kallithea Changeset - 7e3d89d9d3a2

Changeset - 7e3d89d9d3a2

Parent rev.

Child rev.

[Not reviewed]

beta

0 32 2

Marcin Kuzminski - 13 years ago 2013-04-08 22:47:35
marcin@python-works.com

- Manage User’s Groups: create, delete, rename, add/remove users inside.
by user group admin.
In this case, a user's group can be owned by several people thru an owner user's group.

Some refactoring of naming, permission handling logic.
- remove some code duplicity as well as inconsistent naming

12 files changed:

docs/api/api.rst

rhodecode/__init__.py

rhodecode/config/routing.py

rhodecode/controllers/admin/repos.py

rhodecode/controllers/admin/repos_groups.py

rhodecode/controllers/admin/settings.py

rhodecode/controllers/admin/users_groups.py

136

rhodecode/controllers/api/api.py

rhodecode/controllers/forks.py

rhodecode/lib/auth.py

rhodecode/lib/db_manage.py

rhodecode/lib/dbmigrate/versions/012_version_1_7_0.py

Changeset was too big and was cut off... Show full diff anyway

0 comments (0 inline, 0 general)

docs/api/api.rst

➞

Show inline comments

@@ @@ -138,768 +138,769 @@ rights. @@
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "rescan_repos"
     args :    {
                 "remove_obsolete" : "<boolean = Optional(False)>"
+              }
 OUTPUT::
     id : <id_given_in_input>
     result : "{'added': [<list of names of added repos>],
                'removed': [<list of names of removed repos>]}"
     error :  null
 invalidate_cache
 ----------------
 Invalidate cache for repository.
 This command can be executed only using api_key belonging to user with admin
 rights or regular user that have write or admin or write access to repository.
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "invalidate_cache"
     args :    {
                 "repoid" : "<reponame or repo_id>"
+              }
 OUTPUT::
     id : <id_given_in_input>
     result : "Cache for repository `<reponame>` was invalidated: invalidated cache keys: <list_of_cache_keys>"
     error :  null
 lock
 ----
 Set locking state on given repository by given user. If userid param is skipped
 , then it is set to id of user whos calling this method. If locked param is skipped
 then function shows current lock state of given repo.
 This command can be executed only using api_key belonging to user with admin
 rights or regular user that have admin or write access to repository.
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "lock"
     args :    {
                 "repoid" : "<reponame or repo_id>"
                 "userid" : "<user_id or username = Optional(=apiuser)>",
                 "locked" : "<bool true|false = Optional(=None)>"
+              }
 OUTPUT::
     id : <id_given_in_input>
     result : "User `<username>` set lock state for repo `<reponame>` to `true|false`"
     error :  null
 show_ip
 -------
 Shows IP address as seen from RhodeCode server, together with all
 defined IP addresses for given user.
 This command can be executed only using api_key belonging to user with admin
 rights.
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "show_ip"
     args :    {
                 "userid" : "<user_id or username>",
+              }
 OUTPUT::
     id : <id_given_in_input>
     result : {
                  "ip_addr_server": <ip_from_clien>",
                  "user_ips": [
+                                {
                                    "ip_addr": "<ip_with_mask>",
                                    "ip_range": ["<start_ip>", "<end_ip>"],
                                 },
                                 ...
+                             ]
+             }
     error :  null
 get_user
 --------
 Get's an user by username or user_id, Returns empty result if user is not found.
 If userid param is skipped it is set to id of user who is calling this method.
 This command can be executed only using api_key belonging to user with admin
 rights, or regular users that cannot specify different userid than theirs
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "get_user"
     args :    {
                 "userid" : "<username or user_id Optional(=apiuser)>"
+              }
 OUTPUT::
     id : <id_given_in_input>
     result: None if user does not exist or
+            {
                 "user_id" :     "<user_id>",
                 "api_key" :     "<api_key>",
                 "username" :    "<username>",
                 "firstname":    "<firstname>",
                 "lastname" :    "<lastname>",
                 "email" :       "<email>",
                 "emails":       "<list_of_all_additional_emails>",
                 "ip_addresses": "<list_of_ip_addresses_for_user>",
                 "active" :      "<bool>",
                 "admin" :       "<bool>",
                 "ldap_dn" :     "<ldap_dn>",
                 "last_login":   "<last_login>",
                 "permissions": {
                     "global": ["hg.create.repository",
                                "repository.read",
                                "hg.register.manual_activate"],
                     "repositories": {"repo1": "repository.none"},
                     "repositories_groups": {"Group1": "group.read"}
                  },
+            }
     error:  null
 get_users
 ---------
 Lists all existing users. This command can be executed only using api_key
 belonging to user with admin rights.
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "get_users"
     args :    { }
 OUTPUT::
     id : <id_given_in_input>
     result: [
+              {
                 "user_id" :     "<user_id>",
                 "username" :    "<username>",
                 "firstname":    "<firstname>",
                 "lastname" :    "<lastname>",
                 "email" :       "<email>",
                 "emails":       "<list_of_all_additional_emails>",
                 "ip_addresses": "<list_of_ip_addresses_for_user>",
                 "active" :      "<bool>",
                 "admin" :       "<bool>",
                 "ldap_dn" :     "<ldap_dn>",
                 "last_login":   "<last_login>",
               },
               …
+            ]
     error:  null
 create_user
 -----------
 Creates new user. This command can
 be executed only using api_key belonging to user with admin rights.
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "create_user"
     args :    {
                 "username" :  "<username>",
                 "email" :     "<useremail>",
                 "password" :  "<password>",
                 "firstname" : "<firstname> = Optional(None)",
                 "lastname" :  "<lastname> = Optional(None)",
                 "active" :    "<bool> = Optional(True)",
                 "admin" :     "<bool> = Optional(False)",
                 "ldap_dn" :   "<ldap_dn> = Optional(None)"
+              }
 OUTPUT::
     id : <id_given_in_input>
     result: {
               "msg" : "created new user `<username>`",
               "user": {
                 "user_id" :  "<user_id>",
                 "username" : "<username>",
                 "firstname": "<firstname>",
                 "lastname" : "<lastname>",
                 "email" :    "<email>",
                 "emails":    "<list_of_all_additional_emails>",
                 "active" :   "<bool>",
                 "admin" :    "<bool>",
                 "ldap_dn" :  "<ldap_dn>",
                 "last_login": "<last_login>",
               },
+            }
     error:  null
 update_user
 -----------
 updates given user if such user exists. This command can
 be executed only using api_key belonging to user with admin rights.
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "update_user"
     args :    {
                 "userid" : "<user_id or username>",
                 "username" :  "<username> = Optional(None)",
                 "email" :     "<useremail> = Optional(None)",
                 "password" :  "<password> = Optional(None)",
                 "firstname" : "<firstname> = Optional(None)",
                 "lastname" :  "<lastname> = Optional(None)",
                 "active" :    "<bool> = Optional(None)",
                 "admin" :     "<bool> = Optional(None)",
                 "ldap_dn" :   "<ldap_dn> = Optional(None)"
+              }
 OUTPUT::
     id : <id_given_in_input>
     result: {
               "msg" : "updated user ID:<userid> <username>",
               "user": {
                 "user_id" :  "<user_id>",
                 "username" : "<username>",
                 "firstname": "<firstname>",
                 "lastname" : "<lastname>",
                 "email" :    "<email>",
                 "emails":    "<list_of_all_additional_emails>",
                 "active" :   "<bool>",
                 "admin" :    "<bool>",
                 "ldap_dn" :  "<ldap_dn>",
                 "last_login": "<last_login>",
               },
+            }
     error:  null
 delete_user
 -----------
 deletes givenuser if such user exists. This command can
 be executed only using api_key belonging to user with admin rights.
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "delete_user"
     args :    {
                 "userid" : "<user_id or username>",
+              }
 OUTPUT::
     id : <id_given_in_input>
     result: {
               "msg" : "deleted user ID:<userid> <username>",
               "user": null
+            }
     error:  null
 get_users_group
 ---------------
 Gets an existing user group. This command can be executed only using api_key
 belonging to user with admin rights.
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "get_users_group"
     args :    {
                 "usersgroupid" : "<user group id or name>"
+              }
 OUTPUT::
     id : <id_given_in_input>
     result : None if group not exist
+             {
                "users_group_id" : "<id>",
                "group_name" :     "<groupname>",
                "active":          "<bool>",
                "members" :  [
+                              {
                                 "user_id" :  "<user_id>",
                                 "username" : "<username>",
                                 "firstname": "<firstname>",
                                 "lastname" : "<lastname>",
                                 "email" :    "<email>",
                                 "emails":    "<list_of_all_additional_emails>",
                                 "active" :   "<bool>",
                                 "admin" :    "<bool>",
                                 "ldap_dn" :  "<ldap_dn>",
                                 "last_login": "<last_login>",
                               },
                               …
+                            ]
+             }
     error : null
 get_users_groups
 ----------------
 Lists all existing user groups. This command can be executed only using
 api_key belonging to user with admin rights.
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "get_users_groups"
     args :    { }
 OUTPUT::
     id : <id_given_in_input>
     result : [
+               {
                "users_group_id" : "<id>",
                "group_name" :     "<groupname>",
                "active":          "<bool>",
                },
                …
+              ]
     error : null
 create_users_group
 ------------------
 Creates new user group. This command can be executed only using api_key
 belonging to user with admin rights
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "create_users_group"
     args:     {
                 "group_name":  "<groupname>",
                 "owner" :     "<onwer_name_or_id = Optional(=apiuser)>",
                 "active":"<bool> = Optional(True)"
+              }
 OUTPUT::
     id : <id_given_in_input>
     result: {
               "msg": "created new user group `<groupname>`",
               "users_group": {
                      "users_group_id" : "<id>",
                      "group_name" :     "<groupname>",
                      "active":          "<bool>",
                },
+            }
     error:  null
 add_user_to_users_group
 -----------------------
 Adds a user to a user group. If user exists in that group success will be
 `false`. This command can be executed only using api_key
 belonging to user with admin rights
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "add_user_users_group"
     args:     {
                 "usersgroupid" : "<user group id or name>",
                 "userid" : "<user_id or username>",
+              }
 OUTPUT::
     id : <id_given_in_input>
     result: {
               "success": True|False # depends on if member is in group
               "msg": "added member `<username>` to user group `<groupname>` |
                       User is already in that group"
+            }
     error:  null
 remove_user_from_users_group
 ----------------------------
 Removes a user from a user group. If user is not in given group success will
 be `false`. This command can be executed only
 using api_key belonging to user with admin rights
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "remove_user_from_users_group"
     args:     {
                 "usersgroupid" : "<user group id or name>",
                 "userid" : "<user_id or username>",
+              }
 OUTPUT::
     id : <id_given_in_input>
     result: {
               "success":  True|False,  # depends on if member is in group
               "msg": "removed member <username> from user group <groupname> |
                       User wasn't in group"
+            }
     error:  null
 get_repo
 --------
 Gets an existing repository by it's name or repository_id. Members will return
 either users_group or user associated to that repository. This command can be
 executed only using api_key belonging to user with admin
 rights or regular user that have at least read access to repository.
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "get_repo"
     args:     {
                 "repoid" : "<reponame or repo_id>"
+              }
 OUTPUT::
     id : <id_given_in_input>
     result: None if repository does not exist or
+            {
                 "repo_id" :          "<repo_id>",
                 "repo_name" :        "<reponame>"
                 "repo_type" :        "<repo_type>",
                 "clone_uri" :        "<clone_uri>",
                 "enable_downloads":  "<bool>",
                 "enable_locking":    "<bool>",
                 "enable_statistics": "<bool>",
                 "private":           "<bool>",
                 "created_on" :       "<date_time_created>",
                 "description" :      "<description>",
                 "landing_rev":       "<landing_rev>",
                 "last_changeset":    {
                                        "author":   "<full_author>",
                                        "date":     "<date_time_of_commit>",
                                        "message":  "<commit_message>",
                                        "raw_id":   "<raw_id>",
                                        "revision": "<numeric_revision>",
                                        "short_id": "<short_id>"
+                                     }
                 "owner":             "<repo_owner>",
                 "fork_of":           "<name_of_fork_parent>",
                 "members" :     [
+                                  {
                                     "type":        "user",
                                     "user_id" :    "<user_id>",
                                     "username" :   "<username>",
                                     "firstname":   "<firstname>",
                                     "lastname" :   "<lastname>",
                                     "email" :      "<email>",
                                     "emails":      "<list_of_all_additional_emails>",
                                     "active" :     "<bool>",
                                     "admin" :      "<bool>",
                                     "ldap_dn" :    "<ldap_dn>",
                                     "last_login":  "<last_login>",
                                     "permission" : "repository.(read|write|admin)"
                                   },
                                   …
+                                  {
                                     "type":      "users_group",
                                     "id" :       "<usersgroupid>",
                                     "name" :     "<usersgroupname>",
                                     "active":    "<bool>",
                                     "permission" : "repository.(read|write|admin)"
                                   },
                                   …
+                                ]
                  "followers":   [
+                                  {
                                     "user_id" :     "<user_id>",
                                     "username" :    "<username>",
                                     "firstname":    "<firstname>",
                                     "lastname" :    "<lastname>",
                                     "email" :       "<email>",
                                     "emails":       "<list_of_all_additional_emails>",
                                     "ip_addresses": "<list_of_ip_addresses_for_user>",
                                     "active" :      "<bool>",
                                     "admin" :       "<bool>",
                                     "ldap_dn" :     "<ldap_dn>",
                                     "last_login":   "<last_login>",
                                   },
                                   …
+                 ]
+            }
     error:  null
 get_repos
 ---------
 Lists all existing repositories. This command can be executed only using
 api_key belonging to user with admin rights or regular user that have
 admin, write or read access to repository.
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "get_repos"
     args:     { }
 OUTPUT::
     id : <id_given_in_input>
     result: [
+              {
                 "repo_id" :          "<repo_id>",
                 "repo_name" :        "<reponame>"
                 "repo_type" :        "<repo_type>",
                 "clone_uri" :        "<clone_uri>",
                 "private": :         "<bool>",
                 "created_on" :       "<datetimecreated>",
                 "description" :      "<description>",
                 "landing_rev":       "<landing_rev>",
                 "owner":             "<repo_owner>",
                 "fork_of":           "<name_of_fork_parent>",
                 "enable_downloads":  "<bool>",
                 "enable_locking":    "<bool>",
                 "enable_statistics": "<bool>",
               },
               …
+            ]
     error:  null
 get_repo_nodes
 --------------
 returns a list of nodes and it's children in a flat list for a given path
 at given revision. It's possible to specify ret_type to show only `files` or
 `dirs`. This command can be executed only using api_key belonging to user
 with admin rights
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "get_repo_nodes"
     args:     {
                 "repoid" : "<reponame or repo_id>"
                 "revision"  : "<revision>",
                 "root_path" : "<root_path>",
                 "ret_type"  : "<ret_type> = Optional('all')"
+              }
 OUTPUT::
     id : <id_given_in_input>
     result: [
+              {
                 "name" :        "<name>"
                 "type" :        "<type>",
               },
               …
+            ]
     error:  null
 create_repo
 -----------
 Creates a repository. If repository name contains "/", all needed repository
 groups will be created. For example "foo/bar/baz" will create groups
 "foo", "bar" (with "foo" as parent), and create "baz" repository with
 "bar" as group. This command can be executed only using api_key belonging to user with admin
 rights or regular user that have create repository permission. Regular users
 cannot specify owner parameter
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "create_repo"
     args:     {
                 "repo_name" :        "<reponame>",
                 "owner" :            "<onwer_name_or_id = Optional(=apiuser)>",
                 "repo_type" :        "<repo_type> = Optional('hg')",
                 "description" :      "<description> = Optional('')",
                 "private" :          "<bool> = Optional(False)",
                 "clone_uri" :        "<clone_uri> = Optional(None)",
                 "landing_rev" :      "<landing_rev> = Optional('tip')",
                 "enable_downloads":  "<bool> = Optional(False)",
                 "enable_locking":    "<bool> = Optional(False)",
                 "enable_statistics": "<bool> = Optional(False)",
+              }
 OUTPUT::
     id : <id_given_in_input>
     result: {
               "msg": "Created new repository `<reponame>`",
               "repo": {
                 "repo_id" :          "<repo_id>",
                 "repo_name" :        "<reponame>"
                 "repo_type" :        "<repo_type>",
                 "clone_uri" :        "<clone_uri>",
                 "private": :         "<bool>",
                 "created_on" :       "<datetimecreated>",
                 "description" :      "<description>",
                 "landing_rev":       "<landing_rev>",
                 "owner":             "<username or user_id>",
                 "fork_of":           "<name_of_fork_parent>",
                 "enable_downloads":  "<bool>",
                 "enable_locking":    "<bool>",
                 "enable_statistics": "<bool>",
               },
+            }
     error:  null
 fork_repo
 ---------
 Creates a fork of given repo. In case of using celery this will
 immidiatelly return success message, while fork is going to be created
 asynchronous. This command can be executed only using api_key belonging to
 user with admin rights or regular user that have fork permission, and at least
 read access to forking repository. Regular users cannot specify owner parameter.
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "fork_repo"
     args:     {
                 "repoid" :          "<reponame or repo_id>",
                 "fork_name":        "<forkname>",
                 "owner":            "<username or user_id = Optional(=apiuser)>",
                 "description":      "<description>",
                 "copy_permissions": "<bool>",
                 "private":          "<bool>",
                 "landing_rev":      "<landing_rev>"
+              }
 OUTPUT::
     id : <id_given_in_input>
     result: {
               "msg": "Created fork of `<reponame>` as `<forkname>`",
               "success": true
+            }
     error:  null
 delete_repo
 -----------
 Deletes a repository. This command can be executed only using api_key belonging
 to user with admin rights or regular user that have admin access to repository.
 When `forks` param is set it's possible to detach or delete forks of deleting
 repository
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "delete_repo"
     args:     {
                 "repoid" : "<reponame or repo_id>",
                 "forks"  : "`delete` or `detach` = Optional(None)"
+              }
 OUTPUT::
     id : <id_given_in_input>
     result: {
               "msg": "Deleted repository `<reponame>`",
               "success": true
+            }
     error:  null
 grant_user_permission
 ---------------------
 Grant permission for user on given repository, or update existing one
 if found. This command can be executed only using api_key belonging to user
 with admin rights.
 INPUT::
     id : <id_for_response>
     api_key : "<api_key>"
     method :  "grant_user_permission"
     args:     {
                 "repoid" : "<reponame or repo_id>"
                 "userid" : "<username or user_id>"
                 "perm" :       "(repository.(none|read|write|admin))",
+              }
 OUTPUT::
     id : <id_given_in_input>
     result: {
               "msg" : "Granted perm: `<perm>` for user: `<username>` in repo: `<reponame>`",
               "success": true
+            }
     error:  null

rhodecode/__init__.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.__init__
     ~~~~~~~~~~~~~~~~~~
     RhodeCode, a web based repository management based on pylons
     versioning implementation: http://www.python.org/dev/peps/pep-0386/
     :created_on: Apr 9, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import sys
 import platform
 VERSION = (1, 7, 0, 'dev')
 try:
     from rhodecode.lib import get_current_revision
     _rev = get_current_revision()
     if _rev and len(VERSION) > 3:
         VERSION += ('%s' % _rev[0],)
 except ImportError:
     pass
 __version__ = ('.'.join((str(each) for each in VERSION[:3])) +
                '.'.join(VERSION[3:]))
-__dbversion__ = 11  # defines current db version for migrations
+__dbversion__ = 12  # defines current db version for migrations
 __platform__ = platform.system()
 __license__ = 'GPLv3'
 __py_version__ = sys.version_info
 __author__ = 'Marcin Kuzminski'
 __url__ = 'http://rhodecode.org'
 PLATFORM_WIN = ('Windows')
 PLATFORM_OTHERS = ('Linux', 'Darwin', 'FreeBSD', 'OpenBSD', 'SunOS') #depracated
 is_windows = __platform__ in PLATFORM_WIN
 is_unix = not is_windows
 BACKENDS = {
     'hg': 'Mercurial repository',
     'git': 'Git repository',
+}
 CELERY_ON = False
 CELERY_EAGER = False
 # link to config for pylons
 CONFIG = {}
 # Linked module for extensions
 EXTENSIONS = {}

rhodecode/config/routing.py

➞

Show inline comments

 """
 Routes configuration
 The more specific and detailed routes should be defined first so they
 may take precedent over the more generic routes. For more information
 refer to the routes manual at http://routes.groovie.org/docs/
 """
 from __future__ import with_statement
 from routes import Mapper
 # prefix for non repository related links needs to be prefixed with `/`
 ADMIN_PREFIX = '/_admin'
 def make_map(config):
     """Create, configure and return the routes Mapper"""
     rmap = Mapper(directory=config['pylons.paths']['controllers'],
                  always_scan=config['debug'])
     rmap.minimization = False
     rmap.explicit = False
     from rhodecode.lib.utils import is_valid_repo
     from rhodecode.lib.utils import is_valid_repos_group
     def check_repo(environ, match_dict):
         """
         check for valid repository for proper 404 handling
         :param environ:
         :param match_dict:
         """
         from rhodecode.model.db import Repository
         repo_name = match_dict.get('repo_name')
         if match_dict.get('f_path'):
             #fix for multiple initial slashes that causes errors
             match_dict['f_path'] = match_dict['f_path'].lstrip('/')
         try:
             by_id = repo_name.split('_')
             if len(by_id) == 2 and by_id[1].isdigit() and by_id[0] == '':
                 repo_name = Repository.get(by_id[1]).repo_name
                 match_dict['repo_name'] = repo_name
         except Exception:
             pass
         return is_valid_repo(repo_name, config['base_path'])
     def check_group(environ, match_dict):
         """
         check for valid repository group for proper 404 handling
         :param environ:
         :param match_dict:
         """
         repos_group_name = match_dict.get('group_name')
         return is_valid_repos_group(repos_group_name, config['base_path'])
     def check_group_skip_path(environ, match_dict):
         """
         check for valid repository group for proper 404 handling, but skips
         verification of existing path
         :param environ:
         :param match_dict:
         """
         repos_group_name = match_dict.get('group_name')
         return is_valid_repos_group(repos_group_name, config['base_path'],
                                     skip_path_check=True)
     def check_int(environ, match_dict):
         return match_dict.get('id').isdigit()
     # The ErrorController route (handles 404/500 error pages); it should
     # likely stay at the top, ensuring it can always be resolved
     rmap.connect('/error/{action}', controller='error')
     rmap.connect('/error/{action}/{id}', controller='error')
     #==========================================================================
     # CUSTOM ROUTES HERE
     #==========================================================================
     #MAIN PAGE
     rmap.connect('home', '/', controller='home', action='index')
     rmap.connect('repo_switcher', '/repos', controller='home',
                  action='repo_switcher')
     rmap.connect('branch_tag_switcher', '/branches-tags/{repo_name:.*?}',
                  controller='home', action='branch_tag_switcher')
     rmap.connect('bugtracker',
                  "http://bitbucket.org/marcinkuzminski/rhodecode/issues",
                  _static=True)
     rmap.connect('rst_help',
                  "http://docutils.sourceforge.net/docs/user/rst/quickref.html",
                  _static=True)
     rmap.connect('rhodecode_official', "http://rhodecode.org", _static=True)
     #ADMIN REPOSITORY REST ROUTES
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='admin/repos') as m:
         m.connect("repos", "/repos",
              action="create", conditions=dict(method=["POST"]))
         m.connect("repos", "/repos",
              action="index", conditions=dict(method=["GET"]))
         m.connect("formatted_repos", "/repos.{format}",
              action="index",
             conditions=dict(method=["GET"]))
         m.connect("new_repo", "/create_repository",
                   action="create_repository", conditions=dict(method=["GET"]))
         m.connect("/repos/{repo_name:.*?}",
              action="update", conditions=dict(method=["PUT"],
                                               function=check_repo))
         m.connect("/repos/{repo_name:.*?}",
              action="delete", conditions=dict(method=["DELETE"],
                                               function=check_repo))
         m.connect("formatted_edit_repo", "/repos/{repo_name:.*?}.{format}/edit",
              action="edit", conditions=dict(method=["GET"],
                                             function=check_repo))
         m.connect("repo", "/repos/{repo_name:.*?}",
              action="show", conditions=dict(method=["GET"],
                                             function=check_repo))
         m.connect("formatted_repo", "/repos/{repo_name:.*?}.{format}",
              action="show", conditions=dict(method=["GET"],
                                             function=check_repo))
         #add repo perm member
         m.connect('set_repo_perm_member', "/set_repo_perm_member/{repo_name:.*?}",
              action="set_repo_perm_member",
              conditions=dict(method=["POST"], function=check_repo))
         #ajax delete repo perm user
         m.connect('delete_repo_user', "/repos_delete_user/{repo_name:.*?}",
              action="delete_perm_user",
              conditions=dict(method=["DELETE"], function=check_repo))
         #ajax delete repo perm users_group
         m.connect('delete_repo_users_group',
                   "/repos_delete_users_group/{repo_name:.*?}",
                   action="delete_perm_users_group",
                   conditions=dict(method=["DELETE"], function=check_repo))
         #settings actions
         m.connect('repo_stats', "/repos_stats/{repo_name:.*?}",
                   action="repo_stats", conditions=dict(method=["DELETE"],
                                                        function=check_repo))
         m.connect('repo_cache', "/repos_cache/{repo_name:.*?}",
                   action="repo_cache", conditions=dict(method=["DELETE"],
                                                        function=check_repo))
         m.connect('repo_public_journal', "/repos_public_journal/{repo_name:.*?}",
                   action="repo_public_journal", conditions=dict(method=["PUT"],
                                                         function=check_repo))
         m.connect('repo_pull', "/repo_pull/{repo_name:.*?}",
                   action="repo_pull", conditions=dict(method=["PUT"],
                                                       function=check_repo))
         m.connect('repo_as_fork', "/repo_as_fork/{repo_name:.*?}",
                   action="repo_as_fork", conditions=dict(method=["PUT"],
                                                       function=check_repo))
         m.connect('repo_locking', "/repo_locking/{repo_name:.*?}",
                   action="repo_locking", conditions=dict(method=["PUT"],
                                                       function=check_repo))
         m.connect('toggle_locking', "/locking_toggle/{repo_name:.*?}",
                   action="toggle_locking", conditions=dict(method=["GET"],
                                                       function=check_repo))
         #repo fields
         m.connect('create_repo_fields', "/repo_fields/{repo_name:.*?}/new",
                   action="create_repo_field", conditions=dict(method=["PUT"],
                                                       function=check_repo))
         m.connect('delete_repo_fields', "/repo_fields/{repo_name:.*?}/{field_id}",
                   action="delete_repo_field", conditions=dict(method=["DELETE"],
                                                       function=check_repo))
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='admin/repos_groups') as m:
         m.connect("repos_groups", "/repos_groups",
                   action="create", conditions=dict(method=["POST"]))
         m.connect("repos_groups", "/repos_groups",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("formatted_repos_groups", "/repos_groups.{format}",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("new_repos_group", "/repos_groups/new",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("formatted_new_repos_group", "/repos_groups/new.{format}",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("update_repos_group", "/repos_groups/{group_name:.*?}",
                   action="update", conditions=dict(method=["PUT"],
                                                    function=check_group))
         m.connect("delete_repos_group", "/repos_groups/{group_name:.*?}",
                   action="delete", conditions=dict(method=["DELETE"],
                                                    function=check_group_skip_path))
         m.connect("edit_repos_group", "/repos_groups/{group_name:.*?}/edit",
                   action="edit", conditions=dict(method=["GET"],
                                                  function=check_group))
         m.connect("formatted_edit_repos_group",
                   "/repos_groups/{group_name:.*?}.{format}/edit",
                   action="edit", conditions=dict(method=["GET"],
                                                  function=check_group))
         m.connect("repos_group", "/repos_groups/{group_name:.*?}",
                   action="show", conditions=dict(method=["GET"],
                                                  function=check_group))
         m.connect("formatted_repos_group", "/repos_groups/{group_name:.*?}.{format}",
                   action="show", conditions=dict(method=["GET"],
                                                  function=check_group))
         #add repo perm member
         m.connect('set_repo_group_perm_member',
                   "/set_repo_group_perm_member/{group_name:.*?}",
              action="set_repo_group_perm_member",
              conditions=dict(method=["POST"], function=check_group))
         # ajax delete repository group perm user
         m.connect('delete_repos_group_user_perm',
                   "/delete_repos_group_user_perm/{group_name:.*?}",
              action="delete_repos_group_user_perm",
              conditions=dict(method=["DELETE"], function=check_group))
         # ajax delete repository group perm users_group
         m.connect('delete_repos_group_users_group_perm',
                   "/delete_repos_group_users_group_perm/{group_name:.*?}",
                   action="delete_repos_group_users_group_perm",
                   conditions=dict(method=["DELETE"], function=check_group))
     #ADMIN USER REST ROUTES
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='admin/users') as m:
         m.connect("users", "/users",
                   action="create", conditions=dict(method=["POST"]))
         m.connect("users", "/users",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("formatted_users", "/users.{format}",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("new_user", "/users/new",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("formatted_new_user", "/users/new.{format}",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("update_user", "/users/{id}",
                   action="update", conditions=dict(method=["PUT"]))
         m.connect("delete_user", "/users/{id}",
                   action="delete", conditions=dict(method=["DELETE"]))
         m.connect("edit_user", "/users/{id}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         m.connect("formatted_edit_user",
                   "/users/{id}.{format}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         m.connect("user", "/users/{id}",
                   action="show", conditions=dict(method=["GET"]))
         m.connect("formatted_user", "/users/{id}.{format}",
                   action="show", conditions=dict(method=["GET"]))
         #EXTRAS USER ROUTES
         m.connect("user_perm", "/users_perm/{id}",
                   action="update_perm", conditions=dict(method=["PUT"]))
         m.connect("user_emails", "/users_emails/{id}",
                   action="add_email", conditions=dict(method=["PUT"]))
         m.connect("user_emails_delete", "/users_emails/{id}",
                   action="delete_email", conditions=dict(method=["DELETE"]))
         m.connect("user_ips", "/users_ips/{id}",
                   action="add_ip", conditions=dict(method=["PUT"]))
         m.connect("user_ips_delete", "/users_ips/{id}",
                   action="delete_ip", conditions=dict(method=["DELETE"]))
     #ADMIN USER GROUPS REST ROUTES
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='admin/users_groups') as m:
         m.connect("users_groups", "/users_groups",
                   action="create", conditions=dict(method=["POST"]))
         m.connect("users_groups", "/users_groups",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("formatted_users_groups", "/users_groups.{format}",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("new_users_group", "/users_groups/new",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("formatted_new_users_group", "/users_groups/new.{format}",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("update_users_group", "/users_groups/{id}",
                   action="update", conditions=dict(method=["PUT"]))
         m.connect("delete_users_group", "/users_groups/{id}",
                   action="delete", conditions=dict(method=["DELETE"]))
         m.connect("edit_users_group", "/users_groups/{id}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         m.connect("formatted_edit_users_group",
                   "/users_groups/{id}.{format}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         m.connect("users_group", "/users_groups/{id}",
                   action="show", conditions=dict(method=["GET"]))
         m.connect("formatted_users_group", "/users_groups/{id}.{format}",
                   action="show", conditions=dict(method=["GET"]))
         #EXTRAS USER ROUTES
         m.connect("users_group_perm", "/users_groups_perm/{id}",
         # update
         m.connect("users_group_perm", "/users_groups/{id}/update_global_perm",
                   action="update_perm", conditions=dict(method=["PUT"]))
         #add user group perm member
         m.connect('set_user_group_perm_member', "/users_groups/{id}/grant_perm",
              action="set_user_group_perm_member",
              conditions=dict(method=["POST"]))
         #ajax delete user group perm
         m.connect('delete_user_group_perm_member', "/users_groups/{id}/revoke_perm",
              action="delete_user_group_perm_member",
              conditions=dict(method=["DELETE"]))
     #ADMIN GROUP REST ROUTES
     rmap.resource('group', 'groups',
                   controller='admin/groups', path_prefix=ADMIN_PREFIX)
     #ADMIN PERMISSIONS REST ROUTES
     rmap.resource('permission', 'permissions',
                   controller='admin/permissions', path_prefix=ADMIN_PREFIX)
     #ADMIN DEFAULTS REST ROUTES
     rmap.resource('default', 'defaults',
                   controller='admin/defaults', path_prefix=ADMIN_PREFIX)
     ##ADMIN LDAP SETTINGS
     rmap.connect('ldap_settings', '%s/ldap' % ADMIN_PREFIX,
                  controller='admin/ldap_settings', action='ldap_settings',
                  conditions=dict(method=["POST"]))
     rmap.connect('ldap_home', '%s/ldap' % ADMIN_PREFIX,
                  controller='admin/ldap_settings')
     #ADMIN SETTINGS REST ROUTES
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='admin/settings') as m:
         m.connect("admin_settings", "/settings",
                   action="create", conditions=dict(method=["POST"]))
         m.connect("admin_settings", "/settings",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("formatted_admin_settings", "/settings.{format}",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("admin_new_setting", "/settings/new",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("formatted_admin_new_setting", "/settings/new.{format}",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("/settings/{setting_id}",
                   action="update", conditions=dict(method=["PUT"]))
         m.connect("/settings/{setting_id}",
                   action="delete", conditions=dict(method=["DELETE"]))
         m.connect("admin_edit_setting", "/settings/{setting_id}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         m.connect("formatted_admin_edit_setting",
                   "/settings/{setting_id}.{format}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         m.connect("admin_setting", "/settings/{setting_id}",
                   action="show", conditions=dict(method=["GET"]))
         m.connect("formatted_admin_setting", "/settings/{setting_id}.{format}",
                   action="show", conditions=dict(method=["GET"]))
         m.connect("admin_settings_my_account", "/my_account",
                   action="my_account", conditions=dict(method=["GET"]))
         m.connect("admin_settings_my_account_update", "/my_account_update",
                   action="my_account_update", conditions=dict(method=["PUT"]))
         m.connect("admin_settings_my_repos", "/my_account/repos",
                   action="my_account_my_repos", conditions=dict(method=["GET"]))
         m.connect("admin_settings_my_pullrequests", "/my_account/pull_requests",
                   action="my_account_my_pullrequests", conditions=dict(method=["GET"]))
     #NOTIFICATION REST ROUTES
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='admin/notifications') as m:
         m.connect("notifications", "/notifications",
                   action="create", conditions=dict(method=["POST"]))
         m.connect("notifications", "/notifications",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("notifications_mark_all_read", "/notifications/mark_all_read",
                   action="mark_all_read", conditions=dict(method=["GET"]))
         m.connect("formatted_notifications", "/notifications.{format}",
                   action="index", conditions=dict(method=["GET"]))
         m.connect("new_notification", "/notifications/new",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("formatted_new_notification", "/notifications/new.{format}",
                   action="new", conditions=dict(method=["GET"]))
         m.connect("/notification/{notification_id}",
                   action="update", conditions=dict(method=["PUT"]))
         m.connect("/notification/{notification_id}",
                   action="delete", conditions=dict(method=["DELETE"]))
         m.connect("edit_notification", "/notification/{notification_id}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         m.connect("formatted_edit_notification",
                   "/notification/{notification_id}.{format}/edit",
                   action="edit", conditions=dict(method=["GET"]))
         m.connect("notification", "/notification/{notification_id}",
                   action="show", conditions=dict(method=["GET"]))
         m.connect("formatted_notification", "/notifications/{notification_id}.{format}",
                   action="show", conditions=dict(method=["GET"]))
     #ADMIN MAIN PAGES
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='admin/admin') as m:
         m.connect('admin_home', '', action='index')
         m.connect('admin_add_repo', '/add_repo/{new_repo:[a-z0-9\. _-]*}',
                   action='add_repo')
     #==========================================================================
     # API V2
     #==========================================================================
     with rmap.submapper(path_prefix=ADMIN_PREFIX,
                         controller='api/api') as m:
         m.connect('api', '/api')
     #USER JOURNAL
     rmap.connect('journal', '%s/journal' % ADMIN_PREFIX,
                  controller='journal', action='index')
     rmap.connect('journal_rss', '%s/journal/rss' % ADMIN_PREFIX,
                  controller='journal', action='journal_rss')
     rmap.connect('journal_atom', '%s/journal/atom' % ADMIN_PREFIX,
                  controller='journal', action='journal_atom')
     rmap.connect('public_journal', '%s/public_journal' % ADMIN_PREFIX,
                  controller='journal', action="public_journal")
     rmap.connect('public_journal_rss', '%s/public_journal/rss' % ADMIN_PREFIX,
                  controller='journal', action="public_journal_rss")
     rmap.connect('public_journal_rss_old', '%s/public_journal_rss' % ADMIN_PREFIX,
                  controller='journal', action="public_journal_rss")
     rmap.connect('public_journal_atom',
                  '%s/public_journal/atom' % ADMIN_PREFIX, controller='journal',
                  action="public_journal_atom")
     rmap.connect('public_journal_atom_old',
                  '%s/public_journal_atom' % ADMIN_PREFIX, controller='journal',
                  action="public_journal_atom")
     rmap.connect('toggle_following', '%s/toggle_following' % ADMIN_PREFIX,
                  controller='journal', action='toggle_following',
                  conditions=dict(method=["POST"]))
     #SEARCH
     rmap.connect('search', '%s/search' % ADMIN_PREFIX, controller='search',)
     rmap.connect('search_repo_admin', '%s/search/{repo_name:.*}' % ADMIN_PREFIX,
                  controller='search',
                  conditions=dict(function=check_repo))
     rmap.connect('search_repo', '/{repo_name:.*?}/search',
                  controller='search',
                  conditions=dict(function=check_repo),
+                 )
     #LOGIN/LOGOUT/REGISTER/SIGN IN
     rmap.connect('login_home', '%s/login' % ADMIN_PREFIX, controller='login')
     rmap.connect('logout_home', '%s/logout' % ADMIN_PREFIX, controller='login',
                  action='logout')
     rmap.connect('register', '%s/register' % ADMIN_PREFIX, controller='login',
                  action='register')
     rmap.connect('reset_password', '%s/password_reset' % ADMIN_PREFIX,
                  controller='login', action='password_reset')
     rmap.connect('reset_password_confirmation',
                  '%s/password_reset_confirmation' % ADMIN_PREFIX,
                  controller='login', action='password_reset_confirmation')
     #FEEDS
     rmap.connect('rss_feed_home', '/{repo_name:.*?}/feed/rss',
                 controller='feed', action='rss',
                 conditions=dict(function=check_repo))
     rmap.connect('atom_feed_home', '/{repo_name:.*?}/feed/atom',
                 controller='feed', action='atom',
                 conditions=dict(function=check_repo))
     #==========================================================================
     # REPOSITORY ROUTES
     #==========================================================================
     rmap.connect('summary_home', '/{repo_name:.*?}',
                 controller='summary',
                 conditions=dict(function=check_repo))
     rmap.connect('repo_size', '/{repo_name:.*?}/repo_size',
                 controller='summary', action='repo_size',
                 conditions=dict(function=check_repo))
     rmap.connect('repos_group_home', '/{group_name:.*}',
                 controller='admin/repos_groups', action="show_by_name",
                 conditions=dict(function=check_group))
     rmap.connect('changeset_home', '/{repo_name:.*?}/changeset/{revision}',
                 controller='changeset', revision='tip',
                 conditions=dict(function=check_repo))
     # no longer user, but kept for routes to work
     rmap.connect("_edit_repo", "/{repo_name:.*?}/edit",
                  controller='admin/repos', action="edit",
                  conditions=dict(method=["GET"], function=check_repo)
+                 )
     rmap.connect("edit_repo", "/{repo_name:.*?}/settings",
                  controller='admin/repos', action="edit",
                  conditions=dict(method=["GET"], function=check_repo)
+                 )
     #still working url for backward compat.
     rmap.connect('raw_changeset_home_depraced',
                  '/{repo_name:.*?}/raw-changeset/{revision}',
                  controller='changeset', action='changeset_raw',
                  revision='tip', conditions=dict(function=check_repo))
     ## new URLs
     rmap.connect('changeset_raw_home',
                  '/{repo_name:.*?}/changeset-diff/{revision}',
                  controller='changeset', action='changeset_raw',
                  revision='tip', conditions=dict(function=check_repo))
     rmap.connect('changeset_patch_home',
                  '/{repo_name:.*?}/changeset-patch/{revision}',
                  controller='changeset', action='changeset_patch',
                  revision='tip', conditions=dict(function=check_repo))
     rmap.connect('changeset_download_home',
                  '/{repo_name:.*?}/changeset-download/{revision}',
                  controller='changeset', action='changeset_download',
                  revision='tip', conditions=dict(function=check_repo))
     rmap.connect('changeset_comment',
                  '/{repo_name:.*?}/changeset/{revision}/comment',
                 controller='changeset', revision='tip', action='comment',
                 conditions=dict(function=check_repo))
     rmap.connect('changeset_comment_preview',
                  '/{repo_name:.*?}/changeset/comment/preview',
                 controller='changeset', action='preview_comment',
                 conditions=dict(function=check_repo, method=["POST"]))
     rmap.connect('changeset_comment_delete',
                  '/{repo_name:.*?}/changeset/comment/{comment_id}/delete',
                 controller='changeset', action='delete_comment',
                 conditions=dict(function=check_repo, method=["DELETE"]))
     rmap.connect('changeset_info', '/changeset_info/{repo_name:.*?}/{revision}',
                  controller='changeset', action='changeset_info')
     rmap.connect('compare_url',
                  '/{repo_name:.*?}/compare/{org_ref_type}@{org_ref:.*?}...{other_ref_type}@{other_ref:.*?}',
                  controller='compare', action='index',
                  conditions=dict(function=check_repo),
                  requirements=dict(
                             org_ref_type='(branch|book|tag|rev|__other_ref_type__)',
                             other_ref_type='(branch|book|tag|rev|__org_ref_type__)')
+                 )
     rmap.connect('pullrequest_home',
                  '/{repo_name:.*?}/pull-request/new', controller='pullrequests',
                  action='index', conditions=dict(function=check_repo,
                                                  method=["GET"]))
     rmap.connect('pullrequest',
                  '/{repo_name:.*?}/pull-request/new', controller='pullrequests',
                  action='create', conditions=dict(function=check_repo,
                                                   method=["POST"]))
     rmap.connect('pullrequest_show',
                  '/{repo_name:.*?}/pull-request/{pull_request_id}',
                  controller='pullrequests',
                  action='show', conditions=dict(function=check_repo,
                                                 method=["GET"]))
     rmap.connect('pullrequest_update',
                  '/{repo_name:.*?}/pull-request/{pull_request_id}',
                  controller='pullrequests',
                  action='update', conditions=dict(function=check_repo,
                                                 method=["PUT"]))
     rmap.connect('pullrequest_delete',
                  '/{repo_name:.*?}/pull-request/{pull_request_id}',
                  controller='pullrequests',
                  action='delete', conditions=dict(function=check_repo,
                                                 method=["DELETE"]))
     rmap.connect('pullrequest_show_all',
                  '/{repo_name:.*?}/pull-request',
                  controller='pullrequests',
                  action='show_all', conditions=dict(function=check_repo,
                                                 method=["GET"]))
     rmap.connect('pullrequest_comment',
                  '/{repo_name:.*?}/pull-request-comment/{pull_request_id}',
                  controller='pullrequests',
                  action='comment', conditions=dict(function=check_repo,
                                                 method=["POST"]))
     rmap.connect('pullrequest_comment_delete',
                  '/{repo_name:.*?}/pull-request-comment/{comment_id}/delete',
                 controller='pullrequests', action='delete_comment',
                 conditions=dict(function=check_repo, method=["DELETE"]))
     rmap.connect('summary_home_summary', '/{repo_name:.*?}/summary',
                 controller='summary', conditions=dict(function=check_repo))
     rmap.connect('shortlog_home', '/{repo_name:.*?}/shortlog',
                 controller='shortlog', conditions=dict(function=check_repo))
     rmap.connect('shortlog_file_home', '/{repo_name:.*?}/shortlog/{revision}/{f_path:.*}',
                 controller='shortlog', f_path=None,
                 conditions=dict(function=check_repo))
     rmap.connect('branches_home', '/{repo_name:.*?}/branches',
                 controller='branches', conditions=dict(function=check_repo))
     rmap.connect('tags_home', '/{repo_name:.*?}/tags',
                 controller='tags', conditions=dict(function=check_repo))
     rmap.connect('bookmarks_home', '/{repo_name:.*?}/bookmarks',
                 controller='bookmarks', conditions=dict(function=check_repo))
     rmap.connect('changelog_home', '/{repo_name:.*?}/changelog',
                 controller='changelog', conditions=dict(function=check_repo))
     rmap.connect('changelog_details', '/{repo_name:.*?}/changelog_details/{cs}',
                 controller='changelog', action='changelog_details',
                 conditions=dict(function=check_repo))
     rmap.connect('files_home', '/{repo_name:.*?}/files/{revision}/{f_path:.*}',
                 controller='files', revision='tip', f_path='',
                 conditions=dict(function=check_repo))
     rmap.connect('files_home_nopath', '/{repo_name:.*?}/files/{revision}',
                 controller='files', revision='tip', f_path='',
                 conditions=dict(function=check_repo))
     rmap.connect('files_history_home',
                  '/{repo_name:.*?}/history/{revision}/{f_path:.*}',
                  controller='files', action='history', revision='tip', f_path='',
                  conditions=dict(function=check_repo))
     rmap.connect('files_diff_home', '/{repo_name:.*?}/diff/{f_path:.*}',
                 controller='files', action='diff', revision='tip', f_path='',
                 conditions=dict(function=check_repo))
     rmap.connect('files_rawfile_home',
                  '/{repo_name:.*?}/rawfile/{revision}/{f_path:.*}',
                  controller='files', action='rawfile', revision='tip',
                  f_path='', conditions=dict(function=check_repo))
     rmap.connect('files_raw_home',
                  '/{repo_name:.*?}/raw/{revision}/{f_path:.*}',
                  controller='files', action='raw', revision='tip', f_path='',
                  conditions=dict(function=check_repo))
     rmap.connect('files_annotate_home',
                  '/{repo_name:.*?}/annotate/{revision}/{f_path:.*}',
                  controller='files', action='index', revision='tip',
                  f_path='', annotate=True, conditions=dict(function=check_repo))
     rmap.connect('files_edit_home',
                  '/{repo_name:.*?}/edit/{revision}/{f_path:.*}',
                  controller='files', action='edit', revision='tip',
                  f_path='', conditions=dict(function=check_repo))
     rmap.connect('files_add_home',
                  '/{repo_name:.*?}/add/{revision}/{f_path:.*}',
                  controller='files', action='add', revision='tip',
                  f_path='', conditions=dict(function=check_repo))
     rmap.connect('files_archive_home', '/{repo_name:.*?}/archive/{fname}',
                 controller='files', action='archivefile',
                 conditions=dict(function=check_repo))
     rmap.connect('files_nodelist_home',
                  '/{repo_name:.*?}/nodelist/{revision}/{f_path:.*}',
                 controller='files', action='nodelist',
                 conditions=dict(function=check_repo))
     rmap.connect('repo_fork_create_home', '/{repo_name:.*?}/fork',
                 controller='forks', action='fork_create',
                 conditions=dict(function=check_repo, method=["POST"]))
     rmap.connect('repo_fork_home', '/{repo_name:.*?}/fork',
                 controller='forks', action='fork',
                 conditions=dict(function=check_repo))
     rmap.connect('repo_forks_home', '/{repo_name:.*?}/forks',
                  controller='forks', action='forks',
                  conditions=dict(function=check_repo))
     rmap.connect('repo_followers_home', '/{repo_name:.*?}/followers',
                  controller='followers', action='followers',
                  conditions=dict(function=check_repo))
     return rmap

rhodecode/controllers/admin/repos.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.admin.repos
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Repositories controller for RhodeCode
     :created_on: Apr 7, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import traceback
 import formencode
 from formencode import htmlfill
 from webob.exc import HTTPInternalServerError, HTTPForbidden
 from pylons import request, session, tmpl_context as c, url
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 from sqlalchemy.exc import IntegrityError
 import rhodecode
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasPermissionAnyDecorator, HasRepoPermissionAllDecorator, NotAnonymous,\
     HasPermissionAny, HasReposGroupPermissionAny, HasRepoPermissionAnyDecorator
 from rhodecode.lib.base import BaseRepoController, render
 from rhodecode.lib.utils import action_logger, repo_name_slug
 from rhodecode.lib.helpers import get_token
 from rhodecode.model.meta import Session
 from rhodecode.model.db import User, Repository, UserFollowing, RepoGroup,\
     RhodeCodeSetting, RepositoryField
 from rhodecode.model.forms import RepoForm, RepoFieldForm, RepoPermsForm
-from rhodecode.model.scm import ScmModel, GroupList
+from rhodecode.model.scm import ScmModel, RepoGroupList
 from rhodecode.model.repo import RepoModel
 from rhodecode.lib.compat import json
 from sqlalchemy.sql.expression import func
 from rhodecode.lib.exceptions import AttachedForksError
 log = logging.getLogger(__name__)
 class ReposController(BaseRepoController):
     """
     REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('repo', 'repos')
     @LoginRequired()
     def __before__(self):
         super(ReposController, self).__before__()
     def __load_defaults(self):
-        acl_groups = GroupList(RepoGroup.query().all(),
+        acl_groups = RepoGroupList(RepoGroup.query().all(),
                                perm_set=['group.write', 'group.admin'])
         c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
         c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
         repo_model = RepoModel()
         c.users_array = repo_model.get_users_js()
         c.users_groups_array = repo_model.get_users_groups_js()
         choices, c.landing_revs = ScmModel().get_repo_landing_revs()
         c.landing_revs_choices = choices
     def __load_data(self, repo_name=None):
         """
         Load defaults settings for edit, and update
         :param repo_name:
         """
         self.__load_defaults()
         c.repo_info = db_repo = Repository.get_by_repo_name(repo_name)
         repo = db_repo.scm_instance
         if c.repo_info is None:
             h.not_mapped_error(repo_name)
             return redirect(url('repos'))
         ##override defaults for exact repo info here git/hg etc
         choices, c.landing_revs = ScmModel().get_repo_landing_revs(c.repo_info)
         c.landing_revs_choices = choices
         c.default_user_id = User.get_by_username('default').user_id
         c.in_public_journal = UserFollowing.query()\
             .filter(UserFollowing.user_id == c.default_user_id)\
             .filter(UserFollowing.follows_repository == c.repo_info).scalar()
         if c.repo_info.stats:
             # this is on what revision we ended up so we add +1 for count
             last_rev = c.repo_info.stats.stat_on_revision + 1
         else:
             last_rev = 0
         c.stats_revision = last_rev
         c.repo_last_rev = repo.count() if repo.revisions else 0
         if last_rev == 0 or c.repo_last_rev == 0:
             c.stats_percentage = 0
         else:
             c.stats_percentage = '%.2f' % ((float((last_rev)) /
                                             c.repo_last_rev) * 100)
         c.repo_fields = RepositoryField.query()\
             .filter(RepositoryField.repository == db_repo).all()
         defaults = RepoModel()._get_defaults(repo_name)
         c.repos_list = [('', _('--REMOVE FORK--'))]
         c.repos_list += [(x.repo_id, x.repo_name) for x in
                     Repository.query().order_by(Repository.repo_name).all()
                     if x.repo_id != c.repo_info.repo_id]
         defaults['id_fork_of'] = db_repo.fork.repo_id if db_repo.fork else ''
         return defaults
     @HasPermissionAllDecorator('hg.admin')
     def index(self, format='html'):
         """GET /repos: All items in the collection"""
         # url('repos')
         c.repos_list = Repository.query()\
                         .order_by(func.lower(Repository.repo_name))\
                         .all()
         repos_data = RepoModel().get_repos_as_dict(repos_list=c.repos_list,
                                                    admin=True,
                                                    super_user_actions=True)
         #json used to render the grid
         c.data = json.dumps(repos_data)
         return render('admin/repos/repos.html')
     @NotAnonymous()
     def create(self):
         """
         POST /repos: Create a new item"""
         # url('repos')
         self.__load_defaults()
         form_result = {}
         try:
             form_result = RepoForm(repo_groups=c.repo_groups_choices,
                                    landing_revs=c.landing_revs_choices)()\
                             .to_python(dict(request.POST))
             new_repo = RepoModel().create(form_result,
                                           self.rhodecode_user.user_id)
             if form_result['clone_uri']:
                 h.flash(_('Created repository %s from %s') \
                     % (form_result['repo_name'], form_result['clone_uri']),
                     category='success')
             else:
                 repo_url = h.link_to(form_result['repo_name'],
                     h.url('summary_home', repo_name=form_result['repo_name_full']))
                 h.flash(h.literal(_('Created repository %s') % repo_url),
                         category='success')
             if request.POST.get('user_created'):
                 # created by regular non admin user
                 action_logger(self.rhodecode_user, 'user_created_repo',
                               form_result['repo_name_full'], self.ip_addr,
                               self.sa)
             else:
                 action_logger(self.rhodecode_user, 'admin_created_repo',
                               form_result['repo_name_full'], self.ip_addr,
                               self.sa)
             Session().commit()
         except formencode.Invalid, errors:
             return htmlfill.render(
                 render('admin/repos/repo_add.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             msg = _('Error creating repository %s') \
                     % form_result.get('repo_name')
             h.flash(msg, category='error')
             if c.rhodecode_user.is_admin:
                 return redirect(url('repos'))
             return redirect(url('home'))
         #redirect to our new repo !
         return redirect(url('summary_home', repo_name=new_repo.repo_name))
     @NotAnonymous()
     def create_repository(self):
         """GET /_admin/create_repository: Form to create a new item"""
         new_repo = request.GET.get('repo', '')
         parent_group = request.GET.get('parent_group')
         if not HasPermissionAny('hg.admin', 'hg.create.repository')():
             #you're not super admin nor have global create permissions,
             #but maybe you have at least write permission to a parent group ?
             _gr = RepoGroup.get(parent_group)
             gr_name = _gr.group_name if _gr else None
             if not HasReposGroupPermissionAny('group.admin', 'group.write')(group_name=gr_name):
                 raise HTTPForbidden
-        acl_groups = GroupList(RepoGroup.query().all(),
+        acl_groups = RepoGroupList(RepoGroup.query().all(),
                                perm_set=['group.write', 'group.admin'])
         c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
         c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
         choices, c.landing_revs = ScmModel().get_repo_landing_revs()
         c.new_repo = repo_name_slug(new_repo)
         ## apply the defaults from defaults page
         defaults = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True)
         if parent_group:
             defaults.update({'repo_group': parent_group})
         return htmlfill.render(
             render('admin/repos/repo_add.html'),
             defaults=defaults,
             errors={},
             prefix_error=False,
             encoding="UTF-8"
+        )
     @HasRepoPermissionAllDecorator('repository.admin')
     def update(self, repo_name):
         """
         PUT /repos/repo_name: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('repo', repo_name=ID),
         #           method='put')
         # url('repo', repo_name=ID)
         self.__load_defaults()
         repo_model = RepoModel()
         changed_name = repo_name
         #override the choices with extracted revisions !
         choices, c.landing_revs = ScmModel().get_repo_landing_revs(repo_name)
         c.landing_revs_choices = choices
         repo = Repository.get_by_repo_name(repo_name)
         _form = RepoForm(edit=True, old_data={'repo_name': repo_name,
                                               'repo_group': repo.group.get_dict() \
                                               if repo.group else {}},
                          repo_groups=c.repo_groups_choices,
                          landing_revs=c.landing_revs_choices)()
         try:
             form_result = _form.to_python(dict(request.POST))
             repo = repo_model.update(repo_name, **form_result)
             ScmModel().mark_for_invalidation(repo_name)
             h.flash(_('Repository %s updated successfully') % repo_name,
                     category='success')
             changed_name = repo.repo_name
             action_logger(self.rhodecode_user, 'admin_updated_repo',
                               changed_name, self.ip_addr, self.sa)
             Session().commit()
         except formencode.Invalid, errors:
             defaults = self.__load_data(repo_name)
             defaults.update(errors.value)
             return htmlfill.render(
                 render('admin/repos/repo_edit.html'),
                 defaults=defaults,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('Error occurred during update of repository %s') \
                     % repo_name, category='error')
         return redirect(url('edit_repo', repo_name=changed_name))
     @HasRepoPermissionAllDecorator('repository.admin')
     def delete(self, repo_name):
         """
         DELETE /repos/repo_name: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('repo', repo_name=ID),
         #           method='delete')
         # url('repo', repo_name=ID)
         repo_model = RepoModel()
         repo = repo_model.get_by_repo_name(repo_name)
         if not repo:
             h.not_mapped_error(repo_name)
             return redirect(url('repos'))
         try:
             _forks = repo.forks.count()
             handle_forks = None
             if _forks and request.POST.get('forks'):
                 do = request.POST['forks']
                 if do == 'detach_forks':
                     handle_forks = 'detach'
                     h.flash(_('Detached %s forks') % _forks, category='success')
                 elif do == 'delete_forks':
                     handle_forks = 'delete'
                     h.flash(_('Deleted %s forks') % _forks, category='success')
             repo_model.delete(repo, forks=handle_forks)
             action_logger(self.rhodecode_user, 'admin_deleted_repo',
                   repo_name, self.ip_addr, self.sa)
             ScmModel().mark_for_invalidation(repo_name)
             h.flash(_('Deleted repository %s') % repo_name, category='success')
             Session().commit()
         except AttachedForksError:
             h.flash(_('Cannot delete %s it still contains attached forks')
                         % repo_name, category='warning')
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of %s') % repo_name,
                     category='error')
         return redirect(url('repos'))
     @HasRepoPermissionAllDecorator('repository.admin')
     def set_repo_perm_member(self, repo_name):
         form = RepoPermsForm()().to_python(request.POST)
         perms_new = form['perms_new']
         perms_updates = form['perms_updates']
         cur_repo = repo_name
         # update permissions
         for member, perm, member_type in perms_updates:
             if member_type == 'user':
                 # this updates existing one
                 RepoModel().grant_user_permission(
                     repo=cur_repo, user=member, perm=perm
+                )
             else:
                 RepoModel().grant_users_group_permission(
                     repo=cur_repo, group_name=member, perm=perm
+                )
         # set new permissions
         for member, perm, member_type in perms_new:
             if member_type == 'user':
                 RepoModel().grant_user_permission(
                     repo=cur_repo, user=member, perm=perm
+                )
             else:
                 RepoModel().grant_users_group_permission(
                     repo=cur_repo, group_name=member, perm=perm
+                )
         RepoModel()._update_permissions(repo_name, form['perms_new'],
                                         form['perms_updates'])
         #TODO: implement this
         #action_logger(self.rhodecode_user, 'admin_changed_repo_permissions',
         #              repo_name, self.ip_addr, self.sa)
         Session().commit()
         h.flash(_('Repository permissions updated'), category='success')
         return redirect(url('edit_repo', repo_name=repo_name))
     @HasRepoPermissionAllDecorator('repository.admin')
     def delete_perm_user(self, repo_name):
         """
         DELETE an existing repository permission user
         :param repo_name:
         """
         try:
             RepoModel().revoke_user_permission(repo=repo_name,
                                                user=request.POST['user_id'])
             #TODO: implement this
             #action_logger(self.rhodecode_user, 'admin_revoked_repo_permissions',
             #              repo_name, self.ip_addr, self.sa)
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of repository user'),
                     category='error')
             raise HTTPInternalServerError()
     @HasRepoPermissionAllDecorator('repository.admin')
     def delete_perm_users_group(self, repo_name):
         """
         DELETE an existing repository permission user group
         :param repo_name:
         """
         try:
             RepoModel().revoke_users_group_permission(
                 repo=repo_name, group_name=request.POST['users_group_id']
+            )
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of repository'
                       ' user groups'),
                     category='error')
             raise HTTPInternalServerError()
     @HasRepoPermissionAllDecorator('repository.admin')
     def repo_stats(self, repo_name):
         """
         DELETE an existing repository statistics
         :param repo_name:
         """
         try:
             RepoModel().delete_stats(repo_name)
             Session().commit()
         except Exception, e:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of repository stats'),
                     category='error')
         return redirect(url('edit_repo', repo_name=repo_name))
     @HasRepoPermissionAllDecorator('repository.admin')
     def repo_cache(self, repo_name):
         """
         INVALIDATE existing repository cache
         :param repo_name:
         """
         try:
             ScmModel().mark_for_invalidation(repo_name)
             Session().commit()
         except Exception, e:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during cache invalidation'),
                     category='error')
         return redirect(url('edit_repo', repo_name=repo_name))
     @HasRepoPermissionAllDecorator('repository.admin')
     def repo_locking(self, repo_name):
         """
         Unlock repository when it is locked !
         :param repo_name:
         """
         try:
             repo = Repository.get_by_repo_name(repo_name)
             if request.POST.get('set_lock'):
                 Repository.lock(repo, c.rhodecode_user.user_id)
             elif request.POST.get('set_unlock'):
                 Repository.unlock(repo)
         except Exception, e:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during unlocking'),
                     category='error')
         return redirect(url('edit_repo', repo_name=repo_name))
     @HasRepoPermissionAnyDecorator('repository.write', 'repository.admin')
     def toggle_locking(self, repo_name):
         """
         Toggle locking of repository by simple GET call to url
         :param repo_name:
         """
         try:
             repo = Repository.get_by_repo_name(repo_name)
             if repo.enable_locking:
                 if repo.locked[0]:
                     Repository.unlock(repo)
                     action = _('Unlocked')
                 else:
                     Repository.lock(repo, c.rhodecode_user.user_id)
                     action = _('Locked')
                 h.flash(_('Repository has been %s') % action,
                         category='success')
         except Exception, e:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during unlocking'),
                     category='error')
         return redirect(url('summary_home', repo_name=repo_name))
     @HasRepoPermissionAllDecorator('repository.admin')
     def repo_public_journal(self, repo_name):
         """
         Set's this repository to be visible in public journal,
         in other words assing default user to follow this repo
         :param repo_name:
         """
         cur_token = request.POST.get('auth_token')
         token = get_token()
         if cur_token == token:
             try:
                 repo_id = Repository.get_by_repo_name(repo_name).repo_id
                 user_id = User.get_by_username('default').user_id
                 self.scm_model.toggle_following_repo(repo_id, user_id)
                 h.flash(_('Updated repository visibility in public journal'),
                         category='success')
                 Session().commit()
             except Exception:
                 h.flash(_('An error occurred during setting this'
                           ' repository in public journal'),
                         category='error')
         else:
             h.flash(_('Token mismatch'), category='error')
         return redirect(url('edit_repo', repo_name=repo_name))
     @HasRepoPermissionAllDecorator('repository.admin')
     def repo_pull(self, repo_name):
         """
         Runs task to update given repository with remote changes,
         ie. make pull on remote location
         :param repo_name:
         """
         try:
             ScmModel().pull_changes(repo_name, self.rhodecode_user.username)
             h.flash(_('Pulled from remote location'), category='success')
         except Exception, e:
             h.flash(_('An error occurred during pull from remote location'),
                     category='error')
         return redirect(url('edit_repo', repo_name=repo_name))
     @HasRepoPermissionAllDecorator('repository.admin')
     def repo_as_fork(self, repo_name):
         """
         Mark given repository as a fork of another
         :param repo_name:
         """
         try:
             fork_id = request.POST.get('id_fork_of')
             repo = ScmModel().mark_as_fork(repo_name, fork_id,
                                     self.rhodecode_user.username)
             fork = repo.fork.repo_name if repo.fork else _('Nothing')
             Session().commit()
             h.flash(_('Marked repo %s as fork of %s') % (repo_name, fork),
                     category='success')
         except Exception, e:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during this operation'),
                     category='error')
         return redirect(url('edit_repo', repo_name=repo_name))
     @HasPermissionAllDecorator('hg.admin')
     def show(self, repo_name, format='html'):
         """GET /repos/repo_name: Show a specific item"""
         # url('repo', repo_name=ID)
     @HasRepoPermissionAllDecorator('repository.admin')
     def edit(self, repo_name, format='html'):
         """GET /repos/repo_name/edit: Form to edit an existing item"""
         # url('edit_repo', repo_name=ID)
         defaults = self.__load_data(repo_name)
         return htmlfill.render(
             render('admin/repos/repo_edit.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )
     @HasPermissionAllDecorator('hg.admin')
     def create_repo_field(self, repo_name):
         try:
             form_result = RepoFieldForm()().to_python(dict(request.POST))
             new_field = RepositoryField()
             new_field.repository = Repository.get_by_repo_name(repo_name)
             new_field.field_key = form_result['new_field_key']
             new_field.field_type = form_result['new_field_type']  # python type
             new_field.field_value = form_result['new_field_value']  # set initial blank value
             new_field.field_desc = form_result['new_field_desc']
             new_field.field_label = form_result['new_field_label']
             Session().add(new_field)
             Session().commit()
         except Exception, e:
             log.error(traceback.format_exc())
             msg = _('An error occurred during creation of field')
             if isinstance(e, formencode.Invalid):
                 msg += ". " + e.msg
             h.flash(msg, category='error')
         return redirect(url('edit_repo', repo_name=repo_name))
     @HasPermissionAllDecorator('hg.admin')
     def delete_repo_field(self, repo_name, field_id):
         field = RepositoryField.get_or_404(field_id)
         try:
             Session().delete(field)
             Session().commit()
         except Exception, e:
             log.error(traceback.format_exc())
             msg = _('An error occurred during removal of field')
             h.flash(msg, category='error')
         return redirect(url('edit_repo', repo_name=repo_name))

rhodecode/controllers/admin/repos_groups.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.admin.repos_groups
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Repository groups controller for RhodeCode
     :created_on: Mar 23, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import traceback
 import formencode
 from formencode import htmlfill
 from pylons import request, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from sqlalchemy.exc import IntegrityError
 import rhodecode
 from rhodecode.lib import helpers as h
 from rhodecode.lib.compat import json
 from rhodecode.lib.auth import LoginRequired, HasPermissionAnyDecorator,\
     HasReposGroupPermissionAnyDecorator, HasReposGroupPermissionAll,\
     HasPermissionAll
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.db import RepoGroup, Repository
 from rhodecode.model.scm import RepoGroupList
 from rhodecode.model.repos_group import ReposGroupModel
 from rhodecode.model.forms import ReposGroupForm
+from rhodecode.model.forms import ReposGroupForm, RepoGroupPermsForm
 from rhodecode.model.meta import Session
 from rhodecode.model.repo import RepoModel
 from webob.exc import HTTPInternalServerError, HTTPNotFound
 from rhodecode.lib.utils2 import str2bool, safe_int
 from sqlalchemy.sql.expression import func
-from rhodecode.model.scm import GroupList
 log = logging.getLogger(__name__)
 class ReposGroupsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('repos_group', 'repos_groups')
     @LoginRequired()
     def __before__(self):
         super(ReposGroupsController, self).__before__()
     def __load_defaults(self, allow_empty_group=False, exclude_group_ids=[]):
         if HasPermissionAll('hg.admin')('group edit'):
             #we're global admin, we're ok and we can create TOP level groups
             allow_empty_group = True
         #override the choices for this form, we need to filter choices
         #and display only those we have ADMIN right
-        groups_with_admin_rights = GroupList(RepoGroup.query().all(),
+        groups_with_admin_rights = RepoGroupList(RepoGroup.query().all(),
                                              perm_set=['group.admin'])
         c.repo_groups = RepoGroup.groups_choices(groups=groups_with_admin_rights,
                                                  show_empty_group=allow_empty_group)
         # exclude filtered ids
         c.repo_groups = filter(lambda x: x[0] not in exclude_group_ids,
                                c.repo_groups)
         c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
         repo_model = RepoModel()
         c.users_array = repo_model.get_users_js()
         c.users_groups_array = repo_model.get_users_groups_js()
     def __load_data(self, group_id):
         """
         Load defaults settings for edit, and update
         :param group_id:
         """
         repo_group = RepoGroup.get_or_404(group_id)
         data = repo_group.get_dict()
         data['group_name'] = repo_group.name
         # fill repository users
+        # fill repository group users
         for p in repo_group.repo_group_to_perm:
             data.update({'u_perm_%s' % p.user.username:
                              p.permission.permission_name})
         # fill repository groups
+        # fill repository group groups
         for p in repo_group.users_group_to_perm:
             data.update({'g_perm_%s' % p.users_group.users_group_name:
                              p.permission.permission_name})
         return data
     def _revoke_perms_on_yourself(self, form_result):
         _up = filter(lambda u: c.rhodecode_user.username == u[0],
                      form_result['perms_updates'])
         _new = filter(lambda u: c.rhodecode_user.username == u[0],
                       form_result['perms_new'])
         if _new and _new[0][1] != 'group.admin' or _up and _up[0][1] != 'group.admin':
             return True
         return False
     def index(self, format='html'):
         """GET /repos_groups: All items in the collection"""
         # url('repos_groups')
         group_iter = GroupList(RepoGroup.query().all(), perm_set=['group.admin'])
         group_iter = RepoGroupList(RepoGroup.query().all(),
                                    perm_set=['group.admin'])
         sk = lambda g: g.parents[0].group_name if g.parents else g.group_name
         c.groups = sorted(group_iter, key=sk)
         return render('admin/repos_groups/repos_groups_show.html')
     def create(self):
         """POST /repos_groups: Create a new item"""
         # url('repos_groups')
         self.__load_defaults()
         # permissions for can create group based on parent_id are checked
         # here in the Form
         repos_group_form = ReposGroupForm(available_groups=
                                 map(lambda k: unicode(k[0]), c.repo_groups))()
         try:
             form_result = repos_group_form.to_python(dict(request.POST))
             ReposGroupModel().create(
                     group_name=form_result['group_name'],
                     group_description=form_result['group_description'],
                     parent=form_result['group_parent_id'],
                     owner=self.rhodecode_user.user_id
+            )
             Session().commit()
             h.flash(_('Created repository group %s') \
                     % form_result['group_name'], category='success')
             #TODO: in futureaction_logger(, '', '', '', self.sa)
         except formencode.Invalid, errors:
             return htmlfill.render(
                 render('admin/repos_groups/repos_groups_add.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('Error occurred during creation of repository group %s') \
                     % request.POST.get('group_name'), category='error')
         parent_group_id = form_result['group_parent_id']
         #TODO: maybe we should get back to the main view, not the admin one
         return redirect(url('repos_groups', parent_group=parent_group_id))
     def new(self, format='html'):
         """GET /repos_groups/new: Form to create a new item"""
         # url('new_repos_group')
         if HasPermissionAll('hg.admin')('group create'):
             #we're global admin, we're ok and we can create TOP level groups
             pass
         else:
             # we pass in parent group into creation form, thus we know
             # what would be the group, we can check perms here !
             group_id = safe_int(request.GET.get('parent_group'))
             group = RepoGroup.get(group_id) if group_id else None
             group_name = group.group_name if group else None
             if HasReposGroupPermissionAll('group.admin')(group_name, 'group create'):
                 pass
             else:
                 return abort(403)
         self.__load_defaults()
         return render('admin/repos_groups/repos_groups_add.html')
     @HasReposGroupPermissionAnyDecorator('group.admin')
     def update(self, group_name):
         """PUT /repos_groups/group_name: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('repos_group', group_name=GROUP_NAME),
         #           method='put')
         # url('repos_group', group_name=GROUP_NAME)
-        c.repos_group = ReposGroupModel()._get_repos_group(group_name)
+        c.repos_group = ReposGroupModel()._get_repo_group(group_name)
         if HasPermissionAll('hg.admin')('group edit'):
             #we're global admin, we're ok and we can create TOP level groups
             allow_empty_group = True
         elif not c.repos_group.parent_group:
             allow_empty_group = True
         else:
             allow_empty_group = False
         self.__load_defaults(allow_empty_group=allow_empty_group,
                              exclude_group_ids=[c.repos_group.group_id])
         repos_group_form = ReposGroupForm(
             edit=True,
             old_data=c.repos_group.get_dict(),
             available_groups=c.repo_groups_choices,
             can_create_in_root=allow_empty_group,
         )()
         try:
             form_result = repos_group_form.to_python(dict(request.POST))
             if not c.rhodecode_user.is_admin:
                 if self._revoke_perms_on_yourself(form_result):
                     msg = _('Cannot revoke permission for yourself as admin')
                     h.flash(msg, category='warning')
                     raise Exception('revoke admin permission on self')
             new_gr = ReposGroupModel().update(group_name, form_result)
             Session().commit()
             h.flash(_('Updated repository group %s') \
                     % form_result['group_name'], category='success')
             # we now have new name !
             group_name = new_gr.group_name
             #TODO: in future action_logger(, '', '', '', self.sa)
         except formencode.Invalid, errors:
             return htmlfill.render(
                 render('admin/repos_groups/repos_groups_edit.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('Error occurred during update of repository group %s') \
                     % request.POST.get('group_name'), category='error')
         return redirect(url('edit_repos_group', group_name=group_name))
     @HasReposGroupPermissionAnyDecorator('group.admin')
     def delete(self, group_name):
         """DELETE /repos_groups/group_name: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('repos_group', group_name=GROUP_NAME),
         #           method='delete')
         # url('repos_group', group_name=GROUP_NAME)
-        gr = c.repos_group = ReposGroupModel()._get_repos_group(group_name)
+        gr = c.repos_group = ReposGroupModel()._get_repo_group(group_name)
         repos = gr.repositories.all()
         if repos:
             h.flash(_('This group contains %s repositores and cannot be '
                       'deleted') % len(repos), category='warning')
             return redirect(url('repos_groups'))
         children = gr.children.all()
         if children:
             h.flash(_('This group contains %s subgroups and cannot be deleted'
                       % (len(children))), category='warning')
             return redirect(url('repos_groups'))
         try:
             ReposGroupModel().delete(group_name)
             Session().commit()
             h.flash(_('Removed repository group %s') % group_name,
                     category='success')
             #TODO: in future action_logger(, '', '', '', self.sa)
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('Error occurred during deletion of repos '
                       'group %s') % group_name, category='error')
         return redirect(url('repos_groups'))
     @HasReposGroupPermissionAnyDecorator('group.admin')
     def set_repo_group_perm_member(self, group_name):
         c.repos_group = ReposGroupModel()._get_repo_group(group_name)
         form = RepoGroupPermsForm()().to_python(request.POST)
         recursive = form['recursive']
         # iterate over all members(if in recursive mode) of this groups and
         # set the permissions !
         # this can be potentially heavy operation
         ReposGroupModel()._update_permissions(c.repos_group, form['perms_new'],
                                               form['perms_updates'], recursive)
         #TODO: implement this
         #action_logger(self.rhodecode_user, 'admin_changed_repo_permissions',
         #              repo_name, self.ip_addr, self.sa)
         Session().commit()
         h.flash(_('Repository Group permissions updated'), category='success')
         return redirect(url('edit_repos_group', group_name=group_name))
     @HasReposGroupPermissionAnyDecorator('group.admin')
     def delete_repos_group_user_perm(self, group_name):
         """
         DELETE an existing repository group permission user
         :param group_name:
         """
         try:
             if not c.rhodecode_user.is_admin:
                 if c.rhodecode_user.user_id == safe_int(request.POST['user_id']):
                     msg = _('Cannot revoke permission for yourself as admin')
                     h.flash(msg, category='warning')
                     raise Exception('revoke admin permission on self')
             recursive = str2bool(request.POST.get('recursive', False))
             ReposGroupModel().delete_permission(
                 repos_group=group_name, obj=request.POST['user_id'],
                 obj_type='user', recursive=recursive
+            )
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of group user'),
                     category='error')
             raise HTTPInternalServerError()
     @HasReposGroupPermissionAnyDecorator('group.admin')
     def delete_repos_group_users_group_perm(self, group_name):
         """
         DELETE an existing repository group permission user group
         :param group_name:
         """
         try:
             recursive = str2bool(request.POST.get('recursive', False))
             ReposGroupModel().delete_permission(
                 repos_group=group_name, obj=request.POST['users_group_id'],
                 obj_type='users_group', recursive=recursive
+            )
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of group'
                       ' user groups'),
                     category='error')
             raise HTTPInternalServerError()
     def show_by_name(self, group_name):
         """
         This is a proxy that does a lookup group_name -> id, and shows
         the group by id view instead
         """
         group_name = group_name.rstrip('/')
         id_ = RepoGroup.get_by_group_name(group_name)
         if id_:
             return self.show(id_.group_id)
         raise HTTPNotFound
     @HasReposGroupPermissionAnyDecorator('group.read', 'group.write',
                                          'group.admin')
     def show(self, group_name, format='html'):
         """GET /repos_groups/group_name: Show a specific item"""
         # url('repos_group', group_name=GROUP_NAME)
-        c.group = c.repos_group = ReposGroupModel()._get_repos_group(group_name)
+        c.group = c.repos_group = ReposGroupModel()._get_repo_group(group_name)
         c.group_repos = c.group.repositories.all()
         #overwrite our cached list with current filter
         gr_filter = c.group_repos
         c.repo_cnt = 0
         groups = RepoGroup.query().order_by(RepoGroup.group_name)\
             .filter(RepoGroup.group_parent_id == c.group.group_id).all()
         c.groups = self.scm_model.get_repos_groups(groups)
         if not c.visual.lightweight_dashboard:
             c.repos_list = self.scm_model.get_repos(all_repos=gr_filter)
         ## lightweight version of dashboard
         else:
             c.repos_list = Repository.query()\
                             .filter(Repository.group_id == c.group.group_id)\
                             .order_by(func.lower(Repository.repo_name))\
                             .all()
             repos_data = RepoModel().get_repos_as_dict(repos_list=c.repos_list,
                                                        admin=False)
             #json used to render the grid
             c.data = json.dumps(repos_data)
         return render('admin/repos_groups/repos_groups.html')
     @HasReposGroupPermissionAnyDecorator('group.admin')
     def edit(self, group_name, format='html'):
         """GET /repos_groups/group_name/edit: Form to edit an existing item"""
         # url('edit_repos_group', group_name=GROUP_NAME)
-        c.repos_group = ReposGroupModel()._get_repos_group(group_name)
+        c.repos_group = ReposGroupModel()._get_repo_group(group_name)
         #we can only allow moving empty group if it's already a top-level
         #group, ie has no parents, or we're admin
         if HasPermissionAll('hg.admin')('group edit'):
             #we're global admin, we're ok and we can create TOP level groups
             allow_empty_group = True
         elif not c.repos_group.parent_group:
             allow_empty_group = True
         else:
             allow_empty_group = False
         self.__load_defaults(allow_empty_group=allow_empty_group,
                              exclude_group_ids=[c.repos_group.group_id])
         defaults = self.__load_data(c.repos_group.group_id)
         return htmlfill.render(
             render('admin/repos_groups/repos_groups_edit.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )

rhodecode/controllers/admin/settings.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.admin.settings
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     settings controller for rhodecode admin
     :created_on: Jul 14, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import traceback
 import formencode
 import pkg_resources
 import platform
 from sqlalchemy import func
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url, config
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasPermissionAnyDecorator, NotAnonymous, HasPermissionAny,\
     HasReposGroupPermissionAll, HasReposGroupPermissionAny, AuthUser
 from rhodecode.lib.base import BaseController, render
 from rhodecode.lib.celerylib import tasks, run_task
 from rhodecode.lib.utils import repo2db_mapper, set_rhodecode_config, \
     check_git_version
 from rhodecode.model.db import RhodeCodeUi, Repository, RepoGroup, \
     RhodeCodeSetting, PullRequest, PullRequestReviewers
 from rhodecode.model.forms import UserForm, ApplicationSettingsForm, \
     ApplicationUiSettingsForm, ApplicationVisualisationForm
-from rhodecode.model.scm import ScmModel, GroupList
+from rhodecode.model.scm import ScmModel, RepoGroupList
 from rhodecode.model.user import UserModel
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.db import User
 from rhodecode.model.notification import EmailNotificationModel
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils2 import str2bool, safe_unicode
 from rhodecode.lib.compat import json
 log = logging.getLogger(__name__)
 class SettingsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('setting', 'settings', controller='admin/settings',
     #         path_prefix='/admin', name_prefix='admin_')
     @LoginRequired()
     def __before__(self):
         super(SettingsController, self).__before__()
         c.modules = sorted([(p.project_name, p.version)
                             for p in pkg_resources.working_set]
                            + [('git', check_git_version())],
                            key=lambda k: k[0].lower())
         c.py_version = platform.python_version()
         c.platform = platform.platform()
     @HasPermissionAllDecorator('hg.admin')
     def index(self, format='html'):
         """GET /admin/settings: All items in the collection"""
         # url('admin_settings')
         defaults = RhodeCodeSetting.get_app_settings()
         defaults.update(self._get_hg_ui_settings())
         return htmlfill.render(
             render('admin/settings/settings.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )
     @HasPermissionAllDecorator('hg.admin')
     def create(self):
         """POST /admin/settings: Create a new item"""
         # url('admin_settings')
     @HasPermissionAllDecorator('hg.admin')
     def new(self, format='html'):
         """GET /admin/settings/new: Form to create a new item"""
         # url('admin_new_setting')
     @HasPermissionAllDecorator('hg.admin')
     def update(self, setting_id):
         """PUT /admin/settings/setting_id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('admin_setting', setting_id=ID),
         #           method='put')
         # url('admin_setting', setting_id=ID)
         if setting_id == 'mapping':
             rm_obsolete = request.POST.get('destroy', False)
             log.debug('Rescanning directories with destroy=%s' % rm_obsolete)
             initial = ScmModel().repo_scan()
             log.debug('invalidating all repositories')
             for repo_name in initial.keys():
                 ScmModel().mark_for_invalidation(repo_name)
             added, removed = repo2db_mapper(initial, rm_obsolete)
             _repr = lambda l: ', '.join(map(safe_unicode, l)) or '-'
             h.flash(_('Repositories successfully '
                       'rescanned added: %s ; removed: %s') %
                     (_repr(added), _repr(removed)),
                     category='success')
         if setting_id == 'whoosh':
             repo_location = self._get_hg_ui_settings()['paths_root_path']
             full_index = request.POST.get('full_index', False)
             run_task(tasks.whoosh_index, repo_location, full_index)
             h.flash(_('Whoosh reindex task scheduled'), category='success')
         if setting_id == 'global':
             application_form = ApplicationSettingsForm()()
             try:
                 form_result = application_form.to_python(dict(request.POST))
             except formencode.Invalid, errors:
                 return htmlfill.render(
                      render('admin/settings/settings.html'),
                      defaults=errors.value,
                      errors=errors.error_dict or {},
                      prefix_error=False,
                      encoding="UTF-8"
+                )
             try:
                 sett1 = RhodeCodeSetting.get_by_name_or_create('title')
                 sett1.app_settings_value = form_result['rhodecode_title']
                 Session().add(sett1)
                 sett2 = RhodeCodeSetting.get_by_name_or_create('realm')
                 sett2.app_settings_value = form_result['rhodecode_realm']
                 Session().add(sett2)
                 sett3 = RhodeCodeSetting.get_by_name_or_create('ga_code')
                 sett3.app_settings_value = form_result['rhodecode_ga_code']
                 Session().add(sett3)
                 Session().commit()
                 set_rhodecode_config(config)
                 h.flash(_('Updated application settings'), category='success')
             except Exception:
                 log.error(traceback.format_exc())
                 h.flash(_('Error occurred during updating '
                           'application settings'),
                           category='error')
         if setting_id == 'visual':
             application_form = ApplicationVisualisationForm()()
             try:
                 form_result = application_form.to_python(dict(request.POST))
             except formencode.Invalid, errors:
                 return htmlfill.render(
                      render('admin/settings/settings.html'),
                      defaults=errors.value,
                      errors=errors.error_dict or {},
                      prefix_error=False,
                      encoding="UTF-8"
+                )
             try:
                 sett1 = RhodeCodeSetting.get_by_name_or_create('show_public_icon')
                 sett1.app_settings_value = \
                     form_result['rhodecode_show_public_icon']
                 Session().add(sett1)
                 sett2 = RhodeCodeSetting.get_by_name_or_create('show_private_icon')
                 sett2.app_settings_value = \
                     form_result['rhodecode_show_private_icon']
                 Session().add(sett2)
                 sett3 = RhodeCodeSetting.get_by_name_or_create('stylify_metatags')
                 sett3.app_settings_value = \
                     form_result['rhodecode_stylify_metatags']
                 Session().add(sett3)
                 sett4 = RhodeCodeSetting.get_by_name_or_create('lightweight_dashboard')
                 sett4.app_settings_value = \
                     form_result['rhodecode_lightweight_dashboard']
                 Session().add(sett4)
                 sett4 = RhodeCodeSetting.get_by_name_or_create('repository_fields')
                 sett4.app_settings_value = \
                     form_result['rhodecode_repository_fields']
                 Session().add(sett4)
                 Session().commit()
                 set_rhodecode_config(config)
                 h.flash(_('Updated visualisation settings'),
                         category='success')
             except Exception:
                 log.error(traceback.format_exc())
                 h.flash(_('Error occurred during updating '
                           'visualisation settings'),
                         category='error')
         if setting_id == 'vcs':
             application_form = ApplicationUiSettingsForm()()
             try:
                 form_result = application_form.to_python(dict(request.POST))
             except formencode.Invalid, errors:
                 return htmlfill.render(
                      render('admin/settings/settings.html'),
                      defaults=errors.value,
                      errors=errors.error_dict or {},
                      prefix_error=False,
                      encoding="UTF-8"
+                )
             try:
                 sett = RhodeCodeUi.get_by_key('push_ssl')
                 sett.ui_value = form_result['web_push_ssl']
                 Session().add(sett)
                 sett = RhodeCodeUi.get_by_key('/')
                 sett.ui_value = form_result['paths_root_path']
                 Session().add(sett)
                 #HOOKS
                 sett = RhodeCodeUi.get_by_key(RhodeCodeUi.HOOK_UPDATE)
                 sett.ui_active = form_result['hooks_changegroup_update']
                 Session().add(sett)
                 sett = RhodeCodeUi.get_by_key(RhodeCodeUi.HOOK_REPO_SIZE)
                 sett.ui_active = form_result['hooks_changegroup_repo_size']
                 Session().add(sett)
                 sett = RhodeCodeUi.get_by_key(RhodeCodeUi.HOOK_PUSH)
                 sett.ui_active = form_result['hooks_changegroup_push_logger']
                 Session().add(sett)
                 sett = RhodeCodeUi.get_by_key(RhodeCodeUi.HOOK_PULL)
                 sett.ui_active = form_result['hooks_outgoing_pull_logger']
                 Session().add(sett)
                 ## EXTENSIONS
                 sett = RhodeCodeUi.get_by_key('largefiles')
                 if not sett:
                     #make one if it's not there !
                     sett = RhodeCodeUi()
                     sett.ui_key = 'largefiles'
                     sett.ui_section = 'extensions'
                 sett.ui_active = form_result['extensions_largefiles']
                 Session().add(sett)
                 sett = RhodeCodeUi.get_by_key('hgsubversion')
                 if not sett:
                     #make one if it's not there !
                     sett = RhodeCodeUi()
                     sett.ui_key = 'hgsubversion'
                     sett.ui_section = 'extensions'
                 sett.ui_active = form_result['extensions_hgsubversion']
                 Session().add(sett)
 #                sett = RhodeCodeUi.get_by_key('hggit')
 #                if not sett:
 #                    #make one if it's not there !
 #                    sett = RhodeCodeUi()
 #                    sett.ui_key = 'hggit'
 #                    sett.ui_section = 'extensions'
+#
 #                sett.ui_active = form_result['extensions_hggit']
 #                Session().add(sett)
                 Session().commit()
                 h.flash(_('Updated VCS settings'), category='success')
             except Exception:
                 log.error(traceback.format_exc())
                 h.flash(_('Error occurred during updating '
                           'application settings'), category='error')
         if setting_id == 'hooks':
             ui_key = request.POST.get('new_hook_ui_key')
             ui_value = request.POST.get('new_hook_ui_value')
             try:
                 if ui_value and ui_key:
                     RhodeCodeUi.create_or_update_hook(ui_key, ui_value)
                     h.flash(_('Added new hook'),
                             category='success')
                 # check for edits
                 update = False
                 _d = request.POST.dict_of_lists()
                 for k, v in zip(_d.get('hook_ui_key', []),
                                 _d.get('hook_ui_value_new', [])):
                     RhodeCodeUi.create_or_update_hook(k, v)
                     update = True
                 if update:
                     h.flash(_('Updated hooks'), category='success')
                 Session().commit()
             except Exception:
                 log.error(traceback.format_exc())
                 h.flash(_('Error occurred during hook creation'),
                         category='error')
             return redirect(url('admin_edit_setting', setting_id='hooks'))
         if setting_id == 'email':
             test_email = request.POST.get('test_email')
             test_email_subj = 'RhodeCode TestEmail'
             test_email_body = 'RhodeCode Email test'
             test_email_html_body = EmailNotificationModel()\
                 .get_email_tmpl(EmailNotificationModel.TYPE_DEFAULT,
                                 body=test_email_body)
             recipients = [test_email] if test_email else None
             run_task(tasks.send_email, recipients, test_email_subj,
                      test_email_body, test_email_html_body)
             h.flash(_('Email task created'), category='success')
         return redirect(url('admin_settings'))
     @HasPermissionAllDecorator('hg.admin')
     def delete(self, setting_id):
         """DELETE /admin/settings/setting_id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('admin_setting', setting_id=ID),
         #           method='delete')
         # url('admin_setting', setting_id=ID)
         if setting_id == 'hooks':
             hook_id = request.POST.get('hook_id')
             RhodeCodeUi.delete(hook_id)
             Session().commit()
     @HasPermissionAllDecorator('hg.admin')
     def show(self, setting_id, format='html'):
         """
         GET /admin/settings/setting_id: Show a specific item"""
         # url('admin_setting', setting_id=ID)
     @HasPermissionAllDecorator('hg.admin')
     def edit(self, setting_id, format='html'):
         """
         GET /admin/settings/setting_id/edit: Form to
         edit an existing item"""
         # url('admin_edit_setting', setting_id=ID)
         c.hooks = RhodeCodeUi.get_builtin_hooks()
         c.custom_hooks = RhodeCodeUi.get_custom_hooks()
         return htmlfill.render(
             render('admin/settings/hooks.html'),
             defaults={},
             encoding="UTF-8",
             force_defaults=False
+        )
     def _load_my_repos_data(self):
         repos_list = Session().query(Repository)\
                      .filter(Repository.user_id ==
                              self.rhodecode_user.user_id)\
                      .order_by(func.lower(Repository.repo_name)).all()
         repos_data = RepoModel().get_repos_as_dict(repos_list=repos_list,
                                                    admin=True)
         #json used to render the grid
         return json.dumps(repos_data)
     @NotAnonymous()
     def my_account(self):
         """
         GET /_admin/my_account Displays info about my account
         """
         # url('admin_settings_my_account')
         c.user = User.get(self.rhodecode_user.user_id)
         c.perm_user = AuthUser(user_id=self.rhodecode_user.user_id,
                                ip_addr=self.ip_addr)
         c.ldap_dn = c.user.ldap_dn
         if c.user.username == 'default':
             h.flash(_("You can't edit this user since it's"
               " crucial for entire application"), category='warning')
             return redirect(url('users'))
         #json used to render the grid
         c.data = self._load_my_repos_data()
         defaults = c.user.get_dict()
         c.form = htmlfill.render(
             render('admin/users/user_edit_my_account_form.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )
         return render('admin/users/user_edit_my_account.html')
     @NotAnonymous()
     def my_account_update(self):
         """PUT /_admin/my_account_update: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('admin_settings_my_account_update'),
         #           method='put')
         # url('admin_settings_my_account_update', id=ID)
         uid = self.rhodecode_user.user_id
         c.user = User.get(self.rhodecode_user.user_id)

rhodecode/controllers/admin/users_groups.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.admin.users_groups
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     User Groups crud controller for pylons
     :created_on: Jan 25, 2011
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import traceback
 import formencode
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url, config
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode.lib import helpers as h
 from rhodecode.lib.exceptions import UserGroupsAssignedException
 from rhodecode.lib.utils2 import safe_unicode, str2bool
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
 from rhodecode.lib.utils2 import safe_unicode, str2bool, safe_int
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator,\
     HasUserGroupPermissionAnyDecorator
 from rhodecode.lib.base import BaseController, render
+from rhodecode.model.scm import UserGroupList
 from rhodecode.model.users_group import UserGroupModel
+from rhodecode.model.repo import RepoModel
 from rhodecode.model.db import User, UserGroup, UserGroupToPerm,\
     UserGroupRepoToPerm, UserGroupRepoGroupToPerm
 from rhodecode.model.forms import UserGroupForm
+from rhodecode.model.forms import UserGroupForm, UserGroupPermsForm
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils import action_logger
 from sqlalchemy.orm import joinedload
 from webob.exc import HTTPInternalServerError
 log = logging.getLogger(__name__)
 class UsersGroupsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('users_group', 'users_groups')
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
         super(UsersGroupsController, self).__before__()
         c.available_permissions = config['available_permissions']
     def __load_data(self, user_group_id):
         ugroup_repo_perms = UserGroupRepoToPerm.query()\
             .options(joinedload(UserGroupRepoToPerm.permission))\
             .options(joinedload(UserGroupRepoToPerm.repository))\
             .filter(UserGroupRepoToPerm.users_group_id == user_group_id)\
             .all()
         for gr in ugroup_repo_perms:
             c.users_group.permissions['repositories'][gr.repository.repo_name]  \
                 = gr.permission.permission_name
         ugroup_group_perms = UserGroupRepoGroupToPerm.query()\
             .options(joinedload(UserGroupRepoGroupToPerm.permission))\
             .options(joinedload(UserGroupRepoGroupToPerm.group))\
             .filter(UserGroupRepoGroupToPerm.users_group_id == user_group_id)\
             .all()
         for gr in ugroup_group_perms:
             c.users_group.permissions['repositories_groups'][gr.group.group_name] \
                 = gr.permission.permission_name
         c.group_members_obj = sorted((x.user for x in c.users_group.members),
                                      key=lambda u: u.username.lower())
         c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]
         c.available_members = sorted(((x.user_id, x.username) for x in
                                       User.query().all()),
                                      key=lambda u: u[1].lower())
         repo_model = RepoModel()
         c.users_array = repo_model.get_users_js()
         # commented out due to not now supporting assignment for user group
         # on user group
         c.users_groups_array = "[]"  # repo_model.get_users_groups_js()
         c.available_permissions = config['available_permissions']
     def __load_defaults(self, user_group_id):
         """
         Load defaults settings for edit, and update
         :param user_group_id:
         """
         user_group = UserGroup.get_or_404(user_group_id)
         data = user_group.get_dict()
         ug_model = UserGroupModel()
         data.update({
             'create_repo_perm': ug_model.has_perm(user_group,
                                                   'hg.create.repository'),
             'fork_repo_perm': ug_model.has_perm(user_group,
                                                 'hg.fork.repository'),
         })
         # fill user group users
         for p in user_group.user_user_group_to_perm:
             data.update({'u_perm_%s' % p.user.username:
                              p.permission.permission_name})
         return data
     def index(self, format='html'):
         """GET /users_groups: All items in the collection"""
         # url('users_groups')
         c.users_groups_list = UserGroup().query().all()
         group_iter = UserGroupList(UserGroup().query().all(),
                                    perm_set=['usergroup.admin'])
         sk = lambda g: g.users_group_name
         c.users_groups_list = sorted(group_iter, key=sk)
         return render('admin/users_groups/users_groups.html')
     @HasPermissionAllDecorator('hg.admin')
     def create(self):
         """POST /users_groups: Create a new item"""
         # url('users_groups')
         users_group_form = UserGroupForm()()
         try:
             form_result = users_group_form.to_python(dict(request.POST))
             UserGroupModel().create(name=form_result['users_group_name'],
                                     owner=self.rhodecode_user.user_id,
                                      active=form_result['users_group_active'])
             gr = form_result['users_group_name']
             action_logger(self.rhodecode_user,
                           'admin_created_users_group:%s' % gr,
                           None, self.ip_addr, self.sa)
             h.flash(_('Created user group %s') % gr, category='success')
             Session().commit()
         except formencode.Invalid, errors:
             return htmlfill.render(
                 render('admin/users_groups/users_group_add.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('Error occurred during creation of user group %s') \
                     % request.POST.get('users_group_name'), category='error')
         return redirect(url('users_groups'))
     @HasPermissionAllDecorator('hg.admin')
     def new(self, format='html'):
         """GET /users_groups/new: Form to create a new item"""
         # url('new_users_group')
         return render('admin/users_groups/users_group_add.html')
     def _load_data(self, id):
         c.users_group.permissions = {
             'repositories': {},
             'repositories_groups': {}
+        }
         ugroup_repo_perms = UserGroupRepoToPerm.query()\
             .options(joinedload(UserGroupRepoToPerm.permission))\
             .options(joinedload(UserGroupRepoToPerm.repository))\
             .filter(UserGroupRepoToPerm.users_group_id == id)\
             .all()
         for gr in ugroup_repo_perms:
             c.users_group.permissions['repositories'][gr.repository.repo_name]  \
                 = gr.permission.permission_name
         ugroup_group_perms = UserGroupRepoGroupToPerm.query()\
             .options(joinedload(UserGroupRepoGroupToPerm.permission))\
             .options(joinedload(UserGroupRepoGroupToPerm.group))\
             .filter(UserGroupRepoGroupToPerm.users_group_id == id)\
             .all()
         for gr in ugroup_group_perms:
             c.users_group.permissions['repositories_groups'][gr.group.group_name] \
                 = gr.permission.permission_name
         c.group_members_obj = sorted((x.user for x in c.users_group.members),
                                      key=lambda u: u.username.lower())
         c.group_members = [(x.user_id, x.username) for x in
                            c.group_members_obj]
         c.available_members = sorted(((x.user_id, x.username) for x in
                                       User.query().all()),
                                      key=lambda u: u[1].lower())
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     def update(self, id):
         """PUT /users_groups/id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('users_group', id=ID),
         #           method='put')
         # url('users_group', id=ID)
         c.users_group = UserGroup.get_or_404(id)
-        self._load_data(id)
+        self.__load_data(id)
         available_members = [safe_unicode(x[0]) for x in c.available_members]
         users_group_form = UserGroupForm(edit=True,
                                           old_data=c.users_group.get_dict(),
                                           available_members=available_members)()
         try:
             form_result = users_group_form.to_python(request.POST)
             UserGroupModel().update(c.users_group, form_result)
             gr = form_result['users_group_name']
             action_logger(self.rhodecode_user,
                           'admin_updated_users_group:%s' % gr,
                           None, self.ip_addr, self.sa)
             h.flash(_('Updated user group %s') % gr, category='success')
             Session().commit()
         except formencode.Invalid, errors:
             ug_model = UserGroupModel()
             defaults = errors.value
             e = errors.error_dict or {}
             defaults.update({
                 'create_repo_perm': ug_model.has_perm(id,
                                                       'hg.create.repository'),
                 'fork_repo_perm': ug_model.has_perm(id,
                                                     'hg.fork.repository'),
                 '_method': 'put'
             })
             return htmlfill.render(
                 render('admin/users_groups/users_group_edit.html'),
                 defaults=defaults,
                 errors=e,
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('Error occurred during update of user group %s') \
                     % request.POST.get('users_group_name'), category='error')
         return redirect(url('edit_users_group', id=id))
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     def delete(self, id):
         """DELETE /users_groups/id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('users_group', id=ID),
         #           method='delete')
         # url('users_group', id=ID)
         usr_gr = UserGroup.get_or_404(id)
         try:
             UserGroupModel().delete(usr_gr)
             Session().commit()
             h.flash(_('Successfully deleted user group'), category='success')
         except UserGroupsAssignedException, e:
             h.flash(e, category='error')
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of user group'),
                     category='error')
         return redirect(url('users_groups'))
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     def set_user_group_perm_member(self, id):
         """
         grant permission for given usergroup
         :param id:
         """
         user_group = UserGroup.get_or_404(id)
         form = UserGroupPermsForm()().to_python(request.POST)
         # set the permissions !
         UserGroupModel()._update_permissions(user_group, form['perms_new'],
                                             form['perms_updates'])
         #TODO: implement this
         #action_logger(self.rhodecode_user, 'admin_changed_repo_permissions',
         #              repo_name, self.ip_addr, self.sa)
         Session().commit()
         h.flash(_('User Group permissions updated'), category='success')
         return redirect(url('edit_users_group', id=id))
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     def delete_user_group_perm_member(self, id):
         """
         DELETE an existing repository group permission user
         :param group_name:
         """
         try:
             obj_type = request.POST.get('obj_type')
             obj_id = None
             if obj_type == 'user':
                 obj_id = safe_int(request.POST.get('user_id'))
             elif obj_type == 'user_group':
                 obj_id = safe_int(request.POST.get('user_group_id'))
             if not c.rhodecode_user.is_admin:
                 if obj_type == 'user' and c.rhodecode_user.user_id == obj_id:
                     msg = _('Cannot revoke permission for yourself as admin')
                     h.flash(msg, category='warning')
                     raise Exception('revoke admin permission on self')
             if obj_type == 'user':
                 UserGroupModel().revoke_user_permission(user_group=id,
                                                         user=obj_id)
             elif obj_type == 'user_group':
                 pass
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of group user'),
                     category='error')
             raise HTTPInternalServerError()
     def show(self, id, format='html'):
         """GET /users_groups/id: Show a specific item"""
         # url('users_group', id=ID)
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     def edit(self, id, format='html'):
         """GET /users_groups/id/edit: Form to edit an existing item"""
         # url('edit_users_group', id=ID)
         c.users_group = UserGroup.get_or_404(id)
-        self._load_data(id)
+        self.__load_data(id)
         ug_model = UserGroupModel()
         defaults = c.users_group.get_dict()
         defaults.update({
             'create_repo_perm': ug_model.has_perm(c.users_group,
                                                   'hg.create.repository'),
             'fork_repo_perm': ug_model.has_perm(c.users_group,
                                                 'hg.fork.repository'),
         })
         defaults = self.__load_defaults(id)
         return htmlfill.render(
             render('admin/users_groups/users_group_edit.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )
     @HasUserGroupPermissionAnyDecorator('usergroup.admin')
     def update_perm(self, id):
         """PUT /users_perm/id: Update an existing item"""
         # url('users_group_perm', id=ID, method='put')
         users_group = UserGroup.get_or_404(id)
         grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
         grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
         inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))
         usergroup_model = UserGroupModel()
         try:
             users_group.inherit_default_permissions = inherit_perms
             Session().add(users_group)
             if grant_create_perm:
                 usergroup_model.revoke_perm(id, 'hg.create.none')
                 usergroup_model.grant_perm(id, 'hg.create.repository')
                 h.flash(_("Granted 'repository create' permission to user group"),
                         category='success')
             else:
                 usergroup_model.revoke_perm(id, 'hg.create.repository')
                 usergroup_model.grant_perm(id, 'hg.create.none')
                 h.flash(_("Revoked 'repository create' permission to user group"),
                         category='success')
             if grant_fork_perm:
                 usergroup_model.revoke_perm(id, 'hg.fork.none')
                 usergroup_model.grant_perm(id, 'hg.fork.repository')
                 h.flash(_("Granted 'repository fork' permission to user group"),
                         category='success')
             else:
                 usergroup_model.revoke_perm(id, 'hg.fork.repository')
                 usergroup_model.grant_perm(id, 'hg.fork.none')
                 h.flash(_("Revoked 'repository fork' permission to user group"),
                         category='success')
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during permissions saving'),
                     category='error')
         return redirect(url('edit_users_group', id=id))

rhodecode/controllers/api/api.py

➞

Show inline comments

@@ @@ -156,783 +156,792 @@ class ApiController(JSONRPCController): @@
     Preferably this should be first argument also
     Each function should also **raise** JSONRPCError for any
     errors that happens
     """
     @HasPermissionAllDecorator('hg.admin')
     def pull(self, apiuser, repoid):
         """
         Dispatch pull action on given repo
         :param apiuser:
         :param repoid:
         """
         repo = get_repo_or_error(repoid)
         try:
             ScmModel().pull_changes(repo.repo_name,
                                     self.rhodecode_user.username)
             return 'Pulled from `%s`' % repo.repo_name
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'Unable to pull changes from `%s`' % repo.repo_name
+            )
     @HasPermissionAllDecorator('hg.admin')
     def rescan_repos(self, apiuser, remove_obsolete=Optional(False)):
         """
         Dispatch rescan repositories action. If remove_obsolete is set
         than also delete repos that are in database but not in the filesystem.
         aka "clean zombies"
         :param apiuser:
         :param remove_obsolete:
         """
         try:
             rm_obsolete = Optional.extract(remove_obsolete)
             added, removed = repo2db_mapper(ScmModel().repo_scan(),
                                             remove_obsolete=rm_obsolete)
             return {'added': added, 'removed': removed}
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'Error occurred during rescan repositories action'
+            )
     def invalidate_cache(self, apiuser, repoid):
         """
         Dispatch cache invalidation action on given repo
         :param apiuser:
         :param repoid:
         """
         repo = get_repo_or_error(repoid)
         if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:
             # check if we have admin permission for this repo !
             if HasRepoPermissionAnyApi('repository.admin',
                                        'repository.write')(user=apiuser,
                                             repo_name=repo.repo_name) is False:
                 raise JSONRPCError('repository `%s` does not exist' % (repoid))
         try:
             invalidated_keys = ScmModel().mark_for_invalidation(repo.repo_name)
             return ('Cache for repository `%s` was invalidated: '
                     'invalidated cache keys: %s' % (repoid, invalidated_keys))
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'Error occurred during cache invalidation action'
+            )
     def lock(self, apiuser, repoid, locked=Optional(None),
              userid=Optional(OAttr('apiuser'))):
         """
         Set locking state on particular repository by given user, if
         this command is runned by non-admin account userid is set to user
         who is calling this method
         :param apiuser:
         :param repoid:
         :param userid:
         :param locked:
         """
         repo = get_repo_or_error(repoid)
         if HasPermissionAnyApi('hg.admin')(user=apiuser):
             pass
         elif HasRepoPermissionAnyApi('repository.admin',
                                      'repository.write')(user=apiuser,
                                                          repo_name=repo.repo_name):
             #make sure normal user does not pass someone else userid,
             #he is not allowed to do that
             if not isinstance(userid, Optional) and userid != apiuser.user_id:
                 raise JSONRPCError(
                     'userid is not the same as your user'
+                )
         else:
             raise JSONRPCError('repository `%s` does not exist' % (repoid))
         if isinstance(userid, Optional):
             userid = apiuser.user_id
         user = get_user_or_error(userid)
         if isinstance(locked, Optional):
             lockobj = Repository.getlock(repo)
             if lockobj[0] is None:
                 return ('Repo `%s` not locked. Locked=`False`.'
                         % (repo.repo_name))
             else:
                 userid, time_ = lockobj
                 user = get_user_or_error(userid)
                 return ('Repo `%s` locked by `%s`. Locked=`True`. '
                         'Locked since: `%s`'
                     % (repo.repo_name, user.username,
                        json.dumps(time_to_datetime(time_))))
         else:
             locked = str2bool(locked)
             try:
                 if locked:
                     Repository.lock(repo, user.user_id)
                 else:
                     Repository.unlock(repo)
                 return ('User `%s` set lock state for repo `%s` to `%s`'
                         % (user.username, repo.repo_name, locked))
             except Exception:
                 log.error(traceback.format_exc())
                 raise JSONRPCError(
                     'Error occurred locking repository `%s`' % repo.repo_name
+                )
     def get_locks(self, apiuser, userid=Optional(OAttr('apiuser'))):
         """
         Get all locks for given userid, if
         this command is runned by non-admin account userid is set to user
         who is calling this method, thus returning locks for himself
         :param apiuser:
         :param userid:
         """
         if HasPermissionAnyApi('hg.admin')(user=apiuser):
             pass
         else:
             #make sure normal user does not pass someone else userid,
             #he is not allowed to do that
             if not isinstance(userid, Optional) and userid != apiuser.user_id:
                 raise JSONRPCError(
                     'userid is not the same as your user'
+                )
         ret = []
         if isinstance(userid, Optional):
             user = None
         else:
             user = get_user_or_error(userid)
         #show all locks
         for r in Repository.getAll():
             userid, time_ = r.locked
             if time_:
                 _api_data = r.get_api_data()
                 # if we use userfilter just show the locks for this user
                 if user:
                     if safe_int(userid) == user.user_id:
                         ret.append(_api_data)
                 else:
                     ret.append(_api_data)
         return ret
     @HasPermissionAllDecorator('hg.admin')
     def show_ip(self, apiuser, userid):
         """
         Shows IP address as seen from RhodeCode server, together with all
         defined IP addresses for given user
         :param apiuser:
         :param userid:
         """
         user = get_user_or_error(userid)
         ips = UserIpMap.query().filter(UserIpMap.user == user).all()
         return dict(
             ip_addr_server=self.ip_addr,
             user_ips=ips
+        )
     def get_user(self, apiuser, userid=Optional(OAttr('apiuser'))):
         """"
         Get a user by username, or userid, if userid is given
         :param apiuser:
         :param userid:
         """
         if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:
             #make sure normal user does not pass someone else userid,
             #he is not allowed to do that
             if not isinstance(userid, Optional) and userid != apiuser.user_id:
                 raise JSONRPCError(
                     'userid is not the same as your user'
+                )
         if isinstance(userid, Optional):
             userid = apiuser.user_id
         user = get_user_or_error(userid)
         data = user.get_api_data()
         data['permissions'] = AuthUser(user_id=user.user_id).permissions
         return data
     @HasPermissionAllDecorator('hg.admin')
     def get_users(self, apiuser):
         """"
         Get all users
         :param apiuser:
         """
         result = []
         for user in UserModel().get_all():
             result.append(user.get_api_data())
         return result
     @HasPermissionAllDecorator('hg.admin')
     def create_user(self, apiuser, username, email, password,
                     firstname=Optional(None), lastname=Optional(None),
                     active=Optional(True), admin=Optional(False),
                     ldap_dn=Optional(None)):
         """
         Create new user
         :param apiuser:
         :param username:
         :param email:
         :param password:
         :param firstname:
         :param lastname:
         :param active:
         :param admin:
         :param ldap_dn:
         """
         if UserModel().get_by_username(username):
             raise JSONRPCError("user `%s` already exist" % username)
         if UserModel().get_by_email(email, case_insensitive=True):
             raise JSONRPCError("email `%s` already exist" % email)
         if Optional.extract(ldap_dn):
             # generate temporary password if ldap_dn
             password = PasswordGenerator().gen_password(length=8)
         try:
             user = UserModel().create_or_update(
                 username=Optional.extract(username),
                 password=Optional.extract(password),
                 email=Optional.extract(email),
                 firstname=Optional.extract(firstname),
                 lastname=Optional.extract(lastname),
                 active=Optional.extract(active),
                 admin=Optional.extract(admin),
                 ldap_dn=Optional.extract(ldap_dn)
+            )
             Session().commit()
             return dict(
                 msg='created new user `%s`' % username,
                 user=user.get_api_data()
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to create user `%s`' % username)
     @HasPermissionAllDecorator('hg.admin')
     def update_user(self, apiuser, userid, username=Optional(None),
                     email=Optional(None), firstname=Optional(None),
                     lastname=Optional(None), active=Optional(None),
                     admin=Optional(None), ldap_dn=Optional(None),
                     password=Optional(None)):
         """
         Updates given user
         :param apiuser:
         :param userid:
         :param username:
         :param email:
         :param firstname:
         :param lastname:
         :param active:
         :param admin:
         :param ldap_dn:
         :param password:
         """
         user = get_user_or_error(userid)
         # call function and store only updated arguments
         updates = {}
         def store_update(attr, name):
             if not isinstance(attr, Optional):
                 updates[name] = attr
         try:
             store_update(username, 'username')
             store_update(password, 'password')
             store_update(email, 'email')
             store_update(firstname, 'name')
             store_update(lastname, 'lastname')
             store_update(active, 'active')
             store_update(admin, 'admin')
             store_update(ldap_dn, 'ldap_dn')
             user = UserModel().update_user(user, **updates)
             Session().commit()
             return dict(
                 msg='updated user ID:%s %s' % (user.user_id, user.username),
                 user=user.get_api_data()
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to update user `%s`' % userid)
     @HasPermissionAllDecorator('hg.admin')
     def delete_user(self, apiuser, userid):
         """"
         Deletes an user
         :param apiuser:
         :param userid:
         """
         user = get_user_or_error(userid)
         try:
             UserModel().delete(userid)
             Session().commit()
             return dict(
                 msg='deleted user ID:%s %s' % (user.user_id, user.username),
                 user=None
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to delete ID:%s %s' % (user.user_id,
                                                               user.username))
     @HasPermissionAllDecorator('hg.admin')
     def get_users_group(self, apiuser, usersgroupid):
         """"
         Get user group by name or id
         :param apiuser:
         :param usersgroupid:
         """
         users_group = get_users_group_or_error(usersgroupid)
         data = users_group.get_api_data()
         members = []
         for user in users_group.members:
             user = user.user
             members.append(user.get_api_data())
         data['members'] = members
         return data
     @HasPermissionAllDecorator('hg.admin')
     def get_users_groups(self, apiuser):
         """"
         Get all user groups
         :param apiuser:
         """
         result = []
         for users_group in UserGroupModel().get_all():
             result.append(users_group.get_api_data())
         return result
     @HasPermissionAllDecorator('hg.admin')
     def create_users_group(self, apiuser, group_name, active=Optional(True)):
     def create_users_group(self, apiuser, group_name,
                            owner=Optional(OAttr('apiuser')),
                            active=Optional(True)):
         """
         Creates an new usergroup
         :param apiuser:
         :param group_name:
         :param owner:
         :param active:
         """
         if UserGroupModel().get_by_name(group_name):
             raise JSONRPCError("user group `%s` already exist" % group_name)
         try:
             if isinstance(owner, Optional):
                 owner = apiuser.user_id
             owner = get_user_or_error(owner)
             active = Optional.extract(active)
             ug = UserGroupModel().create(name=group_name, active=active)
             ug = UserGroupModel().create(name=group_name,
                                          owner=owner,
                                          active=active)
             Session().commit()
             return dict(
                 msg='created new user group `%s`' % group_name,
                 users_group=ug.get_api_data()
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to create group `%s`' % group_name)
     @HasPermissionAllDecorator('hg.admin')
     def add_user_to_users_group(self, apiuser, usersgroupid, userid):
         """"
         Add a user to a user group
         :param apiuser:
         :param usersgroupid:
         :param userid:
         """
         user = get_user_or_error(userid)
         users_group = get_users_group_or_error(usersgroupid)
         try:
             ugm = UserGroupModel().add_user_to_group(users_group, user)
             success = True if ugm != True else False
             msg = 'added member `%s` to user group `%s`' % (
                         user.username, users_group.users_group_name
+                    )
             msg = msg if success else 'User is already in that group'
             Session().commit()
             return dict(
                 success=success,
                 msg=msg
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to add member to user group `%s`' % (
                     users_group.users_group_name
+                )
+            )
     @HasPermissionAllDecorator('hg.admin')
     def remove_user_from_users_group(self, apiuser, usersgroupid, userid):
         """
         Remove user from a group
         :param apiuser:
         :param usersgroupid:
         :param userid:
         """
         user = get_user_or_error(userid)
         users_group = get_users_group_or_error(usersgroupid)
         try:
             success = UserGroupModel().remove_user_from_group(users_group,
                                                                user)
             msg = 'removed member `%s` from user group `%s`' % (
                         user.username, users_group.users_group_name
+                    )
             msg = msg if success else "User wasn't in group"
             Session().commit()
             return dict(success=success, msg=msg)
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to remove member from user group `%s`' % (
                         users_group.users_group_name
+                    )
+            )
     def get_repo(self, apiuser, repoid):
         """"
         Get repository by name
         :param apiuser:
         :param repoid:
         """
         repo = get_repo_or_error(repoid)
         if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:
             # check if we have admin permission for this repo !
             if HasRepoPermissionAnyApi('repository.admin')(user=apiuser,
                                             repo_name=repo.repo_name) is False:
                 raise JSONRPCError('repository `%s` does not exist' % (repoid))
         members = []
         followers = []
         for user in repo.repo_to_perm:
             perm = user.permission.permission_name
             user = user.user
             user_data = user.get_api_data()
             user_data['type'] = "user"
             user_data['permission'] = perm
             members.append(user_data)
         for users_group in repo.users_group_to_perm:
             perm = users_group.permission.permission_name
             users_group = users_group.users_group
             users_group_data = users_group.get_api_data()
             users_group_data['type'] = "users_group"
             users_group_data['permission'] = perm
             members.append(users_group_data)
         for user in repo.followers:
             followers.append(user.user.get_api_data())
         data = repo.get_api_data()
         data['members'] = members
         data['followers'] = followers
         return data
     def get_repos(self, apiuser):
         """"
         Get all repositories
         :param apiuser:
         """
         result = []
         if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:
             repos = RepoModel().get_all_user_repos(user=apiuser)
         else:
             repos = RepoModel().get_all()
         for repo in repos:
             result.append(repo.get_api_data())
         return result
     @HasPermissionAllDecorator('hg.admin')
     def get_repo_nodes(self, apiuser, repoid, revision, root_path,
                        ret_type='all'):
         """
         returns a list of nodes and it's children
         for a given path at given revision. It's possible to specify ret_type
         to show only files or dirs
         :param apiuser:
         :param repoid: name or id of repository
         :param revision: revision for which listing should be done
         :param root_path: path from which start displaying
         :param ret_type: return type 'all|files|dirs' nodes
         """
         repo = get_repo_or_error(repoid)
         try:
             _d, _f = ScmModel().get_nodes(repo, revision, root_path,
                                           flat=False)
             _map = {
                 'all': _d + _f,
                 'files': _f,
                 'dirs': _d,
+            }
             return _map[ret_type]
         except KeyError:
             raise JSONRPCError('ret_type must be one of %s' % _map.keys())
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to get repo: `%s` nodes' % repo.repo_name
+            )
     @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
     def create_repo(self, apiuser, repo_name, owner=Optional(OAttr('apiuser')),
                     repo_type=Optional('hg'),
                     description=Optional(''), private=Optional(False),
                     clone_uri=Optional(None), landing_rev=Optional('tip'),
                     enable_statistics=Optional(False),
                     enable_locking=Optional(False),
                     enable_downloads=Optional(False)):
         """
         Create repository, if clone_url is given it makes a remote clone
         if repo_name is within a group name the groups will be created
         automatically if they aren't present
         :param apiuser:
         :param repo_name:
         :param onwer:
         :param repo_type:
         :param description:
         :param private:
         :param clone_uri:
         :param landing_rev:
         """
         if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:
             if not isinstance(owner, Optional):
                 #forbid setting owner for non-admins
                 raise JSONRPCError(
                     'Only RhodeCode admin can specify `owner` param'
+                )
         if isinstance(owner, Optional):
             owner = apiuser.user_id
         owner = get_user_or_error(owner)
         if RepoModel().get_by_repo_name(repo_name):
             raise JSONRPCError("repo `%s` already exist" % repo_name)
         defs = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True)
         if isinstance(private, Optional):
             private = defs.get('repo_private') or Optional.extract(private)
         if isinstance(repo_type, Optional):
             repo_type = defs.get('repo_type')
         if isinstance(enable_statistics, Optional):
             enable_statistics = defs.get('repo_enable_statistics')
         if isinstance(enable_locking, Optional):
             enable_locking = defs.get('repo_enable_locking')
         if isinstance(enable_downloads, Optional):
             enable_downloads = defs.get('repo_enable_downloads')
         clone_uri = Optional.extract(clone_uri)
         description = Optional.extract(description)
         landing_rev = Optional.extract(landing_rev)
         try:
             # create structure of groups and return the last group
             group = map_groups(repo_name)
             repo = RepoModel().create_repo(
                 repo_name=repo_name,
                 repo_type=repo_type,
                 description=description,
                 owner=owner,
                 private=private,
                 clone_uri=clone_uri,
                 repos_group=group,
                 landing_rev=landing_rev,
                 enable_statistics=enable_statistics,
                 enable_downloads=enable_downloads,
                 enable_locking=enable_locking
+            )
             Session().commit()
             return dict(
                 msg="Created new repository `%s`" % (repo.repo_name),
                 repo=repo.get_api_data()
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to create repository `%s`' % repo_name)
     @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository')
     def fork_repo(self, apiuser, repoid, fork_name, owner=Optional(OAttr('apiuser')),
                   description=Optional(''), copy_permissions=Optional(False),
                   private=Optional(False), landing_rev=Optional('tip')):
         repo = get_repo_or_error(repoid)
         repo_name = repo.repo_name
         _repo = RepoModel().get_by_repo_name(fork_name)
         if _repo:
             type_ = 'fork' if _repo.fork else 'repo'
             raise JSONRPCError("%s `%s` already exist" % (type_, fork_name))
         if HasPermissionAnyApi('hg.admin')(user=apiuser):
             pass
         elif HasRepoPermissionAnyApi('repository.admin',
                                      'repository.write',
                                      'repository.read')(user=apiuser,
                                                         repo_name=repo.repo_name):
             if not isinstance(owner, Optional):
                 #forbid setting owner for non-admins
                 raise JSONRPCError(
                     'Only RhodeCode admin can specify `owner` param'
+                )
         else:
             raise JSONRPCError('repository `%s` does not exist' % (repoid))
         if isinstance(owner, Optional):
             owner = apiuser.user_id
         owner = get_user_or_error(owner)
         try:
             # create structure of groups and return the last group
             group = map_groups(fork_name)
             form_data = dict(
                 repo_name=fork_name,
                 repo_name_full=fork_name,
                 repo_group=group,
                 repo_type=repo.repo_type,
                 description=Optional.extract(description),
                 private=Optional.extract(private),
                 copy_permissions=Optional.extract(copy_permissions),
                 landing_rev=Optional.extract(landing_rev),
                 update_after_clone=False,
                 fork_parent_id=repo.repo_id,
+            )
             RepoModel().create_fork(form_data, cur_user=owner)
             return dict(
                 msg='Created fork of `%s` as `%s`' % (repo.repo_name,
                                                       fork_name),
                 success=True  # cannot return the repo data here since fork
                               # cann be done async
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to fork repository `%s` as `%s`' % (repo_name,
                                                             fork_name)
+            )
     def delete_repo(self, apiuser, repoid, forks=Optional(None)):
         """
         Deletes a given repository
         :param apiuser:
         :param repoid:
         :param forks: detach or delete, what do do with attached forks for repo
         """
         repo = get_repo_or_error(repoid)
         if HasPermissionAnyApi('hg.admin')(user=apiuser) is False:
             # check if we have admin permission for this repo !
             if HasRepoPermissionAnyApi('repository.admin')(user=apiuser,
                                             repo_name=repo.repo_name) is False:
                 raise JSONRPCError('repository `%s` does not exist' % (repoid))
         try:
             handle_forks = Optional.extract(forks)
             _forks_msg = ''
             _forks = [f for f in repo.forks]
             if handle_forks == 'detach':
                 _forks_msg = ' ' + _('Detached %s forks') % len(_forks)
             elif handle_forks == 'delete':
                 _forks_msg = ' ' + _('Deleted %s forks') % len(_forks)
             elif _forks:
                 raise JSONRPCError(
                     'Cannot delete `%s` it still contains attached forks'
                     % repo.repo_name
+                )
             RepoModel().delete(repo, forks=forks)
             Session().commit()
             return dict(
                 msg='Deleted repository `%s`%s' % (repo.repo_name, _forks_msg),
                 success=True
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to delete repository `%s`' % repo.repo_name
+            )
     @HasPermissionAllDecorator('hg.admin')
     def grant_user_permission(self, apiuser, repoid, userid, perm):
         """
         Grant permission for user on given repository, or update existing one
         if found
         :param repoid:
         :param userid:
         :param perm:
         """
         repo = get_repo_or_error(repoid)
         user = get_user_or_error(userid)
         perm = get_perm_or_error(perm)
         try:
             RepoModel().grant_user_permission(repo=repo, user=user, perm=perm)
             Session().commit()
             return dict(
                 msg='Granted perm: `%s` for user: `%s` in repo: `%s`' % (
                     perm.permission_name, user.username, repo.repo_name
                 ),
                 success=True
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to edit permission for user: `%s` in repo: `%s`' % (
                     userid, repoid
+                )
+            )
     @HasPermissionAllDecorator('hg.admin')
     def revoke_user_permission(self, apiuser, repoid, userid):
         """
         Revoke permission for user on given repository
         :param apiuser:
         :param repoid:
         :param userid:
         """

rhodecode/controllers/forks.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.forks
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     forks controller for rhodecode
     :created_on: Apr 23, 2011
     :author: marcink
     :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import formencode
 import traceback
 from formencode import htmlfill
 from pylons import tmpl_context as c, request, url
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 import rhodecode.lib.helpers as h
 from rhodecode.lib.helpers import Page
 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator, \
     NotAnonymous, HasRepoPermissionAny, HasPermissionAllDecorator,\
     HasPermissionAnyDecorator
 from rhodecode.lib.base import BaseRepoController, render
 from rhodecode.model.db import Repository, RepoGroup, UserFollowing, User,\
     RhodeCodeUi
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.forms import RepoForkForm
-from rhodecode.model.scm import ScmModel, GroupList
+from rhodecode.model.scm import ScmModel, RepoGroupList
 from rhodecode.lib.utils2 import safe_int
 log = logging.getLogger(__name__)
 class ForksController(BaseRepoController):
     @LoginRequired()
     def __before__(self):
         super(ForksController, self).__before__()
     def __load_defaults(self):
-        acl_groups = GroupList(RepoGroup.query().all(),
+        acl_groups = RepoGroupList(RepoGroup.query().all(),
                                perm_set=['group.write', 'group.admin'])
         c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
         c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
         choices, c.landing_revs = ScmModel().get_repo_landing_revs()
         c.landing_revs_choices = choices
     def __load_data(self, repo_name=None):
         """
         Load defaults settings for edit, and update
         :param repo_name:
         """
         self.__load_defaults()
         c.repo_info = db_repo = Repository.get_by_repo_name(repo_name)
         repo = db_repo.scm_instance
         if c.repo_info is None:
             h.not_mapped_error(repo_name)
             return redirect(url('repos'))
         c.default_user_id = User.get_by_username('default').user_id
         c.in_public_journal = UserFollowing.query()\
             .filter(UserFollowing.user_id == c.default_user_id)\
             .filter(UserFollowing.follows_repository == c.repo_info).scalar()
         if c.repo_info.stats:
             last_rev = c.repo_info.stats.stat_on_revision+1
         else:
             last_rev = 0
         c.stats_revision = last_rev
         c.repo_last_rev = repo.count() if repo.revisions else 0
         if last_rev == 0 or c.repo_last_rev == 0:
             c.stats_percentage = 0
         else:
             c.stats_percentage = '%.2f' % ((float((last_rev)) /
                                             c.repo_last_rev) * 100)
         c.can_update = RhodeCodeUi.get_by_key(RhodeCodeUi.HOOK_UPDATE).ui_active
         defaults = RepoModel()._get_defaults(repo_name)
         # alter the description to indicate a fork
         defaults['description'] = ('fork of repository: %s \n%s'
                                    % (defaults['repo_name'],
                                       defaults['description']))
         # add suffix to fork
         defaults['repo_name'] = '%s-fork' % defaults['repo_name']
         return defaults
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     def forks(self, repo_name):
         p = safe_int(request.params.get('page', 1), 1)
         repo_id = c.rhodecode_db_repo.repo_id
         d = []
         for r in Repository.get_repo_forks(repo_id):
             if not HasRepoPermissionAny(
                 'repository.read', 'repository.write', 'repository.admin'
             )(r.repo_name, 'get forks check'):
                 continue
             d.append(r)
         c.forks_pager = Page(d, page=p, items_per_page=20)
         c.forks_data = render('/forks/forks_data.html')
         if request.environ.get('HTTP_X_PARTIAL_XHR'):
             return c.forks_data
         return render('/forks/forks.html')
     @NotAnonymous()
     @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository')
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     def fork(self, repo_name):
         c.repo_info = Repository.get_by_repo_name(repo_name)
         if not c.repo_info:
             h.not_mapped_error(repo_name)
             return redirect(url('home'))
         defaults = self.__load_data(repo_name)
         return htmlfill.render(
             render('forks/fork.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )
     @NotAnonymous()
     @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository')
     @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
                                    'repository.admin')
     def fork_create(self, repo_name):
         self.__load_defaults()
         c.repo_info = Repository.get_by_repo_name(repo_name)
         _form = RepoForkForm(old_data={'repo_type': c.repo_info.repo_type},
                              repo_groups=c.repo_groups_choices,
                              landing_revs=c.landing_revs_choices)()
         form_result = {}
         try:
             form_result = _form.to_python(dict(request.POST))
             # an approximation that is better than nothing
             if not RhodeCodeUi.get_by_key(RhodeCodeUi.HOOK_UPDATE).ui_active:
                 form_result['update_after_clone'] = False
             # create fork is done sometimes async on celery, db transaction
             # management is handled there.
             RepoModel().create_fork(form_result, self.rhodecode_user.user_id)
             fork_url = h.link_to(form_result['repo_name_full'],
                     h.url('summary_home', repo_name=form_result['repo_name_full']))
             h.flash(h.literal(_('Forked repository %s as %s') \
                       % (repo_name, fork_url)),
                     category='success')
         except formencode.Invalid, errors:
             c.new_repo = errors.value['repo_name']
             return htmlfill.render(
                 render('forks/fork.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during repository forking %s') %
                     repo_name, category='error')
         return redirect(h.url('summary_home', repo_name=repo_name))

rhodecode/lib/auth.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.lib.auth
     ~~~~~~~~~~~~~~~~~~
     authentication and permission libraries
     :created_on: Apr 4, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import random
 import logging
 import traceback
 import hashlib
 from tempfile import _RandomNameSequence
 from decorator import decorator
 from pylons import config, url, request
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from sqlalchemy.orm.exc import ObjectDeletedError
 from rhodecode import __platform__, is_windows, is_unix
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils2 import str2bool, safe_unicode
 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError,\
     LdapImportError
 from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug
 from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug,\
     get_user_group_slug
 from rhodecode.lib.auth_ldap import AuthLdap
 from rhodecode.model import meta
 from rhodecode.model.user import UserModel
 from rhodecode.model.db import Permission, RhodeCodeSetting, User, UserIpMap
 from rhodecode.lib.caching_query import FromCache
 log = logging.getLogger(__name__)
 class PasswordGenerator(object):
     """
     This is a simple class for generating password from different sets of
     characters
     usage::
         passwd_gen = PasswordGenerator()
         #print 8-letter password containing only big and small letters
             of alphabet
         passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
     """
     ALPHABETS_NUM = r'''1234567890'''
     ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
     ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
     ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
     ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
         + ALPHABETS_NUM + ALPHABETS_SPECIAL
     ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
     ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
     ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
     ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
     def __init__(self, passwd=''):
         self.passwd = passwd
     def gen_password(self, length, type_=None):
         if type_ is None:
             type_ = self.ALPHABETS_FULL
         self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])
         return self.passwd
 class RhodeCodeCrypto(object):
     @classmethod
     def hash_string(cls, str_):
         """
         Cryptographic function used for password hashing based on pybcrypt
         or pycrypto in windows
         :param password: password to hash
         """
         if is_windows:
             from hashlib import sha256
             return sha256(str_).hexdigest()
         elif is_unix:
             import bcrypt
             return bcrypt.hashpw(str_, bcrypt.gensalt(10))
         else:
             raise Exception('Unknown or unsupported platform %s' \
                             % __platform__)
     @classmethod
     def hash_check(cls, password, hashed):
         """
         Checks matching password with it's hashed value, runs different
         implementation based on platform it runs on
         :param password: password
         :param hashed: password in hashed form
         """
         if is_windows:
             from hashlib import sha256
             return sha256(password).hexdigest() == hashed
         elif is_unix:
             import bcrypt
             return bcrypt.hashpw(password, hashed) == hashed
         else:
             raise Exception('Unknown or unsupported platform %s' \
                             % __platform__)
 def get_crypt_password(password):
     return RhodeCodeCrypto.hash_string(password)
 def check_password(password, hashed):
     return RhodeCodeCrypto.hash_check(password, hashed)
 def generate_api_key(str_, salt=None):
     """
     Generates API KEY from given string
     :param str_:
     :param salt:
     """
     if salt is None:
         salt = _RandomNameSequence().next()
     return hashlib.sha1(str_ + salt).hexdigest()
 def authfunc(environ, username, password):
     """
     Dummy authentication wrapper function used in Mercurial and Git for
     access control.
     :param environ: needed only for using in Basic auth
     """
     return authenticate(username, password)
 def authenticate(username, password):
     """
     Authentication function used for access control,
     firstly checks for db authentication then if ldap is enabled for ldap
     authentication, also creates ldap user if not in database
     :param username: username
     :param password: password
     """
     user_model = UserModel()
     user = User.get_by_username(username)
     log.debug('Authenticating user using RhodeCode account')
     if user is not None and not user.ldap_dn:
         if user.active:
             if user.username == 'default' and user.active:
                 log.info('user %s authenticated correctly as anonymous user' %
                          username)
                 return True
             elif user.username == username and check_password(password,
                                                               user.password):
                 log.info('user %s authenticated correctly' % username)
                 return True
         else:
             log.warning('user %s tried auth but is disabled' % username)
     else:
         log.debug('Regular authentication failed')
         user_obj = User.get_by_username(username, case_insensitive=True)
         if user_obj is not None and not user_obj.ldap_dn:
             log.debug('this user already exists as non ldap')
             return False
         ldap_settings = RhodeCodeSetting.get_ldap_settings()
         #======================================================================
         # FALLBACK TO LDAP AUTH IF ENABLE
         #======================================================================
         if str2bool(ldap_settings.get('ldap_active')):
             log.debug("Authenticating user using ldap")
             kwargs = {
                   'server': ldap_settings.get('ldap_host', ''),
                   'base_dn': ldap_settings.get('ldap_base_dn', ''),
                   'port': ldap_settings.get('ldap_port'),
                   'bind_dn': ldap_settings.get('ldap_dn_user'),
                   'bind_pass': ldap_settings.get('ldap_dn_pass'),
                   'tls_kind': ldap_settings.get('ldap_tls_kind'),
                   'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
                   'ldap_filter': ldap_settings.get('ldap_filter'),
                   'search_scope': ldap_settings.get('ldap_search_scope'),
                   'attr_login': ldap_settings.get('ldap_attr_login'),
                   'ldap_version': 3,
+                  }
             log.debug('Checking for ldap authentication')
             try:
                 aldap = AuthLdap(**kwargs)
                 (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
                                                                 password)
                 log.debug('Got ldap DN response %s' % user_dn)
                 get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
                                                            .get(k), [''])[0]
                 user_attrs = {
                  'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
                  'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
                  'email': get_ldap_attr('ldap_attr_email'),
                  'active': 'hg.register.auto_activate' in User\
                     .get_by_username('default').AuthUser.permissions['global']
+                }
                 # don't store LDAP password since we don't need it. Override
                 # with some random generated password
                 _password = PasswordGenerator().gen_password(length=8)
                 # create this user on the fly if it doesn't exist in rhodecode
                 # database
                 if user_model.create_ldap(username, _password, user_dn,
                                           user_attrs):
                     log.info('created new ldap user %s' % username)
                 Session().commit()
                 return True
             except (LdapUsernameError, LdapPasswordError, LdapImportError):
                 pass
             except (Exception,):
                 log.error(traceback.format_exc())
                 pass
     return False
 def login_container_auth(username):
     user = User.get_by_username(username)
     if user is None:
         user_attrs = {
             'name': username,
             'lastname': None,
             'email': None,
             'active': 'hg.register.auto_activate' in User\
                .get_by_username('default').AuthUser.permissions['global']
+        }
         user = UserModel().create_for_container_auth(username, user_attrs)
         if not user:
             return None
         log.info('User %s was created by container authentication' % username)
     if not user.active:
         return None
     user.update_lastlogin()
     Session().commit()
     log.debug('User %s is now logged in by container authentication',
               user.username)
     return user
 def get_container_username(environ, config, clean_username=False):
     """
     Get's the container_auth username (or email). It tries to get username
     from REMOTE_USER if container_auth_enabled is enabled, if that fails
     it tries to get username from HTTP_X_FORWARDED_USER if proxypass_auth_enabled
     is enabled. clean_username extracts the username from this data if it's
     having @ in it.
     :param environ:
     :param config:
     :param clean_username:
     """
     username = None
     if str2bool(config.get('container_auth_enabled', False)):
         from paste.httpheaders import REMOTE_USER
         username = REMOTE_USER(environ)
         log.debug('extracted REMOTE_USER:%s' % (username))
     if not username and str2bool(config.get('proxypass_auth_enabled', False)):
         username = environ.get('HTTP_X_FORWARDED_USER')
         log.debug('extracted HTTP_X_FORWARDED_USER:%s' % (username))
     if username and clean_username:
         # Removing realm and domain from username
         username = username.partition('@')[0]
         username = username.rpartition('\\')[2]
     log.debug('Received username %s from container' % username)
     return username
 class CookieStoreWrapper(object):
     def __init__(self, cookie_store):
         self.cookie_store = cookie_store
     def __repr__(self):
         return 'CookieStore<%s>' % (self.cookie_store)
     def get(self, key, other=None):
         if isinstance(self.cookie_store, dict):
             return self.cookie_store.get(key, other)
         elif isinstance(self.cookie_store, AuthUser):
             return self.cookie_store.__dict__.get(key, other)
 class  AuthUser(object):
     """
     A simple object that handles all attributes of user in RhodeCode
     It does lookup based on API key,given user, or user present in session
     Then it fills all required information for such user. It also checks if
     anonymous access is enabled and if so, it returns default user as logged
     in
     """
     def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None):
         self.user_id = user_id
         self.api_key = None
         self.username = username
         self.ip_addr = ip_addr
         self.name = ''
         self.lastname = ''
         self.email = ''
         self.is_authenticated = False
         self.admin = False
         self.inherit_default_permissions = False
         self.permissions = {}
         self._api_key = api_key
         self.propagate_data()
         self._instance = None
     def propagate_data(self):
         user_model = UserModel()
         self.anonymous_user = User.get_by_username('default', cache=True)
         is_user_loaded = False
         # try go get user by api key
         if self._api_key and self._api_key != self.anonymous_user.api_key:
             log.debug('Auth User lookup by API KEY %s' % self._api_key)
             is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
         # lookup by userid
         elif (self.user_id is not None and
               self.user_id != self.anonymous_user.user_id):
             log.debug('Auth User lookup by USER ID %s' % self.user_id)
             is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
         # lookup by username
         elif self.username and \
             str2bool(config.get('container_auth_enabled', False)):
             log.debug('Auth User lookup by USER NAME %s' % self.username)
             dbuser = login_container_auth(self.username)
             if dbuser is not None:
                 log.debug('filling all attributes to object')
                 for k, v in dbuser.get_dict().items():
                     setattr(self, k, v)
                 self.set_authenticated()
                 is_user_loaded = True
         else:
             log.debug('No data in %s that could been used to log in' % self)
         if not is_user_loaded:
             # if we cannot authenticate user try anonymous
             if self.anonymous_user.active:
                 user_model.fill_data(self, user_id=self.anonymous_user.user_id)
                 # then we set this user is logged in
                 self.is_authenticated = True
             else:
                 self.user_id = None
                 self.username = None
                 self.is_authenticated = False
         if not self.username:
             self.username = 'None'
         log.debug('Auth User is now %s' % self)
         user_model.fill_perms(self)
     @property
     def is_admin(self):
         return self.admin
     @property
     def repos_admin(self):
         """
         Returns list of repositories you're an admin of
         """
         return [x[0] for x in self.permissions['repositories'].iteritems()
                 if x[1] == 'repository.admin']
     @property
-    def groups_admin(self):
+    def repository_groups_admin(self):
         """
         Returns list of repository groups you're an admin of
         """
         return [x[0] for x in self.permissions['repositories_groups'].iteritems()
                 if x[1] == 'group.admin']
     @property
     def user_groups_admin(self):
         """
         Returns list of user groups you're an admin of
         """
         return [x[0] for x in self.permissions['user_groups'].iteritems()
                 if x[1] == 'usergroup.admin']
     @property
     def ip_allowed(self):
         """
         Checks if ip_addr used in constructor is allowed from defined list of
         allowed ip_addresses for user
         :returns: boolean, True if ip is in allowed ip range
         """
         #check IP
         allowed_ips = AuthUser.get_allowed_ips(self.user_id, cache=True)
         if check_ip_access(source_ip=self.ip_addr, allowed_ips=allowed_ips):
             log.debug('IP:%s is in range of %s' % (self.ip_addr, allowed_ips))
             return True
         else:
             log.info('Access for IP:%s forbidden, '
                      'not in %s' % (self.ip_addr, allowed_ips))
             return False
     def __repr__(self):
         return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username,
                                               self.is_authenticated)
     def set_authenticated(self, authenticated=True):
         if self.user_id != self.anonymous_user.user_id:
             self.is_authenticated = authenticated
     def get_cookie_store(self):
         return {'username': self.username,
                 'user_id': self.user_id,
                 'is_authenticated': self.is_authenticated}
     @classmethod
     def from_cookie_store(cls, cookie_store):
         """
         Creates AuthUser from a cookie store
         :param cls:
         :param cookie_store:
         """
         user_id = cookie_store.get('user_id')
         username = cookie_store.get('username')
         api_key = cookie_store.get('api_key')
         return AuthUser(user_id, api_key, username)
     @classmethod
     def get_allowed_ips(cls, user_id, cache=False):
         _set = set()
         user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id)
         if cache:
             user_ips = user_ips.options(FromCache("sql_cache_short",
                                                   "get_user_ips_%s" % user_id))
         for ip in user_ips:
             try:
                 _set.add(ip.ip_addr)
             except ObjectDeletedError:
                 # since we use heavy caching sometimes it happens that we get
                 # deleted objects here, we just skip them
                 pass
         return _set or set(['0.0.0.0/0', '::/0'])
 def set_available_permissions(config):
     """
     This function will propagate pylons globals with all available defined
     permission given in db. We don't want to check each time from db for new
     permissions since adding a new permission also requires application restart
     ie. to decorate new views with the newly created permission
     :param config: current pylons config instance
     """
     log.info('getting information about all available permissions')
     try:
         sa = meta.Session
         all_perms = sa.query(Permission).all()
     except Exception:
         pass
     finally:
         meta.Session.remove()
     config['available_permissions'] = [x.permission_name for x in all_perms]
 #==============================================================================
 # CHECK DECORATORS
 #==============================================================================
 class LoginRequired(object):
     """
     Must be logged in to execute this function else
     redirect to login page
     :param api_access: if enabled this checks only for valid auth token
         and grants access based on valid token
     """
     def __init__(self, api_access=False):
         self.api_access = api_access
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
         cls = fargs[0]
         user = cls.rhodecode_user
         loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
         #check IP
         ip_access_ok = True
         if not user.ip_allowed:
             from rhodecode.lib import helpers as h
             h.flash(h.literal(_('IP %s not allowed' % (user.ip_addr))),
                     category='warning')
             ip_access_ok = False
         api_access_ok = False
         if self.api_access:
             log.debug('Checking API KEY access for %s' % cls)
             if user.api_key == request.GET.get('api_key'):
                 api_access_ok = True
             else:
                 log.debug("API KEY token not valid")
         log.debug('Checking if %s is authenticated @ %s' % (user.username, loc))
         if (user.is_authenticated or api_access_ok) and ip_access_ok:
             reason = 'RegularAuth' if user.is_authenticated else 'APIAuth'
             log.info('user %s is authenticated and granted access to %s '
                      'using %s' % (user.username, loc, reason)
+            )
             return func(*fargs, **fkwargs)
         else:
             log.warn('user %s NOT authenticated on func: %s' % (
                 user, loc)
+            )
             p = url.current()
             log.debug('redirecting to login page with %s' % p)
             return redirect(url('login_home', came_from=p))
 class NotAnonymous(object):
     """
     Must be logged in to execute this function else
     redirect to login page"""
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
         cls = fargs[0]
         self.user = cls.rhodecode_user
         log.debug('Checking if user is not anonymous @%s' % cls)
         anonymous = self.user.username == 'default'
         if anonymous:
             p = url.current()
             import rhodecode.lib.helpers as h
             h.flash(_('You need to be a registered user to '
                       'perform this action'),
                     category='warning')
             return redirect(url('login_home', came_from=p))
         else:
             return func(*fargs, **fkwargs)
 class PermsDecorator(object):
     """Base class for controller decorators"""
     def __init__(self, *required_perms):
         available_perms = config['available_permissions']
         for perm in required_perms:
             if perm not in available_perms:
                 raise Exception("'%s' permission is not defined" % perm)
         self.required_perms = set(required_perms)
         self.user_perms = None
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
         cls = fargs[0]
         self.user = cls.rhodecode_user
         self.user_perms = self.user.permissions
         log.debug('checking %s permissions %s for %s %s',
            self.__class__.__name__, self.required_perms, cls, self.user)
         if self.check_permissions():
             log.debug('Permission granted for %s %s' % (cls, self.user))
             return func(*fargs, **fkwargs)
         else:
             log.debug('Permission denied for %s %s' % (cls, self.user))
             anonymous = self.user.username == 'default'
             if anonymous:
                 p = url.current()
                 import rhodecode.lib.helpers as h
                 h.flash(_('You need to be a signed in to '
                           'view this page'),
                         category='warning')
                 return redirect(url('login_home', came_from=p))
             else:
                 # redirect with forbidden ret code
                 return abort(403)
     def check_permissions(self):
         """Dummy function for overriding"""
         raise Exception('You have to write this function in child class')
 class HasPermissionAllDecorator(PermsDecorator):
     """
     Checks for access permission for all given predicates. All of them
     have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         if self.required_perms.issubset(self.user_perms.get('global')):
             return True
         return False
 class HasPermissionAnyDecorator(PermsDecorator):
     """
     Checks for access permission for any of given predicates. In order to
     fulfill the request any of predicates must be meet
     """
     def check_permissions(self):
         if self.required_perms.intersection(self.user_perms.get('global')):
             return True
         return False
 class HasRepoPermissionAllDecorator(PermsDecorator):
     """
     Checks for access permission for all given predicates for specific
     repository. All of them have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         repo_name = get_repo_slug(request)
         try:
             user_perms = set([self.user_perms['repositories'][repo_name]])
         except KeyError:
             return False
         if self.required_perms.issubset(user_perms):
             return True
         return False
 class HasRepoPermissionAnyDecorator(PermsDecorator):
     """
     Checks for access permission for any of given predicates for specific
     repository. In order to fulfill the request any of predicates must be meet
     """
     def check_permissions(self):
         repo_name = get_repo_slug(request)
         try:
             user_perms = set([self.user_perms['repositories'][repo_name]])
         except KeyError:
             return False
         if self.required_perms.intersection(user_perms):
             return True
         return False
 class HasReposGroupPermissionAllDecorator(PermsDecorator):
     """
     Checks for access permission for all given predicates for specific
     repository. All of them have to be meet in order to fulfill the request
+    repository group. All of them have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         group_name = get_repos_group_slug(request)
         try:
             user_perms = set([self.user_perms['repositories_groups'][group_name]])
         except KeyError:
             return False
         if self.required_perms.issubset(user_perms):
             return True
         return False
 class HasReposGroupPermissionAnyDecorator(PermsDecorator):
     """
     Checks for access permission for any of given predicates for specific
     repository. In order to fulfill the request any of predicates must be meet
+    repository group. In order to fulfill the request any of predicates must be meet
     """
     def check_permissions(self):
         group_name = get_repos_group_slug(request)
         try:
             user_perms = set([self.user_perms['repositories_groups'][group_name]])
         except KeyError:
             return False
         if self.required_perms.intersection(user_perms):
             return True
         return False
 class HasUserGroupPermissionAllDecorator(PermsDecorator):
     """
     Checks for access permission for all given predicates for specific
     user group. All of them have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         group_name = get_user_group_slug(request)
         try:
             user_perms = set([self.user_perms['user_groups'][group_name]])
         except KeyError:
             return False
         if self.required_perms.issubset(user_perms):
             return True
         return False
 class HasUserGroupPermissionAnyDecorator(PermsDecorator):
     """
     Checks for access permission for any of given predicates for specific
     user group. In order to fulfill the request any of predicates must be meet
     """
     def check_permissions(self):
         group_name = get_user_group_slug(request)
         try:
             user_perms = set([self.user_perms['user_groups'][group_name]])
         except KeyError:
             return False
         if self.required_perms.intersection(user_perms):
             return True
         return False
 #==============================================================================
 # CHECK FUNCTIONS
 #==============================================================================
 class PermsFunction(object):
     """Base function for other check functions"""
     def __init__(self, *perms):
         available_perms = config['available_permissions']
         for perm in perms:
             if perm not in available_perms:
                 raise Exception("'%s' permission is not defined" % perm)
         self.required_perms = set(perms)
         self.user_perms = None
         self.repo_name = None
         self.group_name = None
     def __call__(self, check_location=''):
         #TODO: put user as attribute here
         user = request.user
         cls_name = self.__class__.__name__
         check_scope = {
             'HasPermissionAll': '',
             'HasPermissionAny': '',
             'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
             'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
             'HasReposGroupPermissionAll': 'group:%s' % self.group_name,
             'HasReposGroupPermissionAny': 'group:%s' % self.group_name,
         }.get(cls_name, '?')
         log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
                   self.required_perms, user, check_scope,
                   check_location or 'unspecified location')
         if not user:
             log.debug('Empty request user')
             return False
         self.user_perms = user.permissions
         if self.check_permissions():
             log.debug('Permission to %s granted for user: %s @ %s', self.repo_name, user,
                       check_location or 'unspecified location')
             return True
         else:
             log.debug('Permission to %s denied for user: %s @ %s', self.repo_name, user,
                         check_location or 'unspecified location')
             return False
     def check_permissions(self):
         """Dummy function for overriding"""
         raise Exception('You have to write this function in child class')
 class HasPermissionAll(PermsFunction):
     def check_permissions(self):
         if self.required_perms.issubset(self.user_perms.get('global')):
             return True
         return False
 class HasPermissionAny(PermsFunction):
     def check_permissions(self):
         if self.required_perms.intersection(self.user_perms.get('global')):
             return True
         return False
 class HasRepoPermissionAll(PermsFunction):
     def __call__(self, repo_name=None, check_location=''):
         self.repo_name = repo_name
         return super(HasRepoPermissionAll, self).__call__(check_location)
     def check_permissions(self):
         if not self.repo_name:
             self.repo_name = get_repo_slug(request)
         try:
             self._user_perms = set(
                 [self.user_perms['repositories'][self.repo_name]]
+            )
         except KeyError:
             return False
         if self.required_perms.issubset(self._user_perms):
             return True
         return False
 class HasRepoPermissionAny(PermsFunction):
     def __call__(self, repo_name=None, check_location=''):
         self.repo_name = repo_name
         return super(HasRepoPermissionAny, self).__call__(check_location)
     def check_permissions(self):
         if not self.repo_name:
             self.repo_name = get_repo_slug(request)
         try:
             self._user_perms = set(
                 [self.user_perms['repositories'][self.repo_name]]
+            )
         except KeyError:
             return False
         if self.required_perms.intersection(self._user_perms):
             return True
         return False
 class HasReposGroupPermissionAny(PermsFunction):
     def __call__(self, group_name=None, check_location=''):
         self.group_name = group_name
         return super(HasReposGroupPermissionAny, self).__call__(check_location)
     def check_permissions(self):
         try:
             self._user_perms = set(
                 [self.user_perms['repositories_groups'][self.group_name]]
+            )
         except KeyError:
             return False
         if self.required_perms.intersection(self._user_perms):
             return True
         return False
 class HasReposGroupPermissionAll(PermsFunction):
     def __call__(self, group_name=None, check_location=''):
         self.group_name = group_name
         return super(HasReposGroupPermissionAll, self).__call__(check_location)
     def check_permissions(self):
         try:
             self._user_perms = set(
                 [self.user_perms['repositories_groups'][self.group_name]]
+            )
         except KeyError:
             return False
         if self.required_perms.issubset(self._user_perms):
             return True
         return False
 class HasUserGroupPermissionAny(PermsFunction):
     def __call__(self, user_group_name=None, check_location=''):
         self.user_group_name = user_group_name
         return super(HasUserGroupPermissionAny, self).__call__(check_location)
     def check_permissions(self):
         try:
             self._user_perms = set(
                 [self.user_perms['user_groups'][self.user_group_name]]
+            )
         except KeyError:
             return False
         if self.required_perms.intersection(self._user_perms):
             return True
         return False
 class HasUserGroupPermissionAll(PermsFunction):
     def __call__(self, user_group_name=None, check_location=''):
         self.user_group_name = user_group_name
         return super(HasUserGroupPermissionAll, self).__call__(check_location)
     def check_permissions(self):
         try:
             self._user_perms = set(
                 [self.user_perms['user_groups'][self.user_group_name]]
+            )
         except KeyError:
             return False
         if self.required_perms.issubset(self._user_perms):
             return True
         return False
 #==============================================================================
 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
 #==============================================================================
 class HasPermissionAnyMiddleware(object):
     def __init__(self, *perms):
         self.required_perms = set(perms)
     def __call__(self, user, repo_name):
         # repo_name MUST be unicode, since we handle keys in permission
         # dict by unicode
         repo_name = safe_unicode(repo_name)
         usr = AuthUser(user.user_id)
         try:
             self.user_perms = set([usr.permissions['repositories'][repo_name]])
         except Exception:
             log.error('Exception while accessing permissions %s' %
                       traceback.format_exc())
             self.user_perms = set()
         self.username = user.username
         self.repo_name = repo_name
         return self.check_permissions()
     def check_permissions(self):
         log.debug('checking VCS protocol '
                   'permissions %s for user:%s repository:%s', self.user_perms,
                                                 self.username, self.repo_name)
         if self.required_perms.intersection(self.user_perms):
             log.debug('permission granted for user:%s on repo:%s' % (
                           self.username, self.repo_name
+                     )
+            )
             return True
         log.debug('permission denied for user:%s on repo:%s' % (
                       self.username, self.repo_name
+                 )
+        )
         return False
 #==============================================================================
 # SPECIAL VERSION TO HANDLE API AUTH
 #==============================================================================
 class _BaseApiPerm(object):
     def __init__(self, *perms):
         self.required_perms = set(perms)
     def __call__(self, check_location='unspecified', user=None, repo_name=None):
         cls_name = self.__class__.__name__
         check_scope = 'user:%s, repo:%s' % (user, repo_name)
         log.debug('checking cls:%s %s %s @ %s', cls_name,
                   self.required_perms, check_scope, check_location)
         if not user:
             log.debug('Empty User passed into arguments')
             return False
         ## process user
         if not isinstance(user, AuthUser):
             user = AuthUser(user.user_id)
         if self.check_permissions(user.permissions, repo_name):
             log.debug('Permission to %s granted for user: %s @ %s', repo_name,
                       user, check_location)
             return True
         else:
             log.debug('Permission to %s denied for user: %s @ %s', repo_name,
                       user, check_location)
             return False
     def check_permissions(self, perm_defs, repo_name):
         """
         implement in child class should return True if permissions are ok,
         False otherwise
         :param perm_defs: dict with permission definitions
         :param repo_name: repo name
         """
         raise NotImplementedError()
 class HasPermissionAllApi(_BaseApiPerm):
     def __call__(self, user, check_location=''):
         return super(HasPermissionAllApi, self)\
             .__call__(check_location=check_location, user=user)
     def check_permissions(self, perm_defs, repo):
         if self.required_perms.issubset(perm_defs.get('global')):
             return True
         return False
 class HasPermissionAnyApi(_BaseApiPerm):
     def __call__(self, user, check_location=''):
         return super(HasPermissionAnyApi, self)\
             .__call__(check_location=check_location, user=user)
     def check_permissions(self, perm_defs, repo):
         if self.required_perms.intersection(perm_defs.get('global')):
             return True
         return False
 class HasRepoPermissionAllApi(_BaseApiPerm):
     def __call__(self, user, repo_name, check_location=''):
         return super(HasRepoPermissionAllApi, self)\
             .__call__(check_location=check_location, user=user,
                       repo_name=repo_name)
     def check_permissions(self, perm_defs, repo_name):
         try:
             self._user_perms = set(
                 [perm_defs['repositories'][repo_name]]
+            )
         except KeyError:
             log.warning(traceback.format_exc())
             return False
         if self.required_perms.issubset(self._user_perms):
             return True
         return False
 class HasRepoPermissionAnyApi(_BaseApiPerm):
     def __call__(self, user, repo_name, check_location=''):
         return super(HasRepoPermissionAnyApi, self)\
             .__call__(check_location=check_location, user=user,
                       repo_name=repo_name)
     def check_permissions(self, perm_defs, repo_name):
         try:
             _user_perms = set(
                 [perm_defs['repositories'][repo_name]]
+            )
         except KeyError:
             log.warning(traceback.format_exc())
             return False
         if self.required_perms.intersection(_user_perms):
             return True
         return False
 def check_ip_access(source_ip, allowed_ips=None):
     """
     Checks if source_ip is a subnet of any of allowed_ips.
     :param source_ip:
     :param allowed_ips: list of allowed ips together with mask
     """
     from rhodecode.lib import ipaddr
     log.debug('checking if ip:%s is subnet of %s' % (source_ip, allowed_ips))
     if isinstance(allowed_ips, (tuple, list, set)):
         for ip in allowed_ips:
             try:
                 if ipaddr.IPAddress(source_ip) in ipaddr.IPNetwork(ip):
                     return True
                 # for any case we cannot determine the IP, don't crash just
                 # skip it and log as error, we want to say forbidden still when
                 # sending bad IP
             except Exception:
                 log.error(traceback.format_exc())
                 continue
     return False

rhodecode/lib/db_manage.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.lib.db_manage
     ~~~~~~~~~~~~~~~~~~~~~~~
     Database creation, and setup module for RhodeCode. Used for creation
     of database as well as for migration operations
     :created_on: Apr 10, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import os
 import sys
 import uuid
 import logging
 from os.path import dirname as dn, join as jn
 from rhodecode import __dbversion__, __py_version__
 from rhodecode.model.user import UserModel
 from rhodecode.lib.utils import ask_ok
 from rhodecode.model import init_model
 from rhodecode.model.db import User, Permission, RhodeCodeUi, \
     RhodeCodeSetting, UserToPerm, DbMigrateVersion, RepoGroup, \
     UserRepoGroupToPerm
 from sqlalchemy.engine import create_engine
 from rhodecode.model.repos_group import ReposGroupModel
 #from rhodecode.model import meta
 from rhodecode.model.meta import Session, Base
 from rhodecode.model.repo import RepoModel
 log = logging.getLogger(__name__)
 def notify(msg):
     """
     Notification for migrations messages
     """
     ml = len(msg) + (4 * 2)
     print >> sys.stdout, ('*** %s ***\n%s' % (msg, '*' * ml)).upper()
 class DbManage(object):
     def __init__(self, log_sql, dbconf, root, tests=False, cli_args={}):
         self.dbname = dbconf.split('/')[-1]
         self.tests = tests
         self.root = root
         self.dburi = dbconf
         self.log_sql = log_sql
         self.db_exists = False
         self.cli_args = cli_args
         self.init_db()
         force_ask = self.cli_args.get('force_ask')
         if force_ask is not None:
             global ask_ok
             ask_ok = lambda *args, **kwargs: force_ask
     def init_db(self):
         engine = create_engine(self.dburi, echo=self.log_sql)
         init_model(engine)
         self.sa = Session()
     def create_tables(self, override=False):
         """
         Create a auth database
         """
         log.info("Any existing database is going to be destroyed")
         if self.tests:
             destroy = True
         else:
             destroy = ask_ok('Are you sure to destroy old database ? [y/n]')
         if not destroy:
-            sys.exit('Nothing done')
+            sys.exit('Nothing tables created')
         if destroy:
             Base.metadata.drop_all()
         checkfirst = not override
         Base.metadata.create_all(checkfirst=checkfirst)
         log.info('Created tables for %s' % self.dbname)
     def set_db_version(self):
         ver = DbMigrateVersion()
         ver.version = __dbversion__
         ver.repository_id = 'rhodecode_db_migrations'
         ver.repository_path = 'versions'
         self.sa.add(ver)
         log.info('db version set to: %s' % __dbversion__)
     def upgrade(self):
         """
         Upgrades given database schema to given revision following
         all needed steps, to perform the upgrade
         """
         from rhodecode.lib.dbmigrate.migrate.versioning import api
         from rhodecode.lib.dbmigrate.migrate.exceptions import \
             DatabaseNotControlledError
         if 'sqlite' in self.dburi:
             print (
                '********************** WARNING **********************\n'
                'Make sure your version of sqlite is at least 3.7.X.  \n'
                'Earlier versions are known to fail on some migrations\n'
                '*****************************************************\n'
+            )
         upgrade = ask_ok('You are about to perform database upgrade, make '
                          'sure You backed up your database before. '
                          'Continue ? [y/n]')
         if not upgrade:
-            sys.exit('Nothing done')
+            sys.exit('No upgrade performed')
         repository_path = jn(dn(dn(dn(os.path.realpath(__file__)))),
                              'rhodecode/lib/dbmigrate')
         db_uri = self.dburi
         try:
             curr_version = api.db_version(db_uri, repository_path)
             msg = ('Found current database under version'
                  ' control with version %s' % curr_version)
         except (RuntimeError, DatabaseNotControlledError):
             curr_version = 1
             msg = ('Current database is not under version control. Setting'
                    ' as version %s' % curr_version)
             api.version_control(db_uri, repository_path, curr_version)
         notify(msg)
         if curr_version == __dbversion__:
             sys.exit('This database is already at the newest version')
         #======================================================================
         # UPGRADE STEPS
         #======================================================================
         class UpgradeSteps(object):
             """
             Those steps follow schema versions so for example schema
             for example schema with seq 002 == step_2 and so on.
             """
             def __init__(self, klass):
                 self.klass = klass
             def step_0(self):
                 # step 0 is the schema upgrade, and than follow proper upgrades
                 notify('attempting to do database upgrade from '
                        'version %s to version %s' %(curr_version, __dbversion__))
                 api.upgrade(db_uri, repository_path, __dbversion__)
                 notify('Schema upgrade completed')
             def step_1(self):
                 pass
             def step_2(self):
                 notify('Patching repo paths for newer version of RhodeCode')
                 self.klass.fix_repo_paths()
                 notify('Patching default user of RhodeCode')
                 self.klass.fix_default_user()
                 log.info('Changing ui settings')
                 self.klass.create_ui_settings()
             def step_3(self):
                 notify('Adding additional settings into RhodeCode db')
                 self.klass.fix_settings()
                 notify('Adding ldap defaults')
                 self.klass.create_ldap_options(skip_existing=True)
             def step_4(self):
                 notify('create permissions and fix groups')
                 self.klass.create_permissions()
                 self.klass.fixup_groups()
             def step_5(self):
                 pass
             def step_6(self):
                 notify('re-checking permissions')
                 self.klass.create_permissions()
                 notify('installing new UI options')
                 sett4 = RhodeCodeSetting('show_public_icon', True)
                 Session().add(sett4)
                 sett5 = RhodeCodeSetting('show_private_icon', True)
                 Session().add(sett5)
                 sett6 = RhodeCodeSetting('stylify_metatags', False)
                 Session().add(sett6)
                 notify('fixing old PULL hook')
                 _pull = RhodeCodeUi.get_by_key('preoutgoing.pull_logger')
                 if _pull:
                     _pull.ui_key = RhodeCodeUi.HOOK_PULL
                     Session().add(_pull)
                 notify('fixing old PUSH hook')
                 _push = RhodeCodeUi.get_by_key('pretxnchangegroup.push_logger')
                 if _push:
                     _push.ui_key = RhodeCodeUi.HOOK_PUSH
                     Session().add(_push)
                 notify('installing new pre-push hook')
                 hooks4 = RhodeCodeUi()
                 hooks4.ui_section = 'hooks'
                 hooks4.ui_key = RhodeCodeUi.HOOK_PRE_PUSH
                 hooks4.ui_value = 'python:rhodecode.lib.hooks.pre_push'
                 Session().add(hooks4)
                 notify('installing new pre-pull hook')
                 hooks6 = RhodeCodeUi()
                 hooks6.ui_section = 'hooks'
                 hooks6.ui_key = RhodeCodeUi.HOOK_PRE_PULL
                 hooks6.ui_value = 'python:rhodecode.lib.hooks.pre_pull'
                 Session().add(hooks6)
                 notify('installing hgsubversion option')
                 # enable hgsubversion disabled by default
                 hgsubversion = RhodeCodeUi()
                 hgsubversion.ui_section = 'extensions'
                 hgsubversion.ui_key = 'hgsubversion'
                 hgsubversion.ui_value = ''
                 hgsubversion.ui_active = False
                 Session().add(hgsubversion)
                 notify('installing hg git option')
                 # enable hggit disabled by default
                 hggit = RhodeCodeUi()
                 hggit.ui_section = 'extensions'
                 hggit.ui_key = 'hggit'
                 hggit.ui_value = ''
                 hggit.ui_active = False
                 Session().add(hggit)
                 notify('re-check default permissions')
                 default_user = User.get_by_username(User.DEFAULT_USER)
                 perm = Permission.get_by_key('hg.fork.repository')
                 reg_perm = UserToPerm()
                 reg_perm.user = default_user
                 reg_perm.permission = perm
                 Session().add(reg_perm)
             def step_7(self):
                 perm_fixes = self.klass.reset_permissions(User.DEFAULT_USER)
                 Session().commit()
                 if perm_fixes:
                     notify('There was an inconsistent state of permissions '
                            'detected for default user. Permissions are now '
                            'reset to the default value for default user. '
                            'Please validate and check default permissions '
                            'in admin panel')
             def step_8(self):
                 self.klass.populate_default_permissions()
                 self.klass.create_default_options(skip_existing=True)
                 Session().commit()
             def step_9(self):
                 perm_fixes = self.klass.reset_permissions(User.DEFAULT_USER)
                 Session().commit()
                 if perm_fixes:
                     notify('There was an inconsistent state of permissions '
                            'detected for default user. Permissions are now '
                            'reset to the default value for default user. '
                            'Please validate and check default permissions '
                            'in admin panel')
             def step_10(self):
                 pass
             def step_11(self):
                 self.klass.update_repo_info()
             def step_12(self):
                 self.klass.create_permissions()
                 self.klass.populate_default_permissions()
         upgrade_steps = [0] + range(curr_version + 1, __dbversion__ + 1)
         # CALL THE PROPER ORDER OF STEPS TO PERFORM FULL UPGRADE
         _step = None
         for step in upgrade_steps:
             notify('performing upgrade step %s' % step)
             getattr(UpgradeSteps(self), 'step_%s' % step)()
             self.sa.commit()
             _step = step
         notify('upgrade to version %s successful' % _step)
     def fix_repo_paths(self):
         """
         Fixes a old rhodecode version path into new one without a '*'
         """
         paths = self.sa.query(RhodeCodeUi)\
                 .filter(RhodeCodeUi.ui_key == '/')\
                 .scalar()
         paths.ui_value = paths.ui_value.replace('*', '')
         try:
             self.sa.add(paths)
             self.sa.commit()
         except Exception:
             self.sa.rollback()
             raise
     def fix_default_user(self):
         """
         Fixes a old default user with some 'nicer' default values,
         used mostly for anonymous access
         """
         def_user = self.sa.query(User)\
                 .filter(User.username == 'default')\
                 .one()
         def_user.name = 'Anonymous'
         def_user.lastname = 'User'
         def_user.email = 'anonymous@rhodecode.org'
         try:
             self.sa.add(def_user)
             self.sa.commit()
         except Exception:
             self.sa.rollback()
             raise
     def fix_settings(self):
         """
         Fixes rhodecode settings adds ga_code key for google analytics
         """
         hgsettings3 = RhodeCodeSetting('ga_code', '')
         try:
             self.sa.add(hgsettings3)
             self.sa.commit()
         except Exception:
             self.sa.rollback()
             raise
     def admin_prompt(self, second=False):
         if not self.tests:
             import getpass
             # defaults
             defaults = self.cli_args
             username = defaults.get('username')
             password = defaults.get('password')
             email = defaults.get('email')
             def get_password():
                 password = getpass.getpass('Specify admin password '
                                            '(min 6 chars):')
                 confirm = getpass.getpass('Confirm password:')
                 if password != confirm:
                     log.error('passwords mismatch')
                     return False
                 if len(password) < 6:
                     log.error('password is to short use at least 6 characters')
                     return False
                 return password
             if username is None:
                 username = raw_input('Specify admin username:')
             if password is None:
                 password = get_password()
                 if not password:
                     #second try
                     password = get_password()
                     if not password:
                         sys.exit()
             if email is None:
                 email = raw_input('Specify admin email:')
             self.create_user(username, password, email, True)
         else:
             log.info('creating admin and regular test users')
             from rhodecode.tests import TEST_USER_ADMIN_LOGIN, \
             TEST_USER_ADMIN_PASS, TEST_USER_ADMIN_EMAIL, \
             TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS, \
             TEST_USER_REGULAR_EMAIL, TEST_USER_REGULAR2_LOGIN, \
             TEST_USER_REGULAR2_PASS, TEST_USER_REGULAR2_EMAIL
             self.create_user(TEST_USER_ADMIN_LOGIN, TEST_USER_ADMIN_PASS,
                              TEST_USER_ADMIN_EMAIL, True)
             self.create_user(TEST_USER_REGULAR_LOGIN, TEST_USER_REGULAR_PASS,
                              TEST_USER_REGULAR_EMAIL, False)
             self.create_user(TEST_USER_REGULAR2_LOGIN, TEST_USER_REGULAR2_PASS,
                              TEST_USER_REGULAR2_EMAIL, False)
     def create_ui_settings(self):
         """
         Creates ui settings, fills out hooks
         and disables dotencode
         """
         #HOOKS
         hooks1_key = RhodeCodeUi.HOOK_UPDATE
         hooks1_ = self.sa.query(RhodeCodeUi)\
             .filter(RhodeCodeUi.ui_key == hooks1_key).scalar()
         hooks1 = RhodeCodeUi() if hooks1_ is None else hooks1_
         hooks1.ui_section = 'hooks'
         hooks1.ui_key = hooks1_key
         hooks1.ui_value = 'hg update >&2'
         hooks1.ui_active = False
         self.sa.add(hooks1)
         hooks2_key = RhodeCodeUi.HOOK_REPO_SIZE
         hooks2_ = self.sa.query(RhodeCodeUi)\
             .filter(RhodeCodeUi.ui_key == hooks2_key).scalar()
         hooks2 = RhodeCodeUi() if hooks2_ is None else hooks2_
         hooks2.ui_section = 'hooks'
         hooks2.ui_key = hooks2_key
         hooks2.ui_value = 'python:rhodecode.lib.hooks.repo_size'
         self.sa.add(hooks2)
         hooks3 = RhodeCodeUi()
         hooks3.ui_section = 'hooks'
         hooks3.ui_key = RhodeCodeUi.HOOK_PUSH
         hooks3.ui_value = 'python:rhodecode.lib.hooks.log_push_action'
         self.sa.add(hooks3)
         hooks4 = RhodeCodeUi()
         hooks4.ui_section = 'hooks'
         hooks4.ui_key = RhodeCodeUi.HOOK_PRE_PUSH
         hooks4.ui_value = 'python:rhodecode.lib.hooks.pre_push'
         self.sa.add(hooks4)
         hooks5 = RhodeCodeUi()
         hooks5.ui_section = 'hooks'
         hooks5.ui_key = RhodeCodeUi.HOOK_PULL
         hooks5.ui_value = 'python:rhodecode.lib.hooks.log_pull_action'
         self.sa.add(hooks5)
         hooks6 = RhodeCodeUi()
         hooks6.ui_section = 'hooks'
         hooks6.ui_key = RhodeCodeUi.HOOK_PRE_PULL
         hooks6.ui_value = 'python:rhodecode.lib.hooks.pre_pull'
         self.sa.add(hooks6)
         # enable largefiles
         largefiles = RhodeCodeUi()
         largefiles.ui_section = 'extensions'
         largefiles.ui_key = 'largefiles'
         largefiles.ui_value = ''
         self.sa.add(largefiles)
         # enable hgsubversion disabled by default
         hgsubversion = RhodeCodeUi()
         hgsubversion.ui_section = 'extensions'
         hgsubversion.ui_key = 'hgsubversion'
         hgsubversion.ui_value = ''
         hgsubversion.ui_active = False
         self.sa.add(hgsubversion)
         # enable hggit disabled by default
         hggit = RhodeCodeUi()
         hggit.ui_section = 'extensions'
         hggit.ui_key = 'hggit'
         hggit.ui_value = ''
         hggit.ui_active = False
         self.sa.add(hggit)
     def create_ldap_options(self, skip_existing=False):
         """Creates ldap settings"""
         for k, v in [('ldap_active', 'false'), ('ldap_host', ''),
                     ('ldap_port', '389'), ('ldap_tls_kind', 'PLAIN'),
                     ('ldap_tls_reqcert', ''), ('ldap_dn_user', ''),
                     ('ldap_dn_pass', ''), ('ldap_base_dn', ''),
                     ('ldap_filter', ''), ('ldap_search_scope', ''),
                     ('ldap_attr_login', ''), ('ldap_attr_firstname', ''),
                     ('ldap_attr_lastname', ''), ('ldap_attr_email', '')]:
             if skip_existing and RhodeCodeSetting.get_by_name(k) != None:
                 log.debug('Skipping option %s' % k)
                 continue
             setting = RhodeCodeSetting(k, v)
             self.sa.add(setting)
     def create_default_options(self, skip_existing=False):
         """Creates default settings"""
         for k, v in [
             ('default_repo_enable_locking',  False),
             ('default_repo_enable_downloads', False),
             ('default_repo_enable_statistics', False),
             ('default_repo_private', False),
             ('default_repo_type', 'hg')]:
             if skip_existing and RhodeCodeSetting.get_by_name(k) != None:
                 log.debug('Skipping option %s' % k)
                 continue
             setting = RhodeCodeSetting(k, v)
             self.sa.add(setting)
     def fixup_groups(self):
         def_usr = User.get_by_username('default')
         for g in RepoGroup.query().all():
             g.group_name = g.get_new_name(g.name)
             self.sa.add(g)
             # get default perm
             default = UserRepoGroupToPerm.query()\
                 .filter(UserRepoGroupToPerm.group == g)\
                 .filter(UserRepoGroupToPerm.user == def_usr)\
                 .scalar()
             if default is None:
                 log.debug('missing default permission for group %s adding' % g)
                 ReposGroupModel()._create_default_perms(g)
                 perm_obj = ReposGroupModel()._create_default_perms(g)
                 self.sa.add(perm_obj)
     def reset_permissions(self, username):
         """
         Resets permissions to default state, usefull when old systems had
         bad permissions, we must clean them up
         :param username:
         :type username:
         """
         default_user = User.get_by_username(username)
         if not default_user:
             return
         u2p = UserToPerm.query()\
             .filter(UserToPerm.user == default_user).all()
         fixed = False
         if len(u2p) != len(User.DEFAULT_PERMISSIONS):
             for p in u2p:
                 Session().delete(p)
             fixed = True
             self.populate_default_permissions()
         return fixed
     def update_repo_info(self):
         RepoModel.update_repoinfo()
     def config_prompt(self, test_repo_path='', retries=3):
         defaults = self.cli_args
         _path = defaults.get('repos_location')
         if retries == 3:
             log.info('Setting up repositories config')
         if _path is not None:
             path = _path
         elif not self.tests and not test_repo_path:
             path = raw_input(
                  'Enter a valid absolute path to store repositories. '
                  'All repositories in that path will be added automatically:'
+            )
         else:
             path = test_repo_path
         path_ok = True
         # check proper dir
         if not os.path.isdir(path):
             path_ok = False
             log.error('Given path %s is not a valid directory' % path)
         elif not os.path.isabs(path):
             path_ok = False
             log.error('Given path %s is not an absolute path' % path)
         # check write access
         elif not os.access(path, os.W_OK) and path_ok:
             path_ok = False
             log.error('No write permission to given path %s' % path)
         if retries == 0:
             sys.exit('max retries reached')
         if not path_ok:
             retries -= 1
             return self.config_prompt(test_repo_path, retries)
         real_path = os.path.normpath(os.path.realpath(path))
         if real_path != os.path.normpath(path):
             if not ask_ok(('Path looks like a symlink, Rhodecode will store '
                            'given path as %s ? [y/n]') % (real_path)):
                 log.error('Canceled by user')
                 sys.exit(-1)
         return real_path
     def create_settings(self, path):
         self.create_ui_settings()
         #HG UI OPTIONS
         web1 = RhodeCodeUi()
         web1.ui_section = 'web'
         web1.ui_key = 'push_ssl'
         web1.ui_value = 'false'
         web2 = RhodeCodeUi()
         web2.ui_section = 'web'
         web2.ui_key = 'allow_archive'
         web2.ui_value = 'gz zip bz2'
         web3 = RhodeCodeUi()
         web3.ui_section = 'web'
         web3.ui_key = 'allow_push'
         web3.ui_value = '*'
         web4 = RhodeCodeUi()
         web4.ui_section = 'web'
         web4.ui_key = 'baseurl'
         web4.ui_value = '/'
         paths = RhodeCodeUi()
         paths.ui_section = 'paths'
         paths.ui_key = '/'
         paths.ui_value = path
         phases = RhodeCodeUi()
         phases.ui_section = 'phases'
         phases.ui_key = 'publish'
         phases.ui_value = False
         sett1 = RhodeCodeSetting('realm', 'RhodeCode authentication')
         sett2 = RhodeCodeSetting('title', 'RhodeCode')
         sett3 = RhodeCodeSetting('ga_code', '')
         sett4 = RhodeCodeSetting('show_public_icon', True)
         sett5 = RhodeCodeSetting('show_private_icon', True)
         sett6 = RhodeCodeSetting('stylify_metatags', False)
         self.sa.add(web1)
         self.sa.add(web2)
         self.sa.add(web3)
         self.sa.add(web4)
         self.sa.add(paths)
         self.sa.add(sett1)
         self.sa.add(sett2)
         self.sa.add(sett3)
         self.sa.add(sett4)
         self.sa.add(sett5)
         self.sa.add(sett6)
         self.create_ldap_options()
         self.create_default_options()
         log.info('created ui config')
     def create_user(self, username, password, email='', admin=False):
         log.info('creating user %s' % username)
         UserModel().create_or_update(username, password, email,
                                      firstname='RhodeCode', lastname='Admin',
                                      active=True, admin=admin)
     def create_default_user(self):
         log.info('creating default user')
         # create default user for handling default permissions.
         UserModel().create_or_update(username='default',
                               password=str(uuid.uuid1())[:8],
                               email='anonymous@rhodecode.org',
                               firstname='Anonymous', lastname='User')
     def create_permissions(self):
         # module.(access|create|change|delete)_[name]
         # module.(none|read|write|admin)
         for p in Permission.PERMS:
             if not Permission.get_by_key(p[0]):
                 new_perm = Permission()
                 new_perm.permission_name = p[0]
                 new_perm.permission_longname = p[0]
                 self.sa.add(new_perm)
     def populate_default_permissions(self):
         log.info('creating default user permissions')
         default_user = User.get_by_username('default')
         for def_perm in User.DEFAULT_PERMISSIONS:
             perm = self.sa.query(Permission)\
              .filter(Permission.permission_name == def_perm)\
              .scalar()
             if not perm:
                 raise Exception(
                   'CRITICAL: permission %s not found inside database !!'
                   % def_perm
+                )
             if not UserToPerm.query()\
                 .filter(UserToPerm.permission == perm)\
                 .filter(UserToPerm.user == default_user).scalar():
                 reg_perm = UserToPerm()
                 reg_perm.user = default_user
                 reg_perm.permission = perm
                 self.sa.add(reg_perm)
     @staticmethod
     def check_waitress():
         """
         Function executed at the end of setup
         """
         if not __py_version__ >= (2, 6):
             notify('Python2.5 detected, please switch '
                    'egg:waitress#main -> egg:Paste#http '
                    'in your .ini file')

rhodecode/lib/dbmigrate/versions/012_version_1_7_0.py

➞

Show inline comments

@@ new file 100644 @@
 import logging
 import datetime
 from sqlalchemy import *
 from sqlalchemy.exc import DatabaseError
 from sqlalchemy.orm import relation, backref, class_mapper, joinedload
 from sqlalchemy.orm.session import Session
 from sqlalchemy.ext.declarative import declarative_base
 from rhodecode.lib.dbmigrate.migrate import *
 from rhodecode.lib.dbmigrate.migrate.changeset import *
 from rhodecode.model.meta import Base
 from rhodecode.model import meta
 from rhodecode.lib.dbmigrate.versions import _reset_base
 log = logging.getLogger(__name__)
 def upgrade(migrate_engine):
     """
     Upgrade operations go here.
     Don't create your own engine; bind migrate_engine to your metadata
     """
     _reset_base(migrate_engine)
     #==========================================================================
     # UserUserGroupToPerm
     #==========================================================================
     from rhodecode.lib.dbmigrate.schema.db_1_7_0 import UserUserGroupToPerm
     tbl = UserUserGroupToPerm.__table__
     tbl.create()
     #==========================================================================
     # UserGroupUserGroupToPerm
     #==========================================================================
     from rhodecode.lib.dbmigrate.schema.db_1_7_0 import UserGroupUserGroupToPerm
     tbl = UserGroupUserGroupToPerm.__table__
     tbl.create()
     #==========================================================================
     # UserGroup
     #==========================================================================
     from rhodecode.lib.dbmigrate.schema.db_1_7_0 import UserGroup
     tbl = UserGroup.__table__
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=False, default=None)
     # create username column
     user_id.create(table=tbl)
     #==========================================================================
     # UserGroup
     #==========================================================================
     from rhodecode.lib.dbmigrate.schema.db_1_7_0 import RepoGroup
     tbl = RepoGroup.__table__
     user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=False, default=None)
     # create username column
     user_id.create(table=tbl)
 def downgrade(migrate_engine):
     meta = MetaData()
     meta.bind = migrate_engine

Changeset was too big and was cut off... Show full diff anyway

0 comments (0 inline, 0 general)