kallithea Changeset - 3ed2d46a2ca7

Changeset - 3ed2d46a2ca7

Parent rev.

Child rev.

[Not reviewed]

default

0 17 1

Marcin Kuzminski - 15 years ago 2010-08-21 16:34:37
marcin@python-works.com

permission refactoring,
Implemented views for default permissions,
fixes #23 user registration is controlled by permission system.
Implemented manual registration option
websetup fills default permissions

18 files changed with 282 insertions and 47 deletions:

pylons_app/controllers/admin/permissions.py

pylons_app/controllers/admin/repos.py

pylons_app/controllers/admin/settings.py

pylons_app/controllers/admin/users.py

pylons_app/controllers/login.py

pylons_app/lib/auth.py

pylons_app/lib/db_manage.py

pylons_app/model/db.py

pylons_app/model/forms.py

pylons_app/model/permission_model.py

pylons_app/model/repo_model.py

pylons_app/model/user_model.py

pylons_app/templates/admin/permissions/permissions.html

pylons_app/templates/base/base.html

pylons_app/templates/index.html

pylons_app/templates/login.html

pylons_app/templates/register.html

pylons_app/websetup.py

0 comments (0 inline, 0 general)

pylons_app/controllers/admin/permissions.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # permissions controller for pylons
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 27, 2010
 permissions controller for pylons
 @author: marcink
 """
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from pylons_app.lib import helpers as h
 from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator
 from pylons_app.lib.base import BaseController, render
 from pylons_app.model.db import User, UserLog
 from pylons_app.model.forms import UserForm
 from pylons_app.model.forms import UserForm, DefaultPermissionsForm
 from pylons_app.model.permission_model import PermissionModel
 from pylons_app.model.user_model import UserModel
 import formencode
 import logging
 import traceback
 log = logging.getLogger(__name__)
 class PermissionsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('permission', 'permissions')
     @LoginRequired()
-    #@HasPermissionAllDecorator('hg.admin')
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(PermissionsController, self).__before__()
         self.perms_choices = [('repository.none', _('None'),),
                               ('repository.read', _('Read'),),
                               ('repository.write', _('Write'),),
                               ('repository.admin', _('Admin'),)]
         self.register_choices = [
             ('hg.register.none', 'disabled'),
             ('hg.register.manual_activate',
                             _('allowed with manual account activation')),
             ('hg.register.auto_activate',
                             _('allowed with automatic account activation')), ]
         self.create_choices = [('hg.create.none', _('Disabled')),
                                ('hg.create.repository', _('Enabled'))]
     def index(self, format='html'):
         """GET /permissions: All items in the collection"""
         # url('permissions')
         return render('admin/permissions/permissions.html')
     def create(self):
         """POST /permissions: Create a new item"""
         # url('permissions')
     def new(self, format='html'):
         """GET /permissions/new: Form to create a new item"""
         # url('new_permission')
     def update(self, id):
         """PUT /permissions/id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('permission', id=ID),
         #           method='put')
         # url('permission', id=ID)
         permission_model = PermissionModel()
         _form = DefaultPermissionsForm([x[0] for x in self.perms_choices],
                                        [x[0] for x in self.register_choices],
                                        [x[0] for x in self.create_choices])()
         try:
             form_result = _form.to_python(dict(request.POST))
             permission_model.update(form_result)
             h.flash(_('Default permissions updated succesfully'),
                     category='success')
         except formencode.Invalid as errors:
             c.perms_choices = self.perms_choices
             c.register_choices = self.register_choices
             c.create_choices = self.create_choices
             return htmlfill.render(
                 render('admin/permissions/permissions.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occured during update of permissions'),
                     category='error')
         return redirect(url('edit_permission', id=id))
     def delete(self, id):
         """DELETE /permissions/id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('permission', id=ID),
         #           method='delete')
         # url('permission', id=ID)
     def show(self, id, format='html'):
         """GET /permissions/id: Show a specific item"""
         # url('permission', id=ID)
     def edit(self, id, format='html'):
         """GET /permissions/id/edit: Form to edit an existing item"""
         # url('edit_permission', id=ID)
         #url('edit_permission', id=ID)
         c.perms_choices = self.perms_choices
         c.register_choices = self.register_choices
         c.create_choices = self.create_choices
         if id == 'default':
             defaults = {'_method':'put'}
             for p in UserModel().get_default().user_perms:
                 if p.permission.permission_name.startswith('repository.'):
                     defaults['default_perm'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('hg.register.'):
                     defaults['default_register'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('hg.create.'):
                     defaults['default_create'] = p.permission.permission_name
             return htmlfill.render(
                         render('admin/permissions/permissions.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=True,)
         else:
             return redirect(url('admin_home'))

pylons_app/controllers/admin/repos.py

➞

Show inline comments

@@ @@ -29,63 +29,63 @@ from pylons import request, response, se @@
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from pylons_app.lib import helpers as h
 from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasPermissionAnyDecorator
 from pylons_app.lib.base import BaseController, render
 from pylons_app.lib.utils import invalidate_cache
 from pylons_app.model.db import User
 from pylons_app.model.forms import RepoForm
 from pylons_app.model.hg_model import HgModel
 from pylons_app.model.repo_model import RepoModel
 import formencode
 import logging
 import traceback
 log = logging.getLogger(__name__)
 class ReposController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('repo', 'repos')
     @LoginRequired()
-    @HasPermissionAnyDecorator('hg.admin', 'repository.create')
+    @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(ReposController, self).__before__()
     @HasPermissionAllDecorator('hg.admin')
     def index(self, format='html'):
         """GET /repos: All items in the collection"""
         # url('repos')
         cached_repo_list = HgModel().get_repos()
         c.repos_list = sorted(cached_repo_list, key=itemgetter('name_sort'))
         return render('admin/repos/repos.html')
-    @HasPermissionAnyDecorator('hg.admin', 'repository.create')
+    @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
     def create(self):
         """POST /repos: Create a new item"""
         # url('repos')
         repo_model = RepoModel()
         _form = RepoForm()()
         form_result = {}
         try:
             form_result = _form.to_python(dict(request.POST))
             repo_model.create(form_result, c.hg_app_user)
             invalidate_cache('cached_repo_list')
             h.flash(_('created repository %s') % form_result['repo_name'],
                     category='success')
         except formencode.Invalid as errors:
             c.new_repo = errors.value['repo_name']
             if request.POST.get('user_created'):
                 r = render('admin/repos/repo_add_create_repository.html')
             else:
                 r = render('admin/repos/repo_add.html')
             return htmlfill.render(
                 r,
                 defaults=errors.value,

pylons_app/controllers/admin/settings.py

➞

Show inline comments

@@ @@ -250,32 +250,32 @@ class SettingsController(BaseController) @@
         uid = c.hg_app_user.user_id
         _form = UserForm(edit=True, old_data={'user_id':uid})()
         form_result = {}
         try:
             form_result = _form.to_python(dict(request.POST))
             user_model.update_my_account(uid, form_result)
             h.flash(_('Your account was updated succesfully'),
                     category='success')
         except formencode.Invalid as errors:
             #c.user = self.sa.query(User).get(c.hg_app_user.user_id)
             return htmlfill.render(
                 render('admin/users/user_edit_my_account.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occured during update of user %s') \
                     % form_result.get('username'), category='error')
         return redirect(url('my_account'))
-    @HasPermissionAnyDecorator('repository.create', 'hg.admin')
+    @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
     def create_repository(self):
         """GET /_admin/create_repository: Form to create a new item"""
         new_repo = request.GET.get('repo', '')
         c.new_repo = h.repo_name_slug(new_repo)
         return render('admin/repos/repo_add_create_repository.html')

pylons_app/controllers/admin/users.py

➞

Show inline comments

@@ @@ -16,49 +16,48 @@ @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 4, 2010
 users controller for pylons
 @author: marcink
 """
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from pylons_app.lib import helpers as h
 from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator
 from pylons_app.lib.base import BaseController, render
 from pylons_app.model.db import User, UserLog
 from pylons_app.model.forms import UserForm
 from pylons_app.model.user_model import UserModel, DefaultUserException
 import formencode
 import logging
 import traceback
 log = logging.getLogger(__name__)
 class UsersController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('user', 'users')
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(UsersController, self).__before__()
     def index(self, format='html'):
         """GET /users: All items in the collection"""
         # url('users')
         c.users_list = self.sa.query(User).all()
         return render('admin/users/users.html')
     def create(self):

pylons_app/controllers/login.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # login controller for pylons
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 22, 2010
 login controller for pylons
 @author: marcink
 """
 from formencode import htmlfill
 from pylons import request, response, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons_app.lib.auth import AuthUser
+from pylons_app.lib.auth import AuthUser, HasPermissionAnyDecorator
 from pylons_app.lib.base import BaseController, render
 from pylons_app.model.forms import LoginForm, RegisterForm
 from pylons_app.model.user_model import UserModel
 import formencode
 import logging
 """
 Created on April 22, 2010
 login controller for pylons
 @author: marcink
 """
 log = logging.getLogger(__name__)
 class LoginController(BaseController):
     def __before__(self):
         super(LoginController, self).__before__()
     def index(self):
         #redirect if already logged in
         if c.hg_app_user.is_authenticated:
             return redirect(url('hg_home'))
         if request.POST:
             #import Login Form validator class
             login_form = LoginForm()
             try:
                 c.form_result = login_form.to_python(dict(request.POST))
                 return redirect(url('hg_home'))
             except formencode.Invalid as errors:
                 return htmlfill.render(
                     render('/login.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8")
         return render('/login.html')
+    @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate')
     def register(self):
         user_model = UserModel()
         c.auto_active = False
         for perm in user_model.get_default().user_perms:
             if perm.permission.permission_name == 'hg.register.auto_activate':
                 c.auto_active = False
                 break
         if request.POST:
-            user_model = UserModel()
             register_form = RegisterForm()()
             try:
                 form_result = register_form.to_python(dict(request.POST))
                 form_result['active'] = c.auto_active
                 user_model.create_registration(form_result)
                 return redirect(url('login_home'))
             except formencode.Invalid as errors:
                 return htmlfill.render(
                     render('/register.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8")
         return render('/register.html')
     def logout(self):
         session['hg_app_user'] = AuthUser()
         session.save()
         log.info('Logging out and setting user as Empty')
         redirect(url('hg_home'))

pylons_app/lib/auth.py

➞

Show inline comments

@@ @@ -6,49 +6,50 @@ @@
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 4, 2010
 @author: marcink
 """
 from beaker.cache import cache_region
 from pylons import config, session, url, request
 from pylons.controllers.util import abort, redirect
 from pylons_app.lib.utils import get_repo_slug
 from pylons_app.model import meta
 from pylons_app.model.db import User, RepoToPerm, Repository, Permission
 from pylons_app.model.db import User, RepoToPerm, Repository, Permission, \
     UserToPerm
 from sqlalchemy.exc import OperationalError
 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound
 import bcrypt
 from decorator import decorator
 import logging
 log = logging.getLogger(__name__)
 def get_crypt_password(password):
     """Cryptographic function used for password hashing based on sha1
     @param password: password to hash
     """
     return bcrypt.hashpw(password, bcrypt.gensalt(10))
 def check_password(password, hashed):
     return bcrypt.hashpw(password, hashed) == hashed
 @cache_region('super_short_term', 'cached_user')
 def get_user_cached(username):
     sa = meta.Session
     try:
         user = sa.query(User).filter(User.username == username).one()
     finally:
         meta.Session.remove()
@@ @@ -114,88 +115,105 @@ def fill_data(user): @@
     """
     sa = meta.Session
     dbuser = sa.query(User).get(user.user_id)
     if dbuser:
         user.username = dbuser.username
         user.is_admin = dbuser.admin
         user.name = dbuser.name
         user.lastname = dbuser.lastname
         user.email = dbuser.email
     else:
         user.is_authenticated = False
     meta.Session.remove()
     return user
 def fill_perms(user):
     """
     Fills user permission attribute with permissions taken from database
     @param user:
     """
     sa = meta.Session
     user.permissions['repositories'] = {}
     user.permissions['global'] = set()
     #first fetch default permissions
     default_perms = sa.query(RepoToPerm, Repository, Permission)\
     #===========================================================================
     # fetch default permissions
     #===========================================================================
     default_perms = sa.query(RepoToPerm, UserToPerm, Repository, Permission)\
         .outerjoin((UserToPerm, RepoToPerm.user_id == UserToPerm.user_id))\
         .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
         .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
         .filter(RepoToPerm.user_id == sa.query(User).filter(User.username ==
                                             'default').one().user_id).all()
     if user.is_admin:
         #=======================================================================
         # #admin have all rights set to admin
         #=======================================================================
         user.permissions['global'].add('hg.admin')
-        #admin have all rights set to admin
         for perm in default_perms:
             p = 'repository.admin'
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
     else:
         user.permissions['global'].add('repository.create')
         user.permissions['global'].add('hg.register')
         #=======================================================================
         # set default permissions
         #=======================================================================
         #default global
         for perm in default_perms:
             user.permissions['global'].add(perm.UserToPerm.permission.permission_name)
 #        user.permissions['global'].add('hg.create.repository')
 #        user.permissions['global'].add('hg.register')
         #default repositories
         for perm in default_perms:
             if perm.Repository.private and not perm.Repository.user_id == user.user_id:
                 #disable defaults for private repos,
                 p = 'repository.none'
             elif perm.Repository.user_id == user.user_id:
                 #set admin if owner
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
         user_perms = sa.query(RepoToPerm, Permission, Repository)\
         #=======================================================================
         # #overwrite default with user permissions if any
         #=======================================================================
         user_perms = sa.query(RepoToPerm, UserToPerm, Permission, Repository)\
             .outerjoin((UserToPerm, RepoToPerm.user_id == UserToPerm.user_id))\
             .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
             .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
             .filter(RepoToPerm.user_id == user.user_id).all()
-        #overwrite userpermissions with defaults
         for perm in user_perms:
             #set write if owner
             if perm.Repository.user_id == user.user_id:
                 p = 'repository.write'
             if perm.Repository.user_id == user.user_id:#set admin if owner
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
     meta.Session.remove()
     return user
 def get_user(session):
     """
     Gets user from session, and wraps permissions into user
     @param session:
     """
     user = session.get('hg_app_user', AuthUser())
     if user.is_authenticated:
         user = fill_data(user)
     user = fill_perms(user)
     session['hg_app_user'] = user
     session.save()
     return user
 #===============================================================================
 # CHECK DECORATORS
 #===============================================================================
 class LoginRequired(object):
     """Must be logged in to execute this function else redirect to login page"""

pylons_app/lib/db_manage.py

➞

Show inline comments

@@ @@ -13,49 +13,50 @@ @@
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 10, 2010
 database managment and creation for hg app
 @author: marcink
 """
 from os.path import dirname as dn, join as jn
 import os
 import sys
 import uuid
 ROOT = dn(dn(dn(os.path.realpath(__file__))))
 sys.path.append(ROOT)
 from pylons_app.lib.auth import get_crypt_password
 from pylons_app.lib.utils import ask_ok
 from pylons_app.model import init_model
 from pylons_app.model.db import User, Permission, HgAppUi, HgAppSettings
 from pylons_app.model.db import User, Permission, HgAppUi, HgAppSettings, \
     UserToPerm
 from pylons_app.model import meta
 from sqlalchemy.engine import create_engine
 import logging
 log = logging.getLogger(__name__)
 class DbManage(object):
     def __init__(self, log_sql):
         self.dbname = 'hg_app.db'
         dburi = 'sqlite:////%s' % jn(ROOT, self.dbname)
         engine = create_engine(dburi, echo=log_sql)
         init_model(engine)
         self.sa = meta.Session
         self.db_exists = False
     def check_for_db(self, override):
         log.info('checking for exisiting db')
         if os.path.isfile(jn(ROOT, self.dbname)):
             self.db_exists = True
             log.info('database exisist')
             if not override:
                 raise Exception('database already exists')
     def create_tables(self, override=False):
@@ @@ -168,38 +169,76 @@ class DbManage(object): @@
         new_user = User()
         new_user.username = username
         new_user.password = get_crypt_password(password)
         new_user.name = 'Hg'
         new_user.lastname = 'Admin'
         new_user.email = 'admin@localhost'
         new_user.admin = admin
         new_user.active = True
         try:
             self.sa.add(def_user)
             self.sa.add(new_user)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
     def create_permissions(self):
         #module.(access|create|change|delete)_[name]
         #module.(read|write|owner)
         perms = [('repository.none', 'Repository no access'),
                  ('repository.read', 'Repository read access'),
                  ('repository.write', 'Repository write access'),
                  ('repository.admin', 'Repository admin access'),
                  ('repository.create', 'Repository create'),
                  ('hg.admin', 'Hg Administrator'),
                  ('hg.create.repository', 'Repository create'),
                  ('hg.create.none', 'Repository creation disabled'),
                  ('hg.register.none', 'Register disabled'),
                  ('hg.register.manual_activate', 'Register new user with hg-app without manual activation'),
                  ('hg.register.auto_activate', 'Register new user with hg-app without auto activation'),
+                ]
         for p in perms:
             new_perm = Permission()
             new_perm.permission_name = p[0]
             new_perm.permission_longname = p[1]
             try:
                 self.sa.add(new_perm)
                 self.sa.commit()
             except:
                 self.sa.rollback()
                 raise
     def populate_default_permissions(self):
         log.info('creating default user permissions')
         default_user = self.sa.query(User)\
         .filter(User.username == 'default').scalar()
         reg_perm = UserToPerm()
         reg_perm.user = default_user
         reg_perm.permission = self.sa.query(Permission)\
         .filter(Permission.permission_name == 'hg.register.manual_activate')\
         .scalar()
         create_repo_perm = UserToPerm()
         create_repo_perm.user = default_user
         create_repo_perm.permission = self.sa.query(Permission)\
         .filter(Permission.permission_name == 'hg.create.repository')\
         .scalar()
         default_repo_perm = UserToPerm()
         default_repo_perm.user = default_user
         default_repo_perm.permission = self.sa.query(Permission)\
         .filter(Permission.permission_name == 'repository.read')\
         .scalar()
         try:
             self.sa.add(reg_perm)
             self.sa.add(create_repo_perm)
             self.sa.add(default_repo_perm)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise

pylons_app/model/db.py

➞

Show inline comments

@@ @@ -13,80 +13,84 @@ class HgAppSettings(Base): @@
 class HgAppUi(Base):
     __tablename__ = 'hg_app_ui'
     __table_args__ = {'useexisting':True}
     ui_id = Column("ui_id", INTEGER(), nullable=False, unique=True, default=None, primary_key=True)
     ui_section = Column("ui_section", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     ui_key = Column("ui_key", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     ui_value = Column("ui_value", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     ui_active = Column("ui_active", BOOLEAN(), nullable=True, unique=None, default=True)
 class User(Base):
     __tablename__ = 'users'
     __table_args__ = {'useexisting':True}
     user_id = Column("user_id", INTEGER(), nullable=False, unique=True, default=None, primary_key=True)
     username = Column("username", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     password = Column("password", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     active = Column("active", BOOLEAN(), nullable=True, unique=None, default=None)
     admin = Column("admin", BOOLEAN(), nullable=True, unique=None, default=False)
     name = Column("name", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     lastname = Column("lastname", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     email = Column("email", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     last_login = Column("last_login", DATETIME(timezone=False), nullable=True, unique=None, default=None)
     user_log = relation('UserLog')
     user_perms = relation('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id")
     @LazyProperty
     def full_contact(self):
         return '%s %s <%s>' % (self.name, self.lastname, self.email)
     def __repr__(self):
         return "<User('%s:%s')>" % (self.user_id, self.username)
+        return "<User('id:%s:%s')>" % (self.user_id, self.username)
 class UserLog(Base):
     __tablename__ = 'user_logs'
     __table_args__ = {'useexisting':True}
     user_log_id = Column("user_log_id", INTEGER(), nullable=False, unique=True, default=None, primary_key=True)
     user_id = Column("user_id", INTEGER(), ForeignKey(u'users.user_id'), nullable=False, unique=None, default=None)
     user_ip = Column("user_ip", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     repository = Column("repository", TEXT(length=None, convert_unicode=False, assert_unicode=None), ForeignKey(u'repositories.repo_name'), nullable=False, unique=None, default=None)
     action = Column("action", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     action_date = Column("action_date", DATETIME(timezone=False), nullable=True, unique=None, default=None)
     user = relation('User')
 class Repository(Base):
     __tablename__ = 'repositories'
     __table_args__ = (UniqueConstraint('repo_name'), {'useexisting':True},)
     repo_id = Column("repo_id", INTEGER(), nullable=False, unique=True, default=None, primary_key=True)
     repo_name = Column("repo_name", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
     user_id = Column("user_id", INTEGER(), ForeignKey(u'users.user_id'), nullable=False, unique=False, default=None)
     private = Column("private", BOOLEAN(), nullable=True, unique=None, default=None)
     description = Column("description", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     user = relation('User')
     repo_to_perm = relation('RepoToPerm', cascade='all')
     def __repr__(self):
         return "<Repository('id:%s:%s')>" % (self.repo_id, self.repo_name)
 class Permission(Base):
     __tablename__ = 'permissions'
     __table_args__ = {'useexisting':True}
     permission_id = Column("permission_id", INTEGER(), nullable=False, unique=True, default=None, primary_key=True)
     permission_name = Column("permission_name", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     permission_longname = Column("permission_longname", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     def __repr__(self):
         return "<Permission('%s:%s')>" % (self.permission_id, self.permission_name)
 class RepoToPerm(Base):
     __tablename__ = 'repo_to_perm'
     __table_args__ = (UniqueConstraint('user_id', 'repository_id'), {'useexisting':True})
     repo_to_perm_id = Column("repo_to_perm_id", INTEGER(), nullable=False, unique=True, default=None, primary_key=True)
     user_id = Column("user_id", INTEGER(), ForeignKey(u'users.user_id'), nullable=False, unique=None, default=None)
     permission_id = Column("permission_id", INTEGER(), ForeignKey(u'permissions.permission_id'), nullable=False, unique=None, default=None)
     repository_id = Column("repository_id", INTEGER(), ForeignKey(u'repositories.repo_id'), nullable=False, unique=None, default=None)
     user = relation('User')
     permission = relation('Permission')
     repository = relation('Repository')
 class UserToPerm(Base):
     __tablename__ = 'user_to_perm'

pylons_app/model/forms.py

➞

Show inline comments

@@ @@ -307,24 +307,33 @@ def RepoSettingsForm(edit=False, old_dat @@
         chained_validators = [ValidPerms, ValidSettings]
     return _RepoForm
 def ApplicationSettingsForm():
     class _ApplicationSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         hg_app_title = UnicodeString(strip=True, min=3, not_empty=True)
         hg_app_realm = UnicodeString(strip=True, min=3, not_empty=True)
     return _ApplicationSettingsForm
 def ApplicationUiSettingsForm():
     class _ApplicationUiSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         web_push_ssl = OneOf(['true', 'false'], if_missing='false')
         paths_root_path = All(ValidPath(), UnicodeString(strip=True, min=3, not_empty=True))
         hooks_changegroup_update = OneOf(['True', 'False'], if_missing=False)
         hooks_changegroup_repo_size = OneOf(['True', 'False'], if_missing=False)
     return _ApplicationUiSettingsForm
 def DefaultPermissionsForm(perms_choices, register_choices, create_choices):
     class _DefaultPermissionsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         default_perm = OneOf(perms_choices)
         default_register = OneOf(register_choices)
         default_create = OneOf(create_choices)
     return _DefaultPermissionsForm

pylons_app/model/permission_model.py

➞

Show inline comments

@@ new file 100644 @@
 #!/usr/bin/env python
 # encoding: utf-8
 # Model for permissions
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on Aug 20, 2010
 Model for permissions
 @author: marcink
 """
 from pylons.i18n.translation import _
 from pylons_app.model.db import User, Permission
 from pylons_app.model.meta import Session
 import logging
 log = logging.getLogger(__name__)
 class PermissionModel(object):
     def __init__(self):
         self.sa = Session()
     def get_default(self):
         return self.sa.query(User).filter(User.username == 'default').scalar()
     def get_permission(self, id):
         return self.sa.query(Permission).get(id)
     def get_permission_by_name(self, name):
         return self.sa.query(Permission)\
         .filter(Permission.permission_name == name).scalar()
     def update(self, form_result):
         print form_result
         pass

pylons_app/model/repo_model.py

➞

Show inline comments

@@ @@ -5,48 +5,49 @@ @@
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on Jun 5, 2010
 model for handling repositories actions
 @author: marcink
 """
 from datetime import datetime
 from pylons import app_globals as g
 from pylons_app.lib.utils import check_repo
 from pylons_app.model.db import Repository, RepoToPerm, User, Permission
 from pylons_app.model.meta import Session
 from pylons_app.model.user_model import UserModel
 import logging
 import os
 import shutil
 import traceback
 log = logging.getLogger(__name__)
 class RepoModel(object):
     def __init__(self):
         self.sa = Session()
     def get(self, id):
         return self.sa.query(Repository).filter(Repository.repo_name == id).scalar()
     def get_users_js(self):
         users = self.sa.query(User).filter(User.active == True).all()
         u_tmpl = '''{id:%s, fname:"%s", lname:"%s", nname:"%s"},'''
         users_array = '[%s];' % '\n'.join([u_tmpl % (u.user_id, u.name,
                                                     u.lastname, u.username)
                                         for u in users])
         return users_array
@@ @@ -90,50 +91,56 @@ class RepoModel(object): @@
             self.sa.add(cur_repo)
             if repo_name != form_data['repo_name']:
                 #rename our data
                 self.__rename_repo(repo_name, form_data['repo_name'])
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def create(self, form_data, cur_user, just_db=False):
         try:
             repo_name = form_data['repo_name']
             new_repo = Repository()
             for k, v in form_data.items():
                 setattr(new_repo, k, v)
             new_repo.user_id = cur_user.user_id
             self.sa.add(new_repo)
             #create default permission
             repo_to_perm = RepoToPerm()
             default_perm = 'repository.none' if form_data['private'] \
                                                         else 'repository.read'
             default = 'repository.read'
             for p in UserModel().get_default().user_perms:
                 if p.permission.permission_name.startswith('repository.'):
                     default = p.permission.permission_name
                     break
             default_perm = 'repository.none' if form_data['private'] else default
             repo_to_perm.permission_id = self.sa.query(Permission)\
                     .filter(Permission.permission_name == default_perm)\
                     .one().permission_id
             repo_to_perm.repository_id = new_repo.repo_id
             repo_to_perm.user_id = self.sa.query(User)\
                     .filter(User.username == 'default').one().user_id
             self.sa.add(repo_to_perm)
             self.sa.commit()
             if not just_db:
                 self.__create_repo(repo_name)
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def delete(self, repo):
         try:
             self.sa.delete(repo)
             self.sa.commit()
             self.__delete_repo(repo.repo_name)
         except:
             log.error(traceback.format_exc())

pylons_app/model/user_model.py

➞

Show inline comments

@@ @@ -16,71 +16,73 @@ @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 9, 2010
 Model for users
 @author: marcink
 """
 from pylons_app.model.db import User
 from pylons_app.model.meta import Session
 from pylons.i18n.translation import _
 import logging
 log = logging.getLogger(__name__)
 class DefaultUserException(Exception):pass
 class UserModel(object):
     def __init__(self):
         self.sa = Session()
     def get_default(self):
         return self.sa.query(User).filter(User.username == 'default').scalar()
     def get_user(self, id):
         return self.sa.query(User).get(id)
     def create(self, form_data):
         try:
             new_user = User()
             for k, v in form_data.items():
                 setattr(new_user, k, v)
             self.sa.add(new_user)
             self.sa.commit()
         except Exception as e:
             log.error(e)
             self.sa.rollback()
             raise
     def create_registration(self, form_data):
         try:
             new_user = User()
             for k, v in form_data.items():
-                if k != 'admin' or k != 'active':
                 if k != 'admin':
                     setattr(new_user, k, v)
                 setattr(new_user, 'active', True)
             self.sa.add(new_user)
             self.sa.commit()
         except Exception as e:
             log.error(e)
             self.sa.rollback()
             raise
     def update(self, uid, form_data):
         try:
             new_user = self.sa.query(User).get(uid)
             if new_user.username == 'default':
                 raise DefaultUserException(
                                 _("You can't Edit this user since it's"
                                   " crucial for entire application"))
             for k, v in form_data.items():
                 if k == 'new_password' and v != '':
                     new_user.password = v
                 else:
                     setattr(new_user, k, v)
             self.sa.add(new_user)
             self.sa.commit()
         except Exception as e:

pylons_app/templates/admin/permissions/permissions.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 <%inherit file="/base/base.html"/>
 <%def name="title()">
     ${_('Permissions administration')}
 </%def>
 <%def name="breadcrumbs_links()">
     ${h.link_to(_('Admin'),h.url('admin_home'))}
     &raquo;
     ${_('Permissions')}
 </%def>
 <%def name="page_nav()">
 	${self.menu('admin')}
 </%def>
 <%def name="main()">
 <div class="box">
     <!-- box / title -->
     <div class="title">
         ${self.breadcrumbs()}
     </div>
     <h3>${_('Repositories permissions')}</h3>
     ${h.form(url('permission', id='default_perm'),method='put')}
     <h3>${_('Default permissions')}</h3>
     ${h.form(url('permission', id='default'),method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
 			<div class="field">
 				<div class="label">
-					<label for="default_perm">${_('default repository permission')}:</label>
+					<label for="default_perm">${_('Default repository permission')}:</label>
 				</div>
 				<div class="select">
 					${h.select('default_perm','repository.read',['repository.none','repository.read','repository.write','repository.admin'])}
 					${h.select('default_perm','',c.perms_choices)}
 				</div>
 			</div>
 			<div class="field">
 		        <div class="label">
 		            <label for="default_register">${_('Registration')}:</label>
 		        </div>
 				<div class="select">
 					${h.select('default_register','',c.register_choices)}
 				</div>
 			</div>
 			</div>
              <div class="field">
                 <div class="label">
                     <label for="default_create">${_('Allow repository creation')}:</label>
                 </div>
 				<div class="select">
 					${h.select('default_create','',c.create_choices)}
 				</div>
              </div>
 	        <div class="buttons">
 	        ${h.submit('set','set',class_="ui-button ui-widget ui-state-default ui-corner-all")}
 	        </div>
+	        </div>
         </div>
     </div>
     ${h.end_form()}
 </div>
 </%def>

pylons_app/templates/base/base.html

➞

Show inline comments

@@ @@ -198,49 +198,49 @@ @@
                     <span>${_('Home')}</span>
                     </a>
                 </li>
                 <li>
                     <a title="${_('Search')}"  href="${h.url('search')}">
                     <span class="icon">
                         <img src="/images/icons/search_16.png" alt="${_('Search')}" />
                     </span>
                     <span>${_('Search')}</span>
                     </a>
                 </li>
 				%if h.HasPermissionAll('hg.admin')('access admin main page'):
                 <li ${is_current('admin')}>
                    <a title="${_('Admin')}" href="${h.url('admin_home')}">
                    <span class="icon">
                        <img src="/images/icons/cog_edit.png" alt="${_('Admin')}" />
                    </span>
                    <span>${_('Admin')}</span>
                    </a>
 				    <ul>
 				        <li>${h.link_to(_('repositories'),h.url('repos'),class_='repos')}</li>
 				        <li>${h.link_to(_('users'),h.url('users'),class_='users')}</li>
-				        <li>${h.link_to(_('permissions'),h.url('permissions'),class_='permissions')}</li>
+				        <li>${h.link_to(_('permissions'),h.url('edit_permission',id='default'),class_='permissions')}</li>
 				        <li>${h.link_to(_('settings'),h.url('admin_settings'),class_='settings')}</li>
 				    </ul>
                 </li>
 				%endif
 			</ul>
 		%endif
 </%def>
 <%def name="css()">
 <link rel="stylesheet" type="text/css" href="/css/reset.css" />
 <link rel="stylesheet" type="text/css" href="/css/style.css" media="screen" />
 <link rel="stylesheet" type="text/css" href="/css/style_full.css" />
 <link id="color" rel="stylesheet" type="text/css" href="/css/colors/blue.css" />
 <link rel="stylesheet" type="text/css" href="/css/pygments.css"  />
 <link rel="stylesheet" type="text/css" href="/css/diff.css"  />
 </%def>
 <%def name="js()">
 <script type="text/javascript" src="/js/yui/utilities/utilities.js"></script>
 <!--[if IE]><script language="javascript" type="text/javascript" src="/js/excanvas.min.js"></script><![endif]-->
 <script type="text/javascript" src="/js/yui/container/container-min.js"></script>
 <script type="text/javascript" src="/js/yui/datasource/datasource-min.js"></script>

pylons_app/templates/index.html

➞

Show inline comments

@@ @@ -6,49 +6,49 @@ @@
 <%def name="breadcrumbs()">
 	${c.hg_app_name}
 </%def>
 <%def name="page_nav()">
 	${self.menu('home')}
 </%def>
 <%def name="main()">
 	<%def name="get_sort(name)">
 		<%name_slug = name.lower().replace(' ','_') %>
 		%if name_slug == c.cs_slug:
 			<span style="font-weight: bold;text-decoration: underline;">${name}</span>
 		%else:
 			<span style="font-weight: bold">${name}</span>
 		%endif
 		<a href="?sort=${name_slug}">&darr;</a>
 		<a href="?sort=-${name_slug}">&uarr;</a>
 	</%def>
     <div class="box">
 	    <!-- box / title -->
 	    <div class="title">
 	        <h5>${_('Dashboard')}</h5>
-	        %if h.HasPermissionAny('repository.create','hg.admin')():
+	        %if h.HasPermissionAny('hg.admin','hg.create.repository')():
 	        <ul class="links">
 	          <li>
 	            <span>${h.link_to(u'ADD NEW REPOSITORY',h.url('admin_settings_create_repository'),class_="add_icon")}</span>
 	          </li>
 	        </ul>
 	        %endif
 	    </div>
 	    <!-- end box / title -->
         <div class="table">
                     <table>
             <thead>
 	            <tr>
 			        <th class="left">${get_sort(_('Name'))}</th>
 			        <th class="left">${get_sort(_('Description'))}</th>
 			        <th class="left">${get_sort(_('Last change'))}</th>
 			        <th class="left">${get_sort(_('Tip'))}</th>
 			        <th class="left">${get_sort(_('Contact'))}</th>
 			        <th class="left">${_('RSS')}</th>
 			        <th class="left">${_('Atom')}</th>
 	            </tr>
             </thead>
                         <tbody>
 					    %for cnt,repo in enumerate(c.repos_list):
 					        %if h.HasRepoPermissionAny('repository.write','repository.read','repository.admin')(repo['name'],'main page check'):

pylons_app/templates/login.html

➞

Show inline comments

@@ @@ -40,37 +40,39 @@ @@
                         </div>
                         <div class="field">
                             <div class="label">
                                 <label for="password">${_('Password')}:</label>
                             </div>
                             <div class="input">
                                 ${h.password('password',class_='focus',size=40)}
                             </div>
                         </div>
                         ##<div class="field">
                         ##    <div class="checkbox">
                         ##        <input type="checkbox" id="remember" name="remember" />
                         ##        <label for="remember">Remember me</label>
                         ##    </div>
                         ##</div>
                         <div class="buttons">
                             ${h.submit('sign_in','Sign In',class_="ui-button ui-widget ui-state-default ui-corner-all")}
                         </div>
                     </div>
                     <!-- end fields -->
                     <!-- links -->
                     <div class="links">
                         ${h.link_to(_('Forgot your password ?'),h.url('#'))}
+                         /
                         ${h.link_to(_("Don't have an account ?"),h.url('register'))}
                         %if h.HasPermissionAny('hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate')():
+	                         /
 	                        ${h.link_to(_("Don't have an account ?"),h.url('register'))}
                         %endif
                     </div>
                     <!-- end links -->
                 </div>
                 ${h.end_form()}
             </div>
             <!-- end login -->
         </div>
     </body>
 </html>

pylons_app/templates/register.html

➞

Show inline comments

@@ @@ -55,34 +55,39 @@ @@
 			                </div>
 			             </div>
 			             <div class="field">
 			                <div class="label">
 			                    <label for="lastname">${_('Last Name')}:</label>
 			                </div>
 			                <div class="input">
 			                    ${h.text('lastname')}
 			                </div>
 			             </div>
 			             <div class="field">
 			                <div class="label">
 			                    <label for="email">${_('Email')}:</label>
 			                </div>
 			                <div class="input">
 			                    ${h.text('email')}
 			                </div>
 			             </div>
 			            <div class="buttons">
 				            <div class="nohighlight">
 				              ${h.submit('sign_up','Sign Up',class_="ui-button ui-widget ui-state-default ui-corner-all")}
 				              %if c.auto_active:
 							  	<div class="activation_msg">${_('Your account will be activated right after registration')}</div>
 							  %else:
 							  	<div class="activation_msg">${_('Your account must wait for activation by administrator')}</div>
 							  %endif
 				            </div>
 			            </div>
 			    	</div>
 			    </div>
 			    ${h.end_form()}
 			</div>
 	    </div>
     </body>
 </html>

pylons_app/websetup.py

➞

Show inline comments

 """Setup the pylons_app application"""
 from os.path import dirname as dn, join as jn
 from pylons_app.config.environment import load_environment
 from pylons_app.lib.db_manage import DbManage
 import logging
 import os
 import sys
 log = logging.getLogger(__name__)
 ROOT = dn(dn(os.path.realpath(__file__)))
 sys.path.append(ROOT)
 def setup_app(command, conf, vars):
     """Place any commands to setup pylons_app here"""
     dbmanage = DbManage(log_sql=True)
     dbmanage.create_tables(override=True)
     dbmanage.config_prompt()
     dbmanage.admin_prompt()
     dbmanage.create_permissions()
     dbmanage.populate_default_permissions()
     load_environment(conf.global_conf, conf.local_conf, initial=True)

0 comments (0 inline, 0 general)