.. _changelog:

=========

Changelog

=========

1.3.4 (**2012-XX-XX**)

----------------------

:status: in-progress

:branch: beta

news

++++

- Whoosh logging is now controlled by the .ini files logging setup

- added clone-url into edit form on /settings page

- added help text into repo add/edit forms

- created rcextensions module with additional mappings (ref #322) and

  post push/pull/create repo hooks callbacks

- implemented #377 Users view for his own permissions on account page

fixes

+++++

- fixed #390 cache invalidation problems on repos inside group

- fixed #385 clone by ID url was loosing proxy prefix in URL

- fixed some unicode problems with waitress

- fixed issue with escaping < and > in changeset commits

- fixed error occurring during recursive group creation in API 

  create_repo function

- fixed #393 py2.5 fixes for routes url generator

- fixed #397 Private repository groups shows up before login

- fixed #396 fixed problems with revoking users in nested groups

1.3.3 (**2012-03-02**)

----------------------

news

++++

fixes

+++++

- fixed some python2.5 compatibility issues 

- fixed issues with removed repos was accidentally added as groups, after

  full rescan of paths

- fixes #376 Cannot edit user (using container auth)

- fixes #378 Invalid image urls on changeset screen with proxy-prefix 

  configuration

- fixed initial sorting of repos inside repo group

- fixes issue when user tried to resubmit same permission into user/user_groups

- bumped beaker version that fixes #375 leap error bug

- fixed raw_changeset for git. It was generated with hg patch headers

- fixed vcs issue with last_changeset for filenodes

- fixed missing commit after hook delete

- fixed #372 issues with git operation detection that caused a security issue 

  for git repos

1.3.2 (**2012-02-28**)

----------------------

news

++++

fixes

+++++

# -*- coding: utf-8 -*-

"""

    rhodecode.model.user

    ~~~~~~~~~~~~~~~~~~~~

    users model for RhodeCode

    :created_on: Apr 9, 2010

    :author: marcink

    :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

import traceback

from pylons import url

from pylons.i18n.translation import _

from rhodecode.lib.utils2 import safe_unicode, generate_api_key

from rhodecode.lib.caching_query import FromCache

from rhodecode.model import BaseModel

from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \

    UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \

from rhodecode.lib.exceptions import DefaultUserException, \

    UserOwnsReposException

from sqlalchemy.exc import DatabaseError

from sqlalchemy.orm import joinedload

log = logging.getLogger(__name__)

PERM_WEIGHTS = {

    'repository.none': 0,

    'repository.read': 1,

    'repository.write': 3,

    'repository.admin': 4,

    'group.none': 0,

    'group.read': 1,

    'group.write': 3,

    'group.admin': 4,

}

class UserModel(BaseModel):

    def __get_user(self, user):

        return self._get_instance(User, user, callback=User.get_by_username)

    def __get_perm(self, permission):

        return self._get_instance(Permission, permission,

                                  callback=Permission.get_by_key)

    def get(self, user_id, cache=False):

        user = self.sa.query(User)

        if cache:

            user = user.options(FromCache("sql_cache_short",

                                          "get_user_%s" % user_id))

        return user.get(user_id)

    def get_user(self, user):

        return self.__get_user(user)

    def get_by_username(self, username, cache=False, case_insensitive=False):

        if case_insensitive:

            user = self.sa.query(User).filter(User.username.ilike(username))

        else:

            user = self.sa.query(User)\

                .filter(User.username == username)

        RK = 'repositories'

        GK = 'repositories_groups'

        GLOBAL = 'global'

        user.permissions[RK] = {}

        user.permissions[GK] = {}

        user.permissions[GLOBAL] = set()

        #======================================================================

        # fetch default permissions

        #======================================================================

        default_user = User.get_by_username('default', cache=True)

        default_user_id = default_user.user_id

        default_repo_perms = Permission.get_default_perms(default_user_id)

        default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)

        if user.is_admin:

            #==================================================================

            # admin user have all default rights for repositories

            # and groups set to admin

            #==================================================================

            user.permissions[GLOBAL].add('hg.admin')

            # repositories

            for perm in default_repo_perms:

                r_k = perm.UserRepoToPerm.repository.repo_name

                p = 'repository.admin'

                user.permissions[RK][r_k] = p

            # repositories groups

            for perm in default_repo_groups_perms:

                rg_k = perm.UserRepoGroupToPerm.group.group_name

                p = 'group.admin'

                user.permissions[GK][rg_k] = p

        else:

            #==================================================================

            # set default permissions first for repositories and groups

            #==================================================================

            uid = user.user_id

            # default global permissions

            default_global_perms = self.sa.query(UserToPerm)\

                .filter(UserToPerm.user_id == default_user_id)

            for perm in default_global_perms:

                user.permissions[GLOBAL].add(perm.permission.permission_name)

            for perm in default_repo_perms:

                r_k = perm.UserRepoToPerm.repository.repo_name

                if perm.Repository.private and not (perm.Repository.user_id == uid):

                    # disable defaults for private repos,

                    p = 'repository.none'

                elif perm.Repository.user_id == uid:

                    # set admin if owner

                    p = 'repository.admin'

                else:

                    p = perm.Permission.permission_name

                user.permissions[RK][r_k] = p

            for perm in default_repo_groups_perms:

                rg_k = perm.UserRepoGroupToPerm.group.group_name

                p = perm.Permission.permission_name

                user.permissions[GK][rg_k] = p

            #==================================================================

            #==================================================================

            user_perms = self.sa.query(UserToPerm)\

                    .options(joinedload(UserToPerm.permission))\

                    .filter(UserToPerm.user_id == uid).all()

            for perm in user_perms:

                user.permissions[GLOBAL].add(perm.permission.permission_name)

            user_repo_perms = \

             self.sa.query(UserRepoToPerm, Permission, Repository)\

             .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\

             .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\

             .filter(UserRepoToPerm.user_id == uid)\

             .all()

            for perm in user_repo_perms:

                # set admin if owner

                r_k = perm.UserRepoToPerm.repository.repo_name

                if perm.Repository.user_id == uid:

                    p = 'repository.admin'

                else:

                    p = perm.Permission.permission_name

                user.permissions[RK][r_k] = p

            #==================================================================

            #==================================================================

            # users group global

            user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\

                .options(joinedload(UsersGroupToPerm.permission))\

                .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==

                       UsersGroupMember.users_group_id))\

                .filter(UsersGroupMember.user_id == uid).all()

            for perm in user_perms_from_users_groups:

                user.permissions[GLOBAL].add(perm.permission.permission_name)

            user_repo_perms_from_users_groups = \

             self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\

             .join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\

             .join((Permission, UsersGroupRepoToPerm.permission_id == Permission.permission_id))\

             .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == UsersGroupMember.users_group_id))\

             .filter(UsersGroupMember.user_id == uid)\

             .all()

            for perm in user_repo_perms_from_users_groups:

                r_k = perm.UsersGroupRepoToPerm.repository.repo_name

                p = perm.Permission.permission_name

                cur_perm = user.permissions[RK][r_k]

                # overwrite permission only if it's greater than permission

                # given from other sources

                if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:

                    user.permissions[RK][r_k] = p

            #==================================================================

            # get access for this user for repos group and override defaults

            #==================================================================

            user_repo_groups_perms = \

             self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\

             .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\

             .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\

             .filter(UserRepoGroupToPerm.user_id == uid)\

             .all()

            for perm in user_repo_groups_perms:

                rg_k = perm.UserRepoGroupToPerm.group.group_name

                p = perm.Permission.permission_name

                cur_perm = user.permissions[GK][rg_k]

                if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:

                    user.permissions[GK][rg_k] = p

        return user

    def has_perm(self, user, perm):

        if not isinstance(perm, Permission):

            raise Exception('perm needs to be an instance of Permission class '

                            'got %s instead' % type(perm))

        user = self.__get_user(user)

        return UserToPerm.query().filter(UserToPerm.user == user)\

            .filter(UserToPerm.permission == perm).scalar() is not None

    def grant_perm(self, user, perm):

        """

        Grant user global permissions

        :param user:

        :param perm:

        """

        user = self.__get_user(user)

        perm = self.__get_perm(perm)

        # if this permission is already granted skip it

        _perm = UserToPerm.query()\

            .filter(UserToPerm.user == user)\

            .filter(UserToPerm.permission == perm)\

            .scalar()

        if _perm:

            return

        new = UserToPerm()

        new.user = user

        new.permission = perm

        self.sa.add(new)

    def revoke_perm(self, user, perm):

        """

        Revoke users global permissions

        :param user:

        :param perm:

        """

        user = self.__get_user(user)

        perm = self.__get_perm(perm)

        obj = UserToPerm.query()\

                .filter(UserToPerm.user == user)\

                .filter(UserToPerm.permission == perm)\

                .scalar()

        if obj:

	                <div class="label">

	                    <label for="email">${_('Email')}:</label>

	                </div>

	                <div class="input">

	                    ${h.text('email',class_="medium")}

	                </div>

	             </div>

	            <div class="buttons">

	              ${h.submit('save',_('Save'),class_="ui-button")}

	              ${h.reset('reset',_('Reset'),class_="ui-button")}

	            </div>

	    	</div>

	    </div>

    ${h.end_form()}

    </div>

</div>

<div class="box box-right">

    <!-- box / title -->

    <div class="title">

        <h5>

        <input class="q_filter_box" id="q_filter" size="15" type="text" name="filter" value="${_('quick filter...')}"/>

        <a id="show_my" class="link-white" href="#my">${_('My repos')}</a> / <a id="show_perms" class="link-white" href="#perms">${_('My permissions')}</a>

        </h5>

         %if h.HasPermissionAny('hg.admin','hg.create.repository')():

         <ul class="links">

           <li>

             <span>${h.link_to(_('ADD'),h.url('admin_settings_create_repository'))}</span>

           </li>

         </ul>

         %endif

    </div>

    <!-- end box / title -->

    <div id="my" class="table">

        <div id='repos_list_wrap' class="yui-skin-sam">

        <table id="repos_list">

	    <thead>

            <tr>

            <th></th>

            <th class="left">${_('Name')}</th>

            <th class="left">${_('Revision')}</th>

            <th class="left">${_('Action')}</th>

            <th class="left">${_('Action')}</th>

	    </thead>

	     <tbody>

         <%namespace name="dt" file="/_data_table/_dt_elements.html"/>

	     %if c.user_repos:

		        <tr>

                    ##QUICK MENU

                    <td class="quick_repo_menu">

                      ${dt.quick_menu(repo['name'])}

                    ##REPO NAME AND ICONS

                    <td class="reponame">

                      ${dt.repo_name(repo['name'],repo['dbrepo']['repo_type'],repo['dbrepo']['private'],repo['dbrepo_fork'].get('repo_name'))}

                    </td>

                    ##LAST REVISION

                    <td>

                        ${dt.revision(repo['name'],repo['rev'],repo['tip'],repo['author'],repo['last_msg'])}

                    </td>

		            <td><a href="${h.url('repo_settings_home',repo_name=repo['name'])}" title="${_('edit')}"><img class="icon" alt="${_('private')}" src="${h.url('/images/icons/application_form_edit.png')}"/></a></td>

		            <td>

	                  ${h.form(url('repo_settings_delete', repo_name=repo['name']),method='delete')}

	                    ${h.submit('remove_%s' % repo['name'],'',class_="delete_icon action_button",onclick="return confirm('"+_('Confirm to delete this repository: %s') % repo['name']+"');")}

	                  ${h.end_form()}

		            </td>

		        </tr>

		     %endfor

	     %else:

            <div style="padding:5px 0px 10px 0px;">

	     	${_('No repositories yet')}

	     	%if h.HasPermissionAny('hg.admin','hg.create.repository')():

	     		${h.link_to(_('create one now'),h.url('admin_settings_create_repository'),class_="ui-btn")}

	     	%endif

            </div>

	     %endif

	     </tbody>

	     </table>

       </div>

    </div>

    <div id="perms" class="table" style="display:none">

           %for section in sorted(c.rhodecode_user.permissions.keys()):

            <div class="perms_section_head">${section.replace("_"," ").capitalize()}</div>

            <div id='tbl_list_wrap_${section}' class="yui-skin-sam">

            <table id="tbl_list_${section}">

              <thead>

                  <tr>

                  <th class="left">${_('Name')}</th>

                  <th class="left">${_('Permission')}</th>

              </thead>

              <tbody>

            %for k in c.rhodecode_user.permissions[section]:

                <tr>

                    <td>

                        %if section == 'repositories':

                            <a href="${h.url('summary_home',repo_name=k)}">${k}</a>

                        %elif section == 'repositories_groups':

                            <a href="${h.url('repos_group_home',group_name=k)}">${k}</a>

                        %else:

                            ${k}

                        %endif

                    </td>

                    <td>

                        %if section == 'global':

                         ${h.bool2icon(True)}

                        %else:

                        <span class="perm_tag ${c.rhodecode_user.permissions[section].get(k).split('.')[-1] }">${c.rhodecode_user.permissions[section].get(k)}</span>

                        %endif

                     </td>

                </tr>

            %endfor

            </tbody>

            </table>

            </div>

           %endfor

    </div>

</div>

<script type="text/javascript">

var filter_activate = function(){

    var nodes = YUQ('#my tr td a.repo_name');

    var func = function(node){

        return node.parentNode.parentNode.parentNode.parentNode;

    }

}

YUE.on('show_my','click',function(e){

    YUD.setStyle('perms','display','none');

    YUD.setStyle('my','display','');

    YUD.get('q_filter').removeAttribute('disabled');

    filter_activate();

    YUE.preventDefault(e);

})

YUE.on('show_perms','click',function(e){

    YUD.setStyle('my','display','none');

    YUD.setStyle('perms','display','');

    YUD.setAttribute('q_filter','disabled','disabled');

    YUE.preventDefault(e);

})

// main table sorting

var myColumnDefs = [

    {key:"menu",label:"",sortable:false,className:"quick_repo_menu hidden"},

    {key:"name",label:"${_('Name')}",sortable:true,

        sortOptions: { sortFunction: nameSort }},

    {key:"tip",label:"${_('Tip')}",sortable:true,

        sortOptions: { sortFunction: revisionSort }},

    {key:"action1",label:"",sortable:false},

    {key:"action2",label:"",sortable:false},

];

var myDataSource = new YAHOO.util.DataSource(YUD.get("repos_list"));

myDataSource.responseType = YAHOO.util.DataSource.TYPE_HTMLTABLE;

myDataSource.responseSchema = {

    fields: [

        {key:"menu"},

        {key:"name"},

        {key:"tip"},

        {key:"action1"},

        {key:"action2"},

    ]

};

var trans_defs =  {

    sortedBy:{key:"name",dir:"asc"},

    MSG_SORTASC:"${_('Click to sort ascending')}",

    MSG_SORTDESC:"${_('Click to sort descending')}",

    MSG_EMPTY:"${_('No records found.')}",

    MSG_ERROR:"${_('Data error.')}",

    MSG_LOADING:"${_('Loading...')}",

}

var myDataTable = new YAHOO.widget.DataTable("repos_list_wrap", myColumnDefs, myDataSource,trans_defs);

import os

import unittest

from rhodecode.tests import *

from rhodecode.model.repos_group import ReposGroupModel

from rhodecode.model.repo import RepoModel

from rhodecode.model.db import RepoGroup, User, Notification, UserNotification, \

from sqlalchemy.exc import IntegrityError

from rhodecode.model.user import UserModel

from rhodecode.model.meta import Session

from rhodecode.model.notification import NotificationModel

from rhodecode.model.users_group import UsersGroupModel

from rhodecode.lib.auth import AuthUser

def _make_group(path, desc='desc', parent_id=None,

                 skip_if_exists=False):

    gr = RepoGroup.get_by_group_name(path)

    if gr and skip_if_exists:

        return gr

    gr = ReposGroupModel().create(path, desc, parent_id)

    return gr

class TestReposGroups(unittest.TestCase):

    def setUp(self):

        self.g1 = _make_group('test1', skip_if_exists=True)

        Session.commit()

        self.g2 = _make_group('test2', skip_if_exists=True)

        Session.commit()

        self.g3 = _make_group('test3', skip_if_exists=True)

        Session.commit()

    def tearDown(self):

        print 'out'

    def __check_path(self, *path):

        """

        Checks the path for existance !

        """

        path = [TESTS_TMP_PATH] + list(path)

        path = os.path.join(*path)

        return os.path.isdir(path)

    def _check_folders(self):

        print os.listdir(TESTS_TMP_PATH)

    def __delete_group(self, id_):

        ReposGroupModel().delete(id_)

    def __update_group(self, id_, path, desc='desc', parent_id=None):

        new_perm_h = 'repository.write'

        RepoModel().grant_user_permission(repo=HG_REPO, user=self.u1,

                                          perm=new_perm_h)

        Session.commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],

                         new_perm_h)

        # grant perm for group this should NOT override permission from user

        # since it's lower than granted

        new_perm_l = 'repository.read'

        RepoModel().grant_users_group_permission(repo=HG_REPO,

                                                 group_name=self.ug1,

                                                 perm=new_perm_l)

        # check perms

        u1_auth = AuthUser(user_id=self.u1.user_id)

        perms = {

            'repositories_groups': {},

            'global': set([u'hg.create.repository', u'repository.read',

                           u'hg.register.manual_activate']),

            'repositories': {u'vcs_test_hg': u'repository.write'}

        }

        self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],

                         new_perm_h)

        self.assertEqual(u1_auth.permissions['repositories_groups'],

                         perms['repositories_groups'])

    def test_repo_in_group_permissions(self):

        self.g1 = _make_group('group1', skip_if_exists=True)

        self.g2 = _make_group('group2', skip_if_exists=True)

        Session.commit()

        # both perms should be read !

        u1_auth = AuthUser(user_id=self.u1.user_id)

        self.assertEqual(u1_auth.permissions['repositories_groups'],

                         {u'group1': u'group.read', u'group2': u'group.read'})

        a1_auth = AuthUser(user_id=self.anon.user_id)

        self.assertEqual(a1_auth.permissions['repositories_groups'],

                 {u'group1': u'group.read', u'group2': u'group.read'})

        #Change perms to none for both groups

        ReposGroupModel().grant_user_permission(repos_group=self.g1,

                                                user=self.anon,

                                                perm='group.none')

        ReposGroupModel().grant_user_permission(repos_group=self.g2,

                                                user=self.anon,

                                                perm='group.none')

        u1_auth = AuthUser(user_id=self.u1.user_id)

        self.assertEqual(u1_auth.permissions['repositories_groups'],

                 {u'group1': u'group.none', u'group2': u'group.none'})

        a1_auth = AuthUser(user_id=self.anon.user_id)

        self.assertEqual(a1_auth.permissions['repositories_groups'],

                 {u'group1': u'group.none', u'group2': u'group.none'})

        # add repo to group

        form_data = {

            'repo_name':HG_REPO,

            'repo_name_full':os.path.join(self.g1.group_name,HG_REPO),

            'repo_type':'hg',

            'clone_uri':'',

            'repo_group':self.g1.group_id,

            'description':'desc',

            'private':False

        }

        self.test_repo = RepoModel().create(form_data, cur_user=self.u1)

        Session.commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        self.assertEqual(u1_auth.permissions['repositories_groups'],

                 {u'group1': u'group.none', u'group2': u'group.none'})

        a1_auth = AuthUser(user_id=self.anon.user_id)

        self.assertEqual(a1_auth.permissions['repositories_groups'],

                 {u'group1': u'group.none', u'group2': u'group.none'})

        #grant permission for u2 !

        ReposGroupModel().grant_user_permission(repos_group=self.g1,

                                                user=self.u2,

                                                perm='group.read')

        ReposGroupModel().grant_user_permission(repos_group=self.g2,

                                                user=self.u2,

                                                perm='group.read')

        Session.commit()

        self.assertNotEqual(self.u1, self.u2)

        #u1 and anon should have not change perms while u2 should !

        u1_auth = AuthUser(user_id=self.u1.user_id)

        self.assertEqual(u1_auth.permissions['repositories_groups'],

                 {u'group1': u'group.none', u'group2': u'group.none'})

        u2_auth = AuthUser(user_id=self.u2.user_id)

        self.assertEqual(u2_auth.permissions['repositories_groups'],

                 {u'group1': u'group.read', u'group2': u'group.read'})

        a1_auth = AuthUser(user_id=self.anon.user_id)

        self.assertEqual(a1_auth.permissions['repositories_groups'],

                 {u'group1': u'group.none', u'group2': u'group.none'})