kallithea Changeset - 7e3d89d9d3a2

Changeset - 7e3d89d9d3a2

Parent rev.

Child rev.

[Not reviewed]

beta

0 32 2

Marcin Kuzminski - 13 years ago 2013-04-08 22:47:35
marcin@python-works.com

- Manage User’s Groups: create, delete, rename, add/remove users inside.
by user group admin.
In this case, a user's group can be owned by several people thru an owner user's group.

Some refactoring of naming, permission handling logic.
- remove some code duplicity as well as inconsistent naming

34 files changed with 1023 insertions and 338 deletions:

docs/api/api.rst

rhodecode/__init__.py

rhodecode/config/routing.py

rhodecode/controllers/admin/repos.py

rhodecode/controllers/admin/repos_groups.py

rhodecode/controllers/admin/settings.py

rhodecode/controllers/admin/users_groups.py

136

rhodecode/controllers/api/api.py

rhodecode/controllers/forks.py

rhodecode/lib/auth.py

rhodecode/lib/db_manage.py

rhodecode/lib/dbmigrate/versions/012_version_1_7_0.py

rhodecode/lib/utils.py

rhodecode/model/db.py

100

rhodecode/model/forms.py

rhodecode/model/repo.py

rhodecode/model/repos_group.py

rhodecode/model/scm.py

rhodecode/model/user.py

rhodecode/model/users_group.py

119

rhodecode/model/validators.py

rhodecode/templates/admin/repos/repo_edit_perms.html

rhodecode/templates/admin/repos_groups/repos_group_edit_perms.html

rhodecode/templates/admin/repos_groups/repos_groups_edit.html

rhodecode/templates/admin/users_groups/user_group_edit_perms.html

100

rhodecode/templates/admin/users_groups/users_group_edit.html

rhodecode/templates/base/base.html

rhodecode/templates/base/root.html

rhodecode/tests/api/api_base.py

rhodecode/tests/fixture.py

rhodecode/tests/models/test_permissions.py

rhodecode/tests/models/test_users.py

rhodecode/tests/models/test_users_group_permissions_on_groups.py

rhodecode/tests/test_validators.py

0 comments (0 inline, 0 general)

docs/api/api.rst

➞

Show inline comments

@@ @@ -498,48 +498,49 @@ OUTPUT:: @@
+               {
                "users_group_id" : "<id>",
                "group_name" :     "<groupname>",
                "active":          "<bool>",
                },
                …
+              ]
     error : null
 create_users_group
 ------------------
 Creates new user group. This command can be executed only using api_key
 belonging to user with admin rights
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "create_users_group"
     args:     {
                 "group_name":  "<groupname>",
                 "owner" :     "<onwer_name_or_id = Optional(=apiuser)>",
                 "active":"<bool> = Optional(True)"
+              }
 OUTPUT::
     id : <id_given_in_input>
     result: {
               "msg": "created new user group `<groupname>`",
               "users_group": {
                      "users_group_id" : "<id>",
                      "group_name" :     "<groupname>",
                      "active":          "<bool>",
                },
+            }
     error:  null
 add_user_to_users_group
 -----------------------
 Adds a user to a user group. If user exists in that group success will be
 `false`. This command can be executed only using api_key
 belonging to user with admin rights

rhodecode/__init__.py

➞

Show inline comments

@@ @@ -17,49 +17,49 @@ @@
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import sys
 import platform
 VERSION = (1, 7, 0, 'dev')
 try:
     from rhodecode.lib import get_current_revision
     _rev = get_current_revision()
     if _rev and len(VERSION) > 3:
         VERSION += ('%s' % _rev[0],)
 except ImportError:
     pass
 __version__ = ('.'.join((str(each) for each in VERSION[:3])) +
                '.'.join(VERSION[3:]))
-__dbversion__ = 11  # defines current db version for migrations
+__dbversion__ = 12  # defines current db version for migrations
 __platform__ = platform.system()
 __license__ = 'GPLv3'
 __py_version__ = sys.version_info
 __author__ = 'Marcin Kuzminski'
 __url__ = 'http://rhodecode.org'
 PLATFORM_WIN = ('Windows')
 PLATFORM_OTHERS = ('Linux', 'Darwin', 'FreeBSD', 'OpenBSD', 'SunOS') #depracated
 is_windows = __platform__ in PLATFORM_WIN
 is_unix = not is_windows
 BACKENDS = {
     'hg': 'Mercurial repository',
     'git': 'Git repository',
+}
 CELERY_ON = False
 CELERY_EAGER = False
 # link to config for pylons
 CONFIG = {}

rhodecode/config/routing.py

➞

Show inline comments

@@ @@ -179,48 +179,55 @@ def make_map(config): @@
                   action="index", conditions=dict(method=["GET"]))
         m.connect("new_repos_group", "/repos_groups/new",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("formatted_new_repos_group", "/repos_groups/new.{format}",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("update_repos_group", "/repos_groups/{group_name:.*?}",
                   action="update", conditions=dict(method=["PUT"],
                                                    function=check_group))
         m.connect("delete_repos_group", "/repos_groups/{group_name:.*?}",
                   action="delete", conditions=dict(method=["DELETE"],
                                                    function=check_group_skip_path))
         m.connect("edit_repos_group", "/repos_groups/{group_name:.*?}/edit",
                   action="edit", conditions=dict(method=["GET"],
                                                  function=check_group))
         m.connect("formatted_edit_repos_group",
                   "/repos_groups/{group_name:.*?}.{format}/edit",
                   action="edit", conditions=dict(method=["GET"],
                                                  function=check_group))
         m.connect("repos_group", "/repos_groups/{group_name:.*?}",
                   action="show", conditions=dict(method=["GET"],
                                                  function=check_group))
         m.connect("formatted_repos_group", "/repos_groups/{group_name:.*?}.{format}",
                   action="show", conditions=dict(method=["GET"],
                                                  function=check_group))
         #add repo perm member
         m.connect('set_repo_group_perm_member',
                   "/set_repo_group_perm_member/{group_name:.*?}",
              action="set_repo_group_perm_member",
              conditions=dict(method=["POST"], function=check_group))
         # ajax delete repository group perm user
         m.connect('delete_repos_group_user_perm',
                   "/delete_repos_group_user_perm/{group_name:.*?}",
              action="delete_repos_group_user_perm",
              conditions=dict(method=["DELETE"], function=check_group))
         # ajax delete repository group perm users_group
         m.connect('delete_repos_group_users_group_perm',
                   "/delete_repos_group_users_group_perm/{group_name:.*?}",
                   action="delete_repos_group_users_group_perm",
                   conditions=dict(method=["DELETE"], function=check_group))
     #ADMIN USER REST ROUTES
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='admin/users') as m:
         m.connect("users", "/users",
                   action="create", conditions=dict(method=["POST"]))
         m.connect("users", "/users",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("formatted_users", "/users.{format}",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("new_user", "/users/new",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("formatted_new_user", "/users/new.{format}",
@@ @@ -258,51 +265,62 @@ def make_map(config): @@
                   action="create", conditions=dict(method=["POST"]))
         m.connect("users_groups", "/users_groups",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("formatted_users_groups", "/users_groups.{format}",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("new_users_group", "/users_groups/new",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("formatted_new_users_group", "/users_groups/new.{format}",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("update_users_group", "/users_groups/{id}",
                   action="update", conditions=dict(method=["PUT"]))
         m.connect("delete_users_group", "/users_groups/{id}",
                   action="delete", conditions=dict(method=["DELETE"]))
         m.connect("edit_users_group", "/users_groups/{id}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         m.connect("formatted_edit_users_group",
                   "/users_groups/{id}.{format}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         m.connect("users_group", "/users_groups/{id}",
                   action="show", conditions=dict(method=["GET"]))
         m.connect("formatted_users_group", "/users_groups/{id}.{format}",
                   action="show", conditions=dict(method=["GET"]))
         #EXTRAS USER ROUTES
         m.connect("users_group_perm", "/users_groups_perm/{id}",
         # update
         m.connect("users_group_perm", "/users_groups/{id}/update_global_perm",
                   action="update_perm", conditions=dict(method=["PUT"]))
         #add user group perm member
         m.connect('set_user_group_perm_member', "/users_groups/{id}/grant_perm",
              action="set_user_group_perm_member",
              conditions=dict(method=["POST"]))
         #ajax delete user group perm
         m.connect('delete_user_group_perm_member', "/users_groups/{id}/revoke_perm",
              action="delete_user_group_perm_member",
              conditions=dict(method=["DELETE"]))
     #ADMIN GROUP REST ROUTES
     rmap.resource('group', 'groups',
                   controller='admin/groups', path_prefix=ADMIN_PREFIX)
     #ADMIN PERMISSIONS REST ROUTES
     rmap.resource('permission', 'permissions',
                   controller='admin/permissions', path_prefix=ADMIN_PREFIX)
     #ADMIN DEFAULTS REST ROUTES
     rmap.resource('default', 'defaults',
                   controller='admin/defaults', path_prefix=ADMIN_PREFIX)
     ##ADMIN LDAP SETTINGS
     rmap.connect('ldap_settings', '%s/ldap' % ADMIN_PREFIX,
                  controller='admin/ldap_settings', action='ldap_settings',
                  conditions=dict(method=["POST"]))
     rmap.connect('ldap_home', '%s/ldap' % ADMIN_PREFIX,
                  controller='admin/ldap_settings')
     #ADMIN SETTINGS REST ROUTES
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='admin/settings') as m:
         m.connect("admin_settings", "/settings",

rhodecode/controllers/admin/repos.py

➞

Show inline comments

@@ @@ -25,70 +25,70 @@ @@
 import logging
 import traceback
 import formencode
 from formencode import htmlfill
 from webob.exc import HTTPInternalServerError, HTTPForbidden
 from pylons import request, session, tmpl_context as c, url
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 from sqlalchemy.exc import IntegrityError
 import rhodecode
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasPermissionAnyDecorator, HasRepoPermissionAllDecorator, NotAnonymous,\
     HasPermissionAny, HasReposGroupPermissionAny, HasRepoPermissionAnyDecorator
 from rhodecode.lib.base import BaseRepoController, render
 from rhodecode.lib.utils import action_logger, repo_name_slug
 from rhodecode.lib.helpers import get_token
 from rhodecode.model.meta import Session
 from rhodecode.model.db import User, Repository, UserFollowing, RepoGroup,\
     RhodeCodeSetting, RepositoryField
 from rhodecode.model.forms import RepoForm, RepoFieldForm, RepoPermsForm
-from rhodecode.model.scm import ScmModel, GroupList
+from rhodecode.model.scm import ScmModel, RepoGroupList
 from rhodecode.model.repo import RepoModel
 from rhodecode.lib.compat import json
 from sqlalchemy.sql.expression import func
 from rhodecode.lib.exceptions import AttachedForksError
 log = logging.getLogger(__name__)
 class ReposController(BaseRepoController):
     """
     REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('repo', 'repos')
     @LoginRequired()
     def __before__(self):
         super(ReposController, self).__before__()
     def __load_defaults(self):
-        acl_groups = GroupList(RepoGroup.query().all(),
+        acl_groups = RepoGroupList(RepoGroup.query().all(),
                                perm_set=['group.write', 'group.admin'])
         c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
         c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
         repo_model = RepoModel()
         c.users_array = repo_model.get_users_js()
         c.users_groups_array = repo_model.get_users_groups_js()
         choices, c.landing_revs = ScmModel().get_repo_landing_revs()
         c.landing_revs_choices = choices
     def __load_data(self, repo_name=None):
         """
         Load defaults settings for edit, and update
         :param repo_name:
         """
         self.__load_defaults()
         c.repo_info = db_repo = Repository.get_by_repo_name(repo_name)
         repo = db_repo.scm_instance
         if c.repo_info is None:
             h.not_mapped_error(repo_name)
             return redirect(url('repos'))
@@ @@ -193,49 +193,49 @@ class ReposController(BaseRepoController @@
         except Exception:
             log.error(traceback.format_exc())
             msg = _('Error creating repository %s') \
                     % form_result.get('repo_name')
             h.flash(msg, category='error')
             if c.rhodecode_user.is_admin:
                 return redirect(url('repos'))
             return redirect(url('home'))
         #redirect to our new repo !
         return redirect(url('summary_home', repo_name=new_repo.repo_name))
     @NotAnonymous()
     def create_repository(self):
         """GET /_admin/create_repository: Form to create a new item"""
         new_repo = request.GET.get('repo', '')
         parent_group = request.GET.get('parent_group')
         if not HasPermissionAny('hg.admin', 'hg.create.repository')():
             #you're not super admin nor have global create permissions,
             #but maybe you have at least write permission to a parent group ?
             _gr = RepoGroup.get(parent_group)
             gr_name = _gr.group_name if _gr else None
             if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name):
                 raise HTTPForbidden
-        acl_groups = GroupList(RepoGroup.query().all(),
+        acl_groups = RepoGroupList(RepoGroup.query().all(),
                                perm_set=['group.write', 'group.admin'])
         c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
         c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
         choices, c.landing_revs = ScmModel().get_repo_landing_revs()
         c.new_repo = repo_name_slug(new_repo)
         ## apply the defaults from defaults page
         defaults = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True)
         if parent_group:
             defaults.update({'repo_group': parent_group})
         return htmlfill.render(
             render('admin/repos/repo_add.html'),
             defaults=defaults,
             errors={},
             prefix_error=False,
             encoding="UTF-8"
+        )
     @HasRepoPermissionAllDecorator('repository.admin')
     def update(self, repo_name):
         """
         PUT /repos/repo_name: Update an existing item"""
@@ @@ -309,74 +309,50 @@ class ReposController(BaseRepoController @@
                     h.flash(_('Detached %s forks') % _forks, category='success')
                 elif do == 'delete_forks':
                     handle_forks = 'delete'
                     h.flash(_('Deleted %s forks') % _forks, category='success')
             repo_model.delete(repo, forks=handle_forks)
             action_logger(self.rhodecode_user, 'admin_deleted_repo',
                   repo_name, self.ip_addr, self.sa)
             ScmModel().mark_for_invalidation(repo_name)
             h.flash(_('Deleted repository %s') % repo_name, category='success')
             Session().commit()
         except AttachedForksError:
             h.flash(_('Cannot delete %s it still contains attached forks')
                         % repo_name, category='warning')
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of %s') % repo_name,
                     category='error')
         return redirect(url('repos'))
     @HasRepoPermissionAllDecorator('repository.admin')
     def set_repo_perm_member(self, repo_name):
         form = RepoPermsForm()().to_python(request.POST)
         perms_new = form['perms_new']
         perms_updates = form['perms_updates']
         cur_repo = repo_name
         # update permissions
         for member, perm, member_type in perms_updates:
             if member_type == 'user':
                 # this updates existing one
                 RepoModel().grant_user_permission(
                     repo=cur_repo, user=member, perm=perm
+                )
             else:
                 RepoModel().grant_users_group_permission(
                     repo=cur_repo, group_name=member, perm=perm
+                )
         # set new permissions
         for member, perm, member_type in perms_new:
             if member_type == 'user':
                 RepoModel().grant_user_permission(
                     repo=cur_repo, user=member, perm=perm
+                )
             else:
                 RepoModel().grant_users_group_permission(
                     repo=cur_repo, group_name=member, perm=perm
+                )
         RepoModel()._update_permissions(repo_name, form['perms_new'],
                                         form['perms_updates'])
         #TODO: implement this
         #action_logger(self.rhodecode_user, 'admin_changed_repo_permissions',
         #              repo_name, self.ip_addr, self.sa)
         Session().commit()
         h.flash(_('Repository permissions updated'), category='success')
         return redirect(url('edit_repo', repo_name=repo_name))
     @HasRepoPermissionAllDecorator('repository.admin')
     def delete_perm_user(self, repo_name):
         """
         DELETE an existing repository permission user
         :param repo_name:
         """
         try:
             RepoModel().revoke_user_permission(repo=repo_name,
                                                user=request.POST['user_id'])
             #TODO: implement this
             #action_logger(self.rhodecode_user, 'admin_revoked_repo_permissions',
             #              repo_name, self.ip_addr, self.sa)
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of repository user'),

rhodecode/controllers/admin/repos_groups.py

➞

Show inline comments

@@ @@ -22,124 +22,126 @@ @@
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import traceback
 import formencode
 from formencode import htmlfill
 from pylons import request, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from sqlalchemy.exc import IntegrityError
 import rhodecode
 from rhodecode.lib import helpers as h
 from rhodecode.lib.compat import json
 from rhodecode.lib.auth import LoginRequired, HasPermissionAnyDecorator,\
     HasReposGroupPermissionAnyDecorator, HasReposGroupPermissionAll,\
     HasPermissionAll
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.db import RepoGroup, Repository
 from rhodecode.model.scm import RepoGroupList
 from rhodecode.model.repos_group import ReposGroupModel
 from rhodecode.model.forms import ReposGroupForm
+from rhodecode.model.forms import ReposGroupForm, RepoGroupPermsForm
 from rhodecode.model.meta import Session
 from rhodecode.model.repo import RepoModel
 from webob.exc import HTTPInternalServerError, HTTPNotFound
 from rhodecode.lib.utils2 import str2bool, safe_int
 from sqlalchemy.sql.expression import func
-from rhodecode.model.scm import GroupList
 log = logging.getLogger(__name__)
 class ReposGroupsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('repos_group', 'repos_groups')
     @LoginRequired()
     def __before__(self):
         super(ReposGroupsController, self).__before__()
     def __load_defaults(self, allow_empty_group=False, exclude_group_ids=[]):
         if HasPermissionAll('hg.admin')('group edit'):
             #we're global admin, we're ok and we can create TOP level groups
             allow_empty_group = True
         #override the choices for this form, we need to filter choices
         #and display only those we have ADMIN right
-        groups_with_admin_rights = GroupList(RepoGroup.query().all(),
+        groups_with_admin_rights = RepoGroupList(RepoGroup.query().all(),
                                              perm_set=['group.admin'])
         c.repo_groups = RepoGroup.groups_choices(groups=groups_with_admin_rights,
                                                  show_empty_group=allow_empty_group)
         # exclude filtered ids
         c.repo_groups = filter(lambda x: x[0] not in exclude_group_ids,
                                c.repo_groups)
         c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
         repo_model = RepoModel()
         c.users_array = repo_model.get_users_js()
         c.users_groups_array = repo_model.get_users_groups_js()
     def __load_data(self, group_id):
         """
         Load defaults settings for edit, and update
         :param group_id:
         """
         repo_group = RepoGroup.get_or_404(group_id)
         data = repo_group.get_dict()
         data['group_name'] = repo_group.name
         # fill repository users
+        # fill repository group users
         for p in repo_group.repo_group_to_perm:
             data.update({'u_perm_%s' % p.user.username:
                              p.permission.permission_name})
         # fill repository groups
+        # fill repository group groups
         for p in repo_group.users_group_to_perm:
             data.update({'g_perm_%s' % p.users_group.users_group_name:
                              p.permission.permission_name})
         return data
     def _revoke_perms_on_yourself(self, form_result):
         _up = filter(lambda u: c.rhodecode_user.username == u[0],
                      form_result['perms_updates'])
         _new = filter(lambda u: c.rhodecode_user.username == u[0],
                       form_result['perms_new'])
         if _new and _new[0][1] != 'group.admin' or _up and _up[0][1] != 'group.admin':
             return True
         return False
     def index(self, format='html'):
         """GET /repos_groups: All items in the collection"""
         # url('repos_groups')
         group_iter = GroupList(RepoGroup.query().all(), perm_set=['group.admin'])
         group_iter = RepoGroupList(RepoGroup.query().all(),
                                    perm_set=['group.admin'])
         sk = lambda g: g.parents[0].group_name if g.parents else g.group_name
         c.groups = sorted(group_iter, key=sk)
         return render('admin/repos_groups/repos_groups_show.html')
     def create(self):
         """POST /repos_groups: Create a new item"""
         # url('repos_groups')
         self.__load_defaults()
         # permissions for can create group based on parent_id are checked
         # here in the Form
         repos_group_form = ReposGroupForm(available_groups=
                                 map(lambda k: unicode(k[0]), c.repo_groups))()
         try:
             form_result = repos_group_form.to_python(dict(request.POST))
             ReposGroupModel().create(
                     group_name=form_result['group_name'],
                     group_description=form_result['group_description'],
                     parent=form_result['group_parent_id'],
                     owner=self.rhodecode_user.user_id
+            )
             Session().commit()
             h.flash(_('Created repository group %s') \
@@ @@ -169,49 +171,49 @@ class ReposGroupsController(BaseControll @@
         else:
             # we pass in parent group into creation form, thus we know
             # what would be the group, we can check perms here !
             group_id = safe_int(request.GET.get('parent_group'))
             group = RepoGroup.get(group_id) if group_id else None
             group_name = group.group_name if group else None
             if HasReposGroupPermissionAll('group.admin')(group_name, 'group create'):
                 pass
             else:
                 return abort(403)
         self.__load_defaults()
         return render('admin/repos_groups/repos_groups_add.html')
     @HasReposGroupPermissionAnyDecorator('group.admin')
     def update(self, group_name):
         """PUT /repos_groups/group_name: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('repos_group', group_name=GROUP_NAME),
         #           method='put')
         # url('repos_group', group_name=GROUP_NAME)
-        c.repos_group = ReposGroupModel()._get_repos_group(group_name)
+        c.repos_group = ReposGroupModel()._get_repo_group(group_name)
         if HasPermissionAll('hg.admin')('group edit'):
             #we're global admin, we're ok and we can create TOP level groups
             allow_empty_group = True
         elif not c.repos_group.parent_group:
             allow_empty_group = True
         else:
             allow_empty_group = False
         self.__load_defaults(allow_empty_group=allow_empty_group,
                              exclude_group_ids=[c.repos_group.group_id])
         repos_group_form = ReposGroupForm(
             edit=True,
             old_data=c.repos_group.get_dict(),
             available_groups=c.repo_groups_choices,
             can_create_in_root=allow_empty_group,
         )()
         try:
             form_result = repos_group_form.to_python(dict(request.POST))
             if not c.rhodecode_user.is_admin:
                 if self._revoke_perms_on_yourself(form_result):
                     msg = _('Cannot revoke permission for yourself as admin')
                     h.flash(msg, category='warning')
                     raise Exception('revoke admin permission on self')
@@ @@ -226,75 +228,93 @@ class ReposGroupsController(BaseControll @@
             return htmlfill.render(
                 render('admin/repos_groups/repos_groups_edit.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('Error occurred during update of repository group %s') \
                     % request.POST.get('group_name'), category='error')
         return redirect(url('edit_repos_group', group_name=group_name))
     @HasReposGroupPermissionAnyDecorator('group.admin')
     def delete(self, group_name):
         """DELETE /repos_groups/group_name: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('repos_group', group_name=GROUP_NAME),
         #           method='delete')
         # url('repos_group', group_name=GROUP_NAME)
-        gr = c.repos_group = ReposGroupModel()._get_repos_group(group_name)
+        gr = c.repos_group = ReposGroupModel()._get_repo_group(group_name)
         repos = gr.repositories.all()
         if repos:
             h.flash(_('This group contains %s repositores and cannot be '
                       'deleted') % len(repos), category='warning')
             return redirect(url('repos_groups'))
         children = gr.children.all()
         if children:
             h.flash(_('This group contains %s subgroups and cannot be deleted'
                       % (len(children))), category='warning')
             return redirect(url('repos_groups'))
         try:
             ReposGroupModel().delete(group_name)
             Session().commit()
             h.flash(_('Removed repository group %s') % group_name,
                     category='success')
             #TODO: in future action_logger(, '', '', '', self.sa)
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('Error occurred during deletion of repos '
                       'group %s') % group_name, category='error')
         return redirect(url('repos_groups'))
     @HasReposGroupPermissionAnyDecorator('group.admin')
     def set_repo_group_perm_member(self, group_name):
         c.repos_group = ReposGroupModel()._get_repo_group(group_name)
         form = RepoGroupPermsForm()().to_python(request.POST)
         recursive = form['recursive']
         # iterate over all members(if in recursive mode) of this groups and
         # set the permissions !
         # this can be potentially heavy operation
         ReposGroupModel()._update_permissions(c.repos_group, form['perms_new'],
                                               form['perms_updates'], recursive)
         #TODO: implement this
         #action_logger(self.rhodecode_user, 'admin_changed_repo_permissions',
         #              repo_name, self.ip_addr, self.sa)
         Session().commit()
         h.flash(_('Repository Group permissions updated'), category='success')
         return redirect(url('edit_repos_group', group_name=group_name))
     @HasReposGroupPermissionAnyDecorator('group.admin')
     def delete_repos_group_user_perm(self, group_name):
         """
         DELETE an existing repository group permission user
         :param group_name:
         """
         try:
             if not c.rhodecode_user.is_admin:
                 if c.rhodecode_user.user_id == safe_int(request.POST['user_id']):
                     msg = _('Cannot revoke permission for yourself as admin')
                     h.flash(msg, category='warning')
                     raise Exception('revoke admin permission on self')
             recursive = str2bool(request.POST.get('recursive', False))
             ReposGroupModel().delete_permission(
                 repos_group=group_name, obj=request.POST['user_id'],
                 obj_type='user', recursive=recursive
+            )
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of group user'),
                     category='error')
             raise HTTPInternalServerError()
@@ @@ -316,77 +336,77 @@ class ReposGroupsController(BaseControll @@
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of group'
                       ' user groups'),
                     category='error')
             raise HTTPInternalServerError()
     def show_by_name(self, group_name):
         """
         This is a proxy that does a lookup group_name -> id, and shows
         the group by id view instead
         """
         group_name = group_name.rstrip('/')
         id_ = RepoGroup.get_by_group_name(group_name)
         if id_:
             return self.show(id_.group_id)
         raise HTTPNotFound
     @HasReposGroupPermissionAnyDecorator('group.read', 'group.write',
                                          'group.admin')
     def show(self, group_name, format='html'):
         """GET /repos_groups/group_name: Show a specific item"""
         # url('repos_group', group_name=GROUP_NAME)
-        c.group = c.repos_group = ReposGroupModel()._get_repos_group(group_name)
+        c.group = c.repos_group = ReposGroupModel()._get_repo_group(group_name)
         c.group_repos = c.group.repositories.all()
         #overwrite our cached list with current filter
         gr_filter = c.group_repos
         c.repo_cnt = 0
         groups = RepoGroup.query().order_by(RepoGroup.group_name)\
             .filter(RepoGroup.group_parent_id == c.group.group_id).all()
         c.groups = self.scm_model.get_repos_groups(groups)
         if not c.visual.lightweight_dashboard:
             c.repos_list = self.scm_model.get_repos(all_repos=gr_filter)
         ## lightweight version of dashboard
         else:
             c.repos_list = Repository.query()\
                             .filter(Repository.group_id == c.group.group_id)\
                             .order_by(func.lower(Repository.repo_name))\
                             .all()
             repos_data = RepoModel().get_repos_as_dict(repos_list=c.repos_list,
                                                        admin=False)
             #json used to render the grid
             c.data = json.dumps(repos_data)
         return render('admin/repos_groups/repos_groups.html')
     @HasReposGroupPermissionAnyDecorator('group.admin')
     def edit(self, group_name, format='html'):
         """GET /repos_groups/group_name/edit: Form to edit an existing item"""
         # url('edit_repos_group', group_name=GROUP_NAME)
-        c.repos_group = ReposGroupModel()._get_repos_group(group_name)
+        c.repos_group = ReposGroupModel()._get_repo_group(group_name)
         #we can only allow moving empty group if it's already a top-level
         #group, ie has no parents, or we're admin
         if HasPermissionAll('hg.admin')('group edit'):
             #we're global admin, we're ok and we can create TOP level groups
             allow_empty_group = True
         elif not c.repos_group.parent_group:
             allow_empty_group = True
         else:
             allow_empty_group = False
         self.__load_defaults(allow_empty_group=allow_empty_group,
                              exclude_group_ids=[c.repos_group.group_id])
         defaults = self.__load_data(c.repos_group.group_id)
         return htmlfill.render(
             render('admin/repos_groups/repos_groups_edit.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )

rhodecode/controllers/admin/settings.py

➞

Show inline comments

@@ @@ -26,49 +26,49 @@ @@
 import logging
 import traceback
 import formencode
 import pkg_resources
 import platform
 from sqlalchemy import func
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url, config
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasPermissionAnyDecorator, NotAnonymous, HasPermissionAny,\
     HasReposGroupPermissionAll, HasReposGroupPermissionAny, AuthUser
 from rhodecode.lib.base import BaseController, render
 from rhodecode.lib.celerylib import tasks, run_task
 from rhodecode.lib.utils import repo2db_mapper, set_rhodecode_config, \
     check_git_version
 from rhodecode.model.db import RhodeCodeUi, Repository, RepoGroup, \
     RhodeCodeSetting, PullRequest, PullRequestReviewers
 from rhodecode.model.forms import UserForm, ApplicationSettingsForm, \
     ApplicationUiSettingsForm, ApplicationVisualisationForm
-from rhodecode.model.scm import ScmModel, GroupList
+from rhodecode.model.scm import ScmModel, RepoGroupList
 from rhodecode.model.user import UserModel
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.db import User
 from rhodecode.model.notification import EmailNotificationModel
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils2 import str2bool, safe_unicode
 from rhodecode.lib.compat import json
 log = logging.getLogger(__name__)
 class SettingsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('setting', 'settings', controller='admin/settings',
     #         path_prefix='/admin', name_prefix='admin_')
     @LoginRequired()
     def __before__(self):
         super(SettingsController, self).__before__()
         c.modules = sorted([(p.project_name, p.version)
                             for p in pkg_resources.working_set]
                            + [('git', check_git_version())],
                            key=lambda k: k[0].lower())

rhodecode/controllers/admin/users_groups.py

➞

Show inline comments

@@ @@ -13,250 +13,335 @@ @@
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import traceback
 import formencode
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url, config
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode.lib import helpers as h
 from rhodecode.lib.exceptions import UserGroupsAssignedException
 from rhodecode.lib.utils2 import safe_unicode, str2bool
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
 from rhodecode.lib.utils2 import safe_unicode, str2bool, safe_int
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator,\
     HasUserGroupPermissionAnyDecorator
 from rhodecode.lib.base import BaseController, render
+from rhodecode.model.scm import UserGroupList
 from rhodecode.model.users_group import UserGroupModel
+from rhodecode.model.repo import RepoModel
 from rhodecode.model.db import User, UserGroup, UserGroupToPerm,\
     UserGroupRepoToPerm, UserGroupRepoGroupToPerm
 from rhodecode.model.forms import UserGroupForm
+from rhodecode.model.forms import UserGroupForm, UserGroupPermsForm
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils import action_logger
 from sqlalchemy.orm import joinedload
 from webob.exc import HTTPInternalServerError
 log = logging.getLogger(__name__)
 class UsersGroupsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('users_group', 'users_groups')
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
         super(UsersGroupsController, self).__before__()
         c.available_permissions = config['available_permissions']
     def __load_data(self, user_group_id):
         ugroup_repo_perms = UserGroupRepoToPerm.query()\
             .options(joinedload(UserGroupRepoToPerm.permission))\
             .options(joinedload(UserGroupRepoToPerm.repository))\
             .filter(UserGroupRepoToPerm.users_group_id == user_group_id)\
             .all()
         for gr in ugroup_repo_perms:
             c.users_group.permissions['repositories'][gr.repository.repo_name]  \
                 = gr.permission.permission_name
         ugroup_group_perms = UserGroupRepoGroupToPerm.query()\
             .options(joinedload(UserGroupRepoGroupToPerm.permission))\
             .options(joinedload(UserGroupRepoGroupToPerm.group))\
             .filter(UserGroupRepoGroupToPerm.users_group_id == user_group_id)\
             .all()
         for gr in ugroup_group_perms:
             c.users_group.permissions['repositories_groups'][gr.group.group_name] \
                 = gr.permission.permission_name
         c.group_members_obj = sorted((x.user for x in c.users_group.members),
                                      key=lambda u: u.username.lower())
         c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]
         c.available_members = sorted(((x.user_id, x.username) for x in
                                       User.query().all()),
                                      key=lambda u: u[1].lower())
         repo_model = RepoModel()
         c.users_array = repo_model.get_users_js()
         # commented out due to not now supporting assignment for user group
         # on user group
         c.users_groups_array = "[]"  # repo_model.get_users_groups_js()
         c.available_permissions = config['available_permissions']
     def __load_defaults(self, user_group_id):
         """
         Load defaults settings for edit, and update
         :param user_group_id:
         """
         user_group = UserGroup.get_or_404(user_group_id)
         data = user_group.get_dict()
         ug_model = UserGroupModel()
         data.update({
             'create_repo_perm': ug_model.has_perm(user_group,
                                                   'hg.create.repository'),
             'fork_repo_perm': ug_model.has_perm(user_group,
                                                 'hg.fork.repository'),
         })
         # fill user group users
         for p in user_group.user_user_group_to_perm:
             data.update({'u_perm_%s' % p.user.username:
                              p.permission.permission_name})
         return data
     def index(self, format='html'):
         """GET /users_groups: All items in the collection"""
         # url('users_groups')
         c.users_groups_list = UserGroup().query().all()
         group_iter = UserGroupList(UserGroup().query().all(),
                                    perm_set=['usergroup.admin'])
         sk = lambda g: g.users_group_name
         c.users_groups_list = sorted(group_iter, key=sk)
         return render('admin/users_groups/users_groups.html')
     @HasPermissionAllDecorator('hg.admin')
     def create(self):
         """POST /users_groups: Create a new item"""
         # url('users_groups')
         users_group_form = UserGroupForm()()
         try:
             form_result = users_group_form.to_python(dict(request.POST))
             UserGroupModel().create(name=form_result['users_group_name'],
                                     owner=self.rhodecode_user.user_id,
                                      active=form_result['users_group_active'])
             gr = form_result['users_group_name']
             action_logger(self.rhodecode_user,
                           'admin_created_users_group:%s' % gr,
                           None, self.ip_addr, self.sa)
             h.flash(_('Created user group %s') % gr, category='success')
             Session().commit()
         except formencode.Invalid, errors:
             return htmlfill.render(
                 render('admin/users_groups/users_group_add.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('Error occurred during creation of user group %s') \
                     % request.POST.get('users_group_name'), category='error')
         return redirect(url('users_groups'))
     @HasPermissionAllDecorator('hg.admin')
     def new(self, format='html'):
         """GET /users_groups/new: Form to create a new item"""
         # url('new_users_group')
         return render('admin/users_groups/users_group_add.html')
     def _load_data(self, id):
         c.users_group.permissions = {
             'repositories': {},
             'repositories_groups': {}
+        }
         ugroup_repo_perms = UserGroupRepoToPerm.query()\
             .options(joinedload(UserGroupRepoToPerm.permission))\
             .options(joinedload(UserGroupRepoToPerm.repository))\
             .filter(UserGroupRepoToPerm.users_group_id == id)\
             .all()
         for gr in ugroup_repo_perms:
             c.users_group.permissions['repositories'][gr.repository.repo_name]  \
                 = gr.permission.permission_name
         ugroup_group_perms = UserGroupRepoGroupToPerm.query()\
             .options(joinedload(UserGroupRepoGroupToPerm.permission))\
             .options(joinedload(UserGroupRepoGroupToPerm.group))\
             .filter(UserGroupRepoGroupToPerm.users_group_id == id)\
             .all()
         for gr in ugroup_group_perms:
             c.users_group.permissions['repositories_groups'][gr.group.group_name] \
                 = gr.permission.permission_name
         c.group_members_obj = sorted((x.user for x in c.users_group.members),
                                      key=lambda u: u.username.lower())
         c.group_members = [(x.user_id, x.username) for x in
                            c.group_members_obj]
         c.available_members = sorted(((x.user_id, x.username) for x in
                                       User.query().all()),
                                      key=lambda u: u[1].lower())
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     def update(self, id):
         """PUT /users_groups/id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('users_group', id=ID),
         #           method='put')
         # url('users_group', id=ID)
         c.users_group = UserGroup.get_or_404(id)
-        self._load_data(id)
+        self.__load_data(id)
         available_members = [safe_unicode(x[0]) for x in c.available_members]
         users_group_form = UserGroupForm(edit=True,
                                           old_data=c.users_group.get_dict(),
                                           available_members=available_members)()
         try:
             form_result = users_group_form.to_python(request.POST)
             UserGroupModel().update(c.users_group, form_result)
             gr = form_result['users_group_name']
             action_logger(self.rhodecode_user,
                           'admin_updated_users_group:%s' % gr,
                           None, self.ip_addr, self.sa)
             h.flash(_('Updated user group %s') % gr, category='success')
             Session().commit()
         except formencode.Invalid, errors:
             ug_model = UserGroupModel()
             defaults = errors.value
             e = errors.error_dict or {}
             defaults.update({
                 'create_repo_perm': ug_model.has_perm(id,
                                                       'hg.create.repository'),
                 'fork_repo_perm': ug_model.has_perm(id,
                                                     'hg.fork.repository'),
                 '_method': 'put'
             })
             return htmlfill.render(
                 render('admin/users_groups/users_group_edit.html'),
                 defaults=defaults,
                 errors=e,
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('Error occurred during update of user group %s') \
                     % request.POST.get('users_group_name'), category='error')
         return redirect(url('edit_users_group', id=id))
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     def delete(self, id):
         """DELETE /users_groups/id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('users_group', id=ID),
         #           method='delete')
         # url('users_group', id=ID)
         usr_gr = UserGroup.get_or_404(id)
         try:
             UserGroupModel().delete(usr_gr)
             Session().commit()
             h.flash(_('Successfully deleted user group'), category='success')
         except UserGroupsAssignedException, e:
             h.flash(e, category='error')
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of user group'),
                     category='error')
         return redirect(url('users_groups'))
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     def set_user_group_perm_member(self, id):
         """
         grant permission for given usergroup
         :param id:
         """
         user_group = UserGroup.get_or_404(id)
         form = UserGroupPermsForm()().to_python(request.POST)
         # set the permissions !
         UserGroupModel()._update_permissions(user_group, form['perms_new'],
                                             form['perms_updates'])
         #TODO: implement this
         #action_logger(self.rhodecode_user, 'admin_changed_repo_permissions',
         #              repo_name, self.ip_addr, self.sa)
         Session().commit()
         h.flash(_('User Group permissions updated'), category='success')
         return redirect(url('edit_users_group', id=id))
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     def delete_user_group_perm_member(self, id):
         """
         DELETE an existing repository group permission user
         :param group_name:
         """
         try:
             obj_type = request.POST.get('obj_type')
             obj_id = None
             if obj_type == 'user':
                 obj_id = safe_int(request.POST.get('user_id'))
             elif obj_type == 'user_group':
                 obj_id = safe_int(request.POST.get('user_group_id'))
             if not c.rhodecode_user.is_admin:
                 if obj_type == 'user' and c.rhodecode_user.user_id == obj_id:
                     msg = _('Cannot revoke permission for yourself as admin')
                     h.flash(msg, category='warning')
                     raise Exception('revoke admin permission on self')
             if obj_type == 'user':
                 UserGroupModel().revoke_user_permission(user_group=id,
                                                         user=obj_id)
             elif obj_type == 'user_group':
                 pass
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of group user'),
                     category='error')
             raise HTTPInternalServerError()
     def show(self, id, format='html'):
         """GET /users_groups/id: Show a specific item"""
         # url('users_group', id=ID)
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     def edit(self, id, format='html'):
         """GET /users_groups/id/edit: Form to edit an existing item"""
         # url('edit_users_group', id=ID)
         c.users_group = UserGroup.get_or_404(id)
-        self._load_data(id)
+        self.__load_data(id)
         ug_model = UserGroupModel()
         defaults = c.users_group.get_dict()
         defaults.update({
             'create_repo_perm': ug_model.has_perm(c.users_group,
                                                   'hg.create.repository'),
             'fork_repo_perm': ug_model.has_perm(c.users_group,
                                                 'hg.fork.repository'),
         })
         defaults = self.__load_defaults(id)
         return htmlfill.render(
             render('admin/users_groups/users_group_edit.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     def update_perm(self, id):
         """PUT /users_perm/id: Update an existing item"""
         # url('users_group_perm', id=ID, method='put')
         users_group = UserGroup.get_or_404(id)
         grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
         grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
         inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))
         usergroup_model = UserGroupModel()
         try:
             users_group.inherit_default_permissions = inherit_perms
             Session().add(users_group)
             if grant_create_perm:
                 usergroup_model.revoke_perm(id, 'hg.create.none')
                 usergroup_model.grant_perm(id, 'hg.create.repository')
                 h.flash(_("Granted 'repository create' permission to user group"),
                         category='success')
             else:
                 usergroup_model.revoke_perm(id, 'hg.create.repository')
                 usergroup_model.grant_perm(id, 'hg.create.none')
                 h.flash(_("Revoked 'repository create' permission to user group"),

rhodecode/controllers/api/api.py

➞

Show inline comments

@@ @@ -516,63 +516,72 @@ class ApiController(JSONRPCController): @@
         data = users_group.get_api_data()
         members = []
         for user in users_group.members:
             user = user.user
             members.append(user.get_api_data())
         data['members'] = members
         return data
     @HasPermissionAllDecorator('hg.admin')
     def get_users_groups(self, apiuser):
         """"
         Get all user groups
         :param apiuser:
         """
         result = []
         for users_group in UserGroupModel().get_all():
             result.append(users_group.get_api_data())
         return result
     @HasPermissionAllDecorator('hg.admin')
     def create_users_group(self, apiuser, group_name, active=Optional(True)):
     def create_users_group(self, apiuser, group_name,
                            owner=Optional(OAttr('apiuser')),
                            active=Optional(True)):
         """
         Creates an new usergroup
         :param apiuser:
         :param group_name:
         :param owner:
         :param active:
         """
         if UserGroupModel().get_by_name(group_name):
             raise JSONRPCError("user group `%s` already exist" % group_name)
         try:
             if isinstance(owner, Optional):
                 owner = apiuser.user_id
             owner = get_user_or_error(owner)
             active = Optional.extract(active)
             ug = UserGroupModel().create(name=group_name, active=active)
             ug = UserGroupModel().create(name=group_name,
                                          owner=owner,
                                          active=active)
             Session().commit()
             return dict(
                 msg='created new user group `%s`' % group_name,
                 users_group=ug.get_api_data()
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to create group `%s`' % group_name)
     @HasPermissionAllDecorator('hg.admin')
     def add_user_to_users_group(self, apiuser, usersgroupid, userid):
         """"
         Add a user to a user group
         :param apiuser:
         :param usersgroupid:
         :param userid:
         """
         user = get_user_or_error(userid)
         users_group = get_users_group_or_error(usersgroupid)
         try:
             ugm = UserGroupModel().add_user_to_group(users_group, user)
             success = True if ugm != True else False

rhodecode/controllers/forks.py

➞

Show inline comments

@@ @@ -21,62 +21,62 @@ @@
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import formencode
 import traceback
 from formencode import htmlfill
 from pylons import tmpl_context as c, request, url
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 import rhodecode.lib.helpers as h
 from rhodecode.lib.helpers import Page
 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator, \
     NotAnonymous, HasRepoPermissionAny, HasPermissionAllDecorator,\
     HasPermissionAnyDecorator
 from rhodecode.lib.base import BaseRepoController, render
 from rhodecode.model.db import Repository, RepoGroup, UserFollowing, User,\
     RhodeCodeUi
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.forms import RepoForkForm
-from rhodecode.model.scm import ScmModel, GroupList
+from rhodecode.model.scm import ScmModel, RepoGroupList
 from rhodecode.lib.utils2 import safe_int
 log = logging.getLogger(__name__)
 class ForksController(BaseRepoController):
     @LoginRequired()
     def __before__(self):
         super(ForksController, self).__before__()
     def __load_defaults(self):
-        acl_groups = GroupList(RepoGroup.query().all(),
+        acl_groups = RepoGroupList(RepoGroup.query().all(),
                                perm_set=['group.write', 'group.admin'])
         c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
         c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
         choices, c.landing_revs = ScmModel().get_repo_landing_revs()
         c.landing_revs_choices = choices
     def __load_data(self, repo_name=None):
         """
         Load defaults settings for edit, and update
         :param repo_name:
         """
         self.__load_defaults()
         c.repo_info = db_repo = Repository.get_by_repo_name(repo_name)
         repo = db_repo.scm_instance
         if c.repo_info is None:
             h.not_mapped_error(repo_name)
             return redirect(url('repos'))
         c.default_user_id = User.get_by_username('default').user_id
         c.in_public_journal = UserFollowing.query()\
             .filter(UserFollowing.user_id == c.default_user_id)\

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -21,49 +21,50 @@ @@
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import random
 import logging
 import traceback
 import hashlib
 from tempfile import _RandomNameSequence
 from decorator import decorator
 from pylons import config, url, request
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from sqlalchemy.orm.exc import ObjectDeletedError
 from rhodecode import __platform__, is_windows, is_unix
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils2 import str2bool, safe_unicode
 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError,\
     LdapImportError
 from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug
 from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug,\
     get_user_group_slug
 from rhodecode.lib.auth_ldap import AuthLdap
 from rhodecode.model import meta
 from rhodecode.model.user import UserModel
 from rhodecode.model.db import Permission, RhodeCodeSetting, User, UserIpMap
 from rhodecode.lib.caching_query import FromCache
 log = logging.getLogger(__name__)
 class PasswordGenerator(object):
     """
     This is a simple class for generating password from different sets of
     characters
     usage::
         passwd_gen = PasswordGenerator()
         #print 8-letter password containing only big and small letters
             of alphabet
         passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
     """
     ALPHABETS_NUM = r'''1234567890'''
     ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
     ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
@@ @@ -389,56 +390,64 @@ class AuthUser(object): @@
             else:
                 self.user_id = None
                 self.username = None
                 self.is_authenticated = False
         if not self.username:
             self.username = 'None'
         log.debug('Auth User is now %s' % self)
         user_model.fill_perms(self)
     @property
     def is_admin(self):
         return self.admin
     @property
     def repos_admin(self):
         """
         Returns list of repositories you're an admin of
         """
         return [x[0] for x in self.permissions['repositories'].iteritems()
                 if x[1] == 'repository.admin']
     @property
-    def groups_admin(self):
+    def repository_groups_admin(self):
         """
         Returns list of repository groups you're an admin of
         """
         return [x[0] for x in self.permissions['repositories_groups'].iteritems()
                 if x[1] == 'group.admin']
     @property
     def user_groups_admin(self):
         """
         Returns list of user groups you're an admin of
         """
         return [x[0] for x in self.permissions['user_groups'].iteritems()
                 if x[1] == 'usergroup.admin']
     @property
     def ip_allowed(self):
         """
         Checks if ip_addr used in constructor is allowed from defined list of
         allowed ip_addresses for user
         :returns: boolean, True if ip is in allowed ip range
         """
         #check IP
         allowed_ips = AuthUser.get_allowed_ips(self.user_id, cache=True)
         if check_ip_access(source_ip=self.ip_addr, allowed_ips=allowed_ips):
             log.debug('IP:%s is in range of %s' % (self.ip_addr, allowed_ips))
             return True
         else:
             log.info('Access for IP:%s forbidden, '
                      'not in %s' % (self.ip_addr, allowed_ips))
             return False
     def __repr__(self):
         return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username,
                                               self.is_authenticated)
     def set_authenticated(self, authenticated=True):
         if self.user_id != self.anonymous_user.user_id:
             self.is_authenticated = authenticated
@@ @@ -672,81 +681,117 @@ class HasRepoPermissionAllDecorator(Perm @@
         return False
 class HasRepoPermissionAnyDecorator(PermsDecorator):
     """
     Checks for access permission for any of given predicates for specific
     repository. In order to fulfill the request any of predicates must be meet
     """
     def check_permissions(self):
         repo_name = get_repo_slug(request)
         try:
             user_perms = set([self.user_perms['repositories'][repo_name]])
         except KeyError:
             return False
         if self.required_perms.intersection(user_perms):
             return True
         return False
 class HasReposGroupPermissionAllDecorator(PermsDecorator):
     """
     Checks for access permission for all given predicates for specific
     repository. All of them have to be meet in order to fulfill the request
+    repository group. All of them have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         group_name = get_repos_group_slug(request)
         try:
             user_perms = set([self.user_perms['repositories_groups'][group_name]])
         except KeyError:
             return False
         if self.required_perms.issubset(user_perms):
             return True
         return False
 class HasReposGroupPermissionAnyDecorator(PermsDecorator):
     """
     Checks for access permission for any of given predicates for specific
     repository. In order to fulfill the request any of predicates must be meet
+    repository group. In order to fulfill the request any of predicates must be meet
     """
     def check_permissions(self):
         group_name = get_repos_group_slug(request)
         try:
             user_perms = set([self.user_perms['repositories_groups'][group_name]])
         except KeyError:
             return False
         if self.required_perms.intersection(user_perms):
             return True
         return False
 class HasUserGroupPermissionAllDecorator(PermsDecorator):
     """
     Checks for access permission for all given predicates for specific
     user group. All of them have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         group_name = get_user_group_slug(request)
         try:
             user_perms = set([self.user_perms['user_groups'][group_name]])
         except KeyError:
             return False
         if self.required_perms.issubset(user_perms):
             return True
         return False
 class HasUserGroupPermissionAnyDecorator(PermsDecorator):
     """
     Checks for access permission for any of given predicates for specific
     user group. In order to fulfill the request any of predicates must be meet
     """
     def check_permissions(self):
         group_name = get_user_group_slug(request)
         try:
             user_perms = set([self.user_perms['user_groups'][group_name]])
         except KeyError:
             return False
         if self.required_perms.intersection(user_perms):
             return True
         return False
 #==============================================================================
 # CHECK FUNCTIONS
 #==============================================================================
 class PermsFunction(object):
     """Base function for other check functions"""
     def __init__(self, *perms):
         available_perms = config['available_permissions']
         for perm in perms:
             if perm not in available_perms:
                 raise Exception("'%s' permission is not defined" % perm)
         self.required_perms = set(perms)
         self.user_perms = None
         self.repo_name = None
         self.group_name = None
     def __call__(self, check_location=''):
         #TODO: put user as attribute here
         user = request.user
         cls_name = self.__class__.__name__
         check_scope = {
             'HasPermissionAll': '',
             'HasPermissionAny': '',
@@ @@ -844,48 +889,81 @@ class HasReposGroupPermissionAny(PermsFu @@
         except KeyError:
             return False
         if self.required_perms.intersection(self._user_perms):
             return True
         return False
 class HasReposGroupPermissionAll(PermsFunction):
     def __call__(self, group_name=None, check_location=''):
         self.group_name = group_name
         return super(HasReposGroupPermissionAll, self).__call__(check_location)
     def check_permissions(self):
         try:
             self._user_perms = set(
                 [self.user_perms['repositories_groups'][self.group_name]]
+            )
         except KeyError:
             return False
         if self.required_perms.issubset(self._user_perms):
             return True
         return False
 class HasUserGroupPermissionAny(PermsFunction):
     def __call__(self, user_group_name=None, check_location=''):
         self.user_group_name = user_group_name
         return super(HasUserGroupPermissionAny, self).__call__(check_location)
     def check_permissions(self):
         try:
             self._user_perms = set(
                 [self.user_perms['user_groups'][self.user_group_name]]
+            )
         except KeyError:
             return False
         if self.required_perms.intersection(self._user_perms):
             return True
         return False
 class HasUserGroupPermissionAll(PermsFunction):
     def __call__(self, user_group_name=None, check_location=''):
         self.user_group_name = user_group_name
         return super(HasUserGroupPermissionAll, self).__call__(check_location)
     def check_permissions(self):
         try:
             self._user_perms = set(
                 [self.user_perms['user_groups'][self.user_group_name]]
+            )
         except KeyError:
             return False
         if self.required_perms.issubset(self._user_perms):
             return True
         return False
 #==============================================================================
 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
 #==============================================================================
 class HasPermissionAnyMiddleware(object):
     def __init__(self, *perms):
         self.required_perms = set(perms)
     def __call__(self, user, repo_name):
         # repo_name MUST be unicode, since we handle keys in permission
         # dict by unicode
         repo_name = safe_unicode(repo_name)
         usr = AuthUser(user.user_id)
         try:
             self.user_perms = set([usr.permissions['repositories'][repo_name]])
         except Exception:
             log.error('Exception while accessing permissions %s' %
                       traceback.format_exc())
             self.user_perms = set()
         self.username = user.username
         self.repo_name = repo_name
         return self.check_permissions()
     def check_permissions(self):
         log.debug('checking VCS protocol '

rhodecode/lib/db_manage.py

➞

Show inline comments

@@ @@ -68,87 +68,87 @@ class DbManage(object): @@
         self.cli_args = cli_args
         self.init_db()
         force_ask = self.cli_args.get('force_ask')
         if force_ask is not None:
             global ask_ok
             ask_ok = lambda *args, **kwargs: force_ask
     def init_db(self):
         engine = create_engine(self.dburi, echo=self.log_sql)
         init_model(engine)
         self.sa = Session()
     def create_tables(self, override=False):
         """
         Create a auth database
         """
         log.info("Any existing database is going to be destroyed")
         if self.tests:
             destroy = True
         else:
             destroy = ask_ok('Are you sure to destroy old database ? [y/n]')
         if not destroy:
-            sys.exit('Nothing done')
+            sys.exit('Nothing tables created')
         if destroy:
             Base.metadata.drop_all()
         checkfirst = not override
         Base.metadata.create_all(checkfirst=checkfirst)
         log.info('Created tables for %s' % self.dbname)
     def set_db_version(self):
         ver = DbMigrateVersion()
         ver.version = __dbversion__
         ver.repository_id = 'rhodecode_db_migrations'
         ver.repository_path = 'versions'
         self.sa.add(ver)
         log.info('db version set to: %s' % __dbversion__)
     def upgrade(self):
         """
         Upgrades given database schema to given revision following
         all needed steps, to perform the upgrade
         """
         from rhodecode.lib.dbmigrate.migrate.versioning import api
         from rhodecode.lib.dbmigrate.migrate.exceptions import \
             DatabaseNotControlledError
         if 'sqlite' in self.dburi:
             print (
                '********************** WARNING **********************\n'
                'Make sure your version of sqlite is at least 3.7.X.  \n'
                'Earlier versions are known to fail on some migrations\n'
                '*****************************************************\n'
+            )
         upgrade = ask_ok('You are about to perform database upgrade, make '
                          'sure You backed up your database before. '
                          'Continue ? [y/n]')
         if not upgrade:
-            sys.exit('Nothing done')
+            sys.exit('No upgrade performed')
         repository_path = jn(dn(dn(dn(os.path.realpath(__file__)))),
                              'rhodecode/lib/dbmigrate')
         db_uri = self.dburi
         try:
             curr_version = api.db_version(db_uri, repository_path)
             msg = ('Found current database under version'
                  ' control with version %s' % curr_version)
         except (RuntimeError, DatabaseNotControlledError):
             curr_version = 1
             msg = ('Current database is not under version control. Setting'
                    ' as version %s' % curr_version)
             api.version_control(db_uri, repository_path, curr_version)
         notify(msg)
         if curr_version == __dbversion__:
             sys.exit('This database is already at the newest version')
         #======================================================================
         # UPGRADE STEPS
         #======================================================================
@@ @@ -271,48 +271,52 @@ class DbManage(object): @@
                            'Please validate and check default permissions '
                            'in admin panel')
             def step_8(self):
                 self.klass.populate_default_permissions()
                 self.klass.create_default_options(skip_existing=True)
                 Session().commit()
             def step_9(self):
                 perm_fixes = self.klass.reset_permissions(User.DEFAULT_USER)
                 Session().commit()
                 if perm_fixes:
                     notify('There was an inconsistent state of permissions '
                            'detected for default user. Permissions are now '
                            'reset to the default value for default user. '
                            'Please validate and check default permissions '
                            'in admin panel')
             def step_10(self):
                 pass
             def step_11(self):
                 self.klass.update_repo_info()
             def step_12(self):
                 self.klass.create_permissions()
                 self.klass.populate_default_permissions()
         upgrade_steps = [0] + range(curr_version + 1, __dbversion__ + 1)
         # CALL THE PROPER ORDER OF STEPS TO PERFORM FULL UPGRADE
         _step = None
         for step in upgrade_steps:
             notify('performing upgrade step %s' % step)
             getattr(UpgradeSteps(self), 'step_%s' % step)()
             self.sa.commit()
             _step = step
         notify('upgrade to version %s successful' % _step)
     def fix_repo_paths(self):
         """
         Fixes a old rhodecode version path into new one without a '*'
         """
         paths = self.sa.query(RhodeCodeUi)\
                 .filter(RhodeCodeUi.ui_key == '/')\
                 .scalar()
         paths.ui_value = paths.ui_value.replace('*', '')
         try:
@@ @@ -507,49 +511,50 @@ class DbManage(object): @@
             ('default_repo_enable_downloads', False),
             ('default_repo_enable_statistics', False),
             ('default_repo_private', False),
             ('default_repo_type', 'hg')]:
             if skip_existing and RhodeCodeSetting.get_by_name(k) != None:
                 log.debug('Skipping option %s' % k)
                 continue
             setting = RhodeCodeSetting(k, v)
             self.sa.add(setting)
     def fixup_groups(self):
         def_usr = User.get_by_username('default')
         for g in RepoGroup.query().all():
             g.group_name = g.get_new_name(g.name)
             self.sa.add(g)
             # get default perm
             default = UserRepoGroupToPerm.query()\
                 .filter(UserRepoGroupToPerm.group == g)\
                 .filter(UserRepoGroupToPerm.user == def_usr)\
                 .scalar()
             if default is None:
                 log.debug('missing default permission for group %s adding' % g)
                 ReposGroupModel()._create_default_perms(g)
                 perm_obj = ReposGroupModel()._create_default_perms(g)
                 self.sa.add(perm_obj)
     def reset_permissions(self, username):
         """
         Resets permissions to default state, usefull when old systems had
         bad permissions, we must clean them up
         :param username:
         :type username:
         """
         default_user = User.get_by_username(username)
         if not default_user:
             return
         u2p = UserToPerm.query()\
             .filter(UserToPerm.user == default_user).all()
         fixed = False
         if len(u2p) != len(User.DEFAULT_PERMISSIONS):
             for p in u2p:
                 Session().delete(p)
             fixed = True
             self.populate_default_permissions()
         return fixed
     def update_repo_info(self):

rhodecode/lib/dbmigrate/versions/012_version_1_7_0.py

➞

Show inline comments

@@ new file 100644 @@
 import logging
 import datetime
 from sqlalchemy import *
 from sqlalchemy.exc import DatabaseError
 from sqlalchemy.orm import relation, backref, class_mapper, joinedload
 from sqlalchemy.orm.session import Session
 from sqlalchemy.ext.declarative import declarative_base
 from rhodecode.lib.dbmigrate.migrate import *
 from rhodecode.lib.dbmigrate.migrate.changeset import *
 from rhodecode.model.meta import Base
 from rhodecode.model import meta
 from rhodecode.lib.dbmigrate.versions import _reset_base
 log = logging.getLogger(__name__)
 def upgrade(migrate_engine):
     """
     Upgrade operations go here.
     Don't create your own engine; bind migrate_engine to your metadata
     """
     _reset_base(migrate_engine)
     #==========================================================================
     # UserUserGroupToPerm
     #==========================================================================
     from rhodecode.lib.dbmigrate.schema.db_1_7_0 import UserUserGroupToPerm
     tbl = UserUserGroupToPerm.__table__
     tbl.create()
     #==========================================================================
     # UserGroupUserGroupToPerm
     #==========================================================================
     from rhodecode.lib.dbmigrate.schema.db_1_7_0 import UserGroupUserGroupToPerm
     tbl = UserGroupUserGroupToPerm.__table__
     tbl.create()
     #==========================================================================
     # UserGroup
     #==========================================================================
     from rhodecode.lib.dbmigrate.schema.db_1_7_0 import UserGroup
     tbl = UserGroup.__table__
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=False, default=None)
     # create username column
     user_id.create(table=tbl)
     #==========================================================================
     # UserGroup
     #==========================================================================
     from rhodecode.lib.dbmigrate.schema.db_1_7_0 import RepoGroup
     tbl = RepoGroup.__table__
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=False, default=None)
     # create username column
     user_id.create(table=tbl)
 def downgrade(migrate_engine):
     meta = MetaData()
     meta.bind = migrate_engine

rhodecode/lib/utils.py

➞

Show inline comments

@@ @@ -32,49 +32,49 @@ import paste @@
 import beaker
 import tarfile
 import shutil
 import decorator
 import warnings
 from os.path import abspath
 from os.path import dirname as dn, join as jn
 from paste.script.command import Command, BadCommand
 from mercurial import ui, config
 from webhelpers.text import collapse, remove_formatting, strip_tags
 from rhodecode.lib.vcs import get_backend
 from rhodecode.lib.vcs.backends.base import BaseChangeset
 from rhodecode.lib.vcs.utils.lazy import LazyProperty
 from rhodecode.lib.vcs.utils.helpers import get_scm
 from rhodecode.lib.vcs.exceptions import VCSError
 from rhodecode.lib.caching_query import FromCache
 from rhodecode.model import meta
 from rhodecode.model.db import Repository, User, RhodeCodeUi, \
     UserLog, RepoGroup, RhodeCodeSetting, CacheInvalidation
+    UserLog, RepoGroup, RhodeCodeSetting, CacheInvalidation, UserGroup
 from rhodecode.model.meta import Session
 from rhodecode.model.repos_group import ReposGroupModel
 from rhodecode.lib.utils2 import safe_str, safe_unicode
 from rhodecode.lib.vcs.utils.fakemod import create_module
 log = logging.getLogger(__name__)
 REMOVED_REPO_PAT = re.compile(r'rm__\d{8}_\d{6}_\d{6}__.*')
 def recursive_replace(str_, replace=' '):
     """
     Recursive replace of given sign to just one instance
     :param str_: given string
     :param replace: char to find and replace multiple instances
     Examples::
     >>> recursive_replace("Mighty---Mighty-Bo--sstones",'-')
     'Mighty-Mighty-Bo-sstones'
     """
     if str_.find(replace * 2) == -1:
         return str_
@@ @@ -93,48 +93,56 @@ def repo_name_slug(value): @@
     slug = remove_formatting(value)
     slug = strip_tags(slug)
     for c in """`?=[]\;'"<>,/~!@#$%^&*()+{}|: """:
         slug = slug.replace(c, '-')
     slug = recursive_replace(slug, '-')
     slug = collapse(slug, '-')
     return slug
 def get_repo_slug(request):
     _repo = request.environ['pylons.routes_dict'].get('repo_name')
     if _repo:
         _repo = _repo.rstrip('/')
     return _repo
 def get_repos_group_slug(request):
     _group = request.environ['pylons.routes_dict'].get('group_name')
     if _group:
         _group = _group.rstrip('/')
     return _group
 def get_user_group_slug(request):
     _group = request.environ['pylons.routes_dict'].get('id')
     _group = UserGroup.get(_group)
     if _group:
         _group = _group.users_group_name
     return _group
 def action_logger(user, action, repo, ipaddr='', sa=None, commit=False):
     """
     Action logger for various actions made by users
     :param user: user that made this action, can be a unique username string or
         object containing user_id attribute
     :param action: action to log, should be on of predefined unique actions for
         easy translations
     :param repo: string name of repository or object containing repo_id,
         that action was made on
     :param ipaddr: optional ip address from what the action was made
     :param sa: optional sqlalchemy session
     """
     if not sa:
         sa = meta.Session()
     try:
         if hasattr(user, 'user_id'):
             user_obj = User.get(user.user_id)
         elif isinstance(user, basestring):
             user_obj = User.get_by_username(user)
         else:
@@ @@ -351,88 +359,90 @@ def set_rhodecode_config(config): @@
     :param config:
     """
     hgsettings = RhodeCodeSetting.get_app_settings()
     for k, v in hgsettings.items():
         config[k] = v
 def map_groups(path):
     """
     Given a full path to a repository, create all nested groups that this
     repo is inside. This function creates parent-child relationships between
     groups and creates default perms for all new groups.
     :param paths: full path to repository
     """
     sa = meta.Session()
     groups = path.split(Repository.url_sep())
     parent = None
     group = None
     # last element is repo in nested groups structure
     groups = groups[:-1]
     rgm = ReposGroupModel(sa)
     owner = User.get_first_admin()
     for lvl, group_name in enumerate(groups):
         group_name = '/'.join(groups[:lvl] + [group_name])
         group = RepoGroup.get_by_group_name(group_name)
         desc = '%s group' % group_name
         # skip folders that are now removed repos
         if REMOVED_REPO_PAT.match(group_name):
             break
         if group is None:
             log.debug('creating group level: %s group_name: %s' % (lvl,
                                                                    group_name))
             log.debug('creating group level: %s group_name: %s'
                       % (lvl, group_name))
             group = RepoGroup(group_name, parent)
             group.group_description = desc
             group.user = owner
             sa.add(group)
             rgm._create_default_perms(group)
             perm_obj = rgm._create_default_perms(group)
             sa.add(perm_obj)
             sa.flush()
         parent = group
     return group
 def repo2db_mapper(initial_repo_list, remove_obsolete=False,
                    install_git_hook=False):
     """
     maps all repos given in initial_repo_list, non existing repositories
     are created, if remove_obsolete is True it also check for db entries
     that are not in initial_repo_list and removes them.
     :param initial_repo_list: list of repositories found by scanning methods
     :param remove_obsolete: check for obsolete entries in database
     :param install_git_hook: if this is True, also check and install githook
         for a repo if missing
     """
     from rhodecode.model.repo import RepoModel
     from rhodecode.model.scm import ScmModel
     sa = meta.Session()
     rm = RepoModel()
     user = sa.query(User).filter(User.admin == True).first()
     if user is None:
         raise Exception('Missing administrative account!')
     user = User.get_first_admin()
     added = []
     ##creation defaults
     defs = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True)
     enable_statistics = defs.get('repo_enable_statistics')
     enable_locking = defs.get('repo_enable_locking')
     enable_downloads = defs.get('repo_enable_downloads')
     private = defs.get('repo_private')
     for name, repo in initial_repo_list.items():
         group = map_groups(name)
         db_repo = rm.get_by_repo_name(name)
         # found repo that is on filesystem not in RhodeCode database
         if not db_repo:
             log.info('repository %s not found, creating now' % name)
             added.append(name)
             desc = (repo.description
                     if repo.description != 'unknown'
                     else '%s repository' % name)
             new_repo = rm.create_repo(
                 repo_name=name,
                 repo_type=repo.alias,
                 description=desc,

rhodecode/model/db.py

➞

Show inline comments

@@ @@ -110,48 +110,53 @@ class BaseModel(object): @@
     @classmethod
     def query(cls):
         return Session().query(cls)
     @classmethod
     def get(cls, id_):
         if id_:
             return cls.query().get(id_)
     @classmethod
     def get_or_404(cls, id_):
         try:
             id_ = int(id_)
         except (TypeError, ValueError):
             raise HTTPNotFound
         res = cls.query().get(id_)
         if not res:
             raise HTTPNotFound
         return res
     @classmethod
     def getAll(cls):
         # deprecated and left for backward compatibility
         return cls.get_all()
     @classmethod
     def get_all(cls):
         return cls.query().all()
     @classmethod
     def delete(cls, id_):
         obj = cls.query().get(id_)
         Session().delete(obj)
     def __repr__(self):
         if hasattr(self, '__unicode__'):
             # python repr needs to return str
             return safe_str(self.__unicode__())
         return '<DB:%s>' % (self.__class__.__name__)
 class RhodeCodeSetting(Base, BaseModel):
     __tablename__ = 'rhodecode_settings'
     __table_args__ = (
         UniqueConstraint('app_settings_name'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     app_settings_name = Column("app_settings_name", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     _app_settings_value = Column("app_settings_value", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
@@ @@ -469,48 +474,55 @@ class User(Base, BaseModel): @@
         """
         Tries to get User objects out of commit author string
         :param author:
         """
         from rhodecode.lib.helpers import email, author_name
         # Valid email in the attribute passed, see if they're in the system
         _email = email(author)
         if _email:
             user = cls.get_by_email(_email, case_insensitive=True)
             if user:
                 return user
         # Maybe we can match by username?
         _author = author_name(author)
         user = cls.get_by_username(_author, case_insensitive=True)
         if user:
             return user
     def update_lastlogin(self):
         """Update user lastlogin"""
         self.last_login = datetime.datetime.now()
         Session().add(self)
         log.debug('updated user %s lastlogin' % self.username)
     @classmethod
     def get_first_admin(cls):
         user = User.query().filter(User.admin == True).first()
         if user is None:
             raise Exception('Missing administrative account!')
         return user
     def get_api_data(self):
         """
         Common function for generating user related data for API
         """
         user = self
         data = dict(
             user_id=user.user_id,
             username=user.username,
             firstname=user.name,
             lastname=user.lastname,
             email=user.email,
             emails=user.emails,
             api_key=user.api_key,
             active=user.active,
             admin=user.admin,
             ldap_dn=user.ldap_dn,
             last_login=user.last_login,
             ip_addresses=user.ip_addresses
+        )
         return data
     def __json__(self):
         data = dict(
             full_name=self.full_name,
@@ @@ -595,55 +607,60 @@ class UserLog(Base, BaseModel): @@
     repository_name = Column("repository_name", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     user_ip = Column("user_ip", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     action = Column("action", UnicodeText(1200000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
     @property
     def action_as_day(self):
         return datetime.date(*self.action_date.timetuple()[:3])
     user = relationship('User')
     repository = relationship('Repository', cascade='')
 class UserGroup(Base, BaseModel):
     __tablename__ = 'users_groups'
     __table_args__ = (
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'},
+    )
     users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     users_group_name = Column("users_group_name", String(255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
     users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
     inherit_default_permissions = Column("users_group_inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
     members = relationship('UserGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
     users_group_to_perm = relationship('UserGroupToPerm', cascade='all')
     users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
     user_user_group_to_perm = relationship('UserUserGroupToPerm ', cascade='all')
     user = relationship('User')
     def __unicode__(self):
         return u'<userGroup(%s)>' % (self.users_group_name)
         return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
                                       self.users_group_id,
                                       self.users_group_name)
     @classmethod
     def get_by_group_name(cls, group_name, cache=False,
                           case_insensitive=False):
         if case_insensitive:
             q = cls.query().filter(cls.users_group_name.ilike(group_name))
         else:
             q = cls.query().filter(cls.users_group_name == group_name)
         if cache:
             q = q.options(FromCache(
                             "sql_cache_short",
                             "get_user_%s" % _hash_key(group_name)
+                          )
+            )
         return q.scalar()
     @classmethod
     def get(cls, users_group_id, cache=False):
         users_group = cls.query()
         if cache:
             users_group = users_group.options(FromCache("sql_cache_short",
                                     "get_users_group_%s" % users_group_id))
         return users_group.get(users_group_id)
@@ @@ -1208,60 +1225,61 @@ class Repository(Base, BaseModel): @@
             # skip hidden web repository
             if repo._get_hidden():
                 return
         else:
             repo = backend(repo_full_path, create=False)
         return repo
 class RepoGroup(Base, BaseModel):
     __tablename__ = 'groups'
     __table_args__ = (
         UniqueConstraint('group_name', 'group_parent_id'),
         CheckConstraint('group_id != group_parent_id'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'},
+    )
     __mapper_args__ = {'order_by': 'group_name'}
     group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     group_name = Column("group_name", String(255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
     group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)
     group_description = Column("group_description", String(10000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     enable_locking = Column("enable_locking", Boolean(), nullable=False, unique=None, default=False)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
     repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')
     users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
     parent_group = relationship('RepoGroup', remote_side=group_id)
     user = relationship('User')
     def __init__(self, group_name='', parent_group=None):
         self.group_name = group_name
         self.parent_group = parent_group
     def __unicode__(self):
         return u"<%s('%s:%s')>" % (self.__class__.__name__, self.group_id,
+        return u"<%s('id:%s:%s')>" % (self.__class__.__name__, self.group_id,
                                   self.group_name)
     @classmethod
     def groups_choices(cls, groups=None, show_empty_group=True):
         from webhelpers.html import literal as _literal
         if not groups:
             groups = cls.query().all()
         repo_groups = []
         if show_empty_group:
             repo_groups = [('-1', '-- %s --' % _('top level'))]
         sep = ' &raquo; '
         _name = lambda k: _literal(sep.join(k))
         repo_groups.extend([(x.group_id, _name(x.full_path_splitted))
                               for x in groups])
         repo_groups = sorted(repo_groups, key=lambda t: t[1].split(sep)[0])
         return repo_groups
     @classmethod
     def url_sep(cls):
         return URL_SEP
@@ @@ -1376,184 +1394,262 @@ class RepoGroup(Base, BaseModel): @@
         """
         path_prefix = (self.parent_group.full_path_splitted if
                        self.parent_group else [])
         return RepoGroup.url_sep().join(path_prefix + [group_name])
 class Permission(Base, BaseModel):
     __tablename__ = 'permissions'
     __table_args__ = (
         Index('p_perm_name_idx', 'permission_name'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'},
+    )
     PERMS = [
         ('repository.none', _('Repository no access')),
         ('repository.read', _('Repository read access')),
         ('repository.write', _('Repository write access')),
         ('repository.admin', _('Repository admin access')),
         ('group.none', _('Repository group no access')),
         ('group.read', _('Repository group read access')),
         ('group.write', _('Repository group write access')),
         ('group.admin', _('Repository group admin access')),
         ('usergroup.none', _('User group no access')),
         ('usergroup.read', _('User group read access')),
         ('usergroup.write', _('User group write access')),
         ('usergroup.admin', _('User group admin access')),
         ('hg.admin', _('RhodeCode Administrator')),
         ('hg.create.none', _('Repository creation disabled')),
         ('hg.create.repository', _('Repository creation enabled')),
         ('hg.fork.none', _('Repository forking disabled')),
         ('hg.fork.repository', _('Repository forking enabled')),
         ('hg.register.none', _('Register disabled')),
         ('hg.register.manual_activate', _('Register new user with RhodeCode '
                                           'with manual activation')),
         ('hg.register.auto_activate', _('Register new user with RhodeCode '
                                         'with auto activation')),
+    ]
     # defines which permissions are more important higher the more important
     PERM_WEIGHTS = {
         'repository.none': 0,
         'repository.read': 1,
         'repository.write': 3,
         'repository.admin': 4,
         'group.none': 0,
         'group.read': 1,
         'group.write': 3,
         'group.admin': 4,
         'usergroup.none': 0,
         'usergroup.read': 1,
         'usergroup.write': 3,
         'usergroup.admin': 4,
         'hg.fork.none': 0,
         'hg.fork.repository': 1,
         'hg.create.none': 0,
         'hg.create.repository':1
+    }
     permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     permission_name = Column("permission_name", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     permission_longname = Column("permission_longname", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
     def __unicode__(self):
         return u"<%s('%s:%s')>" % (
             self.__class__.__name__, self.permission_id, self.permission_name
+        )
     @classmethod
     def get_by_key(cls, key):
         return cls.query().filter(cls.permission_name == key).scalar()
     @classmethod
     def get_default_perms(cls, default_user_id):
         q = Session().query(UserRepoToPerm, Repository, cls)\
          .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
          .join((cls, UserRepoToPerm.permission_id == cls.permission_id))\
          .filter(UserRepoToPerm.user_id == default_user_id)
         return q.all()
     @classmethod
     def get_default_group_perms(cls, default_user_id):
         q = Session().query(UserRepoGroupToPerm, RepoGroup, cls)\
          .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
          .join((cls, UserRepoGroupToPerm.permission_id == cls.permission_id))\
          .filter(UserRepoGroupToPerm.user_id == default_user_id)
         return q.all()
     @classmethod
     def get_default_user_group_perms(cls, default_user_id):
         q = Session().query(UserUserGroupToPerm, UserGroup, cls)\
          .join((UserGroup, UserUserGroupToPerm.user_group_id == UserGroup.users_group_id))\
          .join((cls, UserUserGroupToPerm.permission_id == cls.permission_id))\
          .filter(UserUserGroupToPerm.user_id == default_user_id)
         return q.all()
 class UserRepoToPerm(Base, BaseModel):
     __tablename__ = 'repo_to_perm'
     __table_args__ = (
         UniqueConstraint('user_id', 'repository_id', 'permission_id'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
     permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
     repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
     user = relationship('User')
     repository = relationship('Repository')
     permission = relationship('Permission')
     @classmethod
     def create(cls, user, repository, permission):
         n = cls()
         n.user = user
         n.repository = repository
         n.permission = permission
         Session().add(n)
         return n
     def __unicode__(self):
         return u'<user:%s => %s >' % (self.user, self.repository)
         return u'<%s => %s >' % (self.user, self.repository)
 class UserUserGroupToPerm(Base, BaseModel):
     __tablename__ = 'user_user_group_to_perm'
     __table_args__ = (
         UniqueConstraint('user_id', 'user_group_id', 'permission_id'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     user_user_group_to_perm_id = Column("user_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
     permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
     user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
     user = relationship('User')
     user_group = relationship('UserGroup')
     permission = relationship('Permission')
     @classmethod
     def create(cls, user, user_group, permission):
         n = cls()
         n.user = user
         n.user_group = user_group
         n.permission = permission
         Session().add(n)
         return n
     def __unicode__(self):
         return u'<%s => %s >' % (self.user, self.user_group)
 class UserToPerm(Base, BaseModel):
     __tablename__ = 'user_to_perm'
     __table_args__ = (
         UniqueConstraint('user_id', 'permission_id'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
     permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
     user = relationship('User')
     permission = relationship('Permission', lazy='joined')
 class UserGroupRepoToPerm(Base, BaseModel):
     __tablename__ = 'users_group_repo_to_perm'
     __table_args__ = (
         UniqueConstraint('repository_id', 'users_group_id', 'permission_id'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
     permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
     repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
     users_group = relationship('UserGroup')
     permission = relationship('Permission')
     repository = relationship('Repository')
     @classmethod
     def create(cls, users_group, repository, permission):
         n = cls()
         n.users_group = users_group
         n.repository = repository
         n.permission = permission
         Session().add(n)
         return n
     def __unicode__(self):
         return u'<userGroup:%s => %s >' % (self.users_group, self.repository)
 #TODO; not sure if this will be ever used
 class UserGroupUserGroupToPerm(Base, BaseModel):
     __tablename__ = 'user_group_user_group_to_perm'
     __table_args__ = (
         UniqueConstraint('user_group_id', 'user_group_id', 'permission_id'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     user_user_group_to_perm_id = Column("user_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     target_user_group_id = Column("target_users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
     permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
     user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
     target_user_group = relationship('UserGroup', remote_side=target_user_group_id, primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')
     user_group = relationship('UserGroup', remote_side=user_group_id, primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')
     permission = relationship('Permission')
     @classmethod
     def create(cls, target_user_group, user_group, permission):
         n = cls()
         n.target_user_group = target_user_group
         n.user_group = user_group
         n.permission = permission
         Session().add(n)
         return n
     def __unicode__(self):
         return u'<UserGroup:%s => %s >' % (self.target_user_group, self.user_group)
 class UserGroupToPerm(Base, BaseModel):
     __tablename__ = 'users_group_to_perm'
     __table_args__ = (
         UniqueConstraint('users_group_id', 'permission_id',),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
     users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
     permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
     users_group = relationship('UserGroup')
     permission = relationship('Permission')
 class UserRepoGroupToPerm(Base, BaseModel):
     __tablename__ = 'user_repo_group_to_perm'
     __table_args__ = (
         UniqueConstraint('user_id', 'group_id', 'permission_id'),
         {'extend_existing': True, 'mysql_engine': 'InnoDB',
          'mysql_charset': 'utf8'}
+    )
     group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

rhodecode/model/forms.py

➞

Show inline comments

@@ @@ -113,51 +113,49 @@ def UserGroupForm(edit=False, old_data={ @@
+            )
     return _UserGroupForm
 def ReposGroupForm(edit=False, old_data={}, available_groups=[],
                    can_create_in_root=False):
     class _ReposGroupForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         group_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                                v.SlugifyName())
         group_description = v.UnicodeString(strip=True, min=1,
                                                 not_empty=False)
         if edit:
             #FIXME: do a special check that we cannot move a group to one of
             #it's children
             pass
         group_parent_id = All(v.CanCreateGroup(can_create_in_root),
                               v.OneOf(available_groups, hideList=False,
                                       testValueList=True,
                                       if_missing=None, not_empty=True))
         enable_locking = v.StringBoolean(if_missing=False)
         recursive = v.StringBoolean(if_missing=False)
         chained_validators = [v.ValidReposGroup(edit, old_data),
                               v.ValidPerms('group')]
         chained_validators = [v.ValidReposGroup(edit, old_data)]
     return _ReposGroupForm
 def RegisterForm(edit=False, old_data={}):
     class _RegisterForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         username = All(
             v.ValidUsername(edit, old_data),
             v.UnicodeString(strip=True, min=1, not_empty=True)
+        )
         password = All(
             v.ValidPassword(),
             v.UnicodeString(strip=False, min=6, not_empty=True)
+        )
         password_confirmation = All(
             v.ValidPassword(),
             v.UnicodeString(strip=False, min=6, not_empty=True)
+        )
         active = v.StringBoolean(if_missing=False)
         firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
         lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
         email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))
@@ @@ -186,52 +184,69 @@ def RepoForm(edit=False, old_data={}, su @@
                          v.OneOf(repo_groups, hideList=True))
         repo_type = v.OneOf(supported_backends)
         repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)
         repo_private = v.StringBoolean(if_missing=False)
         repo_landing_rev = v.OneOf(landing_revs, hideList=True)
         clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False))
         repo_enable_statistics = v.StringBoolean(if_missing=False)
         repo_enable_downloads = v.StringBoolean(if_missing=False)
         repo_enable_locking = v.StringBoolean(if_missing=False)
         if edit:
             #this is repo owner
             user = All(v.UnicodeString(not_empty=True), v.ValidRepoUser())
         chained_validators = [v.ValidCloneUri(),
                               v.ValidRepoName(edit, old_data)]
     return _RepoForm
 def RepoPermsForm():
     class _RepoPermsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         chained_validators = [v.ValidPerms()]
+        chained_validators = [v.ValidPerms(type_='repo')]
     return _RepoPermsForm
 def RepoGroupPermsForm():
     class _RepoGroupPermsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         recursive = v.StringBoolean(if_missing=False)
         chained_validators = [v.ValidPerms(type_='repo_group')]
     return _RepoGroupPermsForm
 def UserGroupPermsForm():
     class _UserPermsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         chained_validators = [v.ValidPerms(type_='user_group')]
     return _UserPermsForm
 def RepoFieldForm():
     class _RepoFieldForm(formencode.Schema):
         filter_extra_fields = True
         allow_extra_fields = True
         new_field_key = All(v.FieldKey(),
                             v.UnicodeString(strip=True, min=3, not_empty=True))
         new_field_value = v.UnicodeString(not_empty=False, if_missing='')
         new_field_type = v.OneOf(['str', 'unicode', 'list', 'tuple'],
                                  if_missing='str')
         new_field_label = v.UnicodeString(not_empty=False)
         new_field_desc = v.UnicodeString(not_empty=False)
     return _RepoFieldForm
 def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
                  repo_groups=[], landing_revs=[]):
     class _RepoForkForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                         v.SlugifyName())
         repo_group = All(v.CanWriteGroup(),

rhodecode/model/repo.py

➞

Show inline comments

@@ @@ -31,56 +31,75 @@ from datetime import datetime @@
 from rhodecode.lib.vcs.backends import get_backend
 from rhodecode.lib.compat import json
 from rhodecode.lib.utils2 import LazyProperty, safe_str, safe_unicode,\
     remove_prefix, obfuscate_url_pw
 from rhodecode.lib.caching_query import FromCache
 from rhodecode.lib.hooks import log_create_repository, log_delete_repository
 from rhodecode.model import BaseModel
 from rhodecode.model.db import Repository, UserRepoToPerm, User, Permission, \
     Statistics, UserGroup, UserGroupRepoToPerm, RhodeCodeUi, RepoGroup,\
     RhodeCodeSetting, RepositoryField
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import HasRepoPermissionAny
 from rhodecode.lib.exceptions import AttachedForksError
 log = logging.getLogger(__name__)
 class RepoModel(BaseModel):
     cls = Repository
     URL_SEPARATOR = Repository.url_sep()
-    def __get_users_group(self, users_group):
+    def _get_user_group(self, users_group):
         return self._get_instance(UserGroup, users_group,
                                   callback=UserGroup.get_by_group_name)
-    def _get_repos_group(self, repos_group):
+    def _get_repo_group(self, repos_group):
         return self._get_instance(RepoGroup, repos_group,
                                   callback=RepoGroup.get_by_group_name)
     def _create_default_perms(self, repository, private):
         # create default permission
         default = 'repository.read'
         def_user = User.get_by_username('default')
         for p in def_user.user_perms:
             if p.permission.permission_name.startswith('repository.'):
                 default = p.permission.permission_name
                 break
         default_perm = 'repository.none' if private else default
         repo_to_perm = UserRepoToPerm()
         repo_to_perm.permission = Permission.get_by_key(default_perm)
         repo_to_perm.repository = repository
         repo_to_perm.user_id = def_user.user_id
         return repo_to_perm
     @LazyProperty
     def repos_path(self):
         """
         Get's the repositories root path from database
         """
         q = self.sa.query(RhodeCodeUi).filter(RhodeCodeUi.ui_key == '/').one()
         return q.ui_value
     def get(self, repo_id, cache=False):
         repo = self.sa.query(Repository)\
             .filter(Repository.repo_id == repo_id)
         if cache:
             repo = repo.options(FromCache("sql_cache_short",
                                           "get_repo_%s" % repo_id))
         return repo.scalar()
     def get_repo(self, repository):
         return self._get_repo(repository)
     def get_by_repo_name(self, repo_name, cache=False):
         repo = self.sa.query(Repository)\
             .filter(Repository.repo_name == repo_name)
@@ @@ -315,168 +334,179 @@ class RepoModel(BaseModel): @@
             self.sa.add(cur_repo)
             if org_repo_name != new_name:
                 # rename repository
                 self.__rename_repo(old=org_repo_name, new=new_name)
             return cur_repo
         except Exception:
             log.error(traceback.format_exc())
             raise
     def create_repo(self, repo_name, repo_type, description, owner,
                     private=False, clone_uri=None, repos_group=None,
                     landing_rev='tip', just_db=False, fork_of=None,
                     copy_fork_permissions=False, enable_statistics=False,
                     enable_locking=False, enable_downloads=False):
         """
         Create repository
         """
         from rhodecode.model.scm import ScmModel
         owner = self._get_user(owner)
         fork_of = self._get_repo(fork_of)
-        repos_group = self._get_repos_group(repos_group)
+        repos_group = self._get_repo_group(repos_group)
         try:
             # repo name is just a name of repository
             # while repo_name_full is a full qualified name that is combined
             # with name and path of group
             repo_name_full = repo_name
             repo_name = repo_name.split(self.URL_SEPARATOR)[-1]
             new_repo = Repository()
             new_repo.enable_statistics = False
             new_repo.repo_name = repo_name_full
             new_repo.repo_type = repo_type
             new_repo.user = owner
             new_repo.group = repos_group
             new_repo.description = description or repo_name
             new_repo.private = private
             new_repo.clone_uri = clone_uri
             new_repo.landing_rev = landing_rev
             new_repo.enable_statistics = enable_statistics
             new_repo.enable_locking = enable_locking
             new_repo.enable_downloads = enable_downloads
             if repos_group:
                 new_repo.enable_locking = repos_group.enable_locking
             if fork_of:
                 parent_repo = fork_of
                 new_repo.fork = parent_repo
             self.sa.add(new_repo)
             def _create_default_perms():
                 # create default permission
                 repo_to_perm = UserRepoToPerm()
                 default = 'repository.read'
                 for p in User.get_by_username('default').user_perms:
                     if p.permission.permission_name.startswith('repository.'):
                         default = p.permission.permission_name
                         break
                 default_perm = 'repository.none' if private else default
                 repo_to_perm.permission_id = self.sa.query(Permission)\
                         .filter(Permission.permission_name == default_perm)\
                         .one().permission_id
                 repo_to_perm.repository = new_repo
                 repo_to_perm.user_id = User.get_by_username('default').user_id
                 self.sa.add(repo_to_perm)
             if fork_of:
                 if copy_fork_permissions:
                     repo = fork_of
                     user_perms = UserRepoToPerm.query()\
                         .filter(UserRepoToPerm.repository == repo).all()
                     group_perms = UserGroupRepoToPerm.query()\
                         .filter(UserGroupRepoToPerm.repository == repo).all()
                     for perm in user_perms:
                         UserRepoToPerm.create(perm.user, new_repo,
                                               perm.permission)
                     for perm in group_perms:
                         UserGroupRepoToPerm.create(perm.users_group, new_repo,
                                                     perm.permission)
                 else:
                     _create_default_perms()
                     perm_obj = self._create_default_perms(new_repo, private)
                     self.sa.add(perm_obj)
             else:
                 _create_default_perms()
                 perm_obj = self._create_default_perms(new_repo, private)
                 self.sa.add(perm_obj)
             if not just_db:
                 self.__create_repo(repo_name, repo_type,
                                    repos_group,
                                    clone_uri)
                 log_create_repository(new_repo.get_dict(),
                                       created_by=owner.username)
             # now automatically start following this repository as owner
             ScmModel(self.sa).toggle_following_repo(new_repo.repo_id,
                                                     owner.user_id)
             return new_repo
         except Exception:
             log.error(traceback.format_exc())
             raise
     def create(self, form_data, cur_user, just_db=False, fork=None):
         """
         Backward compatibility function, just a wrapper on top of create_repo
         :param form_data:
         :param cur_user:
         :param just_db:
         :param fork:
         """
         owner = cur_user
         repo_name = form_data['repo_name_full']
         repo_type = form_data['repo_type']
         description = form_data['repo_description']
         private = form_data['repo_private']
         clone_uri = form_data.get('clone_uri')
         repos_group = form_data['repo_group']
         landing_rev = form_data['repo_landing_rev']
         copy_fork_permissions = form_data.get('copy_permissions')
         fork_of = form_data.get('fork_parent_id')
         ## repo creation defaults, private and repo_type are filled in form
         defs = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True)
         enable_statistics = defs.get('repo_enable_statistics')
         enable_locking = defs.get('repo_enable_locking')
         enable_downloads = defs.get('repo_enable_downloads')
         return self.create_repo(
             repo_name, repo_type, description, owner, private, clone_uri,
             repos_group, landing_rev, just_db, fork_of, copy_fork_permissions,
             enable_statistics, enable_locking, enable_downloads
+        )
     def _update_permissions(self, repo, perms_new=None,
                             perms_updates=None):
         if not perms_new:
             perms_new = []
         if not perms_updates:
             perms_updates = []
         # update permissions
         for member, perm, member_type in perms_updates:
             if member_type == 'user':
                 # this updates existing one
                 self.grant_user_permission(
                     repo=repo, user=member, perm=perm
+                )
             else:
                 self.grant_users_group_permission(
                     repo=repo, group_name=member, perm=perm
+                )
         # set new permissions
         for member, perm, member_type in perms_new:
             if member_type == 'user':
                 self.grant_user_permission(
                     repo=repo, user=member, perm=perm
+                )
             else:
                 self.grant_users_group_permission(
                     repo=repo, group_name=member, perm=perm
+                )
     def create_fork(self, form_data, cur_user):
         """
         Simple wrapper into executing celery task for fork creation
         :param form_data:
         :param cur_user:
         """
         from rhodecode.lib.celerylib import tasks, run_task
         run_task(tasks.create_repo_fork, form_data, cur_user)
     def delete(self, repo, forks=None, fs_remove=True):
         """
         Delete given repository, forks parameter defines what do do with
         attached forks. Throws AttachedForksError if deleted repo has attached
         forks
         :param repo:
         :param forks: str 'delete' or 'detach'
         :param fs_remove: remove(archive) repo from filesystem
         """
         repo = self._get_repo(repo)
         if repo:
             if forks == 'detach':
                 for r in repo.forks:
@@ @@ -538,77 +568,77 @@ class RepoModel(BaseModel): @@
         """
         user = self._get_user(user)
         repo = self._get_repo(repo)
         obj = self.sa.query(UserRepoToPerm)\
             .filter(UserRepoToPerm.repository == repo)\
             .filter(UserRepoToPerm.user == user)\
             .scalar()
         if obj:
             self.sa.delete(obj)
             log.debug('Revoked perm on %s on %s' % (repo, user))
     def grant_users_group_permission(self, repo, group_name, perm):
         """
         Grant permission for user group on given repository, or update
         existing one if found
         :param repo: Instance of Repository, repository_id, or repository name
         :param group_name: Instance of UserGroup, users_group_id,
             or user group name
         :param perm: Instance of Permission, or permission_name
         """
         repo = self._get_repo(repo)
-        group_name = self.__get_users_group(group_name)
+        group_name = self._get_user_group(group_name)
         permission = self._get_perm(perm)
         # check if we have that permission already
         obj = self.sa.query(UserGroupRepoToPerm)\
             .filter(UserGroupRepoToPerm.users_group == group_name)\
             .filter(UserGroupRepoToPerm.repository == repo)\
             .scalar()
         if obj is None:
             # create new
             obj = UserGroupRepoToPerm()
         obj.repository = repo
         obj.users_group = group_name
         obj.permission = permission
         self.sa.add(obj)
         log.debug('Granted perm %s to %s on %s' % (perm, group_name, repo))
     def revoke_users_group_permission(self, repo, group_name):
         """
         Revoke permission for user group on given repository
         :param repo: Instance of Repository, repository_id, or repository name
         :param group_name: Instance of UserGroup, users_group_id,
             or user group name
         """
         repo = self._get_repo(repo)
-        group_name = self.__get_users_group(group_name)
+        group_name = self._get_user_group(group_name)
         obj = self.sa.query(UserGroupRepoToPerm)\
             .filter(UserGroupRepoToPerm.repository == repo)\
             .filter(UserGroupRepoToPerm.users_group == group_name)\
             .scalar()
         if obj:
             self.sa.delete(obj)
             log.debug('Revoked perm to %s on %s' % (repo, group_name))
     def delete_stats(self, repo_name):
         """
         removes stats for given repo
         :param repo_name:
         """
         repo = self._get_repo(repo_name)
         try:
             obj = self.sa.query(Statistics)\
                     .filter(Statistics.repository == repo).scalar()
             if obj:
                 self.sa.delete(obj)
         except Exception:
             log.error(traceback.format_exc())
             raise

rhodecode/model/repos_group.py

➞

Show inline comments

@@ @@ -21,82 +21,80 @@ @@
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import os
 import logging
 import traceback
 import shutil
 import datetime
 from rhodecode.lib.utils2 import LazyProperty
 from rhodecode.model import BaseModel
 from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \
     User, Permission, UserGroupRepoGroupToPerm, UserGroup, Repository
 log = logging.getLogger(__name__)
 class ReposGroupModel(BaseModel):
     cls = RepoGroup
-    def __get_users_group(self, users_group):
+    def _get_user_group(self, users_group):
         return self._get_instance(UserGroup, users_group,
                                   callback=UserGroup.get_by_group_name)
-    def _get_repos_group(self, repos_group):
+    def _get_repo_group(self, repos_group):
         return self._get_instance(RepoGroup, repos_group,
                                   callback=RepoGroup.get_by_group_name)
     @LazyProperty
     def repos_path(self):
         """
         Get's the repositories root path from database
         """
         q = RhodeCodeUi.get_by_key('/')
         return q.ui_value
     def _create_default_perms(self, new_group):
         # create default permission
         repo_group_to_perm = UserRepoGroupToPerm()
         default_perm = 'group.read'
         for p in User.get_by_username('default').user_perms:
         def_user = User.get_by_username('default')
         for p in def_user.user_perms:
             if p.permission.permission_name.startswith('group.'):
                 default_perm = p.permission.permission_name
                 break
         repo_group_to_perm.permission_id = self.sa.query(Permission)\
                 .filter(Permission.permission_name == default_perm)\
                 .one().permission_id
         repo_group_to_perm = UserRepoGroupToPerm()
         repo_group_to_perm.permission = Permission.get_by_key(default_perm)
         repo_group_to_perm.group = new_group
         repo_group_to_perm.user_id = User.get_by_username('default').user_id
         self.sa.add(repo_group_to_perm)
         repo_group_to_perm.user_id = def_user.user_id
         return repo_group_to_perm
     def __create_group(self, group_name):
         """
         makes repository group on filesystem
         :param repo_name:
         :param parent_id:
         """
         create_path = os.path.join(self.repos_path, group_name)
         log.debug('creating new group in %s' % create_path)
         if os.path.isdir(create_path):
             raise Exception('That directory already exists !')
         os.makedirs(create_path)
     def __rename_group(self, old, new):
         """
         Renames a group on filesystem
         :param group_name:
         """
@@ @@ -122,315 +120,310 @@ class ReposGroupModel(BaseModel): @@
         :param group: instance of group from database
         :param force_delete: use shutil rmtree to remove all objects
         """
         paths = group.full_path.split(RepoGroup.url_sep())
         paths = os.sep.join(paths)
         rm_path = os.path.join(self.repos_path, paths)
         log.info("Removing group %s" % (rm_path))
         # delete only if that path really exists
         if os.path.isdir(rm_path):
             if force_delete:
                 shutil.rmtree(rm_path)
             else:
                 #archive that group`
                 _now = datetime.datetime.now()
                 _ms = str(_now.microsecond).rjust(6, '0')
                 _d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms),
                                           group.name)
                 shutil.move(rm_path, os.path.join(self.repos_path, _d))
     def create(self, group_name, group_description, owner, parent=None, just_db=False):
         try:
             new_repos_group = RepoGroup()
             new_repos_group.user = self._get_user(owner)
             new_repos_group.group_description = group_description or group_name
-            new_repos_group.parent_group = self._get_repos_group(parent)
+            new_repos_group.parent_group = self._get_repo_group(parent)
             new_repos_group.group_name = new_repos_group.get_new_name(group_name)
             self.sa.add(new_repos_group)
             self._create_default_perms(new_repos_group)
             perm_obj = self._create_default_perms(new_repos_group)
             self.sa.add(perm_obj)
             #create an ADMIN permission for owner, later owner should go into
             #the owner field of groups
             self.grant_user_permission(repos_group=new_repos_group,
                                        user=owner, perm='group.admin')
             if not just_db:
                 # we need to flush here, in order to check if database won't
                 # throw any exceptions, create filesystem dirs at the very end
                 self.sa.flush()
                 self.__create_group(new_repos_group.group_name)
             return new_repos_group
         except Exception:
             log.error(traceback.format_exc())
             raise
     def _update_permissions(self, repos_group, perms_new=None,
                             perms_updates=None, recursive=False):
         from rhodecode.model.repo import RepoModel
         if not perms_new:
             perms_new = []
         if not perms_updates:
             perms_updates = []
         def _set_perm_user(obj, user, perm):
             if isinstance(obj, RepoGroup):
-                ReposGroupModel().grant_user_permission(
+                self.grant_user_permission(
                     repos_group=obj, user=user, perm=perm
+                )
             elif isinstance(obj, Repository):
                 #we do this ONLY IF repository is non-private
                 if obj.private:
                     return
                 # we set group permission but we have to switch to repo
                 # permission
                 perm = perm.replace('group.', 'repository.')
                 RepoModel().grant_user_permission(
                     repo=obj, user=user, perm=perm
+                )
         def _set_perm_group(obj, users_group, perm):
             if isinstance(obj, RepoGroup):
-                ReposGroupModel().grant_users_group_permission(
+                self.grant_users_group_permission(
                     repos_group=obj, group_name=users_group, perm=perm
+                )
             elif isinstance(obj, Repository):
                 # we set group permission but we have to switch to repo
                 # permission
                 perm = perm.replace('group.', 'repository.')
                 RepoModel().grant_users_group_permission(
                     repo=obj, group_name=users_group, perm=perm
+                )
         updates = []
         log.debug('Now updating permissions for %s in recursive mode:%s'
                   % (repos_group, recursive))
         for obj in repos_group.recursive_groups_and_repos():
             #obj is an instance of a group or repositories in that group
             if not recursive:
                 obj = repos_group
             # update permissions
             for member, perm, member_type in perms_updates:
                 ## set for user
                 if member_type == 'user':
                     # this updates also current one if found
                     _set_perm_user(obj, user=member, perm=perm)
                 ## set for user group
                 else:
                     _set_perm_group(obj, users_group=member, perm=perm)
             # set new permissions
             for member, perm, member_type in perms_new:
                 if member_type == 'user':
                     _set_perm_user(obj, user=member, perm=perm)
                 else:
                     _set_perm_group(obj, users_group=member, perm=perm)
             updates.append(obj)
             #if it's not recursive call
             # break the loop and don't proceed with other changes
             if not recursive:
                 break
         return updates
     def update(self, repos_group, form_data):
         try:
             repos_group = self._get_repos_group(repos_group)
             recursive = form_data['recursive']
             # iterate over all members(if in recursive mode) of this groups and
             # set the permissions !
             # this can be potentially heavy operation
             self._update_permissions(repos_group, form_data['perms_new'],
                                      form_data['perms_updates'], recursive)
             repos_group = self._get_repo_group(repos_group)
             old_path = repos_group.full_path
             # change properties
             repos_group.group_description = form_data['group_description']
             repos_group.group_parent_id = form_data['group_parent_id']
             repos_group.enable_locking = form_data['enable_locking']
             repos_group.parent_group = RepoGroup.get(form_data['group_parent_id'])
             repos_group.group_name = repos_group.get_new_name(form_data['group_name'])
             new_path = repos_group.full_path
             self.sa.add(repos_group)
             # iterate over all members of this groups and do fixes
             # set locking if given
             # if obj is a repoGroup also fix the name of the group according
             # to the parent
             # if obj is a Repo fix it's name
             # this can be potentially heavy operation
             for obj in repos_group.recursive_groups_and_repos():
                 #set the value from it's parent
                 obj.enable_locking = repos_group.enable_locking
                 if isinstance(obj, RepoGroup):
                     new_name = obj.get_new_name(obj.name)
                     log.debug('Fixing group %s to new name %s' \
                                 % (obj.group_name, new_name))
                     obj.group_name = new_name
                 elif isinstance(obj, Repository):
                     # we need to get all repositories from this new group and
                     # rename them accordingly to new group path
                     new_name = obj.get_new_name(obj.just_name)
                     log.debug('Fixing repo %s to new name %s' \
                                 % (obj.repo_name, new_name))
                     obj.repo_name = new_name
                 self.sa.add(obj)
             self.__rename_group(old_path, new_path)
             return repos_group
         except Exception:
             log.error(traceback.format_exc())
             raise
     def delete(self, repos_group, force_delete=False):
-        repos_group = self._get_repos_group(repos_group)
+        repos_group = self._get_repo_group(repos_group)
         try:
             self.sa.delete(repos_group)
             self.__delete_group(repos_group, force_delete)
         except Exception:
             log.error('Error removing repos_group %s' % repos_group)
             raise
     def delete_permission(self, repos_group, obj, obj_type, recursive):
         """
         Revokes permission for repos_group for given obj(user or users_group),
         obj_type can be user or user group
         :param repos_group:
         :param obj: user or user group id
         :param obj_type: user or user group type
         :param recursive: recurse to all children of group
         """
         from rhodecode.model.repo import RepoModel
-        repos_group = self._get_repos_group(repos_group)
+        repos_group = self._get_repo_group(repos_group)
         for el in repos_group.recursive_groups_and_repos():
             if not recursive:
                 # if we don't recurse set the permission on only the top level
                 # object
                 el = repos_group
             if isinstance(el, RepoGroup):
                 if obj_type == 'user':
                     ReposGroupModel().revoke_user_permission(el, user=obj)
                 elif obj_type == 'users_group':
                     ReposGroupModel().revoke_users_group_permission(el, group_name=obj)
                 else:
                     raise Exception('undefined object type %s' % obj_type)
             elif isinstance(el, Repository):
                 if obj_type == 'user':
                     RepoModel().revoke_user_permission(el, user=obj)
                 elif obj_type == 'users_group':
                     RepoModel().revoke_users_group_permission(el, group_name=obj)
                 else:
                     raise Exception('undefined object type %s' % obj_type)
             #if it's not recursive call
             # break the loop and don't proceed with other changes
             if not recursive:
                 break
     def grant_user_permission(self, repos_group, user, perm):
         """
         Grant permission for user on given repository group, or update
         existing one if found
         :param repos_group: Instance of ReposGroup, repositories_group_id,
             or repositories_group name
         :param user: Instance of User, user_id or username
         :param perm: Instance of Permission, or permission_name
         """
-        repos_group = self._get_repos_group(repos_group)
+        repos_group = self._get_repo_group(repos_group)
         user = self._get_user(user)
         permission = self._get_perm(perm)
         # check if we have that permission already
         obj = self.sa.query(UserRepoGroupToPerm)\
             .filter(UserRepoGroupToPerm.user == user)\
             .filter(UserRepoGroupToPerm.group == repos_group)\
             .scalar()
         if obj is None:
             # create new !
             obj = UserRepoGroupToPerm()
         obj.group = repos_group
         obj.user = user
         obj.permission = permission
         self.sa.add(obj)
         log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group))
     def revoke_user_permission(self, repos_group, user):
         """
         Revoke permission for user on given repository group
         :param repos_group: Instance of ReposGroup, repositories_group_id,
             or repositories_group name
         :param user: Instance of User, user_id or username
         """
-        repos_group = self._get_repos_group(repos_group)
+        repos_group = self._get_repo_group(repos_group)
         user = self._get_user(user)
         obj = self.sa.query(UserRepoGroupToPerm)\
             .filter(UserRepoGroupToPerm.user == user)\
             .filter(UserRepoGroupToPerm.group == repos_group)\
             .scalar()
         if obj:
             self.sa.delete(obj)
             log.debug('Revoked perm on %s on %s' % (repos_group, user))
     def grant_users_group_permission(self, repos_group, group_name, perm):
         """
         Grant permission for user group on given repository group, or update
         existing one if found
         :param repos_group: Instance of ReposGroup, repositories_group_id,
             or repositories_group name
         :param group_name: Instance of UserGroup, users_group_id,
             or user group name
         :param perm: Instance of Permission, or permission_name
         """
         repos_group = self._get_repos_group(repos_group)
         group_name = self.__get_users_group(group_name)
         repos_group = self._get_repo_group(repos_group)
         group_name = self._get_user_group(group_name)
         permission = self._get_perm(perm)
         # check if we have that permission already
         obj = self.sa.query(UserGroupRepoGroupToPerm)\
             .filter(UserGroupRepoGroupToPerm.group == repos_group)\
             .filter(UserGroupRepoGroupToPerm.users_group == group_name)\
             .scalar()
         if obj is None:
             # create new
             obj = UserGroupRepoGroupToPerm()
         obj.group = repos_group
         obj.users_group = group_name
         obj.permission = permission
         self.sa.add(obj)
         log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group))
     def revoke_users_group_permission(self, repos_group, group_name):
         """
         Revoke permission for user group on given repository group
         :param repos_group: Instance of ReposGroup, repositories_group_id,
             or repositories_group name
         :param group_name: Instance of UserGroup, users_group_id,
             or user group name
         """
         repos_group = self._get_repos_group(repos_group)
         group_name = self.__get_users_group(group_name)
         repos_group = self._get_repo_group(repos_group)
         group_name = self._get_user_group(group_name)
         obj = self.sa.query(UserGroupRepoGroupToPerm)\
             .filter(UserGroupRepoGroupToPerm.group == repos_group)\
             .filter(UserGroupRepoGroupToPerm.users_group == group_name)\
             .scalar()
         if obj:
             self.sa.delete(obj)
             log.debug('Revoked perm to %s on %s' % (repos_group, group_name))

rhodecode/model/scm.py

➞

Show inline comments

@@ @@ -25,49 +25,50 @@ @@
 from __future__ import with_statement
 import os
 import re
 import time
 import traceback
 import logging
 import cStringIO
 import pkg_resources
 from os.path import dirname as dn, join as jn
 from sqlalchemy import func
 from pylons.i18n.translation import _
 import rhodecode
 from rhodecode.lib.vcs import get_backend
 from rhodecode.lib.vcs.exceptions import RepositoryError
 from rhodecode.lib.vcs.utils.lazy import LazyProperty
 from rhodecode.lib.vcs.nodes import FileNode
 from rhodecode.lib.vcs.backends.base import EmptyChangeset
 from rhodecode import BACKENDS
 from rhodecode.lib import helpers as h
 from rhodecode.lib.utils2 import safe_str, safe_unicode, get_server_url,\
     _set_extras
 from rhodecode.lib.auth import HasRepoPermissionAny, HasReposGroupPermissionAny
 from rhodecode.lib.auth import HasRepoPermissionAny, HasReposGroupPermissionAny,\
     HasUserGroupPermissionAnyDecorator, HasUserGroupPermissionAny
 from rhodecode.lib.utils import get_filesystem_repos, make_ui, \
     action_logger, REMOVED_REPO_PAT
 from rhodecode.model import BaseModel
 from rhodecode.model.db import Repository, RhodeCodeUi, CacheInvalidation, \
     UserFollowing, UserLog, User, RepoGroup, PullRequest
 from rhodecode.lib.hooks import log_push_action
 log = logging.getLogger(__name__)
 class UserTemp(object):
     def __init__(self, user_id):
         self.user_id = user_id
     def __repr__(self):
         return "<%s('id:%s')>" % (self.__class__.__name__, self.user_id)
 class RepoTemp(object):
     def __init__(self, repo_id):
         self.repo_id = repo_id
     def __repr__(self):
         return "<%s('id:%s')>" % (self.__class__.__name__, self.repo_id)
@@ @@ -144,78 +145,100 @@ class CachedRepoList(object): @@
 class SimpleCachedRepoList(CachedRepoList):
     """
     Lighter version of CachedRepoList without the scm initialisation
     """
     def __iter__(self):
         for dbr in self.db_repo_list:
             # check permission at this level
             if not HasRepoPermissionAny(
                 *self.perm_set
             )(dbr.repo_name, 'get repo check'):
                 continue
             tmp_d = {}
             tmp_d['name'] = dbr.repo_name
             tmp_d['name_sort'] = tmp_d['name'].lower()
             tmp_d['raw_name'] = tmp_d['name'].lower()
             tmp_d['description'] = dbr.description
             tmp_d['description_sort'] = tmp_d['description'].lower()
             tmp_d['dbrepo'] = dbr.get_dict()
             tmp_d['dbrepo_fork'] = dbr.fork.get_dict() if dbr.fork else {}
             yield tmp_d
 class GroupList(object):
     def __init__(self, db_repo_group_list, perm_set=None):
 class _PermCheckIterator(object):
     def __init__(self, obj_list, obj_attr, perm_set, perm_checker):
         """
-        Creates iterator from given list of group objects, additionally
         Creates iterator from given list of objects, additionally
         checking permission for them from perm_set var
         :param db_repo_group_list:
         :param perm_set: list of permissons to check
         :param obj_list: list of db objects
         :param obj_attr: attribute of object to pass into perm_checker
         :param perm_set: list of permissions to check
         :param perm_checker: callable to check permissions against
         """
         self.db_repo_group_list = db_repo_group_list
         if not perm_set:
             perm_set = ['group.read', 'group.write', 'group.admin']
         self.obj_list = obj_list
         self.obj_attr = obj_attr
         self.perm_set = perm_set
         self.perm_checker = perm_checker
     def __len__(self):
-        return len(self.db_repo_group_list)
+        return len(self.obj_list)
     def __repr__(self):
         return '<%s (%s)>' % (self.__class__.__name__, self.__len__())
     def __iter__(self):
-        for dbgr in self.db_repo_group_list:
+        for db_obj in self.obj_list:
             # check permission at this level
             if not HasReposGroupPermissionAny(
                 *self.perm_set
             )(dbgr.group_name, 'get group repo check'):
             name = getattr(db_obj, self.obj_attr, None)
             if not self.perm_checker(*self.perm_set)(name, self.__class__.__name__):
                 continue
             yield dbgr
             yield db_obj
 class RepoGroupList(_PermCheckIterator):
     def __init__(self, db_repo_group_list, perm_set=None):
         if not perm_set:
             perm_set = ['group.read', 'group.write', 'group.admin']
         super(RepoGroupList, self).__init__(obj_list=db_repo_group_list,
                     obj_attr='group_name', perm_set=perm_set,
                     perm_checker=HasReposGroupPermissionAny)
 class UserGroupList(_PermCheckIterator):
     def __init__(self, db_user_group_list, perm_set=None):
         if not perm_set:
             perm_set = ['usergroup.read', 'usergroup.write', 'usergroup.admin']
         super(UserGroupList, self).__init__(obj_list=db_user_group_list,
                     obj_attr='users_group_name', perm_set=perm_set,
                     perm_checker=HasUserGroupPermissionAny)
 class ScmModel(BaseModel):
     """
     Generic Scm Model
     """
     def __get_repo(self, instance):
         cls = Repository
         if isinstance(instance, cls):
             return instance
         elif isinstance(instance, int) or safe_str(instance).isdigit():
             return cls.get(instance)
         elif isinstance(instance, basestring):
             return cls.get_by_repo_name(instance)
         elif instance:
             raise Exception('given object must be int, basestr or Instance'
                             ' of %s got %s' % (type(cls), type(instance)))
     @LazyProperty
     def repos_path(self):
         """
         Get's the repositories root path from database
         """
@@ @@ -272,49 +295,49 @@ class ScmModel(BaseModel): @@
             give specific repositories list, good for filtering
         :param sort_key: initial sorting of repos
         :param simple: use SimpleCachedList - one without the SCM info
         """
         if all_repos is None:
             all_repos = self.sa.query(Repository)\
                         .filter(Repository.group_id == None)\
                         .order_by(func.lower(Repository.repo_name)).all()
         if simple:
             repo_iter = SimpleCachedRepoList(all_repos,
                                              repos_path=self.repos_path,
                                              order_by=sort_key)
         else:
             repo_iter = CachedRepoList(all_repos,
                                        repos_path=self.repos_path,
                                        order_by=sort_key)
         return repo_iter
     def get_repos_groups(self, all_groups=None):
         if all_groups is None:
             all_groups = RepoGroup.query()\
                 .filter(RepoGroup.group_parent_id == None).all()
-        return [x for x in GroupList(all_groups)]
+        return [x for x in RepoGroupList(all_groups)]
     def mark_for_invalidation(self, repo_name):
         """
         Mark caches of this repo invalid in the database.
         :param repo_name: the repo for which caches should be marked invalid
         """
         invalidated_keys = CacheInvalidation.set_invalidate(repo_name)
         repo = Repository.get_by_repo_name(repo_name)
         if repo:
             repo.update_changeset_cache()
         return invalidated_keys
     def toggle_following_repo(self, follow_repo_id, user_id):
         f = self.sa.query(UserFollowing)\
             .filter(UserFollowing.follows_repo_id == follow_repo_id)\
             .filter(UserFollowing.user_id == user_id).scalar()
         if f is not None:
             try:
                 self.sa.delete(f)
                 action_logger(UserTemp(user_id),
                               'stopped_following_repo',

rhodecode/model/user.py

➞

Show inline comments

@@ @@ -404,127 +404,143 @@ class UserModel(BaseModel): @@
             log.error(traceback.format_exc())
             auth_user.is_authenticated = False
             return False
         return True
     def fill_perms(self, user, explicit=True, algo='higherwin'):
         """
         Fills user permission attribute with permissions taken from database
         works for permissions given for repositories, and for permissions that
         are granted to groups
         :param user: user instance to fill his perms
         :param explicit: In case there are permissions both for user and a group
             that user is part of, explicit flag will defiine if user will
             explicitly override permissions from group, if it's False it will
             make decision based on the algo
         :param algo: algorithm to decide what permission should be choose if
             it's multiple defined, eg user in two different groups. It also
             decides if explicit flag is turned off how to specify the permission
             for case when user is in a group + have defined separate permission
         """
         RK = 'repositories'
         GK = 'repositories_groups'
         UK = 'user_groups'
         GLOBAL = 'global'
         user.permissions[RK] = {}
         user.permissions[GK] = {}
         user.permissions[UK] = {}
         user.permissions[GLOBAL] = set()
         def _choose_perm(new_perm, cur_perm):
             new_perm_val = PERM_WEIGHTS[new_perm]
             cur_perm_val = PERM_WEIGHTS[cur_perm]
             if algo == 'higherwin':
                 if new_perm_val > cur_perm_val:
                     return new_perm
                 return cur_perm
             elif algo == 'lowerwin':
                 if new_perm_val < cur_perm_val:
                     return new_perm
                 return cur_perm
         #======================================================================
         # fetch default permissions
         #======================================================================
         default_user = User.get_by_username('default', cache=True)
         default_user_id = default_user.user_id
         default_repo_perms = Permission.get_default_perms(default_user_id)
         default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)
         default_user_group_perms = Permission.get_default_user_group_perms(default_user_id)
         if user.is_admin:
             #==================================================================
             # admin user have all default rights for repositories
             # and groups set to admin
             #==================================================================
             user.permissions[GLOBAL].add('hg.admin')
             # repositories
             for perm in default_repo_perms:
                 r_k = perm.UserRepoToPerm.repository.repo_name
                 p = 'repository.admin'
                 user.permissions[RK][r_k] = p
             # repository groups
             for perm in default_repo_groups_perms:
                 rg_k = perm.UserRepoGroupToPerm.group.group_name
                 p = 'group.admin'
                 user.permissions[GK][rg_k] = p
             # user groups
             for perm in default_user_group_perms:
                 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
                 p = 'usergroup.admin'
                 user.permissions[UK][u_k] = p
             return user
         #==================================================================
         # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS
         #==================================================================
         uid = user.user_id
         # default global permissions taken fron the default user
         default_global_perms = self.sa.query(UserToPerm)\
             .filter(UserToPerm.user_id == default_user_id)
         for perm in default_global_perms:
             user.permissions[GLOBAL].add(perm.permission.permission_name)
         # defaults for repositories, taken from default user
         for perm in default_repo_perms:
             r_k = perm.UserRepoToPerm.repository.repo_name
             if perm.Repository.private and not (perm.Repository.user_id == uid):
                 # disable defaults for private repos,
                 p = 'repository.none'
             elif perm.Repository.user_id == uid:
                 # set admin if owner
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
             user.permissions[RK][r_k] = p
         # defaults for repository groups taken from default user permission
         # on given group
         for perm in default_repo_groups_perms:
             rg_k = perm.UserRepoGroupToPerm.group.group_name
             p = perm.Permission.permission_name
             user.permissions[GK][rg_k] = p
         # defaults for user groups taken from default user permission
         # on given user group
         for perm in default_user_group_perms:
             u_k = perm.UserUserGroupToPerm.user_group.users_group_name
             p = perm.Permission.permission_name
             user.permissions[UK][u_k] = p
         #======================================================================
         # !! OVERRIDE GLOBALS !! with user permissions if any found
         #======================================================================
         # those can be configured from groups or users explicitly
         _configurable = set(['hg.fork.none', 'hg.fork.repository',
                              'hg.create.none', 'hg.create.repository'])
         # USER GROUPS comes first
         # user group global permissions
         user_perms_from_users_groups = self.sa.query(UserGroupToPerm)\
             .options(joinedload(UserGroupToPerm.permission))\
             .join((UserGroupMember, UserGroupToPerm.users_group_id ==
                    UserGroupMember.users_group_id))\
             .filter(UserGroupMember.user_id == uid)\
             .order_by(UserGroupToPerm.users_group_id)\
             .all()
         #need to group here by groups since user can be in more than one group
         _grouped = [[x, list(y)] for x, y in
                     itertools.groupby(user_perms_from_users_groups,
                                       lambda x:x.users_group)]
         for gr, perms in _grouped:
             # since user can be in multiple groups iterate over them and
             # select the lowest permissions first (more explicit)
             ##TODO: do this^^
@@ @@ -567,115 +583,113 @@ class UserModel(BaseModel): @@
             .join((Permission, UserGroupRepoToPerm.permission_id ==
                    Permission.permission_id))\
             .join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==
                    UserGroupMember.users_group_id))\
             .filter(UserGroupMember.user_id == uid)\
             .all()
         multiple_counter = collections.defaultdict(int)
         for perm in user_repo_perms_from_users_groups:
             r_k = perm.UserGroupRepoToPerm.repository.repo_name
             multiple_counter[r_k] += 1
             p = perm.Permission.permission_name
             cur_perm = user.permissions[RK][r_k]
             if perm.Repository.user_id == uid:
                 # set admin if owner
                 p = 'repository.admin'
             else:
                 if multiple_counter[r_k] > 1:
                     p = _choose_perm(p, cur_perm)
             user.permissions[RK][r_k] = p
         # user explicit permissions for repositories, overrides any specified
         # by the group permission
         user_repo_perms = \
          self.sa.query(UserRepoToPerm, Permission, Repository)\
             .join((Repository, UserRepoToPerm.repository_id ==
                    Repository.repo_id))\
             .join((Permission, UserRepoToPerm.permission_id ==
                    Permission.permission_id))\
             .filter(UserRepoToPerm.user_id == uid)\
             .all()
         user_repo_perms = Permission.get_default_perms(uid)
         for perm in user_repo_perms:
             r_k = perm.UserRepoToPerm.repository.repo_name
             cur_perm = user.permissions[RK][r_k]
             # set admin if owner
             if perm.Repository.user_id == uid:
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
                 if not explicit:
                     p = _choose_perm(p, cur_perm)
             user.permissions[RK][r_k] = p
         #======================================================================
         # !! PERMISSIONS FOR REPOSITORY GROUPS !!
         #======================================================================
         #======================================================================
         # check if user is part of user groups for this repository groups and
         # fill in his permission from it. _choose_perm decides of which
         # permission should be selected based on selected method
         #======================================================================
         # user group for repo groups permissions
         user_repo_group_perms_from_users_groups = \
          self.sa.query(UserGroupRepoGroupToPerm, Permission, RepoGroup)\
          .join((RepoGroup, UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\
          .join((Permission, UserGroupRepoGroupToPerm.permission_id
                 == Permission.permission_id))\
          .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id
                 == UserGroupMember.users_group_id))\
          .filter(UserGroupMember.user_id == uid)\
          .all()
         multiple_counter = collections.defaultdict(int)
         for perm in user_repo_group_perms_from_users_groups:
             g_k = perm.UserGroupRepoGroupToPerm.group.group_name
             multiple_counter[g_k] += 1
             p = perm.Permission.permission_name
             cur_perm = user.permissions[GK][g_k]
             if multiple_counter[g_k] > 1:
                 p = _choose_perm(p, cur_perm)
             user.permissions[GK][g_k] = p
         # user explicit permissions for repository groups
         user_repo_groups_perms = \
          self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\
          .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
          .join((Permission, UserRepoGroupToPerm.permission_id
                 == Permission.permission_id))\
          .filter(UserRepoGroupToPerm.user_id == uid)\
          .all()
         user_repo_groups_perms = Permission.get_default_group_perms(uid)
         for perm in user_repo_groups_perms:
             rg_k = perm.UserRepoGroupToPerm.group.group_name
             p = perm.Permission.permission_name
             cur_perm = user.permissions[GK][rg_k]
             if not explicit:
                 p = _choose_perm(p, cur_perm)
             user.permissions[GK][rg_k] = p
         #======================================================================
         # !! PERMISSIONS FOR USER GROUPS !!
         #======================================================================
         #user explicit permission for user groups
         user_user_groups_perms = Permission.get_default_user_group_perms(uid)
         for perm in user_user_groups_perms:
             u_k = perm.UserUserGroupToPerm.user_group.users_group_name
             p = perm.Permission.permission_name
             cur_perm = user.permissions[UK][u_k]
             if not explicit:
                 p = _choose_perm(p, cur_perm)
             user.permissions[UK][u_k] = p
         return user
     def has_perm(self, user, perm):
         perm = self._get_perm(perm)
         user = self._get_user(user)
         return UserToPerm.query().filter(UserToPerm.user == user)\
             .filter(UserToPerm.permission == perm).scalar() is not None
     def grant_perm(self, user, perm):
         """
         Grant user global permissions
         :param user:
         :param perm:
         """
         user = self._get_user(user)
         perm = self._get_perm(perm)
         # if this permission is already granted skip it
         _perm = UserToPerm.query()\
             .filter(UserToPerm.user == user)\
             .filter(UserToPerm.permission == perm)\
             .scalar()
         if _perm:

rhodecode/model/users_group.py

➞

Show inline comments

@@ @@ -8,185 +8,288 @@ @@
     :created_on: Oct 1, 2011
     :author: nvinot
     :copyright: (C) 2011-2011 Nicolas Vinot <aeris@imirhil.fr>
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import traceback
 from rhodecode.model import BaseModel
 from rhodecode.model.db import UserGroupMember, UserGroup,\
     UserGroupRepoToPerm, Permission, UserGroupToPerm, User
+    UserGroupRepoToPerm, Permission, UserGroupToPerm, User, UserUserGroupToPerm
 from rhodecode.lib.exceptions import UserGroupsAssignedException
 log = logging.getLogger(__name__)
 class UserGroupModel(BaseModel):
     cls = UserGroup
-    def __get_users_group(self, users_group):
+    def _get_user_group(self, users_group):
         return self._get_instance(UserGroup, users_group,
                                   callback=UserGroup.get_by_group_name)
     def _create_default_perms(self, user_group):
         # create default permission
         default_perm = 'usergroup.read'
         def_user = User.get_by_username('default')
         for p in def_user.user_perms:
             if p.permission.permission_name.startswith('usergroup.'):
                 default_perm = p.permission.permission_name
                 break
         user_group_to_perm = UserUserGroupToPerm()
         user_group_to_perm.permission = Permission.get_by_key(default_perm)
         user_group_to_perm.user_group = user_group
         user_group_to_perm.user_id = def_user.user_id
         return user_group_to_perm
     def _update_permissions(self, user_group, perms_new=None,
                             perms_updates=None):
         if not perms_new:
             perms_new = []
         if not perms_updates:
             perms_updates = []
         # update permissions
         for member, perm, member_type in perms_updates:
             if member_type == 'user':
                 # this updates existing one
                 self.grant_user_permission(
                     user_group=user_group, user=member, perm=perm
+                )
             else:
                 self.grant_users_group_permission(
                     user_group=user_group, group_name=member, perm=perm
+                )
         # set new permissions
         for member, perm, member_type in perms_new:
             if member_type == 'user':
                 self.grant_user_permission(
                     user_group=user_group, user=member, perm=perm
+                )
             else:
                 self.grant_users_group_permission(
                     user_group=user_group, group_name=member, perm=perm
+                )
     def get(self, users_group_id, cache=False):
         return UserGroup.get(users_group_id)
     def get_group(self, users_group):
-        return self.__get_users_group(users_group)
+        return self._get_user_group(users_group)
     def get_by_name(self, name, cache=False, case_insensitive=False):
         return UserGroup.get_by_group_name(name, cache, case_insensitive)
     def create(self, name, active=True):
+    def create(self, name, owner, active=True):
         try:
             new = UserGroup()
             new.users_group_name = name
             new.users_group_active = active
             self.sa.add(new)
             return new
             new_user_group = UserGroup()
             new_user_group.user = self._get_user(owner)
             new_user_group.users_group_name = name
             new_user_group.users_group_active = active
             self.sa.add(new_user_group)
             perm_obj = self._create_default_perms(new_user_group)
             self.sa.add(perm_obj)
             return new_user_group
         except Exception:
             log.error(traceback.format_exc())
             raise
     def update(self, users_group, form_data):
         try:
-            users_group = self.__get_users_group(users_group)
+            users_group = self._get_user_group(users_group)
             for k, v in form_data.items():
                 if k == 'users_group_members':
                     users_group.members = []
                     self.sa.flush()
                     members_list = []
                     if v:
                         v = [v] if isinstance(v, basestring) else v
                         for u_id in set(v):
                             member = UserGroupMember(users_group.users_group_id, u_id)
                             members_list.append(member)
                     setattr(users_group, 'members', members_list)
                 setattr(users_group, k, v)
             self.sa.add(users_group)
         except Exception:
             log.error(traceback.format_exc())
             raise
     def delete(self, users_group, force=False):
         """
         Deletes repository group, unless force flag is used
         raises exception if there are members in that group, else deletes
         group and users
         :param users_group:
         :param force:
         """
         try:
-            users_group = self.__get_users_group(users_group)
+            users_group = self._get_user_group(users_group)
             # check if this group is not assigned to repo
             assigned_groups = UserGroupRepoToPerm.query()\
                 .filter(UserGroupRepoToPerm.users_group == users_group).all()
             if assigned_groups and not force:
                 raise UserGroupsAssignedException('RepoGroup assigned to %s' %
                                                    assigned_groups)
             self.sa.delete(users_group)
         except Exception:
             log.error(traceback.format_exc())
             raise
     def add_user_to_group(self, users_group, user):
-        users_group = self.__get_users_group(users_group)
+        users_group = self._get_user_group(users_group)
         user = self._get_user(user)
         for m in users_group.members:
             u = m.user
             if u.user_id == user.user_id:
                 return True
         try:
             users_group_member = UserGroupMember()
             users_group_member.user = user
             users_group_member.users_group = users_group
             users_group.members.append(users_group_member)
             user.group_member.append(users_group_member)
             self.sa.add(users_group_member)
             return users_group_member
         except Exception:
             log.error(traceback.format_exc())
             raise
     def remove_user_from_group(self, users_group, user):
-        users_group = self.__get_users_group(users_group)
+        users_group = self._get_user_group(users_group)
         user = self._get_user(user)
         users_group_member = None
         for m in users_group.members:
             if m.user.user_id == user.user_id:
                 # Found this user's membership row
                 users_group_member = m
                 break
         if users_group_member:
             try:
                 self.sa.delete(users_group_member)
                 return True
             except Exception:
                 log.error(traceback.format_exc())
                 raise
         else:
             # User isn't in that group
             return False
     def has_perm(self, users_group, perm):
-        users_group = self.__get_users_group(users_group)
+        users_group = self._get_user_group(users_group)
         perm = self._get_perm(perm)
         return UserGroupToPerm.query()\
             .filter(UserGroupToPerm.users_group == users_group)\
             .filter(UserGroupToPerm.permission == perm).scalar() is not None
     def grant_perm(self, users_group, perm):
-        users_group = self.__get_users_group(users_group)
+        users_group = self._get_user_group(users_group)
         perm = self._get_perm(perm)
         # if this permission is already granted skip it
         _perm = UserGroupToPerm.query()\
             .filter(UserGroupToPerm.users_group == users_group)\
             .filter(UserGroupToPerm.permission == perm)\
             .scalar()
         if _perm:
             return
         new = UserGroupToPerm()
         new.users_group = users_group
         new.permission = perm
         self.sa.add(new)
     def revoke_perm(self, users_group, perm):
-        users_group = self.__get_users_group(users_group)
+        users_group = self._get_user_group(users_group)
         perm = self._get_perm(perm)
         obj = UserGroupToPerm.query()\
             .filter(UserGroupToPerm.users_group == users_group)\
             .filter(UserGroupToPerm.permission == perm).scalar()
         if obj:
             self.sa.delete(obj)
     def grant_user_permission(self, user_group, user, perm):
         """
         Grant permission for user on given user group, or update
         existing one if found
         :param user_group: Instance of UserGroup, users_group_id,
             or users_group_name
         :param user: Instance of User, user_id or username
         :param perm: Instance of Permission, or permission_name
         """
         user_group = self._get_user_group(user_group)
         user = self._get_user(user)
         permission = self._get_perm(perm)
         # check if we have that permission already
         obj = self.sa.query(UserUserGroupToPerm)\
             .filter(UserUserGroupToPerm.user == user)\
             .filter(UserUserGroupToPerm.user_group == user_group)\
             .scalar()
         if obj is None:
             # create new !
             obj = UserUserGroupToPerm()
         obj.user_group = user_group
         obj.user = user
         obj.permission = permission
         self.sa.add(obj)
         log.debug('Granted perm %s to %s on %s' % (perm, user, user_group))
     def revoke_user_permission(self, user_group, user):
         """
         Revoke permission for user on given repository group
         :param user_group: Instance of ReposGroup, repositories_group_id,
             or repositories_group name
         :param user: Instance of User, user_id or username
         """
         user_group = self._get_user_group(user_group)
         user = self._get_user(user)
         obj = self.sa.query(UserUserGroupToPerm)\
             .filter(UserUserGroupToPerm.user == user)\
             .filter(UserUserGroupToPerm.user_group == user_group)\
             .scalar()
         if obj:
             self.sa.delete(obj)
             log.debug('Revoked perm on %s on %s' % (user_group, user))
     def grant_users_group_permission(self, user_group, group_name, perm):
         raise NotImplementedError()
     def revoke_users_group_permission(self, user_group, group_name):
         raise NotImplementedError()

rhodecode/model/validators.py

➞

Show inline comments

@@ @@ -525,52 +525,54 @@ def CanCreateGroup(can_create_in_root=Fa @@
                 return None
             return value
         def validate_python(self, value, state):
             gr = RepoGroup.get(value)
             gr_name = gr.group_name if gr else None  # None means ROOT location
             if can_create_in_root and gr is None:
                 #we can create in root, we're fine no validations required
                 return
             forbidden_in_root = gr is None and not can_create_in_root
             val = HasReposGroupPermissionAny('group.admin')
             forbidden = not val(gr_name, 'can create group validator')
             if forbidden_in_root or forbidden:
                 msg = M(self, 'permission_denied', state)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(group_parent_id=msg)
+                )
     return _validator
 def ValidPerms(type_='repo'):
-    if type_ == 'group':
+    if type_ == 'repo_group':
         EMPTY_PERM = 'group.none'
     elif type_ == 'repo':
         EMPTY_PERM = 'repository.none'
     elif type_ == 'user_group':
         EMPTY_PERM = 'usergroup.none'
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'perm_new_member_name':
                 _(u'This username or user group name is not valid')
+        }
         def to_python(self, value, state):
             perms_update = OrderedSet()
             perms_new = OrderedSet()
             # build a list of permission to update and new permission to create
             #CLEAN OUT ORG VALUE FROM NEW MEMBERS, and group them using
             new_perms_group = defaultdict(dict)
             for k, v in value.copy().iteritems():
                 if k.startswith('perm_new_member'):
                     del value[k]
                     _type, part = k.split('perm_new_member_')
                     args = part.split('_')
                     if len(args) == 1:
                         new_perms_group[args[0]]['perm'] = v
                     elif len(args) == 2:
                         _key, pos = args
                         new_perms_group[pos][_key] = v

rhodecode/templates/admin/repos/repo_edit_perms.html

➞

Show inline comments

@@ @@ -8,121 +8,115 @@ @@
         <td></td>
     </tr>
     ## USERS
     %for r2p in c.repo_info.repo_to_perm:
         %if r2p.user.username =='default' and c.repo_info.private:
             <tr>
                 <td colspan="4">
                     <span class="private_repo_msg">
                     ${_('private repository')}
                     </span>
                 </td>
                 <td class="private_repo_msg"><img style="vertical-align:bottom" src="${h.url('/images/icons/user.png')}"/>${_('default')}</td>
             </tr>
         %else:
         <tr id="id${id(r2p.user.username)}">
             <td>${h.radio('u_perm_%s' % r2p.user.username,'repository.none')}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'repository.read')}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'repository.write')}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'repository.admin')}</td>
             <td style="white-space: nowrap;">
                 <img class="perm-gravatar" src="${h.gravatar_url(r2p.user.email,14)}"/>${r2p.user.username if r2p.user.username != 'default' else _('default')}
             </td>
             <td>
               %if r2p.user.username !='default':
-                <span class="delete_icon action_button" onclick="ajaxActionUser(${r2p.user.user_id},'${'id%s'%id(r2p.user.username)}')">
+                <span class="delete_icon action_button" onclick="ajaxActionRevoke(${r2p.user.user_id}, 'user', '${'id%s'%id(r2p.user.username)}')">
                 ${_('revoke')}
                 </span>
               %endif
             </td>
         </tr>
         %endif
     %endfor
     ## USER GROUPS
     %for g2p in c.repo_info.users_group_to_perm:
         <tr id="id${id(g2p.users_group.users_group_name)}">
             <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'repository.none')}</td>
             <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'repository.read')}</td>
             <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'repository.write')}</td>
             <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'repository.admin')}</td>
             <td style="white-space: nowrap;">
                 <img class="perm-gravatar" src="${h.url('/images/icons/group.png')}"/>
                 %if h.HasPermissionAny('hg.admin')():
                  <a href="${h.url('edit_users_group',id=g2p.users_group.users_group_id)}">${g2p.users_group.users_group_name}</a>
                 %else:
                  ${g2p.users_group.users_group_name}
                 %endif
             </td>
             <td>
-                <span class="delete_icon action_button" onclick="ajaxActionUserGroup(${g2p.users_group.users_group_id},'${'id%s'%id(g2p.users_group.users_group_name)}')">
+                <span class="delete_icon action_button" onclick="ajaxActionRevoke(${g2p.users_group.users_group_id}, 'user_group', '${'id%s'%id(g2p.users_group.users_group_name)}')">
                 ${_('revoke')}
                 </span>
             </td>
         </tr>
     %endfor
     <%
     _tmpl = h.literal("""' \
         <td><input type="radio" value="repository.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
         <td><input type="radio" value="repository.read" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
         <td><input type="radio" value="repository.write" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
         <td><input type="radio" value="repository.admin" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
         <td class="ac"> \
             <div class="perm_ac" id="perm_ac_{0}"> \
                 <input class="yui-ac-input" id="perm_new_member_name_{0}" name="perm_new_member_name_{0}" value="" type="text"> \
                 <input id="perm_new_member_type_{0}" name="perm_new_member_type_{0}" value="" type="hidden">  \
                 <div id="perm_container_{0}"></div> \
             </div> \
         </td> \
         <td></td>'""")
     %>
     ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl'
     <tr class="new_members last_new_member" id="add_perm_input"></tr>
     <tr>
         <td colspan="6">
             <span id="add_perm" class="add_icon" style="cursor: pointer;">
             ${_('Add another member')}
             </span>
         </td>
     </tr>
 </table>
 <script type="text/javascript">
 function ajaxActionUser(user_id, field_id) {
     var sUrl = "${h.url('delete_repo_user',repo_name=c.repo_name)}";
 function ajaxActionRevoke(obj_id, obj_type, field_id) {
     var callback = {
         success: function (o) {
             var tr = YUD.get(String(field_id));
             tr.parentNode.removeChild(tr);
         },
         failure: function (o) {
-            alert("${_('Failed to remove user')}");
+            alert(_TM['Failed to remoke permission'] + ": " + o.status);
         },
     };
     var postData = '_method=delete&user_id=' + user_id;
     if (obj_type=='user'){
         var sUrl = "${h.url('delete_repo_user',repo_name=c.repo_name)}";
         var postData = '_method=delete&user_id={0}&obj_type=user'.format(obj_id);
+    }
     else if (obj_type=='user_group'){
         var sUrl = "${h.url('delete_repo_users_group',repo_name=c.repo_name)}";
         var postData = '_method=delete&users_group_id={0}&obj_type=user_group'.format(obj_id);
+    }
     var request = YAHOO.util.Connect.asyncRequest('POST', sUrl, callback, postData);
 };
 function ajaxActionUserGroup(users_group_id,field_id){
     var sUrl = "${h.url('delete_repo_users_group',repo_name=c.repo_name)}";
     var callback = {
         success:function(o){
             var tr = YUD.get(String(field_id));
             tr.parentNode.removeChild(tr);
         },
         failure:function(o){
             alert("${_('Failed to remove user group')}");
         },
     };
     var postData = '_method=delete&users_group_id='+users_group_id;
     var request = YAHOO.util.Connect.asyncRequest('POST', sUrl, callback, postData);
 };
 YUE.onDOMReady(function () {
     if (!YUD.hasClass('perm_new_member_name', 'error')) {
         YUD.setStyle('add_perm_input', 'display', 'none');
+    }
     YAHOO.util.Event.addListener('add_perm', 'click', function () {
         addPermAction(${_tmpl}, ${c.users_array|n}, ${c.users_groups_array|n});
     });
 });
 </script>

rhodecode/templates/admin/repos_groups/repos_group_edit_perms.html

➞

Show inline comments

 <table id="permissions_manage" class="noborder">
     <tr>
         <td>${_('none')}</td>
         <td>${_('read')}</td>
         <td>${_('write')}</td>
         <td>${_('admin')}</td>
         <td>${_('member')}</td>
         <td></td>
     </tr>
     ## USERS
     %for r2p in c.repos_group.repo_group_to_perm:
         ##forbid revoking permission from yourself
         <tr id="id${id(r2p.user.username)}">
             %if c.rhodecode_user.user_id != r2p.user.user_id or c.rhodecode_user.is_admin:
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.none')}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.read')}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.write')}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.admin')}</td>
             <td style="white-space: nowrap;">
                 <img class="perm-gravatar" src="${h.gravatar_url(r2p.user.email,14)}"/>${r2p.user.username if r2p.user.username != 'default' else _('default')}
             </td>
             <td>
               %if r2p.user.username !='default':
-                <span class="delete_icon action_button" onclick="ajaxActionUser(${r2p.user.user_id},'${'id%s'%id(r2p.user.username)}')">
+                <span class="delete_icon action_button" onclick="ajaxActionRevoke(${r2p.user.user_id}, 'user', '${'id%s'%id(r2p.user.username)}')">
                 ${_('revoke')}
                 </span>
               %endif
             </td>
             %else:
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.none', disabled="disabled")}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.read', disabled="disabled")}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.write', disabled="disabled")}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.admin', disabled="disabled")}</td>
             <td style="white-space: nowrap;">
                 <img class="perm-gravatar" src="${h.gravatar_url(r2p.user.email,14)}"/>${r2p.user.username if r2p.user.username != 'default' else _('default')}
             </td>
             <td>
             </td>
             %endif
         </tr>
     %endfor
     ## USER GROUPS
     %for g2p in c.repos_group.users_group_to_perm:
         <tr id="id${id(g2p.users_group.users_group_name)}">
             <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.none')}</td>
             <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.read')}</td>
             <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.write')}</td>
             <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.admin')}</td>
             <td style="white-space: nowrap;">
                 <img class="perm-gravatar" src="${h.url('/images/icons/group.png')}"/>${g2p.users_group.users_group_name}
             </td>
             <td>
-                <span class="delete_icon action_button" onclick="ajaxActionUserGroup(${g2p.users_group.users_group_id},'${'id%s'%id(g2p.users_group.users_group_name)}')">
+                <span class="delete_icon action_button" onclick="ajaxActionRevoke(${g2p.users_group.users_group_id}, 'user_group', '${'id%s'%id(g2p.users_group.users_group_name)}')">
                 ${_('revoke')}
                 </span>
             </td>
         </tr>
     %endfor
 <%
     _tmpl = h.literal("""' \
         <td><input type="radio" value="group.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
         <td><input type="radio" value="group.read" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
         <td><input type="radio" value="group.write" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
         <td><input type="radio" value="group.admin" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
         <td class="ac"> \
             <div class="perm_ac" id="perm_ac_{0}"> \
                 <input class="yui-ac-input" id="perm_new_member_name_{0}" name="perm_new_member_name_{0}" value="" type="text"> \
                 <input id="perm_new_member_type_{0}" name="perm_new_member_type_{0}" value="" type="hidden">  \
                 <div id="perm_container_{0}"></div> \
             </div> \
         </td> \
         <td></td>'""")
     %>
     ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl'
     <tr class="new_members last_new_member" id="add_perm_input"></tr>
     <tr>
         <td colspan="6">
             <span id="add_perm" class="add_icon" style="cursor: pointer;">
             ${_('Add another member')}
             </span>
         </td>
     </tr>
     <tr>
         <td colspan="6">
            ${h.checkbox('recursive',value="True", label=_('apply to children'))}
            <span class="help-block">${_('Set or revoke permission to all children of that group, including non-private repositories and other groups')}</span>
         </td>
     </tr>
 </table>
 <script type="text/javascript">
 function ajaxActionUser(user_id, field_id) {
     var sUrl = "${h.url('delete_repos_group_user_perm',group_name=c.repos_group.group_name)}";
 function ajaxActionRevoke(obj_id, obj_type, field_id) {
     var callback = {
         success: function (o) {
             var tr = YUD.get(String(field_id));
             tr.parentNode.removeChild(tr);
         },
         failure: function (o) {
-            alert("${_('Failed to remove user')}");
+            alert(_TM['Failed to remoke permission'] + ": " + o.status);
         },
     };
     var recursive = YUD.get('recursive').checked;
     var postData = '_method=delete&recursive={0}&user_id={1}'.format(recursive,user_id);
     if (obj_type=='user'){
         var sUrl = "${h.url('delete_repos_group_user_perm',group_name=c.repos_group.group_name)}";
         var postData = '_method=delete&recursive={0}&user_id={1}&obj_type=user'.format(recursive,obj_id);
+    }
     else if (obj_type=='user_group'){
         var sUrl = "${h.url('delete_repos_group_users_group_perm',group_name=c.repos_group.group_name)}";
         var postData = '_method=delete&recursive={0}&users_group_id={0}&obj_type=user_group'.format(recursive,obj_id);
+    }
     var request = YAHOO.util.Connect.asyncRequest('POST', sUrl, callback, postData);
 };
 function ajaxActionUserGroup(users_group_id,field_id){
     var sUrl = "${h.url('delete_repos_group_users_group_perm',group_name=c.repos_group.group_name)}";
     var callback = {
         success:function(o){
             var tr = YUD.get(String(field_id));
             tr.parentNode.removeChild(tr);
         },
         failure:function(o){
             alert("${_('Failed to remove user group')}");
         },
     };
     var recursive = YUD.get('recursive').checked;
     var postData = '_method=delete&recursive={0}&users_group_id={1}'.format(recursive,users_group_id);
     var request = YAHOO.util.Connect.asyncRequest('POST', sUrl, callback, postData);
 };
 YUE.onDOMReady(function () {
     if (!YUD.hasClass('perm_new_member_name', 'error')) {
         YUD.setStyle('add_perm_input', 'display', 'none');
+    }
     YAHOO.util.Event.addListener('add_perm', 'click', function () {
         addPermAction(${_tmpl}, ${c.users_array|n}, ${c.users_groups_array|n});
     });
 });
 </script>

rhodecode/templates/admin/repos_groups/repos_groups_edit.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 <%inherit file="/base/base.html"/>
 <%def name="title()">
     ${_('Edit repository group')} ${c.repos_group.name} &middot; ${c.rhodecode_name}
 </%def>
 <%def name="breadcrumbs_links()">
     ${h.link_to(_('Admin'),h.url('admin_home'))}
     &raquo;
     ${h.link_to(_('Repository groups'),h.url('repos_groups'))}
     &raquo;
     ${_('Edit repository group %s') % c.repos_group.name}"
 </%def>
 <%def name="page_nav()">
     ${self.menu('admin')}
 </%def>
 <%def name="main()">
 <div class="box">
+<div class="box box-left">
     <!-- box / title -->
     <div class="title">
         ${self.breadcrumbs()}
         <ul class="links">
           <li>
             <span>${h.link_to(_(u'Add child group'),h.url('new_repos_group', parent_group=c.repos_group.group_id))}</span>
           </li>
         </ul>
     </div>
     <!-- end box / title -->
     ${h.form(url('repos_group',group_name=c.repos_group.group_name),method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
             <div class="field">
                 <div class="label">
                     <label for="group_name">${_('Group name')}:</label>
                 </div>
                 <div class="input">
                     ${h.text('group_name',class_='medium')}
                 </div>
             </div>
             <div class="field">
                 <div class="label label-textarea">
                     <label for="group_description">${_('Description')}:</label>
                 </div>
                 <div class="textarea text-area editor">
                     ${h.textarea('group_description',cols=23,rows=5,class_="medium")}
                 </div>
             </div>
             <div class="field">
                 <div class="label">
                     <label for="group_parent_id">${_('Group parent')}:</label>
                 </div>
                 <div class="input">
                     ${h.select('group_parent_id','',c.repo_groups,class_="medium")}
                 </div>
             </div>
             <div class="field">
                 <div class="label">
                     <label for="input">${_('Permissions')}:</label>
                 </div>
                 <div class="input">
                     <%include file="repos_group_edit_perms.html"/>
                 </div>
             </div>
             <div class="field">
                 <div class="label label-checkbox">
                     <label for="enable_locking">${_('Enable locking')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('enable_locking',value="True")}
                     <span class="help-block">${_('Enable lock-by-pulling on group. This option will be applied to all other groups and repositories inside')}</span>
                 </div>
             </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
         </div>
     </div>
     ${h.end_form()}
 </div>
 <div class="box box-right">
     <div class="title">
         <h5>${_('Permissions')}</h5>
     </div>
     ${h.form(url('set_repo_group_perm_member', group_name=c.repos_group.group_name),method='post')}
     <div class="form">
        <div class="fields">
             <div class="field">
                 <div class="label">
                     <label for="input">${_('Permissions')}:</label>
                 </div>
                 <div class="input">
                     ${h.hidden('repo_private')}
                     <%include file="repos_group_edit_perms.html"/>
                 </div>
             </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
        </div>
     </div>
     ${h.end_form()}
 </div>
 </%def>

rhodecode/templates/admin/users_groups/user_group_edit_perms.html

➞

Show inline comments

@@ new file 100644 @@
 <table id="permissions_manage" class="noborder">
     <tr>
         <td>${_('none')}</td>
         <td>${_('read')}</td>
         <td>${_('write')}</td>
         <td>${_('admin')}</td>
         <td>${_('member')}</td>
         <td></td>
     </tr>
     ## USERS
     %for r2p in c.users_group.user_user_group_to_perm:
         ##forbid revoking permission from yourself
         <tr id="id${id(r2p.user.username)}">
             %if c.rhodecode_user.user_id != r2p.user.user_id or c.rhodecode_user.is_admin:
             <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.none')}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.read')}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.write')}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.admin')}</td>
             <td style="white-space: nowrap;">
                 <img class="perm-gravatar" src="${h.gravatar_url(r2p.user.email,14)}"/>${r2p.user.username if r2p.user.username != 'default' else _('default')}
             </td>
             <td>
               %if r2p.user.username !='default':
                 <span class="delete_icon action_button" onclick="ajaxActionRevoke(${r2p.user.user_id}, 'user', '${'id%s'%id(r2p.user.username)}')">
                 ${_('revoke')}
                 </span>
               %endif
             </td>
             %else:
             <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.none', disabled="disabled")}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.read', disabled="disabled")}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.write', disabled="disabled")}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'usergroup.admin', disabled="disabled")}</td>
             <td style="white-space: nowrap;">
                 <img class="perm-gravatar" src="${h.gravatar_url(r2p.user.email,14)}"/>${r2p.user.username if r2p.user.username != 'default' else _('default')}
             </td>
             <td>
             </td>
             %endif
         </tr>
     %endfor
     <%
     _tmpl = h.literal("""' \
         <td><input type="radio" value="usergroup.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
         <td><input type="radio" value="usergroup.read" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
         <td><input type="radio" value="usergroup.write" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
         <td><input type="radio" value="usergroup.admin" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
         <td class="ac"> \
             <div class="perm_ac" id="perm_ac_{0}"> \
                 <input class="yui-ac-input" id="perm_new_member_name_{0}" name="perm_new_member_name_{0}" value="" type="text"> \
                 <input id="perm_new_member_type_{0}" name="perm_new_member_type_{0}" value="" type="hidden">  \
                 <div id="perm_container_{0}"></div> \
             </div> \
         </td> \
         <td></td>'""")
     %>
     ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl'
     <tr class="new_members last_new_member" id="add_perm_input"></tr>
     <tr>
         <td colspan="6">
             <span id="add_perm" class="add_icon" style="cursor: pointer;">
             ${_('Add another member')}
             </span>
         </td>
     </tr>
 </table>
 <script type="text/javascript">
 function ajaxActionRevoke(obj_id, obj_type, field_id) {
     var callback = {
         success: function (o) {
             var tr = YUD.get(String(field_id));
             tr.parentNode.removeChild(tr);
         },
         failure: function (o) {
             alert(_TM['Failed to remoke permission'] + ": " + o.status);
         },
     };
     var sUrl = "${h.url('delete_user_group_perm_member', id=c.users_group.users_group_id)}";
     if (obj_type=='user'){
         var postData = '_method=delete&user_id={0}&obj_type=user'.format(obj_id);
+    }
     else if (obj_type=='user_group'){
         var postData = '_method=delete&user_group_id={0}&obj_type=user_group'.format(obj_id);
+    }
     var request = YAHOO.util.Connect.asyncRequest('POST', sUrl, callback, postData);
 };
 YUE.onDOMReady(function () {
     if (!YUD.hasClass('perm_new_member_name', 'error')) {
         YUD.setStyle('add_perm_input', 'display', 'none');
+    }
     YAHOO.util.Event.addListener('add_perm', 'click', function () {
         addPermAction(${_tmpl}, ${c.users_array|n}, ${c.users_groups_array|n});
     });
 });
 </script>

rhodecode/templates/admin/users_groups/users_group_edit.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 <%inherit file="/base/base.html"/>
 <%def name="title()">
     ${_('Edit user group')} ${c.users_group.users_group_name} &middot; ${c.rhodecode_name}
 </%def>
 <%def name="breadcrumbs_links()">
     ${h.link_to(_('Admin'),h.url('admin_home'))}
     &raquo;
     ${h.link_to(_('UserGroups'),h.url('users_groups'))}
     &raquo;
     ${_('Edit %s') % c.users_group.users_group_name}
 </%def>
 <%def name="page_nav()">
     ${self.menu('admin')}
 </%def>
 <%def name="main()">
 <div class="box box-left">
+<div class="box box-left" style="clear:left">
     <!-- box / title -->
     <div class="title">
         ${self.breadcrumbs()}
     </div>
     <!-- end box / title -->
     ${h.form(url('users_group', id=c.users_group.users_group_id),method='put', id='edit_users_group')}
     <div class="form">
         <!-- fields -->
             <div class="fields">
                  <div class="field">
                     <div class="label">
                         <label for="users_group_name">${_('Group name')}:</label>
                     </div>
                     <div class="input">
                         ${h.text('users_group_name',class_='small')}
                     </div>
                  </div>
                  <div class="field">
                     <div class="label label-checkbox">
                         <label for="users_group_active">${_('Active')}:</label>
                     </div>
                     <div class="checkboxes">
                         ${h.checkbox('users_group_active',value=True)}
@@ @@ -71,105 +71,118 @@ @@
                                                     style="padding:2px;cursor:pointer"
                                                     src="${h.url('/images/icons/arrow_right.png')}"/>
                                             </div>
                                             <div style="float:left">
                                                  <div class="text" style="padding: 0px 0px 6px;">${_('Available members')}</div>
                                                  ${h.select('available_members',[],c.available_members,multiple=True,size=8,style="min-width:210px")}
                                                  <div id="add_all_elements" style="cursor:pointer;text-align:center">
                                                        <img alt="add" style="vertical-align:text-bottom" src="${h.url('/images/icons/arrow_left.png')}"/>
                                                         ${_('Add all elements')}
                                                  </div>
                                             </div>
                                         </div>
                                     </td>
                                 </tr>
                         </table>
                     </div>
                 </div>
                 <div class="buttons">
                   ${h.submit('Save',_('Save'),class_="ui-btn large")}
                 </div>
             </div>
     </div>
 ${h.end_form()}
     <div class="group_members_wrap">
     % if c.group_members_obj:
       <ul class="group_members">
       %for user in c.group_members_obj:
         <li>
           <div class="group_member">
             <div class="gravatar"><img alt="gravatar" src="${h.gravatar_url(user.email,24)}"/> </div>
             <div>${h.link_to(user.username, h.url('edit_user',id=user.user_id))}</div>
             <div>${user.full_name}</div>
           </div>
         </li>
       %endfor
       </ul>
       %else:
         <span class="empty_data">${_('No members yet')}</span>
       %endif
     </div>
 </div>
 <div class="box box-right">
     <div class="title">
         <h5>${_('Permissions')}</h5>
     </div>
     ${h.form(url('set_user_group_perm_member', id=c.users_group.users_group_id),method='post')}
     <div class="form">
        <div class="fields">
             <div class="field">
                 <div class="label">
                     <label for="input">${_('Permissions')}:</label>
                 </div>
                 <div class="input">
                     <%include file="user_group_edit_perms.html"/>
                 </div>
             </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
        </div>
     </div>
     ${h.end_form()}
 </div>
 <div class="box box-right">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Permissions')}</h5>
+        <h5>${_('Permissions summary')}</h5>
     </div>
     ${h.form(url('users_group_perm', id=c.users_group.users_group_id), method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="inherit_permissions">${_('Inherit default permissions')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('inherit_default_permissions',value=True)}
                 </div>
                 <span class="help-block">${h.literal(_('Select to inherit permissions from %s settings. '
                                              'With this selected below options does not have any action') % h.link_to('default', url('edit_permission', id='default')))}</span>
              </div>
              <div id="inherit_overlay" style="${'opacity:0.3' if c.users_group.inherit_default_permissions else ''}" >
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="create_repo_perm">${_('Create repositories')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('create_repo_perm',value=True)}
                 </div>
              </div>
              <div class="field">
                 <div class="label label-checkbox">
                     <label for="fork_repo_perm">${_('Fork repositories')}:</label>
                 </div>
                 <div class="checkboxes">
                     ${h.checkbox('fork_repo_perm',value=True)}
                 </div>
              </div>
              </div>
             <div class="buttons">
               ${h.submit('save',_('Save'),class_="ui-btn large")}
               ${h.reset('reset',_('Reset'),class_="ui-btn large")}
             </div>
         </div>
     </div>
     ${h.end_form()}
     ## permissions overview
     <%namespace name="p" file="/base/perms_summary.html"/>
     ${p.perms_summary(c.users_group.permissions)}
 </div>
 <div class="box box-right" style="clear:right">
     <!-- box / title -->
     <div class="title">
         <h5>${_('Group members')}</h5>
     </div>
     <div class="group_members_wrap">
     % if c.group_members_obj:
       <ul class="group_members">
       %for user in c.group_members_obj:
         <li>
           <div class="group_member">
             <div class="gravatar"><img alt="gravatar" src="${h.gravatar_url(user.email,24)}"/> </div>
             <div>${h.link_to(user.username, h.url('edit_user',id=user.user_id))}</div>
             <div>${user.full_name}</div>
           </div>
         </li>
       %endfor
       </ul>
       %else:
         <span class="empty_data">${_('No members yet')}</span>
       %endif
     </div>
 </div>
 <script type="text/javascript">
   MultiSelectWidget('users_group_members','available_members','edit_users_group');
 </script>
 </%def>

rhodecode/templates/base/base.html

➞

Show inline comments

@@ @@ -56,51 +56,56 @@ @@
 <%def name="breadcrumbs()">
     <div class="breadcrumbs">
     ${self.breadcrumbs_links()}
     </div>
 </%def>
 <%def name="context_bar(current)">
     ${repo_context_bar(current)}
 </%def>
 <%def name="admin_menu()">
   <ul class="admin_menu">
       <li>${h.link_to(_('Admin journal'),h.url('admin_home'),class_='journal ')}</li>
       <li>${h.link_to(_('Repositories'),h.url('repos'),class_='repos')}</li>
       <li>${h.link_to(_('Repository groups'),h.url('repos_groups'),class_='repos_groups')}</li>
       <li>${h.link_to(_('Users'),h.url('users'),class_='users')}</li>
       <li>${h.link_to(_('User groups'),h.url('users_groups'),class_='groups')}</li>
       <li>${h.link_to(_('Permissions'),h.url('edit_permission',id='default'),class_='permissions')}</li>
       <li>${h.link_to(_('LDAP'),h.url('ldap_home'),class_='ldap')}</li>
       <li>${h.link_to(_('Defaults'),h.url('defaults'),class_='defaults')}</li>
       <li class="last">${h.link_to(_('Settings'),h.url('admin_settings'),class_='settings')}</li>
   </ul>
 </%def>
 <%def name="admin_menu_simple()">
+<%def name="admin_menu_simple(repository_groups=None, user_groups=None)">
   <ul>
    %if repository_groups:
       <li>${h.link_to(_('Repository groups'),h.url('repos_groups'),class_='repos_groups')}</li>
    %endif:
    %if user_groups:
       <li>${h.link_to(_('User groups'),h.url('users_groups'),class_='groups')}</li>
    %endif
   </ul>
 </%def>
 <%def name="repo_context_bar(current=None)">
   <%
       def follow_class():
           if c.repository_following:
               return h.literal('following')
           else:
               return h.literal('follow')
   %>
   <%
     def is_current(selected):
         if selected == current:
             return h.literal('class="current"')
     %>
   <!--- CONTEXT BAR -->
   <div id="context-bar" class="box">
       <div id="breadcrumbs">
         ${h.link_to(_(u'Repositories'),h.url('home'))}
         &raquo;
         ${h.repo_link(c.rhodecode_db_repo.groups_and_repo)}
       </div>
@@ @@ -273,54 +278,54 @@ @@
             <li ${is_current('journal')}>
               <a class="menu_link journal" title="${_('Show recent activity')}"  href="${h.url('journal')}">
               ${_('Journal')}
               </a>
             </li>
           %else:
             <li ${is_current('journal')}>
               <a class="menu_link journal" title="${_('Public journal')}"  href="${h.url('public_journal')}">
               ${_('Public journal')}
               </a>
             </li>
           %endif
           <li ${is_current('search')}>
               <a class="menu_link search" title="${_('Search in repositories')}"  href="${h.url('search')}">
               ${_('Search')}
               </a>
           </li>
           % if h.HasPermissionAll('hg.admin')('access admin main page'):
             <li ${is_current('admin')}>
               <a class="menu_link admin childs" title="${_('Admin')}" href="${h.url('admin_home')}">
                 ${_('Admin')}
               </a>
               ${admin_menu()}
             </li>
-          % elif c.rhodecode_user.groups_admin:
+          % elif c.rhodecode_user.repository_groups_admin or c.rhodecode_user.user_groups_admin:
           <li ${is_current('admin')}>
               <a class="menu_link admin childs" title="${_('Admin')}">
                 ${_('Admin')}
               </a>
               ${admin_menu_simple()}
+              ${admin_menu_simple(c.rhodecode_user.repository_groups_admin, c.rhodecode_user.user_groups_admin)}
           </li>
           % endif
           ${usermenu()}
 <script type="text/javascript">
     YUE.on('repo_switcher','mouseover',function(){
       var target = 'q_filter_rs';
       var qfilter_activate = function(){
           var nodes = YUQ('ul#repo_switcher_list li a.repo_name');
           var func = function(node){
               return node.parentNode;
+          }
           q_filter(target,nodes,func);
+      }
       var loaded = YUD.hasClass('repo_switcher','loaded');
       if(!loaded){
          YUD.addClass('repo_switcher','loaded');
          ypjax("${h.url('repo_switcher')}",'repo_switcher_list',
              function(o){qfilter_activate();YUD.get(target).focus()},
              function(o){YUD.removeClass('repo_switcher','loaded');}
              ,null);
       }else{
          YUD.get(target).focus();
+      }

rhodecode/templates/base/root.html

➞

Show inline comments

@@ @@ -33,49 +33,50 @@ @@
                 var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
                 })();
         </script>
         %endif
         ## JAVASCRIPT ##
         <%def name="js()">
             <script type="text/javascript">
             //JS translations map
             var TRANSLATION_MAP = {
                 'Add another comment':'${_("Add another comment")}',
                 'Stop following this repository':"${_('Stop following this repository')}",
                 'Start following this repository':"${_('Start following this repository')}",
                 'Group':"${_('Group')}",
                 'members':"${_('members')}",
                 'Loading ...':"${_('Loading ...')}",
                 'Search truncated': "${_('Search truncated')}",
                 'No matching files': "${_('No matching files')}",
                 'Open new pull request': "${_('Open new pull request')}",
                 'Open new pull request for selected changesets':  "${_('Open new pull request for selected changesets')}",
                 'Show selected changesets __S -> __E': "${_('Show selected changesets __S -> __E')}",
                 'Show selected changeset __S': "${_('Show selected changeset __S')}",
                 'Selection link': "${_('Selection link')}",
                 'Collapse diff': "${_('Collapse diff')}",
                 'Expand diff': "${_('Expand diff')}"
                 'Expand diff': "${_('Expand diff')}",
                 'Failed to remoke permission': "${_('Failed to remoke permission')}"
             };
             var _TM = TRANSLATION_MAP;
             var TOGGLE_FOLLOW_URL  = "${h.url('toggle_following')}";
             var REPO_NAME = "";
             %if hasattr(c, 'repo_name'):
                 var REPO_NAME = "${c.repo_name}";
             %endif
             </script>
             <script type="text/javascript" src="${h.url('/js/yui.2.9.js', ver=c.rhodecode_version)}"></script>
             <!--[if lt IE 9]>
                <script language="javascript" type="text/javascript" src="${h.url('/js/excanvas.min.js')}"></script>
             <![endif]-->
             <script type="text/javascript" src="${h.url('/js/yui.flot.js', ver=c.rhodecode_version)}"></script>
             <script type="text/javascript" src="${h.url('/js/native.history.js', ver=c.rhodecode_version)}"></script>
             <script type="text/javascript" src="${h.url('/js/pyroutes_map.js', ver=c.rhodecode_version)}"></script>
             <script type="text/javascript" src="${h.url('/js/rhodecode.js', ver=c.rhodecode_version)}"></script>
            ## EXTRA FOR JS
            ${self.js_extra()}
             <script type="text/javascript">
             (function(window,undefined){
                 // Prepare
                 var History = window.History; // Note: We are using a capital H instead of a lower h

rhodecode/tests/api/api_base.py

➞

Show inline comments

@@ @@ -29,49 +29,49 @@ def _build_data(apikey, method, **kw): @@
     """
     random_id = random.randrange(1, 9999)
     return random_id, json.dumps({
         "id": random_id,
         "api_key": apikey,
         "method": method,
         "args": kw
     })
 jsonify = lambda obj: json.loads(json.dumps(obj))
 def crash(*args, **kwargs):
     raise Exception('Total Crash !')
 def api_call(test_obj, params):
     response = test_obj.app.post(API_URL, content_type='application/json',
                                  params=params)
     return response
 ## helpers
 def make_users_group(name=TEST_USER_GROUP):
-    gr = UserGroupModel().create(name=name)
+    gr = fixture.create_user_group(name, cur_user=TEST_USER_ADMIN_LOGIN)
     UserGroupModel().add_user_to_group(users_group=gr,
                                         user=TEST_USER_ADMIN_LOGIN)
     Session().commit()
     return gr
 def destroy_users_group(name=TEST_USER_GROUP):
     UserGroupModel().delete(users_group=name, force=True)
     Session().commit()
 class BaseTestApi(object):
     REPO = None
     REPO_TYPE = None
     @classmethod
     def setUpClass(self):
         self.usr = UserModel().get_by_username(TEST_USER_ADMIN_LOGIN)
         self.apikey = self.usr.api_key
         self.test_user = UserModel().create_or_update(
             username='test-api',
             password='test',
             email='test@api.rhodecode.org',
             firstname='first',
@@ @@ -1063,114 +1063,112 @@ class BaseTestApi(object): @@
         self._compare_ok(id_, expected, given=response.body)
         destroy_users_group(group_name)
     def test_api_get_users_group_that_exist(self):
         id_, params = _build_data(self.apikey, 'create_users_group',
                                   group_name=TEST_USER_GROUP)
         response = api_call(self, params)
         expected = "user group `%s` already exist" % TEST_USER_GROUP
         self._compare_error(id_, expected, given=response.body)
     @mock.patch.object(UserGroupModel, 'create', crash)
     def test_api_get_users_group_exception_occurred(self):
         group_name = 'exception_happens'
         id_, params = _build_data(self.apikey, 'create_users_group',
                                   group_name=group_name)
         response = api_call(self, params)
         expected = 'failed to create group `%s`' % group_name
         self._compare_error(id_, expected, given=response.body)
     def test_api_add_user_to_users_group(self):
         gr_name = 'test_group'
         UserGroupModel().create(gr_name)
         Session().commit()
         fixture.create_user_group(gr_name)
         id_, params = _build_data(self.apikey, 'add_user_to_users_group',
                                   usersgroupid=gr_name,
                                   userid=TEST_USER_ADMIN_LOGIN)
         response = api_call(self, params)
         expected = {
                     'msg': 'added member `%s` to user group `%s`' % (
                                 TEST_USER_ADMIN_LOGIN, gr_name
                             ),
                     'success': True}
         self._compare_ok(id_, expected, given=response.body)
         UserGroupModel().delete(users_group=gr_name)
         Session().commit()
     def test_api_add_user_to_users_group_that_doesnt_exist(self):
         id_, params = _build_data(self.apikey, 'add_user_to_users_group',
                                   usersgroupid='false-group',
                                   userid=TEST_USER_ADMIN_LOGIN)
         response = api_call(self, params)
         expected = 'user group `%s` does not exist' % 'false-group'
         self._compare_error(id_, expected, given=response.body)
     @mock.patch.object(UserGroupModel, 'add_user_to_group', crash)
     def test_api_add_user_to_users_group_exception_occurred(self):
         gr_name = 'test_group'
         UserGroupModel().create(gr_name)
         Session().commit()
         fixture.create_user_group(gr_name)
         id_, params = _build_data(self.apikey, 'add_user_to_users_group',
                                   usersgroupid=gr_name,
                                   userid=TEST_USER_ADMIN_LOGIN)
         response = api_call(self, params)
         expected = 'failed to add member to user group `%s`' % gr_name
         self._compare_error(id_, expected, given=response.body)
         UserGroupModel().delete(users_group=gr_name)
         Session().commit()
     def test_api_remove_user_from_users_group(self):
         gr_name = 'test_group_3'
-        gr = UserGroupModel().create(gr_name)
+        gr = fixture.create_user_group(gr_name)
         UserGroupModel().add_user_to_group(gr, user=TEST_USER_ADMIN_LOGIN)
         Session().commit()
         id_, params = _build_data(self.apikey, 'remove_user_from_users_group',
                                   usersgroupid=gr_name,
                                   userid=TEST_USER_ADMIN_LOGIN)
         response = api_call(self, params)
         expected = {
                     'msg': 'removed member `%s` from user group `%s`' % (
                                 TEST_USER_ADMIN_LOGIN, gr_name
                             ),
                     'success': True}
         self._compare_ok(id_, expected, given=response.body)
         UserGroupModel().delete(users_group=gr_name)
         Session().commit()
     @mock.patch.object(UserGroupModel, 'remove_user_from_group', crash)
     def test_api_remove_user_from_users_group_exception_occurred(self):
         gr_name = 'test_group_3'
-        gr = UserGroupModel().create(gr_name)
+        gr = fixture.create_user_group(gr_name)
         UserGroupModel().add_user_to_group(gr, user=TEST_USER_ADMIN_LOGIN)
         Session().commit()
         id_, params = _build_data(self.apikey, 'remove_user_from_users_group',
                                   usersgroupid=gr_name,
                                   userid=TEST_USER_ADMIN_LOGIN)
         response = api_call(self, params)
         expected = 'failed to remove member from user group `%s`' % gr_name
         self._compare_error(id_, expected, given=response.body)
         UserGroupModel().delete(users_group=gr_name)
         Session().commit()
     @parameterized.expand([('none', 'repository.none'),
                            ('read', 'repository.read'),
                            ('write', 'repository.write'),
                            ('admin', 'repository.admin')])
     def test_api_grant_user_permission(self, name, perm):
         id_, params = _build_data(self.apikey, 'grant_user_permission',
                                   repoid=self.REPO,
                                   userid=TEST_USER_ADMIN_LOGIN,
                                   perm=perm)
         response = api_call(self, params)

rhodecode/tests/fixture.py

➞

Show inline comments

 """
 Helpers for fixture generation
 """
 from rhodecode.tests import *
 from rhodecode.model.db import Repository, User, RepoGroup
+from rhodecode.model.db import Repository, User, RepoGroup, UserGroup
 from rhodecode.model.meta import Session
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.repos_group import ReposGroupModel
 from rhodecode.model.users_group import UserGroupModel
 class Fixture(object):
     def __init__(self):
         pass
     def _get_repo_create_params(self, **custom):
         defs = dict(
             repo_name=None,
             repo_type='hg',
             clone_uri='',
             repo_group='',
             repo_description='DESC',
             repo_private=False,
             repo_landing_rev='tip'
+        )
         defs.update(custom)
         if 'repo_name_full' not in custom:
             defs.update({'repo_name_full': defs['repo_name']})
         return defs
     def _get_group_create_params(self, **custom):
         defs = dict(
             group_name=None,
             group_description='DESC',
             group_parent_id=None,
             perms_updates=[],
             perms_new=[],
             enable_locking=False,
             recursive=False
+        )
         defs.update(custom)
         return defs
     def _get_user_group_create_params(self, name, **custom):
         defs = dict(
             users_group_name=name,
             users_group_active=True,
+        )
         defs.update(custom)
         return defs
     def create_repo(self, name, **kwargs):
         if 'skip_if_exists' in kwargs:
             del kwargs['skip_if_exists']
             r = Repository.get_by_repo_name(name)
             if r:
                 return r
         if isinstance(kwargs.get('repos_group'), RepoGroup):
             #TODO: rename the repos_group !
             kwargs['repo_group'] = kwargs['repos_group'].group_id
             del kwargs['repos_group']
         form_data = self._get_repo_create_params(repo_name=name, **kwargs)
         cur_user = kwargs.get('cur_user', TEST_USER_ADMIN_LOGIN)
         RepoModel().create(form_data, cur_user)
         Session().commit()
         return Repository.get_by_repo_name(name)
     def create_fork(self, repo_to_fork, fork_name, **kwargs):
         repo_to_fork = Repository.get_by_repo_name(repo_to_fork)
         form_data = self._get_repo_create_params(repo_name=fork_name,
                                             fork_parent_id=repo_to_fork,
                                             repo_type=repo_to_fork.repo_type,
@@ @@ -79,24 +89,38 @@ class Fixture(object): @@
         RepoModel().create_fork(form_data, cur_user=owner)
         Session().commit()
         r = Repository.get_by_repo_name(fork_name)
         assert r
         return r
     def destroy_repo(self, repo_name):
         RepoModel().delete(repo_name)
         Session().commit()
     def create_group(self, name, **kwargs):
         if 'skip_if_exists' in kwargs:
             del kwargs['skip_if_exists']
             gr = RepoGroup.get_by_group_name(group_name=name)
             if gr:
                 return gr
         form_data = self._get_group_create_params(group_name=name, **kwargs)
         owner = kwargs.get('cur_user', TEST_USER_ADMIN_LOGIN)
         gr = ReposGroupModel().create(group_name=form_data['group_name'],
                                  group_description=form_data['group_name'],
                                  owner=owner, parent=form_data['group_parent_id'])
         Session().commit()
         gr = RepoGroup.get_by_group_name(gr.group_name)
         return gr
     def create_user_group(self, name, **kwargs):
         if 'skip_if_exists' in kwargs:
             del kwargs['skip_if_exists']
             gr = UserGroup.get_by_group_name(group_name=name)
             if gr:
                 return gr
         form_data = self._get_user_group_create_params(name, **kwargs)
         owner = kwargs.get('cur_user', TEST_USER_ADMIN_LOGIN)
         user_group = UserGroupModel().create(name=form_data['users_group_name'],
                         owner=owner, active=form_data['users_group_active'])
         Session().commit()
         user_group = UserGroup.get_by_group_name(user_group.users_group_name)
         return user_group

rhodecode/tests/models/test_permissions.py

➞

Show inline comments

@@ @@ -105,108 +105,104 @@ class TestPermissions(unittest.TestCase) @@
             'repositories': {u'vcs_test_hg': u'repository.read'}
+        }
         self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
                          perms['repositories'][HG_REPO])
         self.assertEqual(u1_auth.permissions['repositories_groups'],
                          perms['repositories_groups'])
     def test_default_admin_group_perms(self):
         self.g1 = fixture.create_group('test1', skip_if_exists=True)
         self.g2 = fixture.create_group('test2', skip_if_exists=True)
         a1_auth = AuthUser(user_id=self.a1.user_id)
         perms = {
             'repositories_groups': {u'test1': 'group.admin', u'test2': 'group.admin'},
             'global': set(['hg.admin']),
             'repositories': {u'vcs_test_hg': 'repository.admin'}
+        }
         self.assertEqual(a1_auth.permissions['repositories'][HG_REPO],
                          perms['repositories'][HG_REPO])
         self.assertEqual(a1_auth.permissions['repositories_groups'],
                          perms['repositories_groups'])
     def test_propagated_permission_from_users_group_by_explicit_perms_exist(self):
         # make group
         self.ug1 = UserGroupModel().create('G1')
         # add user to group
         self.ug1 = fixture.create_user_group('G1')
         UserGroupModel().add_user_to_group(self.ug1, self.u1)
         # set permission to lower
         new_perm = 'repository.none'
         RepoModel().grant_user_permission(repo=HG_REPO, user=self.u1, perm=new_perm)
         Session().commit()
         u1_auth = AuthUser(user_id=self.u1.user_id)
         self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
                          new_perm)
         # grant perm for group this should not override permission from user
         # since it has explicitly set
         new_perm_gr = 'repository.write'
         RepoModel().grant_users_group_permission(repo=HG_REPO,
                                                  group_name=self.ug1,
                                                  perm=new_perm_gr)
         # check perms
         u1_auth = AuthUser(user_id=self.u1.user_id)
         perms = {
             'repositories_groups': {},
             'global': set([u'hg.create.repository', u'repository.read',
                            u'hg.register.manual_activate']),
             'repositories': {u'vcs_test_hg': u'repository.read'}
+        }
         self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
                          new_perm)
         self.assertEqual(u1_auth.permissions['repositories_groups'],
                          perms['repositories_groups'])
     def test_propagated_permission_from_users_group(self):
         # make group
         self.ug1 = UserGroupModel().create('G1')
         # add user to group
         self.ug1 = fixture.create_user_group('G1')
         UserGroupModel().add_user_to_group(self.ug1, self.u3)
         # grant perm for group this should override default permission from user
         new_perm_gr = 'repository.write'
         RepoModel().grant_users_group_permission(repo=HG_REPO,
                                                  group_name=self.ug1,
                                                  perm=new_perm_gr)
         # check perms
         u3_auth = AuthUser(user_id=self.u3.user_id)
         perms = {
             'repositories_groups': {},
             'global': set([u'hg.create.repository', u'repository.read',
                            u'hg.register.manual_activate']),
             'repositories': {u'vcs_test_hg': u'repository.read'}
+        }
         self.assertEqual(u3_auth.permissions['repositories'][HG_REPO],
                          new_perm_gr)
         self.assertEqual(u3_auth.permissions['repositories_groups'],
                          perms['repositories_groups'])
     def test_propagated_permission_from_users_group_lower_weight(self):
         # make group
-        self.ug1 = UserGroupModel().create('G1')
+        self.ug1 = fixture.create_user_group('G1')
         # add user to group
         UserGroupModel().add_user_to_group(self.ug1, self.u1)
         # set permission to lower
         new_perm_h = 'repository.write'
         RepoModel().grant_user_permission(repo=HG_REPO, user=self.u1,
                                           perm=new_perm_h)
         Session().commit()
         u1_auth = AuthUser(user_id=self.u1.user_id)
         self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
                          new_perm_h)
         # grant perm for group this should NOT override permission from user
         # since it's lower than granted
         new_perm_l = 'repository.read'
         RepoModel().grant_users_group_permission(repo=HG_REPO,
                                                  group_name=self.ug1,
                                                  perm=new_perm_l)
         # check perms
         u1_auth = AuthUser(user_id=self.u1.user_id)
         perms = {
             'repositories_groups': {},
             'global': set([u'hg.create.repository', u'repository.read',
                            u'hg.register.manual_activate']),
@@ @@ -274,49 +270,49 @@ class TestPermissions(unittest.TestCase) @@
         self.assertEqual(u1_auth.permissions['repositories_groups'],
                  {u'group1': u'group.none', u'group2': u'group.none'})
         u2_auth = AuthUser(user_id=self.u2.user_id)
         self.assertEqual(u2_auth.permissions['repositories_groups'],
                  {u'group1': u'group.read', u'group2': u'group.read'})
         a1_auth = AuthUser(user_id=self.anon.user_id)
         self.assertEqual(a1_auth.permissions['repositories_groups'],
                  {u'group1': u'group.none', u'group2': u'group.none'})
     def test_repo_group_user_as_user_group_member(self):
         # create Group1
         self.g1 = fixture.create_group('group1', skip_if_exists=True)
         a1_auth = AuthUser(user_id=self.anon.user_id)
         self.assertEqual(a1_auth.permissions['repositories_groups'],
                          {u'group1': u'group.read'})
         # set default permission to none
         ReposGroupModel().grant_user_permission(repos_group=self.g1,
                                                 user=self.anon,
                                                 perm='group.none')
         # make group
-        self.ug1 = UserGroupModel().create('G1')
+        self.ug1 = fixture.create_user_group('G1')
         # add user to group
         UserGroupModel().add_user_to_group(self.ug1, self.u1)
         Session().commit()
         # check if user is in the group
         membrs = [x.user_id for x in UserGroupModel().get(self.ug1.users_group_id).members]
         self.assertEqual(membrs, [self.u1.user_id])
         # add some user to that group
         # check his permissions
         a1_auth = AuthUser(user_id=self.anon.user_id)
         self.assertEqual(a1_auth.permissions['repositories_groups'],
                          {u'group1': u'group.none'})
         u1_auth = AuthUser(user_id=self.u1.user_id)
         self.assertEqual(u1_auth.permissions['repositories_groups'],
                          {u'group1': u'group.none'})
         # grant ug1 read permissions for
         ReposGroupModel().grant_users_group_permission(repos_group=self.g1,
                                                        group_name=self.ug1,
                                                        perm='group.read')
         Session().commit()
         # check if the
@@ @@ -413,50 +409,49 @@ class TestPermissions(unittest.TestCase) @@
         user_model.grant_perm(self.u1, 'hg.fork.repository')
         # make sure inherit flag is turned off
         self.u1.inherit_default_permissions = False
         Session().commit()
         u1_auth = AuthUser(user_id=self.u1.user_id)
         # this user will have non inherited permissions from he's
         # explicitly set permissions
         self.assertEqual(u1_auth.permissions['global'],
                          set(['hg.create.repository', 'hg.fork.repository',
                               'hg.register.manual_activate',
                               'repository.read', 'group.read']))
     def test_owner_permissions_doesnot_get_overwritten_by_group(self):
         #create repo as USER,
         self.test_repo = fixture.create_repo(name='myownrepo',
                                              repo_type='hg',
                                              cur_user=self.u1)
         #he has permissions of admin as owner
         u1_auth = AuthUser(user_id=self.u1.user_id)
         self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
                          'repository.admin')
         #set his permission as user group, he should still be admin
         self.ug1 = UserGroupModel().create('G1')
         # add user to group
         self.ug1 = fixture.create_user_group('G1')
         UserGroupModel().add_user_to_group(self.ug1, self.u1)
         RepoModel().grant_users_group_permission(self.test_repo,
                                                  group_name=self.ug1,
                                                  perm='repository.none')
         Session().commit()
         u1_auth = AuthUser(user_id=self.u1.user_id)
         self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
                          'repository.admin')
     def test_owner_permissions_doesnot_get_overwritten_by_others(self):
         #create repo as USER,
         self.test_repo = fixture.create_repo(name='myownrepo',
                                              repo_type='hg',
                                              cur_user=self.u1)
         #he has permissions of admin as owner
         u1_auth = AuthUser(user_id=self.u1.user_id)
         self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
                          'repository.admin')
         #set his permission as user, he should still be admin
         RepoModel().grant_user_permission(self.test_repo, user=self.u1,
                                           perm='repository.none')
         Session().commit()

rhodecode/tests/models/test_users.py

➞

Show inline comments

 import unittest
 from rhodecode.tests import *
 from rhodecode.model.db import User, UserGroup, UserGroupMember, UserEmailMap,\
     Permission
 from rhodecode.model.user import UserModel
 from rhodecode.model.meta import Session
 from rhodecode.model.users_group import UserGroupModel
 from rhodecode.tests.fixture import Fixture
 fixture = Fixture()
 class TestUser(unittest.TestCase):
     def __init__(self, methodName='runTest'):
         Session.remove()
         super(TestUser, self).__init__(methodName=methodName)
     def tearDown(self):
         Session.remove()
     def test_create_and_remove(self):
         usr = UserModel().create_or_update(username=u'test_user',
                                            password=u'qweqwe',
                                      email=u'u232@rhodecode.org',
                                      firstname=u'u1', lastname=u'u1')
         Session().commit()
         self.assertEqual(User.get_by_username(u'test_user'), usr)
         # make user group
-        users_group = UserGroupModel().create('some_example_group')
+        users_group = fixture.create_user_group('some_example_group')
         Session().commit()
         UserGroupModel().add_user_to_group(users_group, usr)
         Session().commit()
         self.assertEqual(UserGroup.get(users_group.users_group_id), users_group)
         self.assertEqual(UserGroupMember.query().count(), 1)
         UserModel().delete(usr.user_id)
         Session().commit()
         self.assertEqual(UserGroupMember.query().all(), [])
     def test_additonal_email_as_main(self):
         usr = UserModel().create_or_update(username=u'test_user',
                                            password=u'qweqwe',
                                      email=u'main_email@rhodecode.org',
                                      firstname=u'u1', lastname=u'u1')
         Session().commit()
         def do():
             m = UserEmailMap()
             m.email = u'main_email@rhodecode.org'
             m.user = usr
             Session().add(m)

rhodecode/tests/models/test_users_group_permissions_on_groups.py

➞

Show inline comments

 import os
 import unittest
 import functools
 from rhodecode.tests import *
 from rhodecode.model.repos_group import ReposGroupModel
-from rhodecode.model.db import RepoGroup, Repository, User
 from rhodecode.model.db import RepoGroup
 from rhodecode.model.meta import Session
 from nose.tools import with_setup
 from rhodecode.tests.models.common import _create_project_tree, check_tree_perms, \
     _get_perms, _check_expected_count, expected_count, _destroy_project_tree
 from rhodecode.model.users_group import UserGroupModel
-from rhodecode.model.repo import RepoModel
+from rhodecode.tests.fixture import Fixture
 fixture = Fixture()
 test_u2_id = None
 test_u2_gr_id = None
 _get_repo_perms = None
 _get_group_perms = None
 def permissions_setup_func(group_name='g0', perm='group.read', recursive=True):
     """
     Resets all permissions to perm attribute
     """
     repos_group = RepoGroup.get_by_group_name(group_name=group_name)
     if not repos_group:
         raise Exception('Cannot get group %s' % group_name)
     perms_updates = [[test_u2_gr_id, perm, 'users_group']]
     ReposGroupModel()._update_permissions(repos_group,
                                           perms_updates=perms_updates,
                                           recursive=recursive)
     Session().commit()
 def setup_module():
     global test_u2_id, test_u2_gr_id, _get_repo_perms, _get_group_perms
     test_u2 = _create_project_tree()
     Session().commit()
     test_u2_id = test_u2.user_id
-    gr1 = UserGroupModel().create(name='perms_group_1')
+    gr1 = fixture.create_user_group('perms_group_1')
     Session().commit()
     test_u2_gr_id = gr1.users_group_id
     UserGroupModel().add_user_to_group(gr1, user=test_u2_id)
     Session().commit()
     _get_repo_perms = functools.partial(_get_perms, key='repositories',
                                         test_u1_id=test_u2_id)
     _get_group_perms = functools.partial(_get_perms, key='repositories_groups',
                                          test_u1_id=test_u2_id)
 def teardown_module():
     _destroy_project_tree(test_u2_id)
 @with_setup(permissions_setup_func)
 def test_user_permissions_on_group_without_recursive_mode():
     # set permission to g0 non-recursive mode
     recursive = False
     group = 'g0'
     permissions_setup_func(group, 'group.write', recursive=recursive)
     items = [x for x in _get_repo_perms(group, recursive)]
     expected = 0

rhodecode/tests/test_validators.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 import unittest
 import formencode
 from rhodecode.tests import *
 from rhodecode.model import validators as v
 from rhodecode.model.users_group import UserGroupModel
 from rhodecode.model.meta import Session
 from rhodecode.model.repos_group import ReposGroupModel
 from rhodecode.config.routing import ADMIN_PREFIX
 from rhodecode.model.db import ChangesetStatus, Repository
 from rhodecode.model.changeset_status import ChangesetStatusModel
 from rhodecode.tests.fixture import Fixture
 fixture = Fixture()
 class TestReposGroups(unittest.TestCase):
     def setUp(self):
         pass
     def tearDown(self):
         Session.remove()
     def test_Message_extractor(self):
         validator = v.ValidUsername()
         self.assertRaises(formencode.Invalid, validator.to_python, 'default')
         class StateObj(object):
             pass
         self.assertRaises(formencode.Invalid,
                           validator.to_python, 'default', StateObj)
     def test_ValidUsername(self):
         validator = v.ValidUsername()
         self.assertRaises(formencode.Invalid, validator.to_python, 'default')
         self.assertRaises(formencode.Invalid, validator.to_python, 'new_user')
         self.assertRaises(formencode.Invalid, validator.to_python, '.,')
         self.assertRaises(formencode.Invalid, validator.to_python,
                           TEST_USER_ADMIN_LOGIN)
         self.assertEqual('test', validator.to_python('test'))
         validator = v.ValidUsername(edit=True, old_data={'user_id': 1})
     def test_ValidRepoUser(self):
         validator = v.ValidRepoUser()
         self.assertRaises(formencode.Invalid, validator.to_python, 'nouser')
         self.assertEqual(TEST_USER_ADMIN_LOGIN,
                          validator.to_python(TEST_USER_ADMIN_LOGIN))
     def test_ValidUserGroup(self):
         validator = v.ValidUserGroup()
         self.assertRaises(formencode.Invalid, validator.to_python, 'default')
         self.assertRaises(formencode.Invalid, validator.to_python, '.,')
         gr = UserGroupModel().create('test')
         gr2 = UserGroupModel().create('tes2')
         Session.commit()
         gr = fixture.create_user_group('test')
         gr2 = fixture.create_user_group('tes2')
         Session().commit()
         self.assertRaises(formencode.Invalid, validator.to_python, 'test')
         assert gr.users_group_id != None
         validator = v.ValidUserGroup(edit=True,
                                     old_data={'users_group_id':
                                               gr2.users_group_id})
         self.assertRaises(formencode.Invalid, validator.to_python, 'test')
         self.assertRaises(formencode.Invalid, validator.to_python, 'TesT')
         self.assertRaises(formencode.Invalid, validator.to_python, 'TEST')
         UserGroupModel().delete(gr)
         UserGroupModel().delete(gr2)
         Session.commit()
+        Session().commit()
     def test_ValidReposGroup(self):
         validator = v.ValidReposGroup()
         model = ReposGroupModel()
         self.assertRaises(formencode.Invalid, validator.to_python,
                           {'group_name': HG_REPO, })
         gr = model.create(group_name='test_gr', group_description='desc',
                           parent=None,
                           just_db=True,
                           owner=TEST_USER_ADMIN_LOGIN)
         self.assertRaises(formencode.Invalid,
                           validator.to_python, {'group_name': gr.group_name, })
         validator = v.ValidReposGroup(edit=True,
                                       old_data={'group_id':  gr.group_id})
         self.assertRaises(formencode.Invalid,
                           validator.to_python, {
                                         'group_name': gr.group_name + 'n',
                                         'group_parent_id': gr.group_id
                                         })
         model.delete(gr)
     def test_ValidPassword(self):
         validator = v.ValidPassword()

0 comments (0 inline, 0 general)