result: {

              "id":  "<newusersgroupid>",

              "msg": "created new users group <name>"

            }

    error:  null

Adds a user to a users group. This command can be executed only using api_key

belonging to user with admin rights

INPUT::

	                                "firstname":   "<firstname>",

	                                "lastname" :   "<lastname>",

	                                "email" :      "<email>",

	                                "active" :     "<bool>",

	                                "admin" :      "<bool>",

	                                "ldap" :       "<ldap_dn>",

	                              },

                                  …

                                  {

                                    "id" :       "<usersgroupid>",

                                    "name" :     "<usersgroupname>",

                                    "active":    "<bool>",

                                  },

                                  …

                                ]

            }

    error:  null

    api_key : "<api_key>"

    method :  "add_user_to_repo"

    args:     {

                "repo_name" :  "<reponame>",

                "user_name" :  "<username>",

              }

OUTPUT::

    result: None

    error:  null

from rhodecode.model.db import User

from rhodecode.lib.auth import AuthUser

log = logging.getLogger('JSONRPC')

class JSONRPCError(BaseException):

    def __init__(self, message):

        self.message = message

        super(JSONRPCError, self).__init__()

    resp = Response(body=json.dumps(dict(id=None, result=None, error=message)),

                    status=code,

                    content_type='application/json')

    return resp

class JSONRPCController(WSGIController):

    """

     A WSGI-speaking JSON-RPC controller class

     See the specification:

     <http://json-rpc.org/wiki/specification>`.

     Valid controller return values should be json-serializable objects.

     Sub-classes should catch their exceptions and raise JSONRPCError

     if they want to pass meaningful errors to the client.

     """

    def _get_method_args(self):

        """

        Return `self._rpc_args` to dispatched controller method

        chosen by __call__

        raw_body = environ['wsgi.input'].read(length)

        try:

            json_body = json.loads(urllib.unquote_plus(raw_body))

        except ValueError, e:

            return jsonrpc_error(message="JSON parse error ERR:%s RAW:%r" \

                                 % (e, urllib.unquote_plus(raw_body)))

        # check AUTH based on API KEY

        try:

            self._req_api_key = json_body['api_key']

            self._req_id = json_body['id']

            self._req_method = json_body['method']

            log.debug('method: %s, params: %s',

                      self._req_method,

        except KeyError, e:

            return jsonrpc_error(message='Incorrect JSON query missing %s' % e)

        # check if we can find this session using api_key

        try:

            u = User.get_by_api_key(self._req_api_key)

            return jsonrpc_error(message=str(e))

        # now that we have a method, add self._req_params to

        # self.kargs and dispatch control to WGIController

        argspec = inspect.getargspec(self._func)

        arglist = argspec[0][1:]

        default_empty = types.NotImplementedType

        # perms decorators to work they expect the controller class to have

        # rhodecode_user attribute set

        self.rhodecode_user = auth_u

        # This attribute will need to be first param of a method that uses

        # api_key, which is translated to instance of user at that name

        if USER_SESSION_ATTR not in arglist:

            return jsonrpc_error(message='This method [%s] does not support '

                                 'authentication (missing %s param)' %

                                 (self._func.__name__, USER_SESSION_ATTR))

        # get our arglist and check if we provided them as args

            if arg == USER_SESSION_ATTR:

                # this is checked before so we don't need validate it

                continue

            # NotImplementedType (default_empty)

        self._rpc_args['action'] = self._req_method

        self._rpc_args['environ'] = environ

        self._rpc_args['start_response'] = start_response

        status = []

        headers = []

        exc_info = []

        def change_content(new_status, new_headers, new_exc_info=None):

            status.append(new_status)

            headers.extend(new_headers)

            exc_info.append(new_exc_info)

        output = WSGIController.__call__(self, environ, change_content)

    @HasPermissionAllDecorator('hg.admin')

    def get_user(self, apiuser, username):

        """"

        Get a user by username

        """

        user = User.get_by_username(username)

        if not user:

            return None

                    username=user.username,

                    firstname=user.name,

                    lastname=user.lastname,

                    email=user.email,

                    active=user.active,

                    admin=user.admin,

        return result

    @HasPermissionAllDecorator('hg.admin')

    def create_user(self, apiuser, username, password, firstname,

                    lastname, email, active=True, admin=False, ldap_dn=None):

        """

    @HasPermissionAllDecorator('hg.admin')

    def get_users_group(self, apiuser, group_name):

        """"

        Get users group by name

        """

        users_group = UsersGroup.get_by_group_name(group_name)

        if not users_group:

            return None

    @HasPermissionAllDecorator('hg.admin')

    def get_users_groups(self, apiuser):

        """"

        Get all users groups

        """

        result = []

        for users_group in UsersGroup.getAll():

            members = []

            for user in users_group.members:

    @HasPermissionAllDecorator('hg.admin')

    def add_user_to_users_group(self, apiuser, group_name, user_name):

        """"

        Add a user to a group

        """

        try:

            users_group = UsersGroup.get_by_group_name(group_name)

            if not users_group:

                raise JSONRPCError('unknown users group %s' % group_name)

    @HasPermissionAnyDecorator('hg.admin')

    def get_repo(self, apiuser, repo_name):

        """"

        Get repository by name

        """

        repo = Repository.get_by_repo_name(repo_name)

        if repo is None:

            raise JSONRPCError('unknown repository %s' % repo)

        members = []

        for user in repo.repo_to_perm:

            perm = user.permission.permission_name

            user = user.user

        for users_group in repo.users_group_to_perm:

            perm = users_group.permission.permission_name

            users_group = users_group.users_group

    @HasPermissionAnyDecorator('hg.admin')

    def get_repos(self, apiuser):

        """"

        Get all repositories

        """

        result = []

        for repository in Repository.getAll():

        return result

    @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')

    def create_repo(self, apiuser, name, owner_name, description='',

                    repo_type='hg', private=False):

        """

        Create a repository

        """

        try:

            try:

                owner = User.get_by_username(owner_name)

            except NoResultFound:

            real_name = groups[-1]

            groups = groups[:-1]

            parent_id = None

            for g in groups:

                group = RepoGroup.get_by_group_name(g)

                if not group:

                parent_id = group.group_id

            Session.commit()

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError('failed to create repository %s' % name)

    @HasPermissionAnyDecorator('hg.admin')

    def add_user_to_repo(self, apiuser, repo_name, user_name, perm):

        """

        Add permission for a user to a repository

        """

        try:

            repo = Repository.get_by_repo_name(repo_name)

            if repo is None:

            try:

                user = User.get_by_username(user_name)

            except NoResultFound:

                raise JSONRPCError('unknown user %s' % user)

            RepositoryPermissionModel()\

                .update_or_delete_user_permission(repo, user, perm)

            Session.commit()

        except Exception:

            log.error(traceback.format_exc())

    rhodecode.model.users_group

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~

    repository permission model for RhodeCode

    :created_on: Oct 1, 2011

    :copyright: (C) 2011-2011 Nicolas Vinot <aeris@imirhil.fr>

    :license: GPLv3, see COPYING for more details.

"""

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

from rhodecode.model import BaseModel

log = logging.getLogger(__name__)

class RepositoryPermissionModel(BaseModel):

        return UserRepoToPerm.query() \

                .filter(UserRepoToPerm.user == user) \

                .filter(UserRepoToPerm.repository == repository) \

                .scalar()

    def update_user_permission(self, repository, user, permission):

        permission = Permission.get_by_key(permission)

        current = self.get_user_permission(repository, user)

        if current:

            if not current.permission is permission:

                current.permission = permission

        else:

    def delete_user_permission(self, repository, user):

        current = self.get_user_permission(repository, user)

        if current:

            self.sa.delete(current)

    def update_or_delete_user_permission(self, repository, user, permission):

        if permission:

            self.update_user_permission(repository, user, permission)

        else:

            self.delete_user_permission(repository, user)