Changeset - 72c4b2d720ea
Parent rev.
Child rev.
[Not reviewed]
default
0 3 0
Mads Kiilerich - 6 years ago 2019-08-04 00:59:42
mads@kiilerich.com
Grafted from: f01f2674781e
flake8: fix some E712 comparison to True should be 'if cond is True:' or 'if cond:'

add_user_to_group is really odd ...

Note that the SqlAlchemy query API cause a lot of this kind of warnings.
3 files changed with 3 insertions and 2 deletions:
kallithea/controllers/api/api.py
1
1
kallithea/lib/recaptcha.py
1
1
kallithea/model/user_group.py
1
0 comments (0 inline, 0 general)
kallithea/controllers/api/api.py
Show inline comments
 
@@ -517,769 +517,769 @@ class ApiController(JSONRPCController):
 
                    firstname=Optional(None), lastname=Optional(None),
 
                    active=Optional(None), admin=Optional(None),
 
                    extern_type=Optional(None), extern_name=Optional(None)):
 
        """
 
        updates given user if such user exists. This command can
 
        be executed only using api_key belonging to user with admin rights.
 

			




	
	
	
		
 
        :param userid: userid to update

			




	
	
	
		
 
        :type userid: str or int

			




	
	
	
		
 
        :param username: new username

			




	
	
	
		
 
        :type username: str or int

			




	
	
	
		
 
        :param email: email

			




	
	
	
		
 
        :type email: str

			




	
	
	
		
 
        :param password: password

			




	
	
	
		
 
        :type password: Optional(str)

			




	
	
	
		
 
        :param firstname: firstname

			




	
	
	
		
 
        :type firstname: Optional(str)

			




	
	
	
		
 
        :param lastname: lastname

			




	
	
	
		
 
        :type lastname: Optional(str)

			




	
	
	
		
 
        :param active: active

			




	
	
	
		
 
        :type active: Optional(bool)

			




	
	
	
		
 
        :param admin: admin

			




	
	
	
		
 
        :type admin: Optional(bool)

			




	
	
	
		
 
        :param extern_name:

			




	
	
	
		
 
        :type extern_name: Optional(str)

			




	
	
	
		
 
        :param extern_type:

			




	
	
	
		
 
        :type extern_type: Optional(str)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
            id : <id_given_in_input>

			




	
	
	
		
 
            result: {

			




	
	
	
		
 
                      "msg" : "updated user ID:<userid> <username>",

			




	
	
	
		
 
                      "user": <user_object>,

			




	
	
	
		
 
                    }

			




	
	
	
		
 
            error:  null

			




	
	
	
		
 

			




	
	
	
		
 
        ERROR OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : null

			




	
	
	
		
 
          error :  {

			




	
	
	
		
 
            "failed to update user `<username>`"

			




	
	
	
		
 
          }

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        user = get_user_or_error(userid)

			




	
	
	
		
 

			




	
	
	
		
 
        # only non optional arguments will be stored in updates

			




	
	
	
		
 
        updates = {}

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 

			




	
	
	
		
 
            store_update(updates, username, 'username')

			




	
	
	
		
 
            store_update(updates, password, 'password')

			




	
	
	
		
 
            store_update(updates, email, 'email')

			




	
	
	
		
 
            store_update(updates, firstname, 'name')

			




	
	
	
		
 
            store_update(updates, lastname, 'lastname')

			




	
	
	
		
 
            store_update(updates, active, 'active')

			




	
	
	
		
 
            store_update(updates, admin, 'admin')

			




	
	
	
		
 
            store_update(updates, extern_name, 'extern_name')

			




	
	
	
		
 
            store_update(updates, extern_type, 'extern_type')

			




	
	
	
		
 

			




	
	
	
		
 
            user = UserModel().update_user(user, **updates)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
            return dict(

			




	
	
	
		
 
                msg='updated user ID:%s %s' % (user.user_id, user.username),

			




	
	
	
		
 
                user=user.get_api_data()

			




	
	
	
		
 
            )

			




	
	
	
		
 
        except DefaultUserException:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise JSONRPCError('editing default user is forbidden')

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise JSONRPCError('failed to update user `%s`' % (userid,))

			




	
	
	
		
 

			




	
	
	
		
 
    @HasPermissionAnyDecorator('hg.admin')

			




	
	
	
		
 
    def delete_user(self, userid):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        deletes given user if such user exists. This command can

			




	
	
	
		
 
        be executed only using api_key belonging to user with admin rights.

			




	
	
	
		
 

			




	
	
	
		
 
        :param userid: user to delete

			




	
	
	
		
 
        :type userid: str or int

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
            id : <id_given_in_input>

			




	
	
	
		
 
            result: {

			




	
	
	
		
 
                      "msg" : "deleted user ID:<userid> <username>",

			




	
	
	
		
 
                      "user": null

			




	
	
	
		
 
                    }

			




	
	
	
		
 
            error:  null

			




	
	
	
		
 

			




	
	
	
		
 
        ERROR OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : null

			




	
	
	
		
 
          error :  {

			




	
	
	
		
 
            "failed to delete user ID:<userid> <username>"

			




	
	
	
		
 
          }

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 
        user = get_user_or_error(userid)

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            UserModel().delete(userid)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
            return dict(

			




	
	
	
		
 
                msg='deleted user ID:%s %s' % (user.user_id, user.username),

			




	
	
	
		
 
                user=None

			




	
	
	
		
 
            )

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise JSONRPCError('failed to delete user ID:%s %s'

			




	
	
	
		
 
                               % (user.user_id, user.username))

			




	
	
	
		
 

			




	
	
	
		
 
    # permission check inside

			




	
	
	
		
 
    def get_user_group(self, usergroupid):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Gets an existing user group. This command can be executed only using api_key

			




	
	
	
		
 
        belonging to user with admin rights or user who has at least

			




	
	
	
		
 
        read access to user group.

			




	
	
	
		
 

			




	
	
	
		
 
        :param usergroupid: id of user_group to edit

			




	
	
	
		
 
        :type usergroupid: str or int

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
            id : <id_given_in_input>

			




	
	
	
		
 
            result : None if group not exist

			




	
	
	
		
 
                     {

			




	
	
	
		
 
                       "users_group_id" : "<id>",

			




	
	
	
		
 
                       "group_name" :     "<groupname>",

			




	
	
	
		
 
                       "active":          "<bool>",

			




	
	
	
		
 
                       "members" :  [<user_obj>,...]

			




	
	
	
		
 
                     }

			




	
	
	
		
 
            error : null

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 
        user_group = get_user_group_or_error(usergroupid)

			




	
	
	
		
 
        if not HasPermissionAny('hg.admin')():

			




	
	
	
		
 
            if not HasUserGroupPermissionLevel('read')(user_group.users_group_name):

			




	
	
	
		
 
                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

			




	
	
	
		
 

			




	
	
	
		
 
        data = user_group.get_api_data()

			




	
	
	
		
 
        return data

			




	
	
	
		
 

			




	
	
	
		
 
    # permission check inside

			




	
	
	
		
 
    def get_user_groups(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Lists all existing user groups. This command can be executed only using

			




	
	
	
		
 
        api_key belonging to user with admin rights or user who has at least

			




	
	
	
		
 
        read access to user group.

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
            id : <id_given_in_input>

			




	
	
	
		
 
            result : [<user_group_obj>,...]

			




	
	
	
		
 
            error : null

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        return [

			




	
	
	
		
 
            user_group.get_api_data()

			




	
	
	
		
 
            for user_group in UserGroupList(UserGroup.query().all(), perm_level='read')

			




	
	
	
		
 
        ]

			




	
	
	
		
 

			




	
	
	
		
 
    @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')

			




	
	
	
		
 
    def create_user_group(self, group_name, description=Optional(u''),

			




	
	
	
		
 
                          owner=Optional(OAttr('apiuser')), active=Optional(True)):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Creates new user group. This command can be executed only using api_key

			




	
	
	
		
 
        belonging to user with admin rights or an user who has create user group

			




	
	
	
		
 
        permission

			




	
	
	
		
 

			




	
	
	
		
 
        :param group_name: name of new user group

			




	
	
	
		
 
        :type group_name: str

			




	
	
	
		
 
        :param description: group description

			




	
	
	
		
 
        :type description: str

			




	
	
	
		
 
        :param owner: owner of group. If not passed apiuser is the owner

			




	
	
	
		
 
        :type owner: Optional(str or int)

			




	
	
	
		
 
        :param active: group is active

			




	
	
	
		
 
        :type active: Optional(bool)

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
            id : <id_given_in_input>

			




	
	
	
		
 
            result: {

			




	
	
	
		
 
                      "msg": "created new user group `<groupname>`",

			




	
	
	
		
 
                      "user_group": <user_group_object>

			




	
	
	
		
 
                    }

			




	
	
	
		
 
            error:  null

			




	
	
	
		
 

			




	
	
	
		
 
        ERROR OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : null

			




	
	
	
		
 
          error :  {

			




	
	
	
		
 
            "user group `<group name>` already exist"

			




	
	
	
		
 
            or

			




	
	
	
		
 
            "failed to create group `<group name>`"

			




	
	
	
		
 
          }

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        if UserGroupModel().get_by_name(group_name):

			




	
	
	
		
 
            raise JSONRPCError("user group `%s` already exist" % (group_name,))

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            if isinstance(owner, Optional):

			




	
	
	
		
 
                owner = request.authuser.user_id

			




	
	
	
		
 

			




	
	
	
		
 
            owner = get_user_or_error(owner)

			




	
	
	
		
 
            active = Optional.extract(active)

			




	
	
	
		
 
            description = Optional.extract(description)

			




	
	
	
		
 
            ug = UserGroupModel().create(name=group_name, description=description,

			




	
	
	
		
 
                                         owner=owner, active=active)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
            return dict(

			




	
	
	
		
 
                msg='created new user group `%s`' % group_name,

			




	
	
	
		
 
                user_group=ug.get_api_data()

			




	
	
	
		
 
            )

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise JSONRPCError('failed to create group `%s`' % (group_name,))

			




	
	
	
		
 

			




	
	
	
		
 
    # permission check inside

			




	
	
	
		
 
    def update_user_group(self, usergroupid, group_name=Optional(''),

			




	
	
	
		
 
                          description=Optional(''), owner=Optional(None),

			




	
	
	
		
 
                          active=Optional(True)):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Updates given usergroup.  This command can be executed only using api_key

			




	
	
	
		
 
        belonging to user with admin rights or an admin of given user group

			




	
	
	
		
 

			




	
	
	
		
 
        :param usergroupid: id of user group to update

			




	
	
	
		
 
        :type usergroupid: str or int

			




	
	
	
		
 
        :param group_name: name of new user group

			




	
	
	
		
 
        :type group_name: str

			




	
	
	
		
 
        :param description: group description

			




	
	
	
		
 
        :type description: str

			




	
	
	
		
 
        :param owner: owner of group.

			




	
	
	
		
 
        :type owner: Optional(str or int)

			




	
	
	
		
 
        :param active: group is active

			




	
	
	
		
 
        :type active: Optional(bool)

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : {

			




	
	
	
		
 
            "msg": 'updated user group ID:<user group id> <user group name>',

			




	
	
	
		
 
            "user_group": <user_group_object>

			




	
	
	
		
 
          }

			




	
	
	
		
 
          error :  null

			




	
	
	
		
 

			




	
	
	
		
 
        ERROR OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : null

			




	
	
	
		
 
          error :  {

			




	
	
	
		
 
            "failed to update user group `<user group name>`"

			




	
	
	
		
 
          }

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 
        user_group = get_user_group_or_error(usergroupid)

			




	
	
	
		
 
        if not HasPermissionAny('hg.admin')():

			




	
	
	
		
 
            if not HasUserGroupPermissionLevel('admin')(user_group.users_group_name):

			




	
	
	
		
 
                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

			




	
	
	
		
 

			




	
	
	
		
 
        if not isinstance(owner, Optional):

			




	
	
	
		
 
            owner = get_user_or_error(owner)

			




	
	
	
		
 

			




	
	
	
		
 
        updates = {}

			




	
	
	
		
 
        store_update(updates, group_name, 'users_group_name')

			




	
	
	
		
 
        store_update(updates, description, 'user_group_description')

			




	
	
	
		
 
        store_update(updates, owner, 'owner')

			




	
	
	
		
 
        store_update(updates, active, 'users_group_active')

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            UserGroupModel().update(user_group, updates)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
            return dict(

			




	
	
	
		
 
                msg='updated user group ID:%s %s' % (user_group.users_group_id,

			




	
	
	
		
 
                                                     user_group.users_group_name),

			




	
	
	
		
 
                user_group=user_group.get_api_data()

			




	
	
	
		
 
            )

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise JSONRPCError('failed to update user group `%s`' % (usergroupid,))

			




	
	
	
		
 

			




	
	
	
		
 
    # permission check inside

			




	
	
	
		
 
    def delete_user_group(self, usergroupid):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Delete given user group by user group id or name.

			




	
	
	
		
 
        This command can be executed only using api_key

			




	
	
	
		
 
        belonging to user with admin rights or an admin of given user group

			




	
	
	
		
 

			




	
	
	
		
 
        :param usergroupid:

			




	
	
	
		
 
        :type usergroupid: int

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : {

			




	
	
	
		
 
            "msg": "deleted user group ID:<user_group_id> <user_group_name>"

			




	
	
	
		
 
          }

			




	
	
	
		
 
          error :  null

			




	
	
	
		
 

			




	
	
	
		
 
        ERROR OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : null

			




	
	
	
		
 
          error :  {

			




	
	
	
		
 
            "failed to delete user group ID:<user_group_id> <user_group_name>"

			




	
	
	
		
 
            or

			




	
	
	
		
 
            "RepoGroup assigned to <repo_groups_list>"

			




	
	
	
		
 
          }

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 
        user_group = get_user_group_or_error(usergroupid)

			




	
	
	
		
 
        if not HasPermissionAny('hg.admin')():

			




	
	
	
		
 
            if not HasUserGroupPermissionLevel('admin')(user_group.users_group_name):

			




	
	
	
		
 
                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            UserGroupModel().delete(user_group)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
            return dict(

			




	
	
	
		
 
                msg='deleted user group ID:%s %s' %

			




	
	
	
		
 
                    (user_group.users_group_id, user_group.users_group_name),

			




	
	
	
		
 
                user_group=None

			




	
	
	
		
 
            )

			




	
	
	
		
 
        except UserGroupsAssignedException as e:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise JSONRPCError(str(e))

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise JSONRPCError('failed to delete user group ID:%s %s' %

			




	
	
	
		
 
                               (user_group.users_group_id,

			




	
	
	
		
 
                                user_group.users_group_name)

			




	
	
	
		
 
                               )

			




	
	
	
		
 

			




	
	
	
		
 
    # permission check inside

			




	
	
	
		
 
    def add_user_to_user_group(self, usergroupid, userid):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Adds a user to a user group. If user exists in that group success will be

			




	
	
	
		
 
        `false`. This command can be executed only using api_key

			




	
	
	
		
 
        belonging to user with admin rights  or an admin of given user group

			




	
	
	
		
 

			




	
	
	
		
 
        :param usergroupid:

			




	
	
	
		
 
        :type usergroupid: int

			




	
	
	
		
 
        :param userid:

			




	
	
	
		
 
        :type userid: int

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : {

			




	
	
	
		
 
              "success": True|False # depends on if member is in group

			




	
	
	
		
 
              "msg": "added member `<username>` to user group `<groupname>` |

			




	
	
	
		
 
                      User is already in that group"

			




	
	
	
		
 

			




	
	
	
		
 
          }

			




	
	
	
		
 
          error :  null

			




	
	
	
		
 

			




	
	
	
		
 
        ERROR OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : null

			




	
	
	
		
 
          error :  {

			




	
	
	
		
 
            "failed to add member to user group `<user_group_name>`"

			




	
	
	
		
 
          }

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 
        user = get_user_or_error(userid)

			




	
	
	
		
 
        user_group = get_user_group_or_error(usergroupid)

			




	
	
	
		
 
        if not HasPermissionAny('hg.admin')():

			




	
	
	
		
 
            if not HasUserGroupPermissionLevel('admin')(user_group.users_group_name):

			




	
	
	
		
 
                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            ugm = UserGroupModel().add_user_to_group(user_group, user)

			




	
	
	
		
 
            success = True if ugm != True else False

			




	
	
	
		
 
            success = True if ugm is not True else False

			




	
	
	
		
 
            msg = 'added member `%s` to user group `%s`' % (

			




	
	
	
		
 
                user.username, user_group.users_group_name

			




	
	
	
		
 
            )

			




	
	
	
		
 
            msg = msg if success else 'User is already in that group'

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
            return dict(

			




	
	
	
		
 
                success=success,

			




	
	
	
		
 
                msg=msg

			




	
	
	
		
 
            )

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise JSONRPCError(

			




	
	
	
		
 
                'failed to add member to user group `%s`' % (

			




	
	
	
		
 
                    user_group.users_group_name,

			




	
	
	
		
 
                )

			




	
	
	
		
 
            )

			




	
	
	
		
 

			




	
	
	
		
 
    # permission check inside

			




	
	
	
		
 
    def remove_user_from_user_group(self, usergroupid, userid):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Removes a user from a user group. If user is not in given group success will

			




	
	
	
		
 
        be `false`. This command can be executed only

			




	
	
	
		
 
        using api_key belonging to user with admin rights or an admin of given user group

			




	
	
	
		
 

			




	
	
	
		
 
        :param usergroupid:

			




	
	
	
		
 
        :param userid:

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
            id : <id_given_in_input>

			




	
	
	
		
 
            result: {

			




	
	
	
		
 
                      "success":  True|False,  # depends on if member is in group

			




	
	
	
		
 
                      "msg": "removed member <username> from user group <groupname> |

			




	
	
	
		
 
                              User wasn't in group"

			




	
	
	
		
 
                    }

			




	
	
	
		
 
            error:  null

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 
        user = get_user_or_error(userid)

			




	
	
	
		
 
        user_group = get_user_group_or_error(usergroupid)

			




	
	
	
		
 
        if not HasPermissionAny('hg.admin')():

			




	
	
	
		
 
            if not HasUserGroupPermissionLevel('admin')(user_group.users_group_name):

			




	
	
	
		
 
                raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            success = UserGroupModel().remove_user_from_group(user_group, user)

			




	
	
	
		
 
            msg = 'removed member `%s` from user group `%s`' % (

			




	
	
	
		
 
                user.username, user_group.users_group_name

			




	
	
	
		
 
            )

			




	
	
	
		
 
            msg = msg if success else "User wasn't in group"

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 
            return dict(success=success, msg=msg)

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise JSONRPCError(

			




	
	
	
		
 
                'failed to remove member from user group `%s`' % (

			




	
	
	
		
 
                    user_group.users_group_name,

			




	
	
	
		
 
                )

			




	
	
	
		
 
            )

			




	
	
	
		
 

			




	
	
	
		
 
    # permission check inside

			




	
	
	
		
 
    def get_repo(self, repoid,

			




	
	
	
		
 
                 with_revision_names=Optional(False),

			




	
	
	
		
 
                 with_pullrequests=Optional(False)):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Gets an existing repository by it's name or repository_id. Members will return

			




	
	
	
		
 
        either users_group or user associated to that repository. This command can be

			




	
	
	
		
 
        executed only using api_key belonging to user with admin

			




	
	
	
		
 
        rights or regular user that have at least read access to repository.

			




	
	
	
		
 

			




	
	
	
		
 
        :param repoid: repository name or repository id

			




	
	
	
		
 
        :type repoid: str or int

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : {

			




	
	
	
		
 
            {

			




	
	
	
		
 
                "repo_id" :          "<repo_id>",

			




	
	
	
		
 
                "repo_name" :        "<reponame>"

			




	
	
	
		
 
                "repo_type" :        "<repo_type>",

			




	
	
	
		
 
                "clone_uri" :        "<clone_uri>",

			




	
	
	
		
 
                "enable_downloads":  "<bool>",

			




	
	
	
		
 
                "enable_statistics": "<bool>",

			




	
	
	
		
 
                "private":           "<bool>",

			




	
	
	
		
 
                "created_on" :       "<date_time_created>",

			




	
	
	
		
 
                "description" :      "<description>",

			




	
	
	
		
 
                "landing_rev":       "<landing_rev>",

			




	
	
	
		
 
                "last_changeset":    {

			




	
	
	
		
 
                                       "author":   "<full_author>",

			




	
	
	
		
 
                                       "date":     "<date_time_of_commit>",

			




	
	
	
		
 
                                       "message":  "<commit_message>",

			




	
	
	
		
 
                                       "raw_id":   "<raw_id>",

			




	
	
	
		
 
                                       "revision": "<numeric_revision>",

			




	
	
	
		
 
                                       "short_id": "<short_id>"

			




	
	
	
		
 
                                     }

			




	
	
	
		
 
                "owner":             "<repo_owner>",

			




	
	
	
		
 
                "fork_of":           "<name_of_fork_parent>",

			




	
	
	
		
 
                "members" :     [

			




	
	
	
		
 
                                  {

			




	
	
	
		
 
                                    "name":     "<username>",

			




	
	
	
		
 
                                    "type" :    "user",

			




	
	
	
		
 
                                    "permission" : "repository.(read|write|admin)"

			




	
	
	
		
 
                                  },

			




	
	
	
		
 
                                  …

			




	
	
	
		
 
                                  {

			




	
	
	
		
 
                                    "name":     "<usergroup name>",

			




	
	
	
		
 
                                    "type" :    "user_group",

			




	
	
	
		
 
                                    "permission" : "usergroup.(read|write|admin)"

			




	
	
	
		
 
                                  },

			




	
	
	
		
 
                                  …

			




	
	
	
		
 
                                ]

			




	
	
	
		
 
                 "followers":   [<user_obj>, ...],

			




	
	
	
		
 
                 <if with_revision_names == True>

			




	
	
	
		
 
                 "tags": {

			




	
	
	
		
 
                            "<tagname>": "<raw_id>",

			




	
	
	
		
 
                            ...

			




	
	
	
		
 
                         },

			




	
	
	
		
 
                 "branches": {

			




	
	
	
		
 
                            "<branchname>": "<raw_id>",

			




	
	
	
		
 
                            ...

			




	
	
	
		
 
                         },

			




	
	
	
		
 
                 "bookmarks": {

			




	
	
	
		
 
                            "<bookmarkname>": "<raw_id>",

			




	
	
	
		
 
                            ...

			




	
	
	
		
 
                         },

			




	
	
	
		
 
            }

			




	
	
	
		
 
          }

			




	
	
	
		
 
          error :  null

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 
        repo = get_repo_or_error(repoid)

			




	
	
	
		
 

			




	
	
	
		
 
        if not HasPermissionAny('hg.admin')():

			




	
	
	
		
 
            if not HasRepoPermissionLevel('read')(repo.repo_name):

			




	
	
	
		
 
                raise JSONRPCError('repository `%s` does not exist' % (repoid,))

			




	
	
	
		
 

			




	
	
	
		
 
        members = []

			




	
	
	
		
 
        for user in repo.repo_to_perm:

			




	
	
	
		
 
            perm = user.permission.permission_name

			




	
	
	
		
 
            user = user.user

			




	
	
	
		
 
            user_data = {

			




	
	
	
		
 
                'name': user.username,

			




	
	
	
		
 
                'type': "user",

			




	
	
	
		
 
                'permission': perm

			




	
	
	
		
 
            }

			




	
	
	
		
 
            members.append(user_data)

			




	
	
	
		
 

			




	
	
	
		
 
        for user_group in repo.users_group_to_perm:

			




	
	
	
		
 
            perm = user_group.permission.permission_name

			




	
	
	
		
 
            user_group = user_group.users_group

			




	
	
	
		
 
            user_group_data = {

			




	
	
	
		
 
                'name': user_group.users_group_name,

			




	
	
	
		
 
                'type': "user_group",

			




	
	
	
		
 
                'permission': perm

			




	
	
	
		
 
            }

			




	
	
	
		
 
            members.append(user_group_data)

			




	
	
	
		
 

			




	
	
	
		
 
        followers = [

			




	
	
	
		
 
            uf.user.get_api_data()

			




	
	
	
		
 
            for uf in repo.followers

			




	
	
	
		
 
        ]

			




	
	
	
		
 

			




	
	
	
		
 
        data = repo.get_api_data(with_revision_names=Optional.extract(with_revision_names),

			




	
	
	
		
 
                                 with_pullrequests=Optional.extract(with_pullrequests))

			




	
	
	
		
 
        data['members'] = members

			




	
	
	
		
 
        data['followers'] = followers

			




	
	
	
		
 
        return data

			




	
	
	
		
 

			




	
	
	
		
 
    # permission check inside

			




	
	
	
		
 
    def get_repos(self):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Lists all existing repositories. This command can be executed only using

			




	
	
	
		
 
        api_key belonging to user with admin rights or regular user that have

			




	
	
	
		
 
        admin, write or read access to repository.

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
            id : <id_given_in_input>

			




	
	
	
		
 
            result: [

			




	
	
	
		
 
                      {

			




	
	
	
		
 
                        "repo_id" :          "<repo_id>",

			




	
	
	
		
 
                        "repo_name" :        "<reponame>"

			




	
	
	
		
 
                        "repo_type" :        "<repo_type>",

			




	
	
	
		
 
                        "clone_uri" :        "<clone_uri>",

			




	
	
	
		
 
                        "private": :         "<bool>",

			




	
	
	
		
 
                        "created_on" :       "<datetimecreated>",

			




	
	
	
		
 
                        "description" :      "<description>",

			




	
	
	
		
 
                        "landing_rev":       "<landing_rev>",

			




	
	
	
		
 
                        "owner":             "<repo_owner>",

			




	
	
	
		
 
                        "fork_of":           "<name_of_fork_parent>",

			




	
	
	
		
 
                        "enable_downloads":  "<bool>",

			




	
	
	
		
 
                        "enable_statistics": "<bool>",

			




	
	
	
		
 
                      },

			




	
	
	
		
 
                      …

			




	
	
	
		
 
                    ]

			




	
	
	
		
 
            error:  null

			




	
	
	
		
 
        """

			




	
	
	
		
 
        if not HasPermissionAny('hg.admin')():

			




	
	
	
		
 
            repos = RepoModel().get_all_user_repos(user=request.authuser.user_id)

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            repos = Repository.query()

			




	
	
	
		
 

			




	
	
	
		
 
        return [

			




	
	
	
		
 
            repo.get_api_data()

			




	
	
	
		
 
            for repo in repos

			




	
	
	
		
 
        ]

			




	
	
	
		
 

			




	
	
	
		
 
    # permission check inside

			




	
	
	
		
 
    def get_repo_nodes(self, repoid, revision, root_path,

			




	
	
	
		
 
                       ret_type=Optional('all')):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        returns a list of nodes and it's children in a flat list for a given path

			




	
	
	
		
 
        at given revision. It's possible to specify ret_type to show only `files` or

			




	
	
	
		
 
        `dirs`.  This command can be executed only using api_key belonging to

			




	
	
	
		
 
        user with admin rights or regular user that have at least read access to repository.

			




	
	
	
		
 

			




	
	
	
		
 
        :param repoid: repository name or repository id

			




	
	
	
		
 
        :type repoid: str or int

			




	
	
	
		
 
        :param revision: revision for which listing should be done

			




	
	
	
		
 
        :type revision: str

			




	
	
	
		
 
        :param root_path: path from which start displaying

			




	
	
	
		
 
        :type root_path: str

			




	
	
	
		
 
        :param ret_type: return type 'all|files|dirs' nodes

			




	
	
	
		
 
        :type ret_type: Optional(str)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
            id : <id_given_in_input>

			




	
	
	
		
 
            result: [

			




	
	
	
		
 
                      {

			




	
	
	
		
 
                        "name" :        "<name>"

			




	
	
	
		
 
                        "type" :        "<type>",

			




	
	
	
		
 
                      },

			




	
	
	
		
 
                      …

			




	
	
	
		
 
                    ]

			




	
	
	
		
 
            error:  null

			




	
	
	
		
 
        """

			




	
	
	
		
 
        repo = get_repo_or_error(repoid)

			




	
	
	
		
 

			




	
	
	
		
 
        if not HasPermissionAny('hg.admin')():

			




	
	
	
		
 
            if not HasRepoPermissionLevel('read')(repo.repo_name):

			




	
	
	
		
 
                raise JSONRPCError('repository `%s` does not exist' % (repoid,))

			




	
	
	
		
 

			




	
	
	
		
 
        ret_type = Optional.extract(ret_type)

			




	
	
	
		
 
        _map = {}

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            _d, _f = ScmModel().get_nodes(repo, revision, root_path,

			




	
	
	
		
 
                                          flat=False)

			




	
	
	
		
 
            _map = {

			




	
	
	
		
 
                'all': _d + _f,

			




	
	
	
		
 
                'files': _f,

			




	
	
	
		
 
                'dirs': _d,

			




	
	
	
		
 
            }

			




	
	
	
		
 
            return _map[ret_type]

			




	
	
	
		
 
        except KeyError:

			




	
	
	
		
 
            raise JSONRPCError('ret_type must be one of %s'

			




	
	
	
		
 
                               % (','.join(_map.keys())))

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise JSONRPCError(

			




	
	
	
		
 
                'failed to get repo: `%s` nodes' % repo.repo_name

			




	
	
	
		
 
            )

			




	
	
	
		
 

			




	
	
	
		
 
    @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')

			




	
	
	
		
 
    def create_repo(self, repo_name, owner=Optional(OAttr('apiuser')),

			




	
	
	
		
 
                    repo_type=Optional('hg'), description=Optional(''),

			




	
	
	
		
 
                    private=Optional(False), clone_uri=Optional(None),

			




	
	
	
		
 
                    landing_rev=Optional('rev:tip'),

			




	
	
	
		
 
                    enable_statistics=Optional(False),

			




	
	
	
		
 
                    enable_downloads=Optional(False),

			




	
	
	
		
 
                    copy_permissions=Optional(False)):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Creates a repository. The repository name contains the full path, but the

			




	
	
	
		
 
        parent repository group must exist. For example "foo/bar/baz" require the groups

			




	
	
	
		
 
        "foo" and "bar" (with "foo" as parent), and create "baz" repository with

			




	
	
	
		
 
        "bar" as group. This command can be executed only using api_key

			




	
	
	
		
 
        belonging to user with admin rights or regular user that have create

			




	
	
	
		
 
        repository permission. Regular users cannot specify owner parameter

			




	
	
	
		
 

			




	
	
	
		
 
        :param repo_name: repository name

			




	
	
	
		
 
        :type repo_name: str

			




	
	
	
		
 
        :param owner: user_id or username

			




	
	
	
		
 
        :type owner: Optional(str)

			




	
	
	
		
 
        :param repo_type: 'hg' or 'git'

			




	
	
	
		
 
        :type repo_type: Optional(str)

			




	
	
	
		
 
        :param description: repository description

			




	
	
	
		
 
        :type description: Optional(str)

			




	
	
	
		
 
        :param private:

			




	
	
	
		
 
        :type private: bool

			




	
	
	
		
 
        :param clone_uri:

			




	
	
	
		
 
        :type clone_uri: str

			




	
	
	
		
 
        :param landing_rev: <rev_type>:<rev>

			




	
	
	
		
 
        :type landing_rev: str

			




	
	
	
		
 
        :param enable_downloads:

			




	
	
	
		
 
        :type enable_downloads: bool

			




	
	
	
		
 
        :param enable_statistics:

			




	
	
	
		
 
        :type enable_statistics: bool

			




	
	
	
		
 
        :param copy_permissions: Copy permission from group that repository is

			




	
	
	
		
 
            being created.

			




	
	
	
		
 
        :type copy_permissions: bool

			




	
	
	
		
 

			




	
	
	
		
 
        OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
            id : <id_given_in_input>

			




	
	
	
		
 
            result: {

			




	
	
	
		
 
                      "msg": "Created new repository `<reponame>`",

			




	
	
	
		
 
                      "success": true,

			




	
	
	
		
 
                      "task": "<celery task id or None if done sync>"

			




	
	
	
		
 
                    }

			




	
	
	
		
 
            error:  null

			




	
	
	
		
 

			




	
	
	
		
 
        ERROR OUTPUT::

			




	
	
	
		
 

			




	
	
	
		
 
          id : <id_given_in_input>

			




	
	
	
		
 
          result : null

			




	
	
	
		
 
          error :  {

			




	
	
	
		
 
             'failed to create repository `<repo_name>`

			




	
	
	
		
 
          }

			




	
	
	
		
 

			




	
	
	
		
 
        """

			




	
	
	
		
 
        if not HasPermissionAny('hg.admin')():

			




	
	
	
		
 
            if not isinstance(owner, Optional):

			




	
	
	
		
 
                # forbid setting owner for non-admins

			




	
	
	
		
 
                raise JSONRPCError(

			




	
	
	
		
 
                    'Only Kallithea admin can specify `owner` param'

			




	
	
	
		
 
                )

			




	
	
	
		
 
        if isinstance(owner, Optional):

			




	
	
	
		
 
            owner = request.authuser.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        owner = get_user_or_error(owner)

			




	
	
	
		
 

			




	
	
	
		
 
        if RepoModel().get_by_repo_name(repo_name):

			




	
	
	
		
 
            raise JSONRPCError("repo `%s` already exist" % repo_name)

			




	
	
	
		
 

			




	
	
	
		
 
        defs = Setting.get_default_repo_settings(strip_prefix=True)

			




	
	
	
		
 
        if isinstance(private, Optional):

			




	
	
	
		
 
            private = defs.get('repo_private') or Optional.extract(private)

			




	
	
	
		
 
        if isinstance(repo_type, Optional):

			




	
	
	
		
 
            repo_type = defs.get('repo_type')

			




	
	
	
		
 
        if isinstance(enable_statistics, Optional):

			




	
	
	
		
 
            enable_statistics = defs.get('repo_enable_statistics')

			




	
	
	
		
 
        if isinstance(enable_downloads, Optional):

			




	
	
	
		
 
            enable_downloads = defs.get('repo_enable_downloads')

			




	
	
	
		
 

			




	
	
	
		
 
        clone_uri = Optional.extract(clone_uri)

			




	
	
	
		
 
        description = Optional.extract(description)

			




	
	
	
		
 
        landing_rev = Optional.extract(landing_rev)

			




	
	
	
		
 
        copy_permissions = Optional.extract(copy_permissions)

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            repo_name_parts = repo_name.split('/')

			




	
	
	
		
 
            repo_group = None

			




	
	
	
		
 
            if len(repo_name_parts) > 1:

			




	
	
	
		
 
                group_name = '/'.join(repo_name_parts[:-1])

			




	
	
	
		
 
                repo_group = RepoGroup.get_by_group_name(group_name)

			




	
	
	
		
 
                if repo_group is None:

			




	
	
	
		
 
                    raise JSONRPCError("repo group `%s` not found" % group_name)

			




	
	
	
		
 
            data = dict(

			




	
	
	
		
 
                repo_name=repo_name_parts[-1],

			




	
	
	
		
 
                repo_name_full=repo_name,

			




	
	
	
		
 
                repo_type=repo_type,

			




	
	
	
		
 
                repo_description=description,

			




	
	
	
		
 
                owner=owner,

			




	
	
	
		
 
                repo_private=private,

			




	
	
	
		
 
                clone_uri=clone_uri,

			




	
	
	
		
 
                repo_group=repo_group,

			




	
	
	
		
 
                repo_landing_rev=landing_rev,

			




	
	
	
		
 
                enable_statistics=enable_statistics,

			




	
	
	
		
 
                enable_downloads=enable_downloads,

			




	
	
	
		
 
                repo_copy_permissions=copy_permissions,

			




	
	
	
		
 
            )

			




	
	
	
		
 

			




	
	
	
		
 
            task = RepoModel().create(form_data=data, cur_user=owner)

			




	
	
	
		
 
            task_id = task.task_id

			




	
	
	
		
 
            # no commit, it's done in RepoModel, or async via celery

			




	
	
	
		
 
            return dict(

			




	
	
	
		
 
                msg="Created new repository `%s`" % (repo_name,),

			




	
	
	
		
 
                success=True,  # cannot return the repo data here since fork

			




	
	
	
		
 
                               # can be done async

			




        

    


    
    

    

        

                

                    kallithea/lib/recaptcha.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
# -*- coding: utf-8 -*-

			




	
	
	
		
 
import json

			




	
	
	
		
 
import urllib

			




	
	
	
		
 
import urllib2

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class RecaptchaResponse(object):

			




	
	
	
		
 
    def __init__(self, is_valid, error_code=None):

			




	
	
	
		
 
        self.is_valid = is_valid

			




	
	
	
		
 
        self.error_code = error_code

			




	
	
	
		
 

			




	
	
	
		
 
    def __repr__(self):

			




	
	
	
		
 
        return '<RecaptchaResponse:%s>' % (self.is_valid)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def submit(g_recaptcha_response, private_key, remoteip):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Submits a reCAPTCHA request for verification. Returns RecaptchaResponse for the request

			




	
	
	
		
 

			




	
	
	
		
 
    g_recaptcha_response -- The value of g_recaptcha_response from the form

			




	
	
	
		
 
    private_key -- your reCAPTCHA private key

			




	
	
	
		
 
    remoteip -- the user's IP address

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    if not (g_recaptcha_response and len(g_recaptcha_response)):

			




	
	
	
		
 
        return RecaptchaResponse(is_valid=False, error_code='incorrect-captcha-sol')

			




	
	
	
		
 

			




	
	
	
		
 
    def encode_if_necessary(s):

			




	
	
	
		
 
        if isinstance(s, unicode):

			




	
	
	
		
 
            return s.encode('utf-8')

			




	
	
	
		
 
        return s

			




	
	
	
		
 

			




	
	
	
		
 
    params = urllib.urlencode({

			




	
	
	
		
 
        'secret': encode_if_necessary(private_key),

			




	
	
	
		
 
        'remoteip': encode_if_necessary(remoteip),

			




	
	
	
		
 
        'response': encode_if_necessary(g_recaptcha_response),

			




	
	
	
		
 
    })

			




	
	
	
		
 

			




	
	
	
		
 
    req = urllib2.Request(

			




	
	
	
		
 
        url="https://www.google.com/recaptcha/api/siteverify",

			




	
	
	
		
 
        data=params,

			




	
	
	
		
 
        headers={

			




	
	
	
		
 
            "Content-type": "application/x-www-form-urlencoded",

			




	
	
	
		
 
            "User-agent": "reCAPTCHA Python"

			




	
	
	
		
 
        }

			




	
	
	
		
 
    )

			




	
	
	
		
 

			




	
	
	
		
 
    httpresp = urllib2.urlopen(req)

			




	
	
	
		
 
    return_values = json.loads(httpresp.read())

			




	
	
	
		
 
    httpresp.close()

			




	
	
	
		
 

			




	
	
	
		
 
    if not (isinstance(return_values, dict)):

			




	
	
	
		
 
        return RecaptchaResponse(is_valid=False, error_code='incorrect-captcha-sol')

			




	
	
	
		
 
    elif (("success" in return_values) and ((return_values["success"] == True) or (return_values["success"] == "true"))):

			




	
	
	
		
 
    elif (("success" in return_values) and ((return_values["success"] is True) or (return_values["success"] == "true"))):

			




	
	
	
		
 
        return RecaptchaResponse(is_valid=True)

			




	
	
	
		
 
    elif (("error-codes" in return_values) and isinstance(return_values["error-codes"], list) and (len(return_values["error-codes"]) > 0)):

			




	
	
	
		
 
        return RecaptchaResponse(is_valid=False, error_code=return_values["error-codes"][0])

			




	
	
	
		
 
    else:

			




	
	
	
		
 
        return RecaptchaResponse(is_valid=False, error_code='incorrect-captcha-sol')

			




        

    


    
    

    

        

                

                    kallithea/model/user_group.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
# -*- coding: utf-8 -*-

			




	
	
	
		
 
# This program is free software: you can redistribute it and/or modify

			




	
	
	
		
 
# it under the terms of the GNU General Public License as published by

			




	
	
	
		
 
# the Free Software Foundation, either version 3 of the License, or

			




	
	
	
		
 
# (at your option) any later version.

			




	
	
	
		
 
#

			




	
	
	
		
 
# This program is distributed in the hope that it will be useful,

			




	
	
	
		
 
# but WITHOUT ANY WARRANTY; without even the implied warranty of

			




	
	
	
		
 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

			




	
	
	
		
 
# GNU General Public License for more details.

			




	
	
	
		
 
#

			




	
	
	
		
 
# You should have received a copy of the GNU General Public License

			




	
	
	
		
 
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

			




	
	
	
		
 
"""

			




	
	
	
		
 
kallithea.model.user_group

			




	
	
	
		
 
~~~~~~~~~~~~~~~~~~~~~~~~~~

			




	
	
	
		
 

			




	
	
	
		
 
user group model for Kallithea

			




	
	
	
		
 

			




	
	
	
		
 
This file was forked by the Kallithea project in July 2014.

			




	
	
	
		
 
Original author and date, and relevant copyright and licensing information is below:

			




	
	
	
		
 
:created_on: Oct 1, 2011

			




	
	
	
		
 
:author: nvinot, marcink

			




	
	
	
		
 
"""

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
import logging

			




	
	
	
		
 
import traceback

			




	
	
	
		
 

			




	
	
	
		
 
from kallithea.lib.exceptions import RepoGroupAssignmentError, UserGroupsAssignedException

			




	
	
	
		
 
from kallithea.model.db import (

			




	
	
	
		
 
    Permission, Session, User, UserGroup, UserGroupMember, UserGroupRepoToPerm, UserGroupToPerm, UserGroupUserGroupToPerm, UserUserGroupToPerm)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
log = logging.getLogger(__name__)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class UserGroupModel(object):

			




	
	
	
		
 

			




	
	
	
		
 
    def _create_default_perms(self, user_group):

			




	
	
	
		
 
        # create default permission

			




	
	
	
		
 
        default_perm = 'usergroup.read'

			




	
	
	
		
 
        def_user = User.get_default_user()

			




	
	
	
		
 
        for p in def_user.user_perms:

			




	
	
	
		
 
            if p.permission.permission_name.startswith('usergroup.'):

			




	
	
	
		
 
                default_perm = p.permission.permission_name

			




	
	
	
		
 
                break

			




	
	
	
		
 

			




	
	
	
		
 
        user_group_to_perm = UserUserGroupToPerm()

			




	
	
	
		
 
        user_group_to_perm.permission = Permission.get_by_key(default_perm)

			




	
	
	
		
 

			




	
	
	
		
 
        user_group_to_perm.user_group = user_group

			




	
	
	
		
 
        user_group_to_perm.user_id = def_user.user_id

			




	
	
	
		
 
        Session().add(user_group_to_perm)

			




	
	
	
		
 
        return user_group_to_perm

			




	
	
	
		
 

			




	
	
	
		
 
    def _update_permissions(self, user_group, perms_new=None,

			




	
	
	
		
 
                            perms_updates=None):

			




	
	
	
		
 
        from kallithea.lib.auth import HasUserGroupPermissionLevel

			




	
	
	
		
 
        if not perms_new:

			




	
	
	
		
 
            perms_new = []

			




	
	
	
		
 
        if not perms_updates:

			




	
	
	
		
 
            perms_updates = []

			




	
	
	
		
 

			




	
	
	
		
 
        # update permissions

			




	
	
	
		
 
        for member, perm, member_type in perms_updates:

			




	
	
	
		
 
            if member_type == 'user':

			




	
	
	
		
 
                # this updates existing one

			




	
	
	
		
 
                self.grant_user_permission(

			




	
	
	
		
 
                    user_group=user_group, user=member, perm=perm

			




	
	
	
		
 
                )

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                # check if we have permissions to alter this usergroup's access

			




	
	
	
		
 
                if HasUserGroupPermissionLevel('read')(member):

			




	
	
	
		
 
                    self.grant_user_group_permission(

			




	
	
	
		
 
                        target_user_group=user_group, user_group=member, perm=perm

			




	
	
	
		
 
                    )

			




	
	
	
		
 
        # set new permissions

			




	
	
	
		
 
        for member, perm, member_type in perms_new:

			




	
	
	
		
 
            if member_type == 'user':

			




	
	
	
		
 
                self.grant_user_permission(

			




	
	
	
		
 
                    user_group=user_group, user=member, perm=perm

			




	
	
	
		
 
                )

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                # check if we have permissions to alter this usergroup's access

			




	
	
	
		
 
                if HasUserGroupPermissionLevel('read')(member):

			




	
	
	
		
 
                    self.grant_user_group_permission(

			




	
	
	
		
 
                        target_user_group=user_group, user_group=member, perm=perm

			




	
	
	
		
 
                    )

			




	
	
	
		
 

			




	
	
	
		
 
    def get(self, user_group_id, cache=False):

			




	
	
	
		
 
        return UserGroup.get(user_group_id)

			




	
	
	
		
 

			




	
	
	
		
 
    def get_group(self, user_group):

			




	
	
	
		
 
        return UserGroup.guess_instance(user_group)

			




	
	
	
		
 

			




	
	
	
		
 
    def get_by_name(self, name, cache=False, case_insensitive=False):

			




	
	
	
		
 
        return UserGroup.get_by_group_name(name, cache, case_insensitive)

			




	
	
	
		
 

			




	
	
	
		
 
    def create(self, name, description, owner, active=True, group_data=None):

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            new_user_group = UserGroup()

			




	
	
	
		
 
            new_user_group.owner = User.guess_instance(owner)

			




	
	
	
		
 
            new_user_group.users_group_name = name

			




	
	
	
		
 
            new_user_group.user_group_description = description

			




	
	
	
		
 
            new_user_group.users_group_active = active

			




	
	
	
		
 
            if group_data:

			




	
	
	
		
 
                new_user_group.group_data = group_data

			




	
	
	
		
 
            Session().add(new_user_group)

			




	
	
	
		
 
            self._create_default_perms(new_user_group)

			




	
	
	
		
 

			




	
	
	
		
 
            self.grant_user_permission(user_group=new_user_group,

			




	
	
	
		
 
                                       user=owner, perm='usergroup.admin')

			




	
	
	
		
 

			




	
	
	
		
 
            return new_user_group

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def update(self, user_group, form_data):

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            user_group = UserGroup.guess_instance(user_group)

			




	
	
	
		
 

			




	
	
	
		
 
            for k, v in form_data.items():

			




	
	
	
		
 
                if k == 'users_group_members':

			




	
	
	
		
 
                    members_list = []

			




	
	
	
		
 
                    if v:

			




	
	
	
		
 
                        v = [v] if isinstance(v, basestring) else v

			




	
	
	
		
 
                        for u_id in set(v):

			




	
	
	
		
 
                            member = UserGroupMember(user_group.users_group_id, u_id)

			




	
	
	
		
 
                            members_list.append(member)

			




	
	
	
		
 
                            Session().add(member)

			




	
	
	
		
 
                    user_group.members = members_list

			




	
	
	
		
 
                setattr(user_group, k, v)

			




	
	
	
		
 

			




	
	
	
		
 
            # Flush to make db assign users_group_member_id to newly

			




	
	
	
		
 
            # created UserGroupMembers.

			




	
	
	
		
 
            Session().flush()

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def delete(self, user_group, force=False):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Deletes user group, unless force flag is used

			




	
	
	
		
 
        raises exception if there are members in that group, else deletes

			




	
	
	
		
 
        group and users

			




	
	
	
		
 

			




	
	
	
		
 
        :param user_group:

			




	
	
	
		
 
        :param force:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        user_group = UserGroup.guess_instance(user_group)

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            # check if this group is not assigned to repo

			




	
	
	
		
 
            assigned_groups = UserGroupRepoToPerm.query() \

			




	
	
	
		
 
                .filter(UserGroupRepoToPerm.users_group == user_group).all()

			




	
	
	
		
 
            assigned_groups = [x.repository.repo_name for x in assigned_groups]

			




	
	
	
		
 

			




	
	
	
		
 
            if assigned_groups and not force:

			




	
	
	
		
 
                raise UserGroupsAssignedException(

			




	
	
	
		
 
                    'User Group assigned to %s' % ", ".join(assigned_groups))

			




	
	
	
		
 
            Session().delete(user_group)

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def add_user_to_group(self, user_group, user):

			




	
	
	
		
 
        """Return True if user already is in the group - else return the new UserGroupMember"""

			




	
	
	
		
 
        user_group = UserGroup.guess_instance(user_group)

			




	
	
	
		
 
        user = User.guess_instance(user)

			




	
	
	
		
 

			




	
	
	
		
 
        for m in user_group.members:

			




	
	
	
		
 
            u = m.user

			




	
	
	
		
 
            if u.user_id == user.user_id:

			




	
	
	
		
 
                # user already in the group, skip

			




	
	
	
		
 
                return True

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            user_group_member = UserGroupMember()

			




	
	
	
		
 
            user_group_member.user = user

			




	
	
	
		
 
            user_group_member.users_group = user_group

			




	
	
	
		
 

			




	
	
	
		
 
            user_group.members.append(user_group_member)

			




	
	
	
		
 
            user.group_member.append(user_group_member)

			




	
	
	
		
 

			




	
	
	
		
 
            Session().add(user_group_member)

			




	
	
	
		
 
            return user_group_member

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def remove_user_from_group(self, user_group, user):

			




	
	
	
		
 
        user_group = UserGroup.guess_instance(user_group)

			




	
	
	
		
 
        user = User.guess_instance(user)

			




	
	
	
		
 

			




	
	
	
		
 
        user_group_member = None

			




	
	
	
		
 
        for m in user_group.members:

			




	
	
	
		
 
            if m.user_id == user.user_id:

			




	
	
	
		
 
                # Found this user's membership row

			




	
	
	
		
 
                user_group_member = m

			




	
	
	
		
 
                break

			




	
	
	
		
 

			




	
	
	
		
 
        if user_group_member:

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                Session().delete(user_group_member)

			




	
	
	
		
 
                return True

			




	
	
	
		
 
            except Exception:

			




	
	
	
		
 
                log.error(traceback.format_exc())

			




	
	
	
		
 
                raise

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            # User isn't in that group

			




	
	
	
		
 
            return False

			




	
	
	
		
 

			




	
	
	
		
 
    def has_perm(self, user_group, perm):

			




	
	
	
		
 
        user_group = UserGroup.guess_instance(user_group)

			




	
	
	
		
 
        perm = Permission.guess_instance(perm)

			




	
	
	
		
 

			




	
	
	
		
 
        return UserGroupToPerm.query() \

			




	
	
	
		
 
            .filter(UserGroupToPerm.users_group == user_group) \

			




	
	
	
		
 
            .filter(UserGroupToPerm.permission == perm).scalar() is not None

			




	
	
	
		
 

			




	
	
	
		
 
    def grant_perm(self, user_group, perm):

			




	
	
	
		
 
        user_group = UserGroup.guess_instance(user_group)

			




	
	
	
		
 
        perm = Permission.guess_instance(perm)

			




	
	
	
		
 

			




	
	
	
		
 
        # if this permission is already granted skip it

			




	
	
	
		
 
        _perm = UserGroupToPerm.query() \

			




	
	
	
		
 
            .filter(UserGroupToPerm.users_group == user_group) \

			




	
	
	
		
 
            .filter(UserGroupToPerm.permission == perm) \

			




	
	
	
		
 
            .scalar()

			




	
	
	
		
 
        if _perm:

			




	
	
	
		
 
            return

			




	
	
	
		
 

			




	
	
	
		
 
        new = UserGroupToPerm()

			




	
	
	
		
 
        new.users_group = user_group

			




	
	
	
		
 
        new.permission = perm

			




	
	
	
		
 
        Session().add(new)

			




	
	
	
		
 
        return new

			




	
	
	
		
 

			




	
	
	
		
 
    def revoke_perm(self, user_group, perm):

			




	
	
	
		
 
        user_group = UserGroup.guess_instance(user_group)

			




	
	
	
		
 
        perm = Permission.guess_instance(perm)

			




	
	
	
		
 

			




	
	
	
		
 
        obj = UserGroupToPerm.query() \

			




	
	
	
		
 
            .filter(UserGroupToPerm.users_group == user_group) \

			




	
	
	
		
 
            .filter(UserGroupToPerm.permission == perm).scalar()

			




	
	
	
		
 
        if obj is not None:

			




	
	
	
		
 
            Session().delete(obj)

			




	
	
	
		
 

			




	
	
	
		
 
    def grant_user_permission(self, user_group, user, perm):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Grant permission for user on given user group, or update

			




	
	
	
		
 
        existing one if found

			




	
	
	
		
 

			




	
	
	
		
 
        :param user_group: Instance of UserGroup, users_group_id,

			




	
	
	
		
 
            or users_group_name

			




	
	
	
		
 
        :param user: Instance of User, user_id or username

			




	
	
	
		
 
        :param perm: Instance of Permission, or permission_name

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        user_group = UserGroup.guess_instance(user_group)

			




	
	
	
		
 
        user = User.guess_instance(user)

			




	
	
	
		
 
        permission = Permission.guess_instance(perm)

			




	
	
	
		
 

			




	
	
	
		
 
        # check if we have that permission already

			




	
	
	
		
 
        obj = UserUserGroupToPerm.query() \

			




	
	
	
		
 
            .filter(UserUserGroupToPerm.user == user) \

			




	
	
	
		
 
            .filter(UserUserGroupToPerm.user_group == user_group) \

			




	
	
	
		
 
            .scalar()

			




	
	
	
		
 
        if obj is None:

			




	
	
	
		
 
            # create new !

			




	
	
	
		
 
            obj = UserUserGroupToPerm()

			




	
	
	
		
 
            Session().add(obj)

			




	
	
	
		
 
        obj.user_group = user_group

			




	
	
	
		
 
        obj.user = user

			




	
	
	
		
 
        obj.permission = permission

			




	
	
	
		
 
        log.debug('Granted perm %s to %s on %s', perm, user, user_group)

			




	
	
	
		
 
        return obj

			




	
	
	
		
 

			




	
	
	
		
 
    def revoke_user_permission(self, user_group, user):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Revoke permission for user on given repository group

			




	
	
	
		
 

			




	
	
	
		
 
        :param user_group: Instance of RepoGroup, repositories_group_id,

			




	
	
	
		
 
            or repositories_group name

			




	
	
	
		
 
        :param user: Instance of User, user_id or username

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        user_group = UserGroup.guess_instance(user_group)

			




	
	
	
		
 
        user = User.guess_instance(user)

			




	
	
	
		
 

			




	
	
	
		
 
        obj = UserUserGroupToPerm.query() \

			




	
	
	
		
 
            .filter(UserUserGroupToPerm.user == user) \

			




	
	
	
		
 
            .filter(UserUserGroupToPerm.user_group == user_group) \

			




	
	
	
		
 
            .scalar()

			




	
	
	
		
 
        if obj is not None:

			




	
	
	
		
 
            Session().delete(obj)

			




	
	
	
		
 
            log.debug('Revoked perm on %s on %s', user_group, user)

			




	
	
	
		
 

			




	
	
	
		
 
    def grant_user_group_permission(self, target_user_group, user_group, perm):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Grant user group permission for given target_user_group

			




	
	
	
		
 

			




	
	
	
		
 
        :param target_user_group:

			




	
	
	
		
 
        :param user_group:

			




	
	
	
		
 
        :param perm:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        target_user_group = UserGroup.guess_instance(target_user_group)

			




	
	
	
		
 
        user_group = UserGroup.guess_instance(user_group)

			




	
	
	
		
 
        permission = Permission.guess_instance(perm)

			




	
	
	
		
 
        # forbid assigning same user group to itself

			




	
	
	
		
 
        if target_user_group == user_group:

			




	
	
	
		
 
            raise RepoGroupAssignmentError('target repo:%s cannot be '

			




	
	
	
		
 
                                           'assigned to itself' % target_user_group)

			




	
	
	
		
 

			




	
	
	
		
 
        # check if we have that permission already

			




	
	
	
		
 
        obj = UserGroupUserGroupToPerm.query() \

			




	
	
	
		
 
            .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group) \

			




	
	
	
		
 
            .filter(UserGroupUserGroupToPerm.user_group == user_group) \

			




	
	
	
		
 
            .scalar()

			




	
	
	
		
 
        if obj is None:

			




	
	
	
		
 
            # create new !

			




	
	
	
		
 
            obj = UserGroupUserGroupToPerm()

			




	
	
	
		
 
            Session().add(obj)

			




	
	
	
		
 
        obj.user_group = user_group

			




	
	
	
		
 
        obj.target_user_group = target_user_group

			




	
	
	
		
 
        obj.permission = permission

			




	
	
	
		
 
        log.debug('Granted perm %s to %s on %s', perm, target_user_group, user_group)

			




	
	
	
		
 
        return obj

			




	
	
	
		
 

			




	
	
	
		
 
    def revoke_user_group_permission(self, target_user_group, user_group):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Revoke user group permission for given target_user_group

			




	
	
	
		
 

			




	
	
	
		
 
        :param target_user_group:

			




	
	
	
		
 
        :param user_group:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        target_user_group = UserGroup.guess_instance(target_user_group)

			




	
	
	
		
 
        user_group = UserGroup.guess_instance(user_group)

			




	
	
	
		
 

			




	
	
	
		
 
        obj = UserGroupUserGroupToPerm.query() \

			




	
	
	
		
 
            .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group) \

			




	
	
	
		
 
            .filter(UserGroupUserGroupToPerm.user_group == user_group) \

			




	
	
	
		
 
            .scalar()

			




	
	
	
		
 
        if obj is not None:

			




	
	
	
		
 
            Session().delete(obj)

			




	
	
	
		
 
            log.debug('Revoked perm on %s on %s', target_user_group, user_group)

			




	
	
	
		
 

			




	
	
	
		
 
    def enforce_groups(self, user, groups, extern_type=None):

			




	
	
	
		
 
        user = User.guess_instance(user)

			




	
	
	
		
 
        log.debug('Enforcing groups %s on user %s', user, groups)

			




	
	
	
		
 
        current_groups = user.group_member

			




	
	
	
		
 
        # find the external created groups

			




	
	
	
		
 
        externals = [x.users_group for x in current_groups

			




	
	
	
		
 
                     if 'extern_type' in x.users_group.group_data]

			




	
	
	
		
 

			




	
	
	
		
 
        # calculate from what groups user should be removed

			




	
	
	
		
 
        # externals that are not in groups

			




	
	
	
		
 
        for gr in externals:

			




	
	
	
		
 
            if gr.users_group_name not in groups:

			




	
	
	
		
 
                log.debug('Removing user %s from user group %s', user, gr)

			




	
	
	
		
 
                self.remove_user_from_group(gr, user)

			




	
	
	
		
 

			




	
	
	
		
 
        # now we calculate in which groups user should be == groups params

			




	
	
	
		
 
        owner = User.get_first_admin().username

			




	
	
	
		
 
        for gr in set(groups):

			




	
	
	
		
 
            existing_group = UserGroup.get_by_group_name(gr)

			




	
	
	
		
 
            if not existing_group:

			




	
	
	
		
 
                desc = u'Automatically created from plugin:%s' % extern_type

			




	
	
	
		
 
                # we use first admin account to set the owner of the group

			




	
	
	
		
 
                existing_group = UserGroupModel().create(gr, desc, owner,

			




	
	
	
		
 
                                        group_data={'extern_type': extern_type})

			




	
	
	
		
 

			




	
	
	
		
 
            # we can only add users to special groups created via plugins

			




	
	
	
		
 
            managed = 'extern_type' in existing_group.group_data

			




	
	
	
		
 
            if managed:

			




	
	
	
		
 
                log.debug('Adding user %s to user group %s', user, gr)

			




	
	
	
		
 
                UserGroupModel().add_user_to_group(existing_group, user)

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                log.debug('Skipping addition to group %s since it is '

			




	
	
	
		
 
                          'not managed by auth plugins' % gr)

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.