kallithea Changeset - 39798d53c65d

Changeset - 39798d53c65d

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Marcin Kuzminski - 12 years ago 2013-06-11 14:40:00
marcin@python-works.com

When using apply to children flag in repo group permission
change prompt, RhodeCode only applied this to user groups if
repository was private. Only thing that shouldn't be allowed is
to change the DEFAULT user permission when repository is private.

1 file changed with 5 insertions and 2 deletions:

rhodecode/model/repos_group.py

0 comments (0 inline, 0 general)

rhodecode/model/repos_group.py

➞

Show inline comments

@@ @@ -92,215 +92,218 @@ class ReposGroupModel(BaseModel): @@
         os.makedirs(create_path)
     def __rename_group(self, old, new):
         """
         Renames a group on filesystem
         :param group_name:
         """
         if old == new:
             log.debug('skipping group rename')
             return
         log.debug('renaming repository group from %s to %s' % (old, new))
         old_path = os.path.join(self.repos_path, old)
         new_path = os.path.join(self.repos_path, new)
         log.debug('renaming repos paths from %s to %s' % (old_path, new_path))
         if os.path.isdir(new_path):
             raise Exception('Was trying to rename to already '
                             'existing dir %s' % new_path)
         shutil.move(old_path, new_path)
     def __delete_group(self, group, force_delete=False):
         """
         Deletes a group from a filesystem
         :param group: instance of group from database
         :param force_delete: use shutil rmtree to remove all objects
         """
         paths = group.full_path.split(RepoGroup.url_sep())
         paths = os.sep.join(paths)
         rm_path = os.path.join(self.repos_path, paths)
         log.info("Removing group %s" % (rm_path))
         # delete only if that path really exists
         if os.path.isdir(rm_path):
             if force_delete:
                 shutil.rmtree(rm_path)
             else:
                 #archive that group`
                 _now = datetime.datetime.now()
                 _ms = str(_now.microsecond).rjust(6, '0')
                 _d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms),
                                           group.name)
                 shutil.move(rm_path, os.path.join(self.repos_path, _d))
     def create(self, group_name, group_description, owner, parent=None, just_db=False):
         try:
             user = self._get_user(owner)
             new_repos_group = RepoGroup()
             new_repos_group.user = user
             new_repos_group.group_description = group_description or group_name
             new_repos_group.parent_group = self._get_repo_group(parent)
             new_repos_group.group_name = new_repos_group.get_new_name(group_name)
             self.sa.add(new_repos_group)
             perm_obj = self._create_default_perms(new_repos_group)
             self.sa.add(perm_obj)
             #create an ADMIN permission for owner except if we're super admin,
             #later owner should go into the owner field of groups
             if not user.is_admin:
                 self.grant_user_permission(repos_group=new_repos_group,
                                            user=owner, perm='group.admin')
             if not just_db:
                 # we need to flush here, in order to check if database won't
                 # throw any exceptions, create filesystem dirs at the very end
                 self.sa.flush()
                 self.__create_group(new_repos_group.group_name)
             return new_repos_group
         except Exception:
             log.error(traceback.format_exc())
             raise
     def _update_permissions(self, repos_group, perms_new=None,
                             perms_updates=None, recursive=False,
                             check_perms=True):
         from rhodecode.model.repo import RepoModel
         from rhodecode.lib.auth import HasUserGroupPermissionAny
         if not perms_new:
             perms_new = []
         if not perms_updates:
             perms_updates = []
         def _set_perm_user(obj, user, perm):
             if isinstance(obj, RepoGroup):
                 self.grant_user_permission(
                     repos_group=obj, user=user, perm=perm
+                )
             elif isinstance(obj, Repository):
                 #we do this ONLY IF repository is non-private
                 if obj.private:
                 # private repos will not allow to change the default permissions
                 # using recursive mode
                 if obj.private and user == User.DEFAULT_USER:
                     return
                 # we set group permission but we have to switch to repo
                 # permission
                 perm = perm.replace('group.', 'repository.')
                 RepoModel().grant_user_permission(
                     repo=obj, user=user, perm=perm
+                )
         def _set_perm_group(obj, users_group, perm):
             if isinstance(obj, RepoGroup):
                 self.grant_users_group_permission(
                     repos_group=obj, group_name=users_group, perm=perm
+                )
             elif isinstance(obj, Repository):
                 # we set group permission but we have to switch to repo
                 # permission
                 perm = perm.replace('group.', 'repository.')
                 RepoModel().grant_users_group_permission(
                     repo=obj, group_name=users_group, perm=perm
+                )
         # start updates
         updates = []
         log.debug('Now updating permissions for %s in recursive mode:%s'
                   % (repos_group, recursive))
         for obj in repos_group.recursive_groups_and_repos():
             #obj is an instance of a group or repositories in that group
             if not recursive:
                 obj = repos_group
             # update permissions
             for member, perm, member_type in perms_updates:
                 ## set for user
                 if member_type == 'user':
                     # this updates also current one if found
                     _set_perm_user(obj, user=member, perm=perm)
                 ## set for user group
                 else:
                     #check if we have permissions to alter this usergroup
                     req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
                     if not check_perms or HasUserGroupPermissionAny(*req_perms)(member):
                         _set_perm_group(obj, users_group=member, perm=perm)
             # set new permissions
             for member, perm, member_type in perms_new:
                 if member_type == 'user':
                     _set_perm_user(obj, user=member, perm=perm)
                 else:
                     #check if we have permissions to alter this usergroup
                     req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
                     if not check_perms or HasUserGroupPermissionAny(*req_perms)(member):
                         _set_perm_group(obj, users_group=member, perm=perm)
             updates.append(obj)
             #if it's not recursive call
             # break the loop and don't proceed with other changes
             if not recursive:
                 break
         return updates
     def update(self, repos_group, form_data):
         try:
             repos_group = self._get_repo_group(repos_group)
             old_path = repos_group.full_path
             # change properties
             repos_group.group_description = form_data['group_description']
             repos_group.group_parent_id = form_data['group_parent_id']
             repos_group.enable_locking = form_data['enable_locking']
             repos_group.parent_group = RepoGroup.get(form_data['group_parent_id'])
             repos_group.group_name = repos_group.get_new_name(form_data['group_name'])
             new_path = repos_group.full_path
             self.sa.add(repos_group)
             # iterate over all members of this groups and do fixes
             # set locking if given
             # if obj is a repoGroup also fix the name of the group according
             # to the parent
             # if obj is a Repo fix it's name
             # this can be potentially heavy operation
             for obj in repos_group.recursive_groups_and_repos():
                 #set the value from it's parent
                 obj.enable_locking = repos_group.enable_locking
                 if isinstance(obj, RepoGroup):
                     new_name = obj.get_new_name(obj.name)
                     log.debug('Fixing group %s to new name %s' \
                                 % (obj.group_name, new_name))
                     obj.group_name = new_name
                 elif isinstance(obj, Repository):
                     # we need to get all repositories from this new group and
                     # rename them accordingly to new group path
                     new_name = obj.get_new_name(obj.just_name)
                     log.debug('Fixing repo %s to new name %s' \
                                 % (obj.repo_name, new_name))
                     obj.repo_name = new_name
                 self.sa.add(obj)
             self.__rename_group(old_path, new_path)
             return repos_group
         except Exception:
             log.error(traceback.format_exc())
             raise
     def delete(self, repos_group, force_delete=False):
         repos_group = self._get_repo_group(repos_group)
         try:
             self.sa.delete(repos_group)
             self.__delete_group(repos_group, force_delete)
         except Exception:
             log.error('Error removing repos_group %s' % repos_group)
             raise
     def delete_permission(self, repos_group, obj, obj_type, recursive):
         """
         Revokes permission for repos_group for given obj(user or users_group),
         obj_type can be user or user group

0 comments (0 inline, 0 general)