.. _changelog:

=========

Changelog

=========

1.4.3 (**2012-XX-XX**)

----------------------

:status: in-progress

:branch: beta

news

++++

- #558 Added config file to hooks extra data

fixes

+++++

1.4.2 (**2012-09-12**)

----------------------

news

++++

- added option to menu to quick lock/unlock repository for users that have

  write access to

- Implemented permissions for writing to repo

  groups. Now only write access to group allows to create a repostiory

  within that group

- #565 Add support for {netloc} and {scheme} to alternative_gravatar_url

- updated translation for zh_CN 

fixes

+++++

- fixed visual permissions check on repos groups inside groups

- fixed issues with non-ascii search terms in search, and indexers

- fixed parsing of page number in GET parameters

- fixed issues with generating pull-request overview for repos with

  bookmarks and tags, also preview doesn't loose chosen revision from

  select dropdown

1.4.1 (**2012-09-07**)

----------------------

news

++++

- always put a comment about code-review status change even if user send

  empty data 

- modified_on column saves repository update and it's going to be used

  later for light version of main page ref #500

- pull request notifications send much nicer emails with details about pull

  request

- #551 show breadcrumbs in summary view for repositories inside a group

fixes

+++++

- fixed migrations of permissions that can lead to inconsistency.

  Some users sent feedback that after upgrading from older versions issues 

  with updating default permissions occurred. RhodeCode detects that now and

  resets default user permission to initial state if there is a need for that.

  Also forces users to set the default value for new forking permission. 

- #535 improved apache wsgi example configuration in docs

- fixes #550 mercurial repositories comparision failed when origin repo had

            # select the lowest permissions first (more explicit)

            ##TODO: do this^^

            if not gr.inherit_default_permissions:

                # NEED TO IGNORE all configurable permissions and

                # replace them with explicitly set

                user.permissions[GLOBAL] = user.permissions[GLOBAL]\

                                                .difference(_configurable)

            for perm in perms:

                user.permissions[GLOBAL].add(perm.permission.permission_name)

        # user specific global permissions

        user_perms = self.sa.query(UserToPerm)\

                .options(joinedload(UserToPerm.permission))\

                .filter(UserToPerm.user_id == uid).all()

        if not user.inherit_default_permissions:

            # NEED TO IGNORE all configurable permissions and

            # replace them with explicitly set

            user.permissions[GLOBAL] = user.permissions[GLOBAL]\

                                            .difference(_configurable)

            for perm in user_perms:

                user.permissions[GLOBAL].add(perm.permission.permission_name)

        #======================================================================

        # !! REPO PERMISSIONS !!

        #======================================================================

        #======================================================================

        # check if user is part of user groups for this repository and

        # fill in (or NOT replace with higher `or 1` permissions

        #======================================================================

        # users group for repositories permissions

        user_repo_perms_from_users_groups = \

         self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\

            .join((Repository, UsersGroupRepoToPerm.repository_id ==

                   Repository.repo_id))\

            .join((Permission, UsersGroupRepoToPerm.permission_id ==

                   Permission.permission_id))\

            .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==

                   UsersGroupMember.users_group_id))\

            .filter(UsersGroupMember.user_id == uid)\

            .all()

        for perm in user_repo_perms_from_users_groups:

            r_k = perm.UsersGroupRepoToPerm.repository.repo_name

            p = perm.Permission.permission_name

            cur_perm = user.permissions[RK][r_k]

            # overwrite permission only if it's greater than permission

            if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1:  # disable check

                user.permissions[RK][r_k] = p

        # user explicit permissions for repositories

        user_repo_perms = \

         self.sa.query(UserRepoToPerm, Permission, Repository)\

            .join((Repository, UserRepoToPerm.repository_id ==

                   Repository.repo_id))\

            .join((Permission, UserRepoToPerm.permission_id ==

                   Permission.permission_id))\

            .filter(UserRepoToPerm.user_id == uid)\

            .all()

        for perm in user_repo_perms:

            # set admin if owner

            r_k = perm.UserRepoToPerm.repository.repo_name

            if perm.Repository.user_id == uid:

                p = 'repository.admin'

            else:

                p = perm.Permission.permission_name

            user.permissions[RK][r_k] = p

        # REPO GROUP

        #==================================================================

        # get access for this user for repos group and override defaults

        #==================================================================

        # user explicit permissions for repository

        user_repo_groups_perms = \

         self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\

         .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\

         .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\

         .filter(UserRepoGroupToPerm.user_id == uid)\

         .all()

        for perm in user_repo_groups_perms:

            rg_k = perm.UserRepoGroupToPerm.group.group_name

            p = perm.Permission.permission_name

            cur_perm = user.permissions[GK][rg_k]

            if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1:  # disable check

                user.permissions[GK][rg_k] = p

        # REPO GROUP + USER GROUP

        #==================================================================

        # check if user is part of user groups for this repo group and

        # fill in (or replace with higher) permissions

        #==================================================================

        # users group for repositories permissions

import os

import unittest

from rhodecode.tests import *

from rhodecode.tests.models.common import _make_group

from rhodecode.model.repos_group import ReposGroupModel

from rhodecode.model.repo import RepoModel

from rhodecode.model.db import RepoGroup, User, UsersGroupRepoGroupToPerm

from rhodecode.model.user import UserModel

from rhodecode.model.meta import Session

from rhodecode.model.users_group import UsersGroupModel

from rhodecode.lib.auth import AuthUser

class TestPermissions(unittest.TestCase):

    def __init__(self, methodName='runTest'):

        super(TestPermissions, self).__init__(methodName=methodName)

    def setUp(self):

        self.u1 = UserModel().create_or_update(

            username=u'u1', password=u'qweqwe',

            email=u'u1@rhodecode.org', firstname=u'u1', lastname=u'u1'

        )

        self.u2 = UserModel().create_or_update(

            username=u'u2', password=u'qweqwe',

            email=u'u2@rhodecode.org', firstname=u'u2', lastname=u'u2'

        )

        self.u3 = UserModel().create_or_update(

            username=u'u3', password=u'qweqwe',

            email=u'u3@rhodecode.org', firstname=u'u3', lastname=u'u3'

        )

        self.anon = User.get_by_username('default')

        self.a1 = UserModel().create_or_update(

            username=u'a1', password=u'qweqwe',

            email=u'a1@rhodecode.org', firstname=u'a1', lastname=u'a1', admin=True

        )

        Session().commit()

    def tearDown(self):

        if hasattr(self, 'test_repo'):

            RepoModel().delete(repo=self.test_repo)

        UserModel().delete(self.u1)

        UserModel().delete(self.u2)

        UserModel().delete(self.u3)

        UserModel().delete(self.a1)

        if hasattr(self, 'g1'):

            ReposGroupModel().delete(self.g1.group_id)

        if hasattr(self, 'g2'):

            ReposGroupModel().delete(self.g2.group_id)

        if hasattr(self, 'ug1'):

            UsersGroupModel().delete(self.ug1, force=True)

        Session().commit()

    def test_default_perms_set(self):

        u1_auth = AuthUser(user_id=self.u1.user_id)

        perms = {

            'repositories_groups': {},

            'global': set([u'hg.create.repository', u'repository.read',

                           u'hg.register.manual_activate']),

            'repositories': {u'vcs_test_hg': u'repository.read'}

        }

        self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],

                         perms['repositories'][HG_REPO])

        new_perm = 'repository.write'

        RepoModel().grant_user_permission(repo=HG_REPO, user=self.u1,

                                          perm=new_perm)

        Session().commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],

                         new_perm)

    def test_default_admin_perms_set(self):

        a1_auth = AuthUser(user_id=self.a1.user_id)

        perms = {

            'repositories_groups': {},

            'global': set([u'hg.admin']),

            'repositories': {u'vcs_test_hg': u'repository.admin'}

        }

        self.assertEqual(a1_auth.permissions['repositories'][HG_REPO],

                         perms['repositories'][HG_REPO])

        new_perm = 'repository.write'

        RepoModel().grant_user_permission(repo=HG_REPO, user=self.a1,

                                          perm=new_perm)

        Session().commit()

        # cannot really downgrade admins permissions !? they still get's set as

        # admin !

        usr = 'default'

        user_model.revoke_perm(usr, 'hg.create.none')

        user_model.grant_perm(usr, 'hg.create.repository')

        user_model.revoke_perm(usr, 'hg.fork.none')

        user_model.grant_perm(usr, 'hg.fork.repository')

        #disable global perms on specific user

        user_model.revoke_perm(self.u1, 'hg.create.repository')

        user_model.grant_perm(self.u1, 'hg.create.none')

        user_model.revoke_perm(self.u1, 'hg.fork.repository')

        user_model.grant_perm(self.u1, 'hg.fork.none')

        # make sure inherit flag is turned off

        self.u1.inherit_default_permissions = False

        Session().commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        # this user will have non inherited permissions from he's

        # explicitly set permissions

        self.assertEqual(u1_auth.permissions['global'],

                         set(['hg.create.none', 'hg.fork.none',

                              'hg.register.manual_activate',

                              'repository.read']))

    def test_non_inherited_permissions_from_default_on_user_disabled(self):

        user_model = UserModel()

        # disable fork and create on default user

        usr = 'default'

        user_model.revoke_perm(usr, 'hg.create.repository')

        user_model.grant_perm(usr, 'hg.create.none')

        user_model.revoke_perm(usr, 'hg.fork.repository')

        user_model.grant_perm(usr, 'hg.fork.none')

        #enable global perms on specific user

        user_model.revoke_perm(self.u1, 'hg.create.none')

        user_model.grant_perm(self.u1, 'hg.create.repository')

        user_model.revoke_perm(self.u1, 'hg.fork.none')

        user_model.grant_perm(self.u1, 'hg.fork.repository')

        # make sure inherit flag is turned off

        self.u1.inherit_default_permissions = False

        Session().commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        # this user will have non inherited permissions from he's

        # explicitly set permissions

        self.assertEqual(u1_auth.permissions['global'],

                         set(['hg.create.repository', 'hg.fork.repository',

                              'hg.register.manual_activate',

                              'repository.read']))