@@ -1843,385 +1843,385 @@ class ApiController(JSONRPCController):
RepoModel().revoke_user_permission(repo=repo, user=user)
Session().commit()
return dict(
msg='Revoked perm for user: `%s` in repo: `%s`' % (
user.username, repo.repo_name
),
success=True
)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError(
'failed to edit permission for user: `%s` in repo: `%s`' % (
userid, repoid
# permission check inside
def grant_user_group_permission(self, apiuser, repoid, usergroupid, perm):
"""
Grant permission for user group on given repository, or update
existing one if found. This command can be executed only using
api_key belonging to user with admin rights.
:param apiuser: filled automatically from apikey
:type apiuser: AuthUser
:param repoid: repository name or repository id
:type repoid: str or int
:param usergroupid: id of usergroup
:type usergroupid: str or int
:param perm: (repository.(none|read|write|admin))
:type perm: str
OUTPUT::
id : <id_given_in_input>
result : {
"msg" : "Granted perm: `<perm>` for group: `<usersgroupname>` in repo: `<reponame>`",
"success": true
}
error : null
ERROR OUTPUT::
result : null
error : {
"failed to edit permission for user group: `<usergroup>` in repo `<repo>`'
repo = get_repo_or_error(repoid)
perm = get_perm_or_error(perm)
user_group = get_user_group_or_error(usergroupid)
if not HasPermissionAnyApi('hg.admin')(user=apiuser):
# check if we have admin permission for this repo !
_perms = ('repository.admin',)
if not HasRepoPermissionAnyApi(*_perms)(
user=apiuser, repo_name=repo.repo_name):
raise JSONRPCError('repository `%s` does not exist' % (repoid,))
# check if we have at least read permission for this user group !
_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
if not HasUserGroupPermissionAny(*_perms)(
user=apiuser, user_group_name=user_group.users_group_name):
raise JSONRPCError('user group `%s` does not exist' % (usergroupid,))
try:
RepoModel().grant_user_group_permission(
repo=repo, group_name=user_group, perm=perm)
msg='Granted perm: `%s` for user group: `%s` in '
'repo: `%s`' % (
perm.permission_name, user_group.users_group_name,
repo.repo_name
'failed to edit permission for user group: `%s` in '
usergroupid, repo.repo_name
def revoke_user_group_permission(self, apiuser, repoid, usergroupid):
Revoke permission for user group on given repository. This command can be
executed only using api_key belonging to user with admin rights.
:param usergroupid:
result: {
"msg" : "Revoked perm for group: `<usersgroupname>` in repo: `<reponame>`",
error: null
RepoModel().revoke_user_group_permission(
repo=repo, group_name=user_group)
msg='Revoked perm for user group: `%s` in repo: `%s`' % (
user_group.users_group_name, repo.repo_name
@HasPermissionAnyDecorator('hg.admin')
def get_repo_group(self, apiuser, repogroupid):
Returns given repo group together with permissions, and repositories
inside the group
:param repogroupid: id/name of repository group
:type repogroupid: str or int
repo_group = get_repo_group_or_error(repogroupid)
members = []
for user in repo_group.repo_group_to_perm:
perm = user.permission.permission_name
user = user.user
user_data = {
'name': user.username,
'type': "user",
'permission': perm
members.append(user_data)
for user_group in repo_group.users_group_to_perm:
perm = user_group.permission.permission_name
user_group = user_group.users_group
user_group_data = {
'name': user_group.users_group_name,
'type': "user_group",
members.append(user_group_data)
data = repo_group.get_api_data()
data["members"] = members
return data
def get_repo_groups(self, apiuser):
Returns all repository groups
result = []
for repo_group in RepoGroupModel().get_all():
for repo_group in RepoGroup.get_all():
result.append(repo_group.get_api_data())
return result
def create_repo_group(self, apiuser, group_name, description=Optional(''),
owner=Optional(OAttr('apiuser')),
parent=Optional(None),
copy_permissions=Optional(False)):
Creates a repository group. This command can be executed only using
:param group_name:
:type group_name:
:param description:
:type description:
:param owner:
:type owner:
:param parent:
:type parent:
:param copy_permissions:
:type copy_permissions:
"msg": "created new repo group `<repo_group_name>`"
"repo_group": <repogroup_object>
failed to create repo group `<repogroupid>`
if RepoGroup.get_by_group_name(group_name):
raise JSONRPCError("repo group `%s` already exist" % (group_name,))
if isinstance(owner, Optional):
owner = apiuser.user_id
group_description = Optional.extract(description)
parent_group = Optional.extract(parent)
if not isinstance(parent, Optional):
parent_group = get_repo_group_or_error(parent_group)
copy_permissions = Optional.extract(copy_permissions)
repo_group = RepoGroupModel().create(
group_name=group_name,
group_description=group_description,
owner=owner,
parent=parent_group,
copy_permissions=copy_permissions
msg='created new repo group `%s`' % group_name,
repo_group=repo_group.get_api_data()
raise JSONRPCError('failed to create repo group `%s`' % (group_name,))
def update_repo_group(self, apiuser, repogroupid, group_name=Optional(''),
description=Optional(''),
parent=Optional(None), enable_locking=Optional(False)):
updates = {}
store_update(updates, group_name, 'group_name')
store_update(updates, description, 'group_description')
store_update(updates, owner, 'owner')
store_update(updates, parent, 'parent_group')
store_update(updates, enable_locking, 'enable_locking')
repo_group = RepoGroupModel().update(repo_group, updates)
msg='updated repository group ID:%s %s' % (repo_group.group_id,
repo_group.group_name),
raise JSONRPCError('failed to update repository group `%s`'
% (repogroupid,))
def delete_repo_group(self, apiuser, repogroupid):
:param repogroupid: name or id of repository group
'msg': 'deleted repo group ID:<repogroupid> <repogroupname>
'repo_group': null
"failed to delete repo group ID:<repogroupid> <repogroupname>"
RepoGroupModel().delete(repo_group)
msg='deleted repo group ID:%s %s' %
(repo_group.group_id, repo_group.group_name),
repo_group=None
raise JSONRPCError('failed to delete repo group ID:%s %s' %
(repo_group.group_id, repo_group.group_name)
def grant_user_permission_to_repo_group(self, apiuser, repogroupid, userid,
perm, apply_to_children=Optional('none')):
Grant permission for user on given repository group, or update existing
one if found. This command can be executed only using api_key belonging
to user with admin rights, or user who has admin right to given repository
group.
:param userid:
:param perm: (group.(none|read|write|admin))
:param apply_to_children: 'none', 'repos', 'groups', 'all'
:type apply_to_children: str
"msg" : "Granted perm: `<perm>` (recursive:<apply_to_children>) for user: `<username>` in repo group: `<repo_group_name>`",
"failed to edit permission for user: `<userid>` in repo group: `<repo_group_name>`"
# check if we have admin permission for this repo group !
if not HasRepoGroupPermissionAnyApi('group.admin')(user=apiuser,
group_name=repo_group.group_name):
raise JSONRPCError('repository group `%s` does not exist' % (repogroupid,))
user = get_user_or_error(userid)
perm = get_perm_or_error(perm, prefix='group.')
apply_to_children = Optional.extract(apply_to_children)
Status change: