: name of new user group

			




	
	
	
		
 
        :type group_name: str

			




	
	
	
		
 
        :param description: group description

			




	
	
	
		
 
        :type description: str

			




	
	
	
		
 
        :param owner: owner of group. If not passed apiuser is the owner

			




	
	
	
		
 
        :type owner: Optional(str or int)

			




	
	
	
		
 
        :param active: group is active

			




	
	
	
		
 
        :type active: Optional(bool)

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
            id : <id_given_in_input>

			




	
	
	
		
 
            result: {

			




	
	
	
		
 
                      "msg": "created new user group `<groupname>`",

			




	
	
	
		
 
                      "user_group": <user_group_object>

			




	
	
	
		
 
                    }

			




	
	
	
		
 
            error:  null

			




	
	
	
		
 

			




	
	
	
		
 
        ERROR OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : null

			




	
	
	
		
 
          error :  {

			




	
	
	
		
 
            "user group `<group name>` already exist"

			




	
	
	
		
 
            or

			




	
	
	
		
 
            "failed to create group `<group name>`"

			




	
	
	
		
 
          }

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        if UserGroupModel().get_by_name(group_name):

			




	
	
	
		
 
            raise JSONRPCError("user group `%s` already exist" % (group_name,))

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            if isinstance(owner, Optional):

			




	
	
	
		
 
                owner = apiuser.user_id

			




	
	
	
		
 

			




	
	
	
		
 
            owner = get_user_or_error(owner)

			




	
	
	
		
 
            active = Optional.extract(active)

			




	
	
	
		
 
            description = Optional.extract(description)

			




	
	
	
		
 
            ug = UserGroupModel().create(name=group_name, description=description,

			




	
	
	
		
 
                                         owner=owner, active=active)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
            return dict(

			




	
	
	
		
 
                msg='created new user group `%s`' % group_name,

			




	
	
	
		
 
                user_group=ug.get_api_data()

			




	
	
	
		
 
            )

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise JSONRPCError('failed to create group `%s`' % (group_name,))

			




	
	
	
		
 

			




	
	
	
		
 
    # permission check inside

			




	
	
	
		
 
    def update_user_group(self, apiuser, usergroupid, group_name=Optional(''),

			




	
	
	
		
 
                          description=Optional(''), owner=Optional(None),

			




	
	
	
		
 
                          active=Optional(True)):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Updates given usergroup.  This command can be executed only using api_key

			




	
	
	
		
 
        belonging to user with admin rights or an admin of given user group

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser: filled automatically from apikey

			




	
	
	
		
 
        :type apiuser: AuthUser

			




	
	
	
		
 
        :param usergroupid: id of user group to update

			




	
	
	
		
 
        :type usergroupid: str or int

			




	
	
	
		
 
        :param group_name: name of new user group

			




	
	
	
		
 
        :type group_name: str

			




	
	
	
		
 
        :param description: group description

			




	
	
	
		
 
        :type description: str

			




	
	
	
		
 
        :param owner: owner of group.

			




	
	
	
		
 
        :type owner: Optional(str or int)

			




	
	
	
		
 
        :param active: group is active

			




	
	
	
		
 
        :type active: Optional(bool)

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : {

			




	
	
	
		
 
            "msg": 'updated user group ID:<user group id> <user group name>',

			




	
	
	
		
 
            "user_group": <user_group_object>

			




	
	
	
		
 
          }

			




	
	
	
		
 
          error :  null

			




	
	
	
		
 

			




	
	
	
		
 
        ERROR OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : null

			




	
	
	
		
 
          error :  {

			




	
	
	
		
 
            "failed to update user group `<user group name>`"

			




	
	
	
		
 
          }

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 
        user_group = get_user_group_or_error(usergroupid)

			




	
	
	
		
 
        if not HasPermissionAnyApi('hg.admin')(user=apiuser):

			




	
	
	
		
 
            # check if we have admin permission for this user group !

			




	
	
	
		
 
            _perms = ('usergroup.admin',)

			




	
	
	
		
 
            if not HasUserGroupPermissionAny(*_perms)(

			




	
	
	
		
 
                    user=apiuser, user_group_name=user_group.users_group_name):

			




	
	
	
		
 
                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

			




	
	
	
		
 

			




	
	
	
		
 
        if not isinstance(owner, Optional):

			




	
	
	
		
 
            owner = get_user_or_error(owner)

			




	
	
	
		
 

			




	
	
	
		
 
        updates = {}

			




	
	
	
		
 
        store_update(updates, group_name, 'users_group_name')

			




	
	
	
		
 
        store_update(updates, description, 'user_group_description')

			




	
	
	
		
 
        store_update(updates, owner, 'user')

			




	
	
	
		
 
        store_update(updates, active, 'users_group_active')

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            UserGroupModel().update(user_group, updates)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
            return dict(

			




	
	
	
		
 
                msg='updated user group ID:%s %s' % (user_group.users_group_id,

			




	
	
	
		
 
                                                     user_group.users_group_name),

			




	
	
	
		
 
                user_group=user_group.get_api_data()

			




	
	
	
		
 
            )

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise JSONRPCError('failed to update user group `%s`' % (usergroupid,))

			




	
	
	
		
 

			




	
	
	
		
 
    # permission check inside

			




	
	
	
		
 
    def delete_user_group(self, apiuser, usergroupid):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Delete given user group by user group id or name.

			




	
	
	
		
 
        This command can be executed only using api_key

			




	
	
	
		
 
        belonging to user with admin rights or an admin of given user group

			




	
	
	
		
 

			




	
	
	
		
 
        :param apiuser: filled automatically from apikey

			




	
	
	
		
 
        :type apiuser: AuthUser

			




	
	
	
		
 
        :param usergroupid:

			




	
	
	
		
 
        :type usergroupid: int

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : {

			




	
	
	
		
 
            "msg": "deleted user group ID:<user_group_id> <user_group_name>"

			




	
	
	
		
 
          }

			




	
	
	
		
 
          error :  null

			




	
	
	
		
 

			




	
	
	
		
 
        ERROR OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : null

			




	
	
	
		
 
          error :  {

			




	
	
	
		
 
            "failed to delete user group ID:<user_group_id> <user_group_name>"

			




	
	
	
		
 
            or

			




	
	
	
		
 
            "RepoGroup assigned to <repo_groups_list>"

			




	
	
	
		
 
          }

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 
        user_group = get_user_group_or_error(usergroupid)

			




	
	
	
		
 
        if not HasPermissionAnyApi('hg.admin')(user=apiuser):

			




	
	
	
		
 
            # check if we have admin permission for this user group !

			




	
	
	
		
 
            _perms = ('usergroup.admin',)

			




	
	
	
		
 
            if not HasUserGroupPermissionAny(*_perms)(

			




	
	
	
		
 
                    user=apiuser, user_group_name=user_group.users_group_name):

			




	
	
	
		
 
                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            UserGroupModel().delete(user_group)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
            return dict(

			




	
	
	
		
 
                msg='deleted user group ID:%s %s' %

			




	
	
	
		
 
                    (user_group.users_group_id, user_group.users_group_name),

			




	
	
	
		
 
                user_group=None

			




	
	
	
		
 
            )

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.