.. _changelog:

=========

Changelog

=========

1.4.3 (**2012-XX-XX**)

----------------------

:status: in-progress

:branch: beta

news

++++

- #558 Added config file to hooks extra data

fixes

+++++

1.4.2 (**2012-09-12**)

----------------------

news

++++

- added option to menu to quick lock/unlock repository for users that have

  write access to

- Implemented permissions for writing to repo

  groups. Now only write access to group allows to create a repostiory

  within that group

- #565 Add support for {netloc} and {scheme} to alternative_gravatar_url

- updated translation for zh_CN 

fixes

+++++

- fixed visual permissions check on repos groups inside groups

- fixed issues with non-ascii search terms in search, and indexers

- fixed parsing of page number in GET parameters

- fixed issues with generating pull-request overview for repos with

  bookmarks and tags, also preview doesn't loose chosen revision from

  select dropdown

1.4.1 (**2012-09-07**)

----------------------

news

++++

- always put a comment about code-review status change even if user send

  empty data 

- modified_on column saves repository update and it's going to be used

  later for light version of main page ref #500

- pull request notifications send much nicer emails with details about pull

  request

- #551 show breadcrumbs in summary view for repositories inside a group

fixes

+++++

- fixed migrations of permissions that can lead to inconsistency.

  Some users sent feedback that after upgrading from older versions issues 

  with updating default permissions occurred. RhodeCode detects that now and

  resets default user permission to initial state if there is a need for that.

  Also forces users to set the default value for new forking permission. 

- #535 improved apache wsgi example configuration in docs

- fixes #550 mercurial repositories comparision failed when origin repo had

  additional not-common changesets

- fixed status of code-review in preview windows of pull request

- git forks were not initialized at bare repos

- fixes #555 fixes issues with comparing non-related repositories

- fixes #557 follower counter always counts up

- fixed issue #560 require push ssl checkbox wasn't shown when option was

  enabled

- fixed #559

- fixed issue #559 fixed bug in routing that mapped repo names with <name>_<num> in name as

  if it was a request to url by repository ID

1.4.0 (**2012-09-03**)

----------------------

news

++++

- new codereview system

- email map, allowing users to have multiple email addresses mapped into

  their accounts

- improved git-hook system. Now all actions for git are logged into journal

  including pushed revisions, user and IP address

- changed setup-app into setup-rhodecode and added default options to it.

- new git repos are created as bare now by default

- #464 added links to groups in permission box

- #465 mentions autocomplete inside comments boxes

- #469 added --update-only option to whoosh to re-index only given list

  of repos in index 

- rhodecode-api CLI client

- new git http protocol replaced buggy dulwich implementation.

  Now based on pygrack & gitweb

- Improved RSS/ATOM feeds. Discoverable by browsers using proper headers, and 

  reformated based on user suggestions. Additional rss/atom feeds for user

  journal

- various i18n improvements

- #478 permissions overview for admin in user edit view

- File view now displays small gravatars off all authors of given file

- Implemented landing revisions. Each repository will get landing_rev attribute

  that defines 'default' revision/branch for generating readme files

- Implemented #509, RhodeCode enforces SSL for push/pulling if requested at 

  earliest possible call.

- Import remote svn repositories to mercurial using hgsubversion.

- Fixed #508 RhodeCode now has a option to explicitly set forking permissions

- RhodeCode can use alternative server for generating avatar icons

- implemented repositories locking. Pull locks, push unlocks. Also can be done

  via API calls

- #538 form for permissions can handle multiple users at once 

            .filter(UserToPerm.user_id == default_user_id)

        for perm in default_global_perms:

            user.permissions[GLOBAL].add(perm.permission.permission_name)

        # defaults for repositories, taken from default user

        for perm in default_repo_perms:

            r_k = perm.UserRepoToPerm.repository.repo_name

            if perm.Repository.private and not (perm.Repository.user_id == uid):

                # disable defaults for private repos,

                p = 'repository.none'

            elif perm.Repository.user_id == uid:

                # set admin if owner

                p = 'repository.admin'

            else:

                p = perm.Permission.permission_name

            user.permissions[RK][r_k] = p

        # defaults for repositories groups taken from default user permission

        # on given group

        for perm in default_repo_groups_perms:

            rg_k = perm.UserRepoGroupToPerm.group.group_name

            p = perm.Permission.permission_name

            user.permissions[GK][rg_k] = p

        #======================================================================

        # !! OVERRIDE GLOBALS !! with user permissions if any found

        #======================================================================

        # those can be configured from groups or users explicitly

        _configurable = set(['hg.fork.none', 'hg.fork.repository',

                             'hg.create.none', 'hg.create.repository'])

        # USER GROUPS comes first

        # users group global permissions

        user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\

            .options(joinedload(UsersGroupToPerm.permission))\

            .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==

                   UsersGroupMember.users_group_id))\

            .filter(UsersGroupMember.user_id == uid)\

            .order_by(UsersGroupToPerm.users_group_id)\

            .all()

        #need to group here by groups since user can be in more than one group

        _grouped = [[x, list(y)] for x, y in

                    itertools.groupby(user_perms_from_users_groups,

                                      lambda x:x.users_group)]

        for gr, perms in _grouped:

            # since user can be in multiple groups iterate over them and

            # select the lowest permissions first (more explicit)

            ##TODO: do this^^

            if not gr.inherit_default_permissions:

                # NEED TO IGNORE all configurable permissions and

                # replace them with explicitly set

                user.permissions[GLOBAL] = user.permissions[GLOBAL]\

                                                .difference(_configurable)

            for perm in perms:

                user.permissions[GLOBAL].add(perm.permission.permission_name)

        # user specific global permissions

        user_perms = self.sa.query(UserToPerm)\

                .options(joinedload(UserToPerm.permission))\

                .filter(UserToPerm.user_id == uid).all()

        if not user.inherit_default_permissions:

            # NEED TO IGNORE all configurable permissions and

            # replace them with explicitly set

            user.permissions[GLOBAL] = user.permissions[GLOBAL]\

                                            .difference(_configurable)

            for perm in user_perms:

                user.permissions[GLOBAL].add(perm.permission.permission_name)

        #======================================================================

        # !! REPO PERMISSIONS !!

        #======================================================================

        #======================================================================

        # check if user is part of user groups for this repository and

        # fill in (or NOT replace with higher `or 1` permissions

        #======================================================================

        # users group for repositories permissions

        user_repo_perms_from_users_groups = \

         self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\

            .join((Repository, UsersGroupRepoToPerm.repository_id ==

                   Repository.repo_id))\

            .join((Permission, UsersGroupRepoToPerm.permission_id ==

                   Permission.permission_id))\

            .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==

                   UsersGroupMember.users_group_id))\

            .filter(UsersGroupMember.user_id == uid)\

            .all()

        for perm in user_repo_perms_from_users_groups:

            r_k = perm.UsersGroupRepoToPerm.repository.repo_name

            p = perm.Permission.permission_name

            cur_perm = user.permissions[RK][r_k]

            # overwrite permission only if it's greater than permission

            if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1:  # disable check

                user.permissions[RK][r_k] = p

        # user explicit permissions for repositories

        user_repo_perms = \

         self.sa.query(UserRepoToPerm, Permission, Repository)\

            .join((Repository, UserRepoToPerm.repository_id ==

                   Repository.repo_id))\

            .join((Permission, UserRepoToPerm.permission_id ==

                   Permission.permission_id))\

            .filter(UserRepoToPerm.user_id == uid)\

            .all()

        for perm in user_repo_perms:

            # set admin if owner

            r_k = perm.UserRepoToPerm.repository.repo_name

            if perm.Repository.user_id == uid:

                p = 'repository.admin'

            else:

                p = perm.Permission.permission_name

            user.permissions[RK][r_k] = p

        # REPO GROUP

        #==================================================================

        # get access for this user for repos group and override defaults

        #==================================================================

        # user explicit permissions for repository

        user_repo_groups_perms = \

         self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\

         .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\

         .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\

         .filter(UserRepoGroupToPerm.user_id == uid)\

         .all()

        for perm in user_repo_groups_perms:

            rg_k = perm.UserRepoGroupToPerm.group.group_name

            p = perm.Permission.permission_name

            cur_perm = user.permissions[GK][rg_k]

            if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1:  # disable check

                user.permissions[GK][rg_k] = p

        # REPO GROUP + USER GROUP

        #==================================================================

        # check if user is part of user groups for this repo group and

        # fill in (or replace with higher) permissions

        #==================================================================

        # users group for repositories permissions

        user_repo_group_perms_from_users_groups = \

         self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\

         .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\

         .join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\

         .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\

         .filter(UsersGroupMember.user_id == uid)\

         .all()

        for perm in user_repo_group_perms_from_users_groups:

            g_k = perm.UsersGroupRepoGroupToPerm.group.group_name

            p = perm.Permission.permission_name

            cur_perm = user.permissions[GK][g_k]

            # overwrite permission only if it's greater than permission

            # given from other sources

            if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1:  # disable check

                user.permissions[GK][g_k] = p

        return user

    def has_perm(self, user, perm):

        perm = self._get_perm(perm)

        user = self._get_user(user)

        return UserToPerm.query().filter(UserToPerm.user == user)\

            .filter(UserToPerm.permission == perm).scalar() is not None

    def grant_perm(self, user, perm):

        """

        Grant user global permissions

        :param user:

        :param perm:

        """

        user = self._get_user(user)

        perm = self._get_perm(perm)

        # if this permission is already granted skip it

        _perm = UserToPerm.query()\

            .filter(UserToPerm.user == user)\

            .filter(UserToPerm.permission == perm)\

            .scalar()

        if _perm:

            return

        new = UserToPerm()

        new.user = user

        new.permission = perm

        self.sa.add(new)

    def revoke_perm(self, user, perm):

import os

import unittest

from rhodecode.tests import *

from rhodecode.tests.models.common import _make_group

from rhodecode.model.repos_group import ReposGroupModel

from rhodecode.model.repo import RepoModel

from rhodecode.model.db import RepoGroup, User, UsersGroupRepoGroupToPerm

from rhodecode.model.user import UserModel

from rhodecode.model.meta import Session

from rhodecode.model.users_group import UsersGroupModel

from rhodecode.lib.auth import AuthUser

class TestPermissions(unittest.TestCase):

    def __init__(self, methodName='runTest'):

        super(TestPermissions, self).__init__(methodName=methodName)

    def setUp(self):

        self.u1 = UserModel().create_or_update(

            username=u'u1', password=u'qweqwe',

            email=u'u1@rhodecode.org', firstname=u'u1', lastname=u'u1'

        )

        self.u2 = UserModel().create_or_update(

            username=u'u2', password=u'qweqwe',

            email=u'u2@rhodecode.org', firstname=u'u2', lastname=u'u2'

        )

        self.u3 = UserModel().create_or_update(

            username=u'u3', password=u'qweqwe',

            email=u'u3@rhodecode.org', firstname=u'u3', lastname=u'u3'

        )

        self.anon = User.get_by_username('default')

        self.a1 = UserModel().create_or_update(

            username=u'a1', password=u'qweqwe',

            email=u'a1@rhodecode.org', firstname=u'a1', lastname=u'a1', admin=True

        )

        Session().commit()

    def tearDown(self):

        if hasattr(self, 'test_repo'):

            RepoModel().delete(repo=self.test_repo)

        UserModel().delete(self.u1)

        UserModel().delete(self.u2)

        UserModel().delete(self.u3)

        UserModel().delete(self.a1)

        if hasattr(self, 'g1'):

            ReposGroupModel().delete(self.g1.group_id)

        if hasattr(self, 'g2'):

            ReposGroupModel().delete(self.g2.group_id)

        if hasattr(self, 'ug1'):

            UsersGroupModel().delete(self.ug1, force=True)

        Session().commit()

    def test_default_perms_set(self):

        u1_auth = AuthUser(user_id=self.u1.user_id)

        perms = {

            'repositories_groups': {},

            'global': set([u'hg.create.repository', u'repository.read',

                           u'hg.register.manual_activate']),

            'repositories': {u'vcs_test_hg': u'repository.read'}

        }

        self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],

                         perms['repositories'][HG_REPO])

        new_perm = 'repository.write'

        RepoModel().grant_user_permission(repo=HG_REPO, user=self.u1,

                                          perm=new_perm)

        Session().commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],

                         new_perm)

    def test_default_admin_perms_set(self):

        a1_auth = AuthUser(user_id=self.a1.user_id)

        perms = {

            'repositories_groups': {},

            'global': set([u'hg.admin']),

            'repositories': {u'vcs_test_hg': u'repository.admin'}

        }

        self.assertEqual(a1_auth.permissions['repositories'][HG_REPO],

                         perms['repositories'][HG_REPO])

        new_perm = 'repository.write'

        RepoModel().grant_user_permission(repo=HG_REPO, user=self.a1,

                                          perm=new_perm)

        Session().commit()

        # cannot really downgrade admins permissions !? they still get's set as

        # admin !

        u1_auth = AuthUser(user_id=self.a1.user_id)

        self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],

                         perms['repositories'][HG_REPO])

    def test_default_group_perms(self):

        self.g1 = _make_group('test1', skip_if_exists=True)

        self.g2 = _make_group('test2', skip_if_exists=True)

        u1_auth = AuthUser(user_id=self.u1.user_id)

        perms = {

            'repositories_groups': {u'test1': 'group.read', u'test2': 'group.read'},

            'global': set([u'hg.create.repository', u'repository.read', u'hg.register.manual_activate']),

            'repositories': {u'vcs_test_hg': u'repository.read'}

        }

        self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],

                         perms['repositories'][HG_REPO])

        self.assertEqual(u1_auth.permissions['repositories_groups'],

                         perms['repositories_groups'])

    def test_default_admin_group_perms(self):

        self.g1 = _make_group('test1', skip_if_exists=True)

        self.g2 = _make_group('test2', skip_if_exists=True)

        a1_auth = AuthUser(user_id=self.a1.user_id)

        perms = {

            'repositories_groups': {u'test1': 'group.admin', u'test2': 'group.admin'},

            'global': set(['hg.admin']),

            'repositories': {u'vcs_test_hg': 'repository.admin'}

        }

        self.assertEqual(a1_auth.permissions['repositories'][HG_REPO],

                         perms['repositories'][HG_REPO])

        self.assertEqual(a1_auth.permissions['repositories_groups'],

                         perms['repositories_groups'])

    def test_propagated_permission_from_users_group_by_explicit_perms_exist(self):

        # make group

        self.ug1 = UsersGroupModel().create('G1')

        # add user to group

        UsersGroupModel().add_user_to_group(self.ug1, self.u1)

        # set permission to lower

        new_perm = 'repository.none'

        RepoModel().grant_user_permission(repo=HG_REPO, user=self.u1, perm=new_perm)

        Session().commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],

                         new_perm)

        a1_auth = AuthUser(user_id=self.anon.user_id)

        self.assertEqual(a1_auth.permissions['repositories_groups'],

                         {u'group1': u'group.none'})

        u1_auth = AuthUser(user_id=self.u1.user_id)

        self.assertEqual(u1_auth.permissions['repositories_groups'],

                         {u'group1': u'group.read'})

    def test_inherited_permissions_from_default_on_user_enabled(self):

        user_model = UserModel()

        # enable fork and create on default user

        usr = 'default'

        user_model.revoke_perm(usr, 'hg.create.none')

        user_model.grant_perm(usr, 'hg.create.repository')

        user_model.revoke_perm(usr, 'hg.fork.none')

        user_model.grant_perm(usr, 'hg.fork.repository')

        # make sure inherit flag is turned on

        self.u1.inherit_default_permissions = True

        Session().commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        # this user will have inherited permissions from default user

        self.assertEqual(u1_auth.permissions['global'],

                         set(['hg.create.repository', 'hg.fork.repository',

                              'hg.register.manual_activate',

                              'repository.read']))

    def test_inherited_permissions_from_default_on_user_disabled(self):

        user_model = UserModel()

        # disable fork and create on default user

        usr = 'default'

        user_model.revoke_perm(usr, 'hg.create.repository')

        user_model.grant_perm(usr, 'hg.create.none')

        user_model.revoke_perm(usr, 'hg.fork.repository')

        user_model.grant_perm(usr, 'hg.fork.none')

        # make sure inherit flag is turned on

        self.u1.inherit_default_permissions = True

        Session().commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        # this user will have inherited permissions from default user

        self.assertEqual(u1_auth.permissions['global'],

                         set(['hg.create.none', 'hg.fork.none',

                              'hg.register.manual_activate',

                              'repository.read']))

    def test_non_inherited_permissions_from_default_on_user_enabled(self):

        user_model = UserModel()

        # enable fork and create on default user

        usr = 'default'

        user_model.revoke_perm(usr, 'hg.create.none')

        user_model.grant_perm(usr, 'hg.create.repository')

        user_model.revoke_perm(usr, 'hg.fork.none')

        user_model.grant_perm(usr, 'hg.fork.repository')

        #disable global perms on specific user

        user_model.revoke_perm(self.u1, 'hg.create.repository')

        user_model.grant_perm(self.u1, 'hg.create.none')

        user_model.revoke_perm(self.u1, 'hg.fork.repository')

        user_model.grant_perm(self.u1, 'hg.fork.none')

        # make sure inherit flag is turned off

        self.u1.inherit_default_permissions = False

        Session().commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        # this user will have non inherited permissions from he's

        # explicitly set permissions

        self.assertEqual(u1_auth.permissions['global'],

                         set(['hg.create.none', 'hg.fork.none',

                              'hg.register.manual_activate',

                              'repository.read']))

    def test_non_inherited_permissions_from_default_on_user_disabled(self):

        user_model = UserModel()

        # disable fork and create on default user

        usr = 'default'

        user_model.revoke_perm(usr, 'hg.create.repository')

        user_model.grant_perm(usr, 'hg.create.none')

        user_model.revoke_perm(usr, 'hg.fork.repository')

        user_model.grant_perm(usr, 'hg.fork.none')

        #enable global perms on specific user

        user_model.revoke_perm(self.u1, 'hg.create.none')

        user_model.grant_perm(self.u1, 'hg.create.repository')

        user_model.revoke_perm(self.u1, 'hg.fork.none')

        user_model.grant_perm(self.u1, 'hg.fork.repository')

        # make sure inherit flag is turned off

        self.u1.inherit_default_permissions = False

        Session().commit()

        u1_auth = AuthUser(user_id=self.u1.user_id)

        # this user will have non inherited permissions from he's

        # explicitly set permissions

        self.assertEqual(u1_auth.permissions['global'],

                         set(['hg.create.repository', 'hg.fork.repository',

                              'hg.register.manual_activate',

                              'repository.read']))