kallithea Changeset - 222e6769e7b5

Changeset - 222e6769e7b5

Parent rev.

Child rev.

[Not reviewed]

beta

0 6 0

Marcin Kuzminski - 13 years ago 2013-04-23 00:47:22
marcin@python-works.com

Added separate default permission for external_auth account
activation. This flag allows users to define separate option of how
activation of external_accounts should be performed.

6 files changed with 34 insertions and 12 deletions:

rhodecode/controllers/admin/permissions.py

rhodecode/lib/auth.py

rhodecode/model/db.py

rhodecode/model/forms.py

rhodecode/model/permission.py

rhodecode/templates/admin/permissions/permissions.html

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/permissions.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.admin.permissions
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     permissions controller for Rhodecode
     :created_on: Apr 27, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import traceback
 import formencode
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator,\
     AuthUser
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.forms import DefaultPermissionsForm
 from rhodecode.model.permission import PermissionModel
 from rhodecode.model.db import User, UserIpMap, Permission
 from rhodecode.model.meta import Session
 log = logging.getLogger(__name__)
 class PermissionsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('permission', 'permissions')
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
         super(PermissionsController, self).__before__()
         c.repo_perms_choices = [('repository.none', _('None'),),
                                    ('repository.read', _('Read'),),
                                    ('repository.write', _('Write'),),
                                    ('repository.admin', _('Admin'),)]
         c.group_perms_choices = [('group.none', _('None'),),
                                  ('group.read', _('Read'),),
                                  ('group.write', _('Write'),),
                                  ('group.admin', _('Admin'),)]
         c.user_group_perms_choices = [('usergroup.none', _('None'),),
                                       ('usergroup.read', _('Read'),),
                                       ('usergroup.write', _('Write'),),
                                       ('usergroup.admin', _('Admin'),)]
         c.register_choices = [
             ('hg.register.none',
                 _('Disabled')),
             ('hg.register.manual_activate',
                 _('Allowed with manual account activation')),
             ('hg.register.auto_activate',
                 _('Allowed with automatic account activation')), ]
         c.extern_activate_choices = [
             ('hg.extern_activate.manual', _('Manual activation of external account')),
             ('hg.extern_activate.auto', _('Automatic activation of external account')),
+        ]
         c.repo_create_choices = [('hg.create.none', _('Disabled')),
                                  ('hg.create.repository', _('Enabled'))]
         c.user_group_create_choices = [('hg.usergroup.create.false', _('Disabled')),
                                        ('hg.usergroup.create.true', _('Enabled'))]
         c.repo_group_create_choices = [('hg.repogroup.create.false', _('Disabled')),
                                        ('hg.repogroup.create.true', _('Enabled'))]
         c.fork_choices = [('hg.fork.none', _('Disabled')),
                           ('hg.fork.repository', _('Enabled'))]
     def index(self, format='html'):
         """GET /permissions: All items in the collection"""
         # url('permissions')
     def create(self):
         """POST /permissions: Create a new item"""
         # url('permissions')
     def new(self, format='html'):
         """GET /permissions/new: Form to create a new item"""
         # url('new_permission')
     def update(self, id):
         """PUT /permissions/id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('permission', id=ID),
         #           method='put')
         # url('permission', id=ID)
         if id == 'default':
             c.user = default_user = User.get_default_user()
             c.perm_user = AuthUser(user_id=default_user.user_id)
             c.user_ip_map = UserIpMap.query()\
                             .filter(UserIpMap.user == default_user).all()
             _form = DefaultPermissionsForm(
                     [x[0] for x in c.repo_perms_choices],
                     [x[0] for x in c.group_perms_choices],
                     [x[0] for x in c.user_group_perms_choices],
                     [x[0] for x in c.repo_create_choices],
                     [x[0] for x in c.repo_group_create_choices],
                     [x[0] for x in c.user_group_create_choices],
                     [x[0] for x in c.fork_choices],
                     [x[0] for x in c.register_choices])()
                     [x[0] for x in c.register_choices],
                     [x[0] for x in c.extern_activate_choices],
             )()
             try:
                 form_result = _form.to_python(dict(request.POST))
                 form_result.update({'perm_user_name': id})
                 PermissionModel().update(form_result)
                 Session().commit()
                 h.flash(_('Default permissions updated successfully'),
                         category='success')
             except formencode.Invalid, errors:
                 defaults = errors.value
                 return htmlfill.render(
                     render('admin/permissions/permissions.html'),
                     defaults=defaults,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8")
             except Exception:
                 log.error(traceback.format_exc())
                 h.flash(_('Error occurred during update of permissions'),
                         category='error')
         return redirect(url('edit_permission', id=id))
     def delete(self, id):
         """DELETE /permissions/id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('permission', id=ID),
         #           method='delete')
         # url('permission', id=ID)
     def show(self, id, format='html'):
         """GET /permissions/id: Show a specific item"""
         # url('permission', id=ID)
         Permission.get_or_404(-1)
     def edit(self, id, format='html'):
         """GET /permissions/id/edit: Form to edit an existing item"""
         #url('edit_permission', id=ID)
         #this form can only edit default user permissions
         if id == 'default':
             c.user = User.get_default_user()
             defaults = {'anonymous': c.user.active}
             c.perm_user = c.user.AuthUser
             c.user_ip_map = UserIpMap.query()\
                             .filter(UserIpMap.user == c.user).all()
             for p in c.user.user_perms:
                 if p.permission.permission_name.startswith('repository.'):
                     defaults['default_repo_perm'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('group.'):
                     defaults['default_group_perm'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('usergroup.'):
                     defaults['default_user_group_perm'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('hg.create.'):
                     defaults['default_repo_create'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('hg.repogroup.'):
                     defaults['default_repo_group_create'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('hg.usergroup.'):
                     defaults['default_user_group_create'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('hg.register.'):
                     defaults['default_register'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('hg.extern_activate.'):
                     defaults['default_extern_activate'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('hg.fork.'):
                     defaults['default_fork'] = p.permission.permission_name
             return htmlfill.render(
                 render('admin/permissions/permissions.html'),
                 defaults=defaults,
                 encoding="UTF-8",
                 force_defaults=False
+            )
         else:
             return redirect(url('admin_home'))

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -135,224 +135,224 @@ def check_password(password, hashed): @@
     return RhodeCodeCrypto.hash_check(password, hashed)
 def generate_api_key(str_, salt=None):
     """
     Generates API KEY from given string
     :param str_:
     :param salt:
     """
     if salt is None:
         salt = _RandomNameSequence().next()
     return hashlib.sha1(str_ + salt).hexdigest()
 def authfunc(environ, username, password):
     """
     Dummy authentication wrapper function used in Mercurial and Git for
     access control.
     :param environ: needed only for using in Basic auth
     """
     return authenticate(username, password)
 def authenticate(username, password):
     """
     Authentication function used for access control,
     firstly checks for db authentication then if ldap is enabled for ldap
     authentication, also creates ldap user if not in database
     :param username: username
     :param password: password
     """
     user_model = UserModel()
     user = User.get_by_username(username)
     log.debug('Authenticating user using RhodeCode account')
     if user is not None and not user.ldap_dn:
         if user.active:
             if user.username == 'default' and user.active:
                 log.info('user %s authenticated correctly as anonymous user' %
                          username)
                 return True
             elif user.username == username and check_password(password,
                                                               user.password):
                 log.info('user %s authenticated correctly' % username)
                 return True
         else:
             log.warning('user %s tried auth but is disabled' % username)
     else:
         log.debug('Regular authentication failed')
         user_obj = User.get_by_username(username, case_insensitive=True)
         if user_obj is not None and not user_obj.ldap_dn:
             log.debug('this user already exists as non ldap')
             return False
         ldap_settings = RhodeCodeSetting.get_ldap_settings()
         #======================================================================
         # FALLBACK TO LDAP AUTH IF ENABLE
         #======================================================================
         if str2bool(ldap_settings.get('ldap_active')):
             log.debug("Authenticating user using ldap")
             kwargs = {
                   'server': ldap_settings.get('ldap_host', ''),
                   'base_dn': ldap_settings.get('ldap_base_dn', ''),
                   'port': ldap_settings.get('ldap_port'),
                   'bind_dn': ldap_settings.get('ldap_dn_user'),
                   'bind_pass': ldap_settings.get('ldap_dn_pass'),
                   'tls_kind': ldap_settings.get('ldap_tls_kind'),
                   'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
                   'ldap_filter': ldap_settings.get('ldap_filter'),
                   'search_scope': ldap_settings.get('ldap_search_scope'),
                   'attr_login': ldap_settings.get('ldap_attr_login'),
                   'ldap_version': 3,
+                  }
             log.debug('Checking for ldap authentication')
             try:
                 aldap = AuthLdap(**kwargs)
                 (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
                                                                 password)
                 log.debug('Got ldap DN response %s' % user_dn)
                 get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
                                                            .get(k), [''])[0]
                 user_attrs = {
                  'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
                  'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
                  'email': get_ldap_attr('ldap_attr_email'),
                  'active': 'hg.register.auto_activate' in User\
                     .get_default_user().AuthUser.permissions['global']
                  'active': 'hg.extern_activate.auto' in User.get_default_user()\
                                                 .AuthUser.permissions['global']
+                }
                 # don't store LDAP password since we don't need it. Override
                 # with some random generated password
                 _password = PasswordGenerator().gen_password(length=8)
                 # create this user on the fly if it doesn't exist in rhodecode
                 # database
                 if user_model.create_ldap(username, _password, user_dn,
                                           user_attrs):
                     log.info('created new ldap user %s' % username)
                 Session().commit()
                 return True
             except (LdapUsernameError, LdapPasswordError, LdapImportError):
                 pass
             except (Exception,):
                 log.error(traceback.format_exc())
                 pass
     return False
 def login_container_auth(username):
     user = User.get_by_username(username)
     if user is None:
         user_attrs = {
             'name': username,
             'lastname': None,
             'email': None,
             'active': 'hg.register.auto_activate' in User\
                .get_default_user().AuthUser.permissions['global']
             'active': 'hg.extern_activate.auto' in User.get_default_user()\
                                             .AuthUser.permissions['global']
+        }
         user = UserModel().create_for_container_auth(username, user_attrs)
         if not user:
             return None
         log.info('User %s was created by container authentication' % username)
     if not user.active:
         return None
     user.update_lastlogin()
     Session().commit()
     log.debug('User %s is now logged in by container authentication',
               user.username)
     return user
 def get_container_username(environ, config, clean_username=False):
     """
     Get's the container_auth username (or email). It tries to get username
     from REMOTE_USER if container_auth_enabled is enabled, if that fails
     it tries to get username from HTTP_X_FORWARDED_USER if proxypass_auth_enabled
     is enabled. clean_username extracts the username from this data if it's
     having @ in it.
     :param environ:
     :param config:
     :param clean_username:
     """
     username = None
     if str2bool(config.get('container_auth_enabled', False)):
         from paste.httpheaders import REMOTE_USER
         username = REMOTE_USER(environ)
         log.debug('extracted REMOTE_USER:%s' % (username))
     if not username and str2bool(config.get('proxypass_auth_enabled', False)):
         username = environ.get('HTTP_X_FORWARDED_USER')
         log.debug('extracted HTTP_X_FORWARDED_USER:%s' % (username))
     if username and clean_username:
         # Removing realm and domain from username
         username = username.partition('@')[0]
         username = username.rpartition('\\')[2]
     log.debug('Received username %s from container' % username)
     return username
 class CookieStoreWrapper(object):
     def __init__(self, cookie_store):
         self.cookie_store = cookie_store
     def __repr__(self):
         return 'CookieStore<%s>' % (self.cookie_store)
     def get(self, key, other=None):
         if isinstance(self.cookie_store, dict):
             return self.cookie_store.get(key, other)
         elif isinstance(self.cookie_store, AuthUser):
             return self.cookie_store.__dict__.get(key, other)
 class  AuthUser(object):
     """
     A simple object that handles all attributes of user in RhodeCode
     It does lookup based on API key,given user, or user present in session
     Then it fills all required information for such user. It also checks if
     anonymous access is enabled and if so, it returns default user as logged
     in
     """
     def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None):
         self.user_id = user_id
         self.api_key = None
         self.username = username
         self.ip_addr = ip_addr
         self.name = ''
         self.lastname = ''
         self.email = ''
         self.is_authenticated = False
         self.admin = False
         self.inherit_default_permissions = False
         self.permissions = {}
         self._api_key = api_key
         self.propagate_data()
         self._instance = None
     def propagate_data(self):
         user_model = UserModel()
         self.anonymous_user = User.get_by_username('default', cache=True)
         is_user_loaded = False

rhodecode/model/db.py

➞

Show inline comments

@@ @@ -1331,208 +1331,210 @@ class RepoGroup(Base, BaseModel): @@
     @property
     def repositories(self):
         return Repository.query()\
                 .filter(Repository.group == self)\
                 .order_by(Repository.repo_name)
     @property
     def repositories_recursive_count(self):
         cnt = self.repositories.count()
         def children_count(group):
             cnt = 0
             for child in group.children:
                 cnt += child.repositories.count()
                 cnt += children_count(child)
             return cnt
         return cnt + children_count(self)
     def _recursive_objects(self, include_repos=True):
         all_ = []
         def _get_members(root_gr):
             if include_repos:
                 for r in root_gr.repositories:
                     all_.append(r)
             childs = root_gr.children.all()
             if childs:
                 for gr in childs:
                     all_.append(gr)
                     _get_members(gr)
         _get_members(self)
         return [self] + all_
     def recursive_groups_and_repos(self):
         """
         Recursive return all groups, with repositories in those groups
         """
         return self._recursive_objects()
     def recursive_groups(self):
         """
         Returns all children groups for this group including children of children
         """
         return self._recursive_objects(include_repos=False)
     def get_new_name(self, group_name):
         """
         returns new full group name based on parent and new name
         :param group_name:
         """
         path_prefix = (self.parent_group.full_path_splitted if
                        self.parent_group else [])
         return RepoGroup.url_sep().join(path_prefix + [group_name])
 class Permission(Base, BaseModel):
     __tablename__ = 'permissions'
     __table_args__ = (
         Index('p_perm_name_idx', 'permission_name'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'},
+    )
     PERMS = [
         ('hg.admin', _('RhodeCode Administrator')),
         ('repository.none', _('Repository no access')),
         ('repository.read', _('Repository read access')),
         ('repository.write', _('Repository write access')),
         ('repository.admin', _('Repository admin access')),
         ('group.none', _('Repository group no access')),
         ('group.read', _('Repository group read access')),
         ('group.write', _('Repository group write access')),
         ('group.admin', _('Repository group admin access')),
         ('usergroup.none', _('User group no access')),
         ('usergroup.read', _('User group read access')),
         ('usergroup.write', _('User group write access')),
         ('usergroup.admin', _('User group admin access')),
         ('hg.repogroup.create.false', _('Repository Group creation disabled')),
         ('hg.repogroup.create.true', _('Repository Group creation enabled')),
         ('hg.usergroup.create.false', _('User Group creation disabled')),
         ('hg.usergroup.create.true', _('User Group creation enabled')),
         ('hg.create.none', _('Repository creation disabled')),
         ('hg.create.repository', _('Repository creation enabled')),
         ('hg.fork.none', _('Repository forking disabled')),
         ('hg.fork.repository', _('Repository forking enabled')),
         ('hg.register.none', _('Register disabled')),
         ('hg.register.manual_activate', _('Register new user with RhodeCode '
                                           'with manual activation')),
         ('hg.register.none', _('Registration disabled')),
         ('hg.register.manual_activate', _('User Registration with manual account activation')),
         ('hg.register.auto_activate', _('User Registration with automatic account activation')),
         ('hg.register.auto_activate', _('Register new user with RhodeCode '
                                         'with auto activation')),
         ('hg.extern_activate.manual', _('Manual activation of external account')),
         ('hg.extern_activate.auto', _('Automatic activation of external account')),
+    ]
     #definition of system default permissions for DEFAULT user
     DEFAULT_USER_PERMISSIONS = [
         'repository.read',
         'group.read',
         'usergroup.read',
         'hg.create.repository',
         'hg.fork.repository',
         'hg.register.manual_activate',
         'hg.extern_activate.auto',
+    ]
     # defines which permissions are more important higher the more important
     # Weight defines which permissions are more important.
     # The higher number the more important.
     PERM_WEIGHTS = {
         'repository.none': 0,
         'repository.read': 1,
         'repository.write': 3,
         'repository.admin': 4,
         'group.none': 0,
         'group.read': 1,
         'group.write': 3,
         'group.admin': 4,
         'usergroup.none': 0,
         'usergroup.read': 1,
         'usergroup.write': 3,
         'usergroup.admin': 4,
         'hg.repogroup.create.false': 0,
         'hg.repogroup.create.true': 1,
         'hg.usergroup.create.false': 0,
         'hg.usergroup.create.true': 1,
         'hg.fork.none': 0,
         'hg.fork.repository': 1,
         'hg.create.none': 0,
         'hg.create.repository': 1
+    }
     permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     permission_name = Column("permission_name", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     permission_longname = Column("permission_longname", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     def __unicode__(self):
         return u"<%s('%s:%s')>" % (
             self.__class__.__name__, self.permission_id, self.permission_name
+        )
     @classmethod
     def get_by_key(cls, key):
         return cls.query().filter(cls.permission_name == key).scalar()
     @classmethod
     def get_default_perms(cls, default_user_id):
         q = Session().query(UserRepoToPerm, Repository, cls)\
          .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
          .join((cls, UserRepoToPerm.permission_id == cls.permission_id))\
          .filter(UserRepoToPerm.user_id == default_user_id)
         return q.all()
     @classmethod
     def get_default_group_perms(cls, default_user_id):
         q = Session().query(UserRepoGroupToPerm, RepoGroup, cls)\
          .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
          .join((cls, UserRepoGroupToPerm.permission_id == cls.permission_id))\
          .filter(UserRepoGroupToPerm.user_id == default_user_id)
         return q.all()
     @classmethod
     def get_default_user_group_perms(cls, default_user_id):
         q = Session().query(UserUserGroupToPerm, UserGroup, cls)\
          .join((UserGroup, UserUserGroupToPerm.user_group_id == UserGroup.users_group_id))\
          .join((cls, UserUserGroupToPerm.permission_id == cls.permission_id))\
          .filter(UserUserGroupToPerm.user_id == default_user_id)
         return q.all()
 class UserRepoToPerm(Base, BaseModel):
     __tablename__ = 'repo_to_perm'
     __table_args__ = (
         UniqueConstraint('user_id', 'repository_id', 'permission_id'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
     permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
     repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
     user = relationship('User')
     repository = relationship('Repository')
     permission = relationship('Permission')
     @classmethod
     def create(cls, user, repository, permission):
         n = cls()
         n.user = user
         n.repository = repository
         n.permission = permission
         Session().add(n)

rhodecode/model/forms.py

➞

Show inline comments

@@ @@ -219,202 +219,203 @@ def RepoGroupPermsForm(): @@
 def UserGroupPermsForm():
     class _UserPermsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         chained_validators = [v.ValidPerms(type_='user_group')]
     return _UserPermsForm
 def RepoFieldForm():
     class _RepoFieldForm(formencode.Schema):
         filter_extra_fields = True
         allow_extra_fields = True
         new_field_key = All(v.FieldKey(),
                             v.UnicodeString(strip=True, min=3, not_empty=True))
         new_field_value = v.UnicodeString(not_empty=False, if_missing='')
         new_field_type = v.OneOf(['str', 'unicode', 'list', 'tuple'],
                                  if_missing='str')
         new_field_label = v.UnicodeString(not_empty=False)
         new_field_desc = v.UnicodeString(not_empty=False)
     return _RepoFieldForm
 def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
                  repo_groups=[], landing_revs=[]):
     class _RepoForkForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                         v.SlugifyName())
         repo_group = All(v.CanWriteGroup(),
                          v.OneOf(repo_groups, hideList=True))
         repo_type = All(v.ValidForkType(old_data), v.OneOf(supported_backends))
         description = v.UnicodeString(strip=True, min=1, not_empty=True)
         private = v.StringBoolean(if_missing=False)
         copy_permissions = v.StringBoolean(if_missing=False)
         update_after_clone = v.StringBoolean(if_missing=False)
         fork_parent_id = v.UnicodeString()
         chained_validators = [v.ValidForkName(edit, old_data)]
         landing_rev = v.OneOf(landing_revs, hideList=True)
     return _RepoForkForm
 def ApplicationSettingsForm():
     class _ApplicationSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         rhodecode_title = v.UnicodeString(strip=True, min=1, not_empty=True)
         rhodecode_realm = v.UnicodeString(strip=True, min=1, not_empty=True)
         rhodecode_ga_code = v.UnicodeString(strip=True, min=1, not_empty=False)
     return _ApplicationSettingsForm
 def ApplicationVisualisationForm():
     class _ApplicationVisualisationForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         rhodecode_show_public_icon = v.StringBoolean(if_missing=False)
         rhodecode_show_private_icon = v.StringBoolean(if_missing=False)
         rhodecode_stylify_metatags = v.StringBoolean(if_missing=False)
         rhodecode_repository_fields = v.StringBoolean(if_missing=False)
         rhodecode_lightweight_journal = v.StringBoolean(if_missing=False)
     return _ApplicationVisualisationForm
 def ApplicationUiSettingsForm():
     class _ApplicationUiSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         web_push_ssl = v.StringBoolean(if_missing=False)
         paths_root_path = All(
             v.ValidPath(),
             v.UnicodeString(strip=True, min=1, not_empty=True)
+        )
         hooks_changegroup_update = v.StringBoolean(if_missing=False)
         hooks_changegroup_repo_size = v.StringBoolean(if_missing=False)
         hooks_changegroup_push_logger = v.StringBoolean(if_missing=False)
         hooks_outgoing_pull_logger = v.StringBoolean(if_missing=False)
         extensions_largefiles = v.StringBoolean(if_missing=False)
         extensions_hgsubversion = v.StringBoolean(if_missing=False)
         extensions_hggit = v.StringBoolean(if_missing=False)
     return _ApplicationUiSettingsForm
 def DefaultPermissionsForm(repo_perms_choices, group_perms_choices,
                            user_group_perms_choices, create_choices,
                            repo_group_create_choices, user_group_create_choices,
                            fork_choices, register_choices):
+                           fork_choices, register_choices, extern_activate_choices):
     class _DefaultPermissionsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         overwrite_default_repo = v.StringBoolean(if_missing=False)
         overwrite_default_group = v.StringBoolean(if_missing=False)
         overwrite_default_user_group = v.StringBoolean(if_missing=False)
         anonymous = v.StringBoolean(if_missing=False)
         default_repo_perm = v.OneOf(repo_perms_choices)
         default_group_perm = v.OneOf(group_perms_choices)
         default_user_group_perm = v.OneOf(user_group_perms_choices)
         default_repo_create = v.OneOf(create_choices)
         default_user_group_create = v.OneOf(user_group_create_choices)
         #default_repo_group_create = v.OneOf(repo_group_create_choices) #not impl. yet
         default_fork = v.OneOf(fork_choices)
         default_register = v.OneOf(register_choices)
         default_extern_activate = v.OneOf(extern_activate_choices)
     return _DefaultPermissionsForm
 def CustomDefaultPermissionsForm():
     class _CustomDefaultPermissionsForm(formencode.Schema):
         filter_extra_fields = True
         allow_extra_fields = True
         inherit_default_permissions = v.StringBoolean(if_missing=False)
         create_repo_perm = v.StringBoolean(if_missing=False)
         create_user_group_perm = v.StringBoolean(if_missing=False)
         #create_repo_group_perm Impl. later
         fork_repo_perm = v.StringBoolean(if_missing=False)
     return _CustomDefaultPermissionsForm
 def DefaultsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):
     class _DefaultsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         default_repo_type = v.OneOf(supported_backends)
         default_repo_private = v.StringBoolean(if_missing=False)
         default_repo_enable_statistics = v.StringBoolean(if_missing=False)
         default_repo_enable_downloads = v.StringBoolean(if_missing=False)
         default_repo_enable_locking = v.StringBoolean(if_missing=False)
     return _DefaultsForm
 def LdapSettingsForm(tls_reqcert_choices, search_scope_choices,
                      tls_kind_choices):
     class _LdapSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         #pre_validators = [LdapLibValidator]
         ldap_active = v.StringBoolean(if_missing=False)
         ldap_host = v.UnicodeString(strip=True,)
         ldap_port = v.Number(strip=True,)
         ldap_tls_kind = v.OneOf(tls_kind_choices)
         ldap_tls_reqcert = v.OneOf(tls_reqcert_choices)
         ldap_dn_user = v.UnicodeString(strip=True,)
         ldap_dn_pass = v.UnicodeString(strip=True,)
         ldap_base_dn = v.UnicodeString(strip=True,)
         ldap_filter = v.UnicodeString(strip=True,)
         ldap_search_scope = v.OneOf(search_scope_choices)
         ldap_attr_login = v.AttrLoginValidator()(not_empty=True)
         ldap_attr_firstname = v.UnicodeString(strip=True,)
         ldap_attr_lastname = v.UnicodeString(strip=True,)
         ldap_attr_email = v.UnicodeString(strip=True,)
     return _LdapSettingsForm
 def UserExtraEmailForm():
     class _UserExtraEmailForm(formencode.Schema):
         email = All(v.UniqSystemEmail(), v.Email(not_empty=True))
     return _UserExtraEmailForm
 def UserExtraIpForm():
     class _UserExtraIpForm(formencode.Schema):
         ip = v.ValidIp()(not_empty=True)
     return _UserExtraIpForm
 def PullRequestForm(repo_id):
     class _PullRequestForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         user = v.UnicodeString(strip=True, required=True)
         org_repo = v.UnicodeString(strip=True, required=True)
         org_ref = v.UnicodeString(strip=True, required=True)
         other_repo = v.UnicodeString(strip=True, required=True)
         other_ref = v.UnicodeString(strip=True, required=True)
         revisions = All(#v.NotReviewedRevisions(repo_id)(),
                         v.UniqueList(not_empty=True))
         review_members = v.UniqueList(not_empty=True)
         pullrequest_title = v.UnicodeString(strip=True, required=True, min=3)
         pullrequest_desc = v.UnicodeString(strip=True, required=False)
         ancestor_rev = v.UnicodeString(strip=True, required=True)
         merge_rev = v.UnicodeString(strip=True, required=True)
     return _PullRequestForm

rhodecode/model/permission.py

➞

Show inline comments

@@ @@ -24,139 +24,140 @@ @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import traceback
 from sqlalchemy.exc import DatabaseError
 from rhodecode.model import BaseModel
 from rhodecode.model.db import User, Permission, UserToPerm, UserRepoToPerm,\
     UserRepoGroupToPerm, UserUserGroupToPerm
 from rhodecode.lib.utils2 import str2bool
 log = logging.getLogger(__name__)
 class PermissionModel(BaseModel):
     """
     Permissions model for RhodeCode
     """
     cls = Permission
     def create_permissions(self):
         """
         Create permissions for whole system
         """
         for p in Permission.PERMS:
             if not Permission.get_by_key(p[0]):
                 new_perm = Permission()
                 new_perm.permission_name = p[0]
                 new_perm.permission_longname = p[0]  #translation err with p[1]
                 self.sa.add(new_perm)
     def create_default_permissions(self, user):
         """
         Creates only missing default permissions for user
         :param user:
         """
         user = self._get_user(user)
         def _make_perm(perm):
             new_perm = UserToPerm()
             new_perm.user = user
             new_perm.permission = Permission.get_by_key(perm)
             return new_perm
         def _get_group(perm_name):
             return '.'.join(perm_name.split('.')[:1])
         perms = UserToPerm.query().filter(UserToPerm.user == user).all()
         defined_perms_groups = map(_get_group,
                                 (x.permission.permission_name for x in perms))
         log.debug('GOT ALREADY DEFINED:%s' % perms)
         DEFAULT_PERMS = Permission.DEFAULT_USER_PERMISSIONS
         # for every default permission that needs to be created, we check if
         # it's group is already defined, if it's not we create default perm
         for perm_name in DEFAULT_PERMS:
             gr = _get_group(perm_name)
             if gr not in defined_perms_groups:
                 log.debug('GR:%s not found, creating permission %s'
                           % (gr, perm_name))
                 new_perm = _make_perm(perm_name)
                 self.sa.add(new_perm)
     def update(self, form_result):
         perm_user = User.get_by_username(username=form_result['perm_user_name'])
         try:
             # stage 1 set anonymous access
             if perm_user.username == 'default':
                 perm_user.active = str2bool(form_result['anonymous'])
                 self.sa.add(perm_user)
             # stage 2 reset defaults and set them from form data
             def _make_new(usr, perm_name):
                 log.debug('Creating new permission:%s' % (perm_name))
                 new = UserToPerm()
                 new.user = usr
                 new.permission = Permission.get_by_key(perm_name)
                 return new
             # clear current entries, to make this function idempotent
             # it will fix even if we define more permissions or permissions
             # are somehow missing
             u2p = self.sa.query(UserToPerm)\
                 .filter(UserToPerm.user == perm_user)\
                 .all()
             for p in u2p:
                 self.sa.delete(p)
             #create fresh set of permissions
             for def_perm_key in ['default_repo_perm', 'default_group_perm',
                                  'default_user_group_perm',
                                  'default_repo_create',
                                  #'default_repo_group_create', #not implemented yet
                                  'default_user_group_create',
                                  'default_fork', 'default_register']:
                                  'default_fork', 'default_register',
                                  'default_extern_activate']:
                 p = _make_new(perm_user, form_result[def_perm_key])
                 self.sa.add(p)
             #stage 3 update all default permissions for repos if checked
             if form_result['overwrite_default_repo'] == True:
                 _def_name = form_result['default_repo_perm'].split('repository.')[-1]
                 _def = Permission.get_by_key('repository.' + _def_name)
                 # repos
                 for r2p in self.sa.query(UserRepoToPerm)\
                                .filter(UserRepoToPerm.user == perm_user)\
                                .all():
                     #don't reset PRIVATE repositories
                     if not r2p.repository.private:
                         r2p.permission = _def
                         self.sa.add(r2p)
             if form_result['overwrite_default_group'] == True:
                 _def_name = form_result['default_group_perm'].split('group.')[-1]
                 # groups
                 _def = Permission.get_by_key('group.' + _def_name)
                 for g2p in self.sa.query(UserRepoGroupToPerm)\
                                .filter(UserRepoGroupToPerm.user == perm_user)\
                                .all():
                     g2p.permission = _def
                     self.sa.add(g2p)
             if form_result['overwrite_default_user_group'] == True:
                 _def_name = form_result['default_user_group_perm'].split('usergroup.')[-1]
                 # groups
                 _def = Permission.get_by_key('usergroup.' + _def_name)
                 for g2p in self.sa.query(UserUserGroupToPerm)\
                                .filter(UserUserGroupToPerm.user == perm_user)\
                                .all():
                     g2p.permission = _def
                     self.sa.add(g2p)
             self.sa.commit()
         except (DatabaseError,):
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise

rhodecode/templates/admin/permissions/permissions.html

➞

Show inline comments

@@ @@ -17,167 +17,175 @@ @@
 <%def name="main()">
 <div class="box box-left">
     <!-- box / title -->
     <div class="title">
         ${self.breadcrumbs()}
     </div>
     <h3>${_('Default permissions')}</h3>
     ${h.form(url('permission', id='default'),method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
             <div class="field">
                 <div class="label label-checkbox">
                     <label for="anonymous">${_('Anonymous access')}:</label>
                 </div>
                 <div class="checkboxes">
                     <div class="checkbox">
                         ${h.checkbox('anonymous',True)}
                     </div>
                 </div>
             </div>
             <div class="field">
                 <div class="label">
                     <label for="default_repo_perm">${_('Repository')}:</label>
                 </div>
                 <div class="select">
                     ${h.select('default_repo_perm','',c.repo_perms_choices)}
                     ${h.checkbox('overwrite_default_repo','true')}
                     <label for="overwrite_default_repo">
                     <span class="tooltip"
                     title="${h.tooltip(_('All default permissions on each repository will be reset to chosen permission, note that all custom default permission on repositories will be lost'))}">
                     ${_('Overwrite existing settings')}</span> </label>
                 </div>
             </div>
             <div class="field">
                 <div class="label">
                     <label for="default_group_perm">${_('Repository group')}:</label>
                 </div>
                 <div class="select">
                     ${h.select('default_group_perm','',c.group_perms_choices)}
                     ${h.checkbox('overwrite_default_group','true')}
                     <label for="overwrite_default_group">
                     <span class="tooltip"
                     title="${h.tooltip(_('All default permissions on each repository group will be reset to chosen permission, note that all custom default permission on repository groups will be lost'))}">
                     ${_('Overwrite existing settings')}</span> </label>
                 </div>
             </div>
             <div class="field">
                 <div class="label">
                     <label for="default_group_perm">${_('User group')}:</label>
                 </div>
                 <div class="select">
                     ${h.select('default_user_group_perm','',c.user_group_perms_choices)}
                     ${h.checkbox('overwrite_default_user_group','true')}
                     <label for="overwrite_default_user_group">
                     <span class="tooltip"
                     title="${h.tooltip(_('All default permissions on each user group will be reset to chosen permission, note that all custom default permission on repository groups will be lost'))}">
                     ${_('Overwrite existing settings')}</span> </label>
                 </div>
             </div>
              <div class="field">
                 <div class="label">
                     <label for="default_repo_create">${_('Repository creation')}:</label>
                 </div>
                 <div class="select">
                     ${h.select('default_repo_create','',c.repo_create_choices)}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="default_user_group_create">${_('User group creation')}:</label>
                 </div>
                 <div class="select">
                     ${h.select('default_user_group_create','',c.user_group_create_choices)}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="default_fork">${_('Repository forking')}:</label>
                 </div>
                 <div class="select">
                     ${h.select('default_fork','',c.fork_choices)}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="default_register">${_('Registration')}:</label>
                 </div>
                 <div class="select">
                     ${h.select('default_register','',c.register_choices)}
                 </div>
              </div>
              <div class="field">
                 <div class="label">
                     <label for="default_extern_activate">${_('External auth account activation')}:</label>
                 </div>
                 <div class="select">
                     ${h.select('default_extern_activate','',c.extern_activate_choices)}
                 </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
         </div>
     </div>
     ${h.end_form()}
 </div>
 <div style="min-height:780px" class="box box-right">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Default User Permissions')}</h5>
     </div>
     ## permissions overview
     <%namespace name="p" file="/base/perms_summary.html"/>
     ${p.perms_summary(c.perm_user.permissions)}
 </div>
 <div class="box box-left" style="clear:left">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Allowed IP addresses')}</h5>
     </div>
     <div class="ips_wrap">
       <table class="noborder">
       %if c.user_ip_map:
         %for ip in c.user_ip_map:
           <tr>
               <td><div class="ip">${ip.ip_addr}</div></td>
               <td><div class="ip">${h.ip_range(ip.ip_addr)}</div></td>
               <td>
                 ${h.form(url('user_ips_delete', id=c.user.user_id),method='delete')}
                     ${h.hidden('del_ip',ip.ip_id)}
                     ${h.hidden('default_user', 'True')}
                     ${h.submit('remove_',_('delete'),id="remove_ip_%s" % ip.ip_id,
                     class_="delete_icon action_button", onclick="return confirm('"+_('Confirm to delete this ip: %s') % ip.ip_addr+"');")}
                 ${h.end_form()}
               </td>
           </tr>
         %endfor
        %else:
         <tr><td><div class="ip">${_('All IP addresses are allowed')}</div></td></tr>
        %endif
       </table>
     </div>
     ${h.form(url('user_ips', id=c.user.user_id),method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
              <div class="field">
                 <div class="label">
                     <label for="new_ip">${_('New ip address')}:</label>
                 </div>
                 <div class="input">
                     ${h.hidden('default_user', 'True')}
                     ${h.text('new_ip', class_='medium')}
                 </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Add'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
         </div>
     </div>
     ${h.end_form()}
 </div>
 </%def>

0 comments (0 inline, 0 general)