Changeset - 222e6769e7b5
Parent rev.
Child rev.
[Not reviewed]
beta
0 6 0
Marcin Kuzminski - 13 years ago 2013-04-23 00:47:22
marcin@python-works.com
Added separate default permission for external_auth account
activation. This flag allows users to define separate option of how
activation of external_accounts should be performed.
6 files changed with 34 insertions and 12 deletions:
rhodecode/controllers/admin/permissions.py
11
1
rhodecode/lib/auth.py
4
4
rhodecode/model/db.py
7
5
rhodecode/model/forms.py
2
1
rhodecode/model/permission.py
2
1
rhodecode/templates/admin/permissions/permissions.html
8
0 comments (0 inline, 0 general)
rhodecode/controllers/admin/permissions.py
Show inline comments
 
@@ -66,24 +66,29 @@ class PermissionsController(BaseControll
 
        c.user_group_perms_choices = [('usergroup.none', _('None'),),
 
                                      ('usergroup.read', _('Read'),),
 
                                      ('usergroup.write', _('Write'),),
 
                                      ('usergroup.admin', _('Admin'),)]
 
        c.register_choices = [
 
            ('hg.register.none',
 
                _('Disabled')),
 
            ('hg.register.manual_activate',
 
                _('Allowed with manual account activation')),
 
            ('hg.register.auto_activate',
 
                _('Allowed with automatic account activation')), ]
 

			




	
	
	
		
 
        c.extern_activate_choices = [

			




	
	
	
		
 
            ('hg.extern_activate.manual', _('Manual activation of external account')),

			




	
	
	
		
 
            ('hg.extern_activate.auto', _('Automatic activation of external account')),

			




	
	
	
		
 
        ]

			




	
	
	
		
 

			




	
	
	
		
 
        c.repo_create_choices = [('hg.create.none', _('Disabled')),

			




	
	
	
		
 
                                 ('hg.create.repository', _('Enabled'))]

			




	
	
	
		
 

			




	
	
	
		
 
        c.user_group_create_choices = [('hg.usergroup.create.false', _('Disabled')),

			




	
	
	
		
 
                                       ('hg.usergroup.create.true', _('Enabled'))]

			




	
	
	
		
 

			




	
	
	
		
 
        c.repo_group_create_choices = [('hg.repogroup.create.false', _('Disabled')),

			




	
	
	
		
 
                                       ('hg.repogroup.create.true', _('Enabled'))]

			




	
	
	
		
 

			




	
	
	
		
 
        c.fork_choices = [('hg.fork.none', _('Disabled')),

			




	
	
	
		
 
                          ('hg.fork.repository', _('Enabled'))]

			




	
	
	
		
 

			




	
	
		
 
@@ -112,25 +117,27 @@ class PermissionsController(BaseControll

			




	
	
	
		
 
            c.perm_user = AuthUser(user_id=default_user.user_id)

			




	
	
	
		
 
            c.user_ip_map = UserIpMap.query()\

			




	
	
	
		
 
                            .filter(UserIpMap.user == default_user).all()

			




	
	
	
		
 

			




	
	
	
		
 
            _form = DefaultPermissionsForm(

			




	
	
	
		
 
                    [x[0] for x in c.repo_perms_choices],

			




	
	
	
		
 
                    [x[0] for x in c.group_perms_choices],

			




	
	
	
		
 
                    [x[0] for x in c.user_group_perms_choices],

			




	
	
	
		
 
                    [x[0] for x in c.repo_create_choices],

			




	
	
	
		
 
                    [x[0] for x in c.repo_group_create_choices],

			




	
	
	
		
 
                    [x[0] for x in c.user_group_create_choices],

			




	
	
	
		
 
                    [x[0] for x in c.fork_choices],

			




	
	
	
		
 
                    [x[0] for x in c.register_choices])()

			




	
	
	
		
 
                    [x[0] for x in c.register_choices],

			




	
	
	
		
 
                    [x[0] for x in c.extern_activate_choices],

			




	
	
	
		
 
            )()

			




	
	
	
		
 

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                form_result = _form.to_python(dict(request.POST))

			




	
	
	
		
 
                form_result.update({'perm_user_name': id})

			




	
	
	
		
 
                PermissionModel().update(form_result)

			




	
	
	
		
 
                Session().commit()

			




	
	
	
		
 
                h.flash(_('Default permissions updated successfully'),

			




	
	
	
		
 
                        category='success')

			




	
	
	
		
 

			




	
	
	
		
 
            except formencode.Invalid, errors:

			




	
	
	
		
 
                defaults = errors.value

			




	
	
	
		
 

			




	
	
		
 
@@ -185,23 +192,26 @@ class PermissionsController(BaseControll

			




	
	
	
		
 
                if p.permission.permission_name.startswith('hg.create.'):

			




	
	
	
		
 
                    defaults['default_repo_create'] = p.permission.permission_name

			




	
	
	
		
 

			




	
	
	
		
 
                if p.permission.permission_name.startswith('hg.repogroup.'):

			




	
	
	
		
 
                    defaults['default_repo_group_create'] = p.permission.permission_name

			




	
	
	
		
 

			




	
	
	
		
 
                if p.permission.permission_name.startswith('hg.usergroup.'):

			




	
	
	
		
 
                    defaults['default_user_group_create'] = p.permission.permission_name

			




	
	
	
		
 

			




	
	
	
		
 
                if p.permission.permission_name.startswith('hg.register.'):

			




	
	
	
		
 
                    defaults['default_register'] = p.permission.permission_name

			




	
	
	
		
 

			




	
	
	
		
 
                if p.permission.permission_name.startswith('hg.extern_activate.'):

			




	
	
	
		
 
                    defaults['default_extern_activate'] = p.permission.permission_name

			




	
	
	
		
 

			




	
	
	
		
 
                if p.permission.permission_name.startswith('hg.fork.'):

			




	
	
	
		
 
                    defaults['default_fork'] = p.permission.permission_name

			




	
	
	
		
 

			




	
	
	
		
 
            return htmlfill.render(

			




	
	
	
		
 
                render('admin/permissions/permissions.html'),

			




	
	
	
		
 
                defaults=defaults,

			




	
	
	
		
 
                encoding="UTF-8",

			




	
	
	
		
 
                force_defaults=False

			




	
	
	
		
 
            )

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            return redirect(url('admin_home'))

			




        

    


    
    

    

        

                

                    rhodecode/lib/auth.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -219,26 +219,26 @@ def authenticate(username, password):

			




	
	
	
		
 
                aldap = AuthLdap(**kwargs)

			




	
	
	
		
 
                (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,

			




	
	
	
		
 
                                                                password)

			




	
	
	
		
 
                log.debug('Got ldap DN response %s' % user_dn)

			




	
	
	
		
 

			




	
	
	
		
 
                get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\

			




	
	
	
		
 
                                                           .get(k), [''])[0]

			




	
	
	
		
 

			




	
	
	
		
 
                user_attrs = {

			




	
	
	
		
 
                 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),

			




	
	
	
		
 
                 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),

			




	
	
	
		
 
                 'email': get_ldap_attr('ldap_attr_email'),

			




	
	
	
		
 
                 'active': 'hg.register.auto_activate' in User\

			




	
	
	
		
 
                    .get_default_user().AuthUser.permissions['global']

			




	
	
	
		
 
                 'active': 'hg.extern_activate.auto' in User.get_default_user()\

			




	
	
	
		
 
                                                .AuthUser.permissions['global']

			




	
	
	
		
 
                }

			




	
	
	
		
 

			




	
	
	
		
 
                # don't store LDAP password since we don't need it. Override

			




	
	
	
		
 
                # with some random generated password

			




	
	
	
		
 
                _password = PasswordGenerator().gen_password(length=8)

			




	
	
	
		
 
                # create this user on the fly if it doesn't exist in rhodecode

			




	
	
	
		
 
                # database

			




	
	
	
		
 
                if user_model.create_ldap(username, _password, user_dn,

			




	
	
	
		
 
                                          user_attrs):

			




	
	
	
		
 
                    log.info('created new ldap user %s' % username)

			




	
	
	
		
 

			




	
	
	
		
 
                Session().commit()

			




	
	
		
 
@@ -249,26 +249,26 @@ def authenticate(username, password):

			




	
	
	
		
 
                log.error(traceback.format_exc())

			




	
	
	
		
 
                pass

			




	
	
	
		
 
    return False

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def login_container_auth(username):

			




	
	
	
		
 
    user = User.get_by_username(username)

			




	
	
	
		
 
    if user is None:

			




	
	
	
		
 
        user_attrs = {

			




	
	
	
		
 
            'name': username,

			




	
	
	
		
 
            'lastname': None,

			




	
	
	
		
 
            'email': None,

			




	
	
	
		
 
            'active': 'hg.register.auto_activate' in User\

			




	
	
	
		
 
               .get_default_user().AuthUser.permissions['global']

			




	
	
	
		
 
            'active': 'hg.extern_activate.auto' in User.get_default_user()\

			




	
	
	
		
 
                                            .AuthUser.permissions['global']

			




	
	
	
		
 
        }

			




	
	
	
		
 
        user = UserModel().create_for_container_auth(username, user_attrs)

			




	
	
	
		
 
        if not user:

			




	
	
	
		
 
            return None

			




	
	
	
		
 
        log.info('User %s was created by container authentication' % username)

			




	
	
	
		
 

			




	
	
	
		
 
    if not user.active:

			




	
	
	
		
 
        return None

			




	
	
	
		
 

			




	
	
	
		
 
    user.update_lastlogin()

			




	
	
	
		
 
    Session().commit()

			




	
	
	
		
 

			




        

    


    
    

    

        

                

                    rhodecode/model/db.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -1415,40 +1415,42 @@ class Permission(Base, BaseModel):

			




	
	
	
		
 
        ('hg.repogroup.create.false', _('Repository Group creation disabled')),

			




	
	
	
		
 
        ('hg.repogroup.create.true', _('Repository Group creation enabled')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.usergroup.create.false', _('User Group creation disabled')),

			




	
	
	
		
 
        ('hg.usergroup.create.true', _('User Group creation enabled')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.create.none', _('Repository creation disabled')),

			




	
	
	
		
 
        ('hg.create.repository', _('Repository creation enabled')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.fork.none', _('Repository forking disabled')),

			




	
	
	
		
 
        ('hg.fork.repository', _('Repository forking enabled')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.register.none', _('Register disabled')),

			




	
	
	
		
 
        ('hg.register.manual_activate', _('Register new user with RhodeCode '

			




	
	
	
		
 
                                          'with manual activation')),

			




	
	
	
		
 
        ('hg.register.none', _('Registration disabled')),

			




	
	
	
		
 
        ('hg.register.manual_activate', _('User Registration with manual account activation')),

			




	
	
	
		
 
        ('hg.register.auto_activate', _('User Registration with automatic account activation')),

			




	
	
	
		
 

			




	
	
	
		
 
        ('hg.register.auto_activate', _('Register new user with RhodeCode '

			




	
	
	
		
 
                                        'with auto activation')),

			




	
	
	
		
 
        ('hg.extern_activate.manual', _('Manual activation of external account')),

			




	
	
	
		
 
        ('hg.extern_activate.auto', _('Automatic activation of external account')),

			




	
	
	
		
 

			




	
	
	
		
 
    ]

			




	
	
	
		
 

			




	
	
	
		
 
    #definition of system default permissions for DEFAULT user

			




	
	
	
		
 
    DEFAULT_USER_PERMISSIONS = [

			




	
	
	
		
 
        'repository.read',

			




	
	
	
		
 
        'group.read',

			




	
	
	
		
 
        'usergroup.read',

			




	
	
	
		
 
        'hg.create.repository',

			




	
	
	
		
 
        'hg.fork.repository',

			




	
	
	
		
 
        'hg.register.manual_activate',

			




	
	
	
		
 
        'hg.extern_activate.auto',

			




	
	
	
		
 
    ]

			




	
	
	
		
 

			




	
	
	
		
 
    # defines which permissions are more important higher the more important

			




	
	
	
		
 
    # Weight defines which permissions are more important.

			




	
	
	
		
 
    # The higher number the more important.

			




	
	
	
		
 
    PERM_WEIGHTS = {

			




	
	
	
		
 
        'repository.none': 0,

			




	
	
	
		
 
        'repository.read': 1,

			




	
	
	
		
 
        'repository.write': 3,

			




	
	
	
		
 
        'repository.admin': 4,

			




	
	
	
		
 

			




	
	
	
		
 
        'group.none': 0,

			




        

    


    
    

    

        

                

                    rhodecode/model/forms.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -303,42 +303,43 @@ def ApplicationUiSettingsForm():

			




	
	
	
		
 
        hooks_outgoing_pull_logger = v.StringBoolean(if_missing=False)

			




	
	
	
		
 

			




	
	
	
		
 
        extensions_largefiles = v.StringBoolean(if_missing=False)

			




	
	
	
		
 
        extensions_hgsubversion = v.StringBoolean(if_missing=False)

			




	
	
	
		
 
        extensions_hggit = v.StringBoolean(if_missing=False)

			




	
	
	
		
 

			




	
	
	
		
 
    return _ApplicationUiSettingsForm

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def DefaultPermissionsForm(repo_perms_choices, group_perms_choices,

			




	
	
	
		
 
                           user_group_perms_choices, create_choices,

			




	
	
	
		
 
                           repo_group_create_choices, user_group_create_choices,

			




	
	
	
		
 
                           fork_choices, register_choices):

			




	
	
	
		
 
                           fork_choices, register_choices, extern_activate_choices):

			




	
	
	
		
 
    class _DefaultPermissionsForm(formencode.Schema):

			




	
	
	
		
 
        allow_extra_fields = True

			




	
	
	
		
 
        filter_extra_fields = True

			




	
	
	
		
 
        overwrite_default_repo = v.StringBoolean(if_missing=False)

			




	
	
	
		
 
        overwrite_default_group = v.StringBoolean(if_missing=False)

			




	
	
	
		
 
        overwrite_default_user_group = v.StringBoolean(if_missing=False)

			




	
	
	
		
 
        anonymous = v.StringBoolean(if_missing=False)

			




	
	
	
		
 
        default_repo_perm = v.OneOf(repo_perms_choices)

			




	
	
	
		
 
        default_group_perm = v.OneOf(group_perms_choices)

			




	
	
	
		
 
        default_user_group_perm = v.OneOf(user_group_perms_choices)

			




	
	
	
		
 

			




	
	
	
		
 
        default_repo_create = v.OneOf(create_choices)

			




	
	
	
		
 
        default_user_group_create = v.OneOf(user_group_create_choices)

			




	
	
	
		
 
        #default_repo_group_create = v.OneOf(repo_group_create_choices) #not impl. yet

			




	
	
	
		
 
        default_fork = v.OneOf(fork_choices)

			




	
	
	
		
 

			




	
	
	
		
 
        default_register = v.OneOf(register_choices)

			




	
	
	
		
 
        default_extern_activate = v.OneOf(extern_activate_choices)

			




	
	
	
		
 
    return _DefaultPermissionsForm

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def CustomDefaultPermissionsForm():

			




	
	
	
		
 
    class _CustomDefaultPermissionsForm(formencode.Schema):

			




	
	
	
		
 
        filter_extra_fields = True

			




	
	
	
		
 
        allow_extra_fields = True

			




	
	
	
		
 
        inherit_default_permissions = v.StringBoolean(if_missing=False)

			




	
	
	
		
 

			




	
	
	
		
 
        create_repo_perm = v.StringBoolean(if_missing=False)

			




	
	
	
		
 
        create_user_group_perm = v.StringBoolean(if_missing=False)

			




	
	
	
		
 
        #create_repo_group_perm Impl. later

			




        

    


    
    

    

        

                

                    rhodecode/model/permission.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -108,25 +108,26 @@ class PermissionModel(BaseModel):

			




	
	
	
		
 
            # are somehow missing

			




	
	
	
		
 
            u2p = self.sa.query(UserToPerm)\

			




	
	
	
		
 
                .filter(UserToPerm.user == perm_user)\

			




	
	
	
		
 
                .all()

			




	
	
	
		
 
            for p in u2p:

			




	
	
	
		
 
                self.sa.delete(p)

			




	
	
	
		
 
            #create fresh set of permissions

			




	
	
	
		
 
            for def_perm_key in ['default_repo_perm', 'default_group_perm',

			




	
	
	
		
 
                                 'default_user_group_perm',

			




	
	
	
		
 
                                 'default_repo_create',

			




	
	
	
		
 
                                 #'default_repo_group_create', #not implemented yet

			




	
	
	
		
 
                                 'default_user_group_create',

			




	
	
	
		
 
                                 'default_fork', 'default_register']:

			




	
	
	
		
 
                                 'default_fork', 'default_register',

			




	
	
	
		
 
                                 'default_extern_activate']:

			




	
	
	
		
 
                p = _make_new(perm_user, form_result[def_perm_key])

			




	
	
	
		
 
                self.sa.add(p)

			




	
	
	
		
 

			




	
	
	
		
 
            #stage 3 update all default permissions for repos if checked

			




	
	
	
		
 
            if form_result['overwrite_default_repo'] == True:

			




	
	
	
		
 
                _def_name = form_result['default_repo_perm'].split('repository.')[-1]

			




	
	
	
		
 
                _def = Permission.get_by_key('repository.' + _def_name)

			




	
	
	
		
 
                # repos

			




	
	
	
		
 
                for r2p in self.sa.query(UserRepoToPerm)\

			




	
	
	
		
 
                               .filter(UserRepoToPerm.user == perm_user)\

			




	
	
	
		
 
                               .all():

			




	
	
	
		
 

			




        

    


    
    

    

        

                

                    rhodecode/templates/admin/permissions/permissions.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -101,24 +101,32 @@

			




	
	
	
		
 
                <div class="select">

			




	
	
	
		
 
                    ${h.select('default_fork','',c.fork_choices)}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="default_register">${_('Registration')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="select">

			




	
	
	
		
 
                    ${h.select('default_register','',c.register_choices)}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="default_extern_activate">${_('External auth account activation')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="select">

			




	
	
	
		
 
                    ${h.select('default_extern_activate','',c.extern_activate_choices)}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 
            <div class="buttons">

			




	
	
	
		
 
              ${h.submit('save',_('Save'),class_="ui-btn large")}

			




	
	
	
		
 
              ${h.reset('reset',_('Reset'),class_="ui-btn large")}

			




	
	
	
		
 
            </div>

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
    </div>

			




	
	
	
		
 
    ${h.end_form()}

			




	
	
	
		
 
</div>

			




	
	
	
		
 

			




	
	
	
		
 
<div style="min-height:780px" class="box box-right">

			




	
	
	
		
 
    <!-- box / title -->

			




	
	
	
		
 
    <div class="title">

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.