kallithea Changeset - 9e9f1b919c0c

Changeset - 9e9f1b919c0c

Parent rev.

Child rev.

[Not reviewed]

beta

0 9 0

Marcin Kuzminski - 15 years ago 2010-11-17 22:00:36
marcin@python-works.com

implements #60, ldap configuration and authentication.
fixes settings to use settings Model

9 files changed with 224 insertions and 68 deletions:

rhodecode/config/routing.py

rhodecode/controllers/admin/permissions.py

rhodecode/controllers/admin/settings.py

rhodecode/lib/auth.py

rhodecode/lib/auth_ldap.py

rhodecode/model/forms.py

rhodecode/model/permission.py

rhodecode/model/settings.py

rhodecode/model/user.py

0 comments (0 inline, 0 general)

rhodecode/config/routing.py

➞

Show inline comments

 """
 Routes configuration
 The more specific and detailed routes should be defined first so they
 may take precedent over the more generic routes. For more information
 refer to the routes manual at http://routes.groovie.org/docs/
 """
 from __future__ import with_statement
 from routes import Mapper
 from rhodecode.lib.utils import check_repo_fast as cr
 def make_map(config):
     """Create, configure and return the routes Mapper"""
     map = Mapper(directory=config['pylons.paths']['controllers'],
                  always_scan=config['debug'])
     map.minimization = False
     map.explicit = False
     def check_repo(environ, match_dict):
         """
         check for valid repository for proper 404 handling
         :param environ:
         :param match_dict:
         """
         repo_name = match_dict.get('repo_name')
         return not cr(repo_name, config['base_path'])
     # The ErrorController route (handles 404/500 error pages); it should
     # likely stay at the top, ensuring it can always be resolved
     map.connect('/error/{action}', controller='error')
     map.connect('/error/{action}/{id}', controller='error')
     #==========================================================================
     # CUSTOM ROUTES HERE
     #==========================================================================
     #MAIN PAGE
     map.connect('home', '/', controller='home', action='index')
     map.connect('bugtracker', "http://bitbucket.org/marcinkuzminski/rhodecode/issues", _static=True)
     map.connect('gpl_license', "http://www.gnu.org/licenses/gpl.html", _static=True)
     #ADMIN REPOSITORY REST ROUTES
     with map.submapper(path_prefix='/_admin', controller='admin/repos') as m:
         m.connect("repos", "/repos",
              action="create", conditions=dict(method=["POST"]))
         m.connect("repos", "/repos",
              action="index", conditions=dict(method=["GET"]))
         m.connect("formatted_repos", "/repos.{format}",
              action="index",
             conditions=dict(method=["GET"]))
         m.connect("new_repo", "/repos/new",
              action="new", conditions=dict(method=["GET"]))
         m.connect("formatted_new_repo", "/repos/new.{format}",
              action="new", conditions=dict(method=["GET"]))
         m.connect("/repos/{repo_name:.*}",
              action="update", conditions=dict(method=["PUT"],
                                               function=check_repo))
         m.connect("/repos/{repo_name:.*}",
              action="delete", conditions=dict(method=["DELETE"],
                                               function=check_repo))
         m.connect("edit_repo", "/repos/{repo_name:.*}/edit",
              action="edit", conditions=dict(method=["GET"],
                                             function=check_repo))
         m.connect("formatted_edit_repo", "/repos/{repo_name:.*}.{format}/edit",
              action="edit", conditions=dict(method=["GET"],
                                             function=check_repo))
         m.connect("repo", "/repos/{repo_name:.*}",
              action="show", conditions=dict(method=["GET"],
                                             function=check_repo))
         m.connect("formatted_repo", "/repos/{repo_name:.*}.{format}",
              action="show", conditions=dict(method=["GET"],
                                             function=check_repo))
         #ajax delete repo perm user
         m.connect('delete_repo_user', "/repos_delete_user/{repo_name:.*}",
              action="delete_perm_user", conditions=dict(method=["DELETE"],
                                                         function=check_repo))
     #ADMIN USER REST ROUTES
     map.resource('user', 'users', controller='admin/users', path_prefix='/_admin')
     #ADMIN PERMISSIONS REST ROUTES
     map.resource('permission', 'permissions', controller='admin/permissions', path_prefix='/_admin')
     map.connect('permissions_ldap', '/_admin/permissions_ldap', controller='admin/permissions', action='ldap')
     #ADMIN SETTINGS REST ROUTES
     with map.submapper(path_prefix='/_admin', controller='admin/settings') as m:
         m.connect("admin_settings", "/settings",
              action="create", conditions=dict(method=["POST"]))
         m.connect("admin_settings", "/settings",
              action="index", conditions=dict(method=["GET"]))
         m.connect("formatted_admin_settings", "/settings.{format}",
              action="index", conditions=dict(method=["GET"]))
         m.connect("admin_new_setting", "/settings/new",
              action="new", conditions=dict(method=["GET"]))
         m.connect("formatted_admin_new_setting", "/settings/new.{format}",
              action="new", conditions=dict(method=["GET"]))
         m.connect("/settings/{setting_id}",
              action="update", conditions=dict(method=["PUT"]))
         m.connect("/settings/{setting_id}",
              action="delete", conditions=dict(method=["DELETE"]))
         m.connect("admin_edit_setting", "/settings/{setting_id}/edit",
              action="edit", conditions=dict(method=["GET"]))
         m.connect("formatted_admin_edit_setting", "/settings/{setting_id}.{format}/edit",
              action="edit", conditions=dict(method=["GET"]))
         m.connect("admin_setting", "/settings/{setting_id}",
              action="show", conditions=dict(method=["GET"]))
         m.connect("formatted_admin_setting", "/settings/{setting_id}.{format}",
              action="show", conditions=dict(method=["GET"]))
         m.connect("admin_settings_my_account", "/my_account",
              action="my_account", conditions=dict(method=["GET"]))
         m.connect("admin_settings_my_account_update", "/my_account_update",
              action="my_account_update", conditions=dict(method=["PUT"]))
         m.connect("admin_settings_create_repository", "/create_repository",
              action="create_repository", conditions=dict(method=["GET"]))
     #ADMIN MAIN PAGES
     with map.submapper(path_prefix='/_admin', controller='admin/admin') as m:
         m.connect('admin_home', '', action='index')#main page
         m.connect('admin_add_repo', '/add_repo/{new_repo:[a-z0-9\. _-]*}',
                   action='add_repo')
     #SEARCH
     map.connect('search', '/_admin/search', controller='search',)
     map.connect('search_repo', '/_admin/search/{search_repo:.*}', controller='search')
     #LOGIN/LOGOUT/REGISTER/SIGN IN
     map.connect('login_home', '/_admin/login', controller='login')
     map.connect('logout_home', '/_admin/logout', controller='login', action='logout')
     map.connect('register', '/_admin/register', controller='login', action='register')
     map.connect('reset_password', '/_admin/password_reset', controller='login', action='password_reset')
     #FEEDS
     map.connect('rss_feed_home', '/{repo_name:.*}/feed/rss',
                 controller='feed', action='rss',
                 conditions=dict(function=check_repo))
     map.connect('atom_feed_home', '/{repo_name:.*}/feed/atom',
                 controller='feed', action='atom',
                 conditions=dict(function=check_repo))
     #REPOSITORY ROUTES
     map.connect('changeset_home', '/{repo_name:.*}/changeset/{revision}',
                 controller='changeset', revision='tip',
                 conditions=dict(function=check_repo))
     map.connect('raw_changeset_home', '/{repo_name:.*}/raw-changeset/{revision}',
                 controller='changeset', action='raw_changeset', revision='tip',
                 conditions=dict(function=check_repo))
     map.connect('summary_home', '/{repo_name:.*}/summary',
                 controller='summary', conditions=dict(function=check_repo))
     map.connect('shortlog_home', '/{repo_name:.*}/shortlog',
                 controller='shortlog', conditions=dict(function=check_repo))
     map.connect('branches_home', '/{repo_name:.*}/branches',
                 controller='branches', conditions=dict(function=check_repo))
     map.connect('tags_home', '/{repo_name:.*}/tags',
                 controller='tags', conditions=dict(function=check_repo))
     map.connect('changelog_home', '/{repo_name:.*}/changelog',
                 controller='changelog', conditions=dict(function=check_repo))
     map.connect('files_home', '/{repo_name:.*}/files/{revision}/{f_path:.*}',
                 controller='files', revision='tip', f_path='',
                 conditions=dict(function=check_repo))
     map.connect('files_diff_home', '/{repo_name:.*}/diff/{f_path:.*}',
                 controller='files', action='diff', revision='tip', f_path='',
                 conditions=dict(function=check_repo))
     map.connect('files_rawfile_home', '/{repo_name:.*}/rawfile/{revision}/{f_path:.*}',
                 controller='files', action='rawfile', revision='tip', f_path='',
                 conditions=dict(function=check_repo))
     map.connect('files_raw_home', '/{repo_name:.*}/raw/{revision}/{f_path:.*}',
                 controller='files', action='raw', revision='tip', f_path='',
                 conditions=dict(function=check_repo))
     map.connect('files_annotate_home', '/{repo_name:.*}/annotate/{revision}/{f_path:.*}',
                 controller='files', action='annotate', revision='tip', f_path='',
                 conditions=dict(function=check_repo))
     map.connect('files_archive_home', '/{repo_name:.*}/archive/{revision}/{fileformat}',
                 controller='files', action='archivefile', revision='tip',
                 conditions=dict(function=check_repo))
     map.connect('repo_settings_delete', '/{repo_name:.*}/settings',
                 controller='settings', action="delete",
                 conditions=dict(method=["DELETE"], function=check_repo))
     map.connect('repo_settings_update', '/{repo_name:.*}/settings',
                 controller='settings', action="update",

rhodecode/controllers/admin/permissions.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # permissions controller for pylons
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 27, 2010
 permissions controller for pylons
 @author: marcink
 """
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
 from rhodecode.lib.auth_ldap import LdapImportError
 from rhodecode.lib.base import BaseController, render
-from rhodecode.model.forms import UserForm, DefaultPermissionsForm
+from rhodecode.model.forms import LdapSettingsForm, DefaultPermissionsForm
 from rhodecode.model.permission import PermissionModel
 from rhodecode.model.settings import SettingsModel
 from rhodecode.model.user import UserModel
 import formencode
 import logging
 import traceback
 log = logging.getLogger(__name__)
 class PermissionsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('permission', 'permissions')
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(PermissionsController, self).__before__()
         self.perms_choices = [('repository.none', _('None'),),
                               ('repository.read', _('Read'),),
                               ('repository.write', _('Write'),),
                               ('repository.admin', _('Admin'),)]
         self.register_choices = [
             ('hg.register.none',
                 _('disabled')),
             ('hg.register.manual_activate',
                 _('allowed with manual account activation')),
             ('hg.register.auto_activate',
                 _('allowed with automatic account activation')), ]
         self.create_choices = [('hg.create.none', _('Disabled')),
                                ('hg.create.repository', _('Enabled'))]
     def index(self, format='html'):
         """GET /permissions: All items in the collection"""
         # url('permissions')
     def create(self):
         """POST /permissions: Create a new item"""
         # url('permissions')
     def new(self, format='html'):
         """GET /permissions/new: Form to create a new item"""
         # url('new_permission')
     def update(self, id):
         """PUT /permissions/id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('permission', id=ID),
         #           method='put')
         # url('permission', id=ID)
         permission_model = PermissionModel()
         _form = DefaultPermissionsForm([x[0] for x in self.perms_choices],
                                        [x[0] for x in self.register_choices],
                                        [x[0] for x in self.create_choices])()
         try:
             form_result = _form.to_python(dict(request.POST))
             form_result.update({'perm_user_name':id})
             permission_model.update(form_result)
-            h.flash(_('Default permissions updated succesfully'),
+            h.flash(_('Default permissions updated successfully'),
                     category='success')
         except formencode.Invalid, errors:
             c.perms_choices = self.perms_choices
             c.register_choices = self.register_choices
             c.create_choices = self.create_choices
             defaults = errors.value
             defaults.update(SettingsModel().get_ldap_settings())
             return htmlfill.render(
                 render('admin/permissions/permissions.html'),
-                defaults=errors.value,
+                defaults=defaults,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occured during update of permissions'),
                     category='error')
         return redirect(url('edit_permission', id=id))
     def delete(self, id):
         """DELETE /permissions/id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('permission', id=ID),
         #           method='delete')
         # url('permission', id=ID)
     def show(self, id, format='html'):
         """GET /permissions/id: Show a specific item"""
         # url('permission', id=ID)
     def edit(self, id, format='html'):
         """GET /permissions/id/edit: Form to edit an existing item"""
         #url('edit_permission', id=ID)
         c.perms_choices = self.perms_choices
         c.register_choices = self.register_choices
         c.create_choices = self.create_choices
         if id == 'default':
             default_user = UserModel().get_by_username('default')
             defaults = {'_method':'put',
                         'anonymous':default_user.active}
             defaults.update(SettingsModel().get_ldap_settings())
             for p in default_user.user_perms:
                 if p.permission.permission_name.startswith('repository.'):
                     defaults['default_perm'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('hg.register.'):
                     defaults['default_register'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('hg.create.'):
                     defaults['default_create'] = p.permission.permission_name
             return htmlfill.render(
                         render('admin/permissions/permissions.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=True,)
         else:
             return redirect(url('admin_home'))
     def ldap(self, id_user='default'):
         """
         POST ldap create and store ldap settings
         """
         settings_model = SettingsModel()
         _form = LdapSettingsForm()()
         try:
             form_result = _form.to_python(dict(request.POST))
             try:
                 for k, v in form_result.items():
                     if k.startswith('ldap_'):
                         setting = settings_model.get(k)
                         setting.app_settings_value = v
                         self.sa.add(setting)
                 self.sa.commit()
                 h.flash(_('Ldap settings updated successfully'),
                     category='success')
             except:
                 raise
         except LdapImportError:
             h.flash(_('Unable to activate ldap. The "ldap-python" library '
                       'is missing.'),
                     category='warning')
         except formencode.Invalid, errors:
             c.perms_choices = self.perms_choices
             c.register_choices = self.register_choices
             c.create_choices = self.create_choices
             return htmlfill.render(
                 render('admin/permissions/permissions.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occured during update of ldap settings'),
                     category='error')
         return redirect(url('edit_permission', id=id_user))

rhodecode/controllers/admin/settings.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # settings controller for pylons
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on July 14, 2010
 settings controller for pylons
 @author: marcink
 """
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url, app_globals as g, \
     config
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasPermissionAnyDecorator
 from rhodecode.lib.base import BaseController, render
 from rhodecode.lib.celerylib import tasks, run_task
 from rhodecode.lib.utils import repo2db_mapper, invalidate_cache, \
     set_rhodecode_config, get_hg_settings, get_hg_ui_settings
-from rhodecode.model.db import RhodeCodeSettings, RhodeCodeUi, Repository
 from rhodecode.model.db import RhodeCodeUi, Repository
 from rhodecode.model.forms import UserForm, ApplicationSettingsForm, \
     ApplicationUiSettingsForm
 from rhodecode.model.scm import ScmModel
 from rhodecode.model.settings import SettingsModel
 from rhodecode.model.user import UserModel
 from rhodecode.lib.celerylib import tasks, run_task
 from sqlalchemy import func
 import formencode
 import logging
 import traceback
 log = logging.getLogger(__name__)
 class SettingsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('setting', 'settings', controller='admin/settings',
     #         path_prefix='/admin', name_prefix='admin_')
     @LoginRequired()
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(SettingsController, self).__before__()
     @HasPermissionAllDecorator('hg.admin')
     def index(self, format='html'):
         """GET /admin/settings: All items in the collection"""
         # url('admin_settings')
         defaults = get_hg_settings()
         defaults.update(get_hg_ui_settings())
         return htmlfill.render(
             render('admin/settings/settings.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )
     @HasPermissionAllDecorator('hg.admin')
     def create(self):
         """POST /admin/settings: Create a new item"""
         # url('admin_settings')
     @HasPermissionAllDecorator('hg.admin')
     def new(self, format='html'):
         """GET /admin/settings/new: Form to create a new item"""
         # url('admin_new_setting')
     @HasPermissionAllDecorator('hg.admin')
     def update(self, setting_id):
         """PUT /admin/settings/setting_id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('admin_setting', setting_id=ID),
         #           method='put')
         # url('admin_setting', setting_id=ID)
         if setting_id == 'mapping':
             rm_obsolete = request.POST.get('destroy', False)
             log.debug('Rescanning directories with destroy=%s', rm_obsolete)
             initial = ScmModel().repo_scan(g.paths[0][1], g.baseui)
             for repo_name in initial.keys():
                 invalidate_cache('get_repo_cached_%s' % repo_name)
             repo2db_mapper(initial, rm_obsolete)
             h.flash(_('Repositories successfully rescanned'), category='success')
         if setting_id == 'whoosh':
             repo_location = get_hg_ui_settings()['paths_root_path']
             full_index = request.POST.get('full_index', False)
             task = run_task(tasks.whoosh_index, repo_location, full_index)
             h.flash(_('Whoosh reindex task scheduled'), category='success')
         if setting_id == 'global':
             application_form = ApplicationSettingsForm()()
             try:
                 form_result = application_form.to_python(dict(request.POST))
+                settings_model = SettingsModel()
                 try:
                     hgsettings1 = self.sa.query(RhodeCodeSettings)\
                         .filter(RhodeCodeSettings.app_settings_name \
                                 == 'title').one()
                     hgsettings1 = settings_model.get('title')
                     hgsettings1.app_settings_value = form_result['rhodecode_title']
                     hgsettings2 = self.sa.query(RhodeCodeSettings)\
                         .filter(RhodeCodeSettings.app_settings_name \
                                 == 'realm').one()
                     hgsettings2 = settings_model('realm')
                     hgsettings2.app_settings_value = form_result['rhodecode_realm']
                     self.sa.add(hgsettings1)
                     self.sa.add(hgsettings2)
                     self.sa.commit()
                     set_rhodecode_config(config)
                     h.flash(_('Updated application settings'),
                             category='success')
                 except:
                     log.error(traceback.format_exc())
                     h.flash(_('error occurred during updating application settings'),
                             category='error')
                     self.sa.rollback()
             except formencode.Invalid, errors:
                 return htmlfill.render(
                      render('admin/settings/settings.html'),
                      defaults=errors.value,
                      errors=errors.error_dict or {},
                      prefix_error=False,
                      encoding="UTF-8")
         if setting_id == 'mercurial':
             application_form = ApplicationUiSettingsForm()()
             try:
                 form_result = application_form.to_python(dict(request.POST))
                 try:
                     hgsettings1 = self.sa.query(RhodeCodeUi)\
                     .filter(RhodeCodeUi.ui_key == 'push_ssl').one()
                     hgsettings1.ui_value = form_result['web_push_ssl']
                     hgsettings2 = self.sa.query(RhodeCodeUi)\
                     .filter(RhodeCodeUi.ui_key == '/').one()
                     hgsettings2.ui_value = form_result['paths_root_path']
                     #HOOKS
                     hgsettings3 = self.sa.query(RhodeCodeUi)\
                     .filter(RhodeCodeUi.ui_key == 'changegroup.update').one()
                     hgsettings3.ui_active = bool(form_result['hooks_changegroup_update'])
                     hgsettings4 = self.sa.query(RhodeCodeUi)\
                     .filter(RhodeCodeUi.ui_key == 'changegroup.repo_size').one()
                     hgsettings4.ui_active = bool(form_result['hooks_changegroup_repo_size'])
                     hgsettings5 = self.sa.query(RhodeCodeUi)\
                     .filter(RhodeCodeUi.ui_key == 'pretxnchangegroup.push_logger').one()
                     hgsettings5.ui_active = bool(form_result['hooks_pretxnchangegroup_push_logger'])
                     hgsettings6 = self.sa.query(RhodeCodeUi)\
                     .filter(RhodeCodeUi.ui_key == 'preoutgoing.pull_logger').one()
                     hgsettings6.ui_active = bool(form_result['hooks_preoutgoing_pull_logger'])
                     self.sa.add(hgsettings1)
                     self.sa.add(hgsettings2)
                     self.sa.add(hgsettings3)
                     self.sa.add(hgsettings4)
                     self.sa.add(hgsettings5)
                     self.sa.add(hgsettings6)
                     self.sa.commit()
                     h.flash(_('Updated mercurial settings'),
                             category='success')
                 except:
                     log.error(traceback.format_exc())
                     h.flash(_('error occurred during updating application settings'),
                             category='error')
                     self.sa.rollback()
             except formencode.Invalid, errors:
                 return htmlfill.render(
                      render('admin/settings/settings.html'),
                      defaults=errors.value,
                      errors=errors.error_dict or {},
                      prefix_error=False,
                      encoding="UTF-8")
         return redirect(url('admin_settings'))
     @HasPermissionAllDecorator('hg.admin')
     def delete(self, setting_id):
         """DELETE /admin/settings/setting_id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />

rhodecode/lib/auth.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # authentication and permission libraries
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 4, 2010
 @author: marcink
 """
 from pylons import config, session, url, request
 from pylons.controllers.util import abort, redirect
 from rhodecode.lib.utils import get_repo_slug
 from rhodecode.lib.auth_ldap import AuthLdap, UsernameError, PasswordError
 from rhodecode.model import meta
 from rhodecode.model.user import UserModel
 from rhodecode.model.caching_query import FromCache
 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
     UserToPerm
 import bcrypt
 from decorator import decorator
 import logging
 import random
 import traceback
 log = logging.getLogger(__name__)
 class PasswordGenerator(object):
     """This is a simple class for generating password from
         different sets of characters
         usage:
         passwd_gen = PasswordGenerator()
         #print 8-letter password containing only big and small letters of alphabet
         print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
     """
     ALPHABETS_NUM = r'''1234567890'''#[0]
     ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1]
     ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2]
     ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''    #[3]
     ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4]
     ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5]
     ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
     ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6]
     ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7]
     def __init__(self, passwd=''):
         self.passwd = passwd
     def gen_password(self, len, type):
         self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
         return self.passwd
 def get_crypt_password(password):
     """Cryptographic function used for password hashing based on sha1
     :param password: password to hash
     """
     return bcrypt.hashpw(password, bcrypt.gensalt(10))
 def check_password(password, hashed):
     return bcrypt.hashpw(password, hashed) == hashed
 def authfunc(environ, username, password):
     """
-    Authentication function used in Mercurial/Git/ and access controll,
+    Authentication function used in Mercurial/Git/ and access control,
     firstly checks for db authentication then if ldap is enabled for ldap
     authentication
     authentication, also creates ldap user if not in database
     :param environ: needed only for using in Basic auth, can be None
     :param username: username
     :param password: password
     """
     user_model = UserModel()
     user = user_model.get_by_username(username, cache=False)
     user = UserModel().get_by_username(username, cache=False)
     if user:
     if user is not None and user.is_ldap is False:
         if user.active:
             if user.username == 'default' and user.active:
                 log.info('user %s authenticated correctly', username)
                 return True
             elif user.username == username and check_password(password, user.password):
                 log.info('user %s authenticated correctly', username)
                 return True
         else:
             log.error('user %s is disabled', username)
     else:
         from rhodecode.model.settings import SettingsModel
         ldap_settings = SettingsModel().get_ldap_settings()
         #======================================================================
         # FALLBACK TO LDAP AUTH IN ENABLE
         #======================================================================
         if ldap_settings.get('ldap_active', False):
             kwargs = {
                   'server':ldap_settings.get('ldap_host', ''),
                   'base_dn':ldap_settings.get('ldap_base_dn', ''),
                   'port':ldap_settings.get('ldap_port'),
                   'bind_dn':ldap_settings.get('ldap_dn_user'),
                   'bind_pass':ldap_settings.get('ldap_dn_pass'),
                   'use_ldaps':ldap_settings.get('ldap_ldaps'),
                   'ldap_version':3,
+                  }
             log.debug('Checking for ldap authentication')
             try:
                 aldap = AuthLdap(**kwargs)
                 res = aldap.authenticate_ldap(username, password)
                 authenticated = res[1]['uid'][0] == username
                 if authenticated and user_model.create_ldap(username, password):
                     log.info('created new ldap user')
                 return authenticated
             except (UsernameError, PasswordError):
                 return False
             except:
                 log.error(traceback.format_exc())
                 return False
     return False
 class  AuthUser(object):
     """
     A simple object that handles a mercurial username for authentication
     """
     def __init__(self):
         self.username = 'None'
         self.name = ''
         self.lastname = ''
         self.email = ''
         self.user_id = None
         self.is_authenticated = False
         self.is_admin = False
         self.permissions = {}
     def __repr__(self):
         return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username)
 def set_available_permissions(config):
     """
     This function will propagate pylons globals with all available defined
     permission given in db. We don't wannt to check each time from db for new
     permissions since adding a new permission also requires application restart
     ie. to decorate new views with the newly created permission
     :param config:
     """
     log.info('getting information about all available permissions')
     try:
         sa = meta.Session()
         all_perms = sa.query(Permission).all()
     except:
         pass
     finally:
         meta.Session.remove()
     config['available_permissions'] = [x.permission_name for x in all_perms]
 def set_base_path(config):
     config['base_path'] = config['pylons.app_globals'].base_path
 def fill_perms(user):
     """
     Fills user permission attribute with permissions taken from database
     :param user:
     """
     sa = meta.Session()
     user.permissions['repositories'] = {}
     user.permissions['global'] = set()
     #===========================================================================
     # fetch default permissions
     #===========================================================================
     default_user = UserModel().get_by_username('default', cache=True)
     default_perms = sa.query(RepoToPerm, Repository, Permission)\
         .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
         .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
         .filter(RepoToPerm.user == default_user).all()
     if user.is_admin:
         #=======================================================================
         # #admin have all default rights set to admin
         #=======================================================================
         user.permissions['global'].add('hg.admin')
         for perm in default_perms:
             p = 'repository.admin'
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
     else:
         #=======================================================================
         # set default permissions
         #=======================================================================
         #default global
         default_global_perms = sa.query(UserToPerm)\
             .filter(UserToPerm.user == sa.query(User).filter(User.username ==
             'default').one())
         for perm in default_global_perms:
             user.permissions['global'].add(perm.permission.permission_name)
         #default repositories
         for perm in default_perms:
             if perm.Repository.private and not perm.Repository.user_id == user.user_id:
                 #disable defaults for private repos,
                 p = 'repository.none'
             elif perm.Repository.user_id == user.user_id:
                 #set admin if owner
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name

rhodecode/lib/auth_ldap.py

➞

Show inline comments

 import logging
 logging.basicConfig(level=logging.DEBUG)
 log = logging.getLogger('ldap')
 #==============================================================================
 # LDAP
 #Name     = Just a description for the auth modes page
 #Host     = DepartmentName.OrganizationName.local/ IP
 #Port     = 389 default for ldap
 #LDAPS    = no set True if You need to use ldaps
 #Account  = DepartmentName\UserName (or UserName@MyDomain depending on AD server)
 #Password = <password>
 #Base DN  = DC=DepartmentName,DC=OrganizationName,DC=local
+#
 #On-the-fly user creation = yes
 #Attributes
 #  Login     = sAMAccountName
 #  Firstname = givenName
 #  Lastname  = sN
 #  Email     = mail
 #==============================================================================
 class UsernameError(Exception):pass
 class PasswordError(Exception):pass
 from rhodecode.lib.exceptions import LdapImportError, UsernameError, \
     PasswordError, ConnectionError
 import logging
 log = logging.getLogger(__name__)
 LDAP_USE_LDAPS = False
 ldap_server_type = 'ldap'
 LDAP_SERVER_ADDRESS = 'myldap.com'
 LDAP_SERVER_PORT = '389'
 try:
     import ldap
 except ImportError:
     pass
 class AuthLdap(object):
     def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',
                  use_ldaps=False, ldap_version=3):
         self.ldap_version = ldap_version
         if use_ldaps:
             port = port or 689
         self.LDAP_USE_LDAPS = use_ldaps
         self.LDAP_SERVER_ADDRESS = server
         self.LDAP_SERVER_PORT = port
 #USE FOR READ ONLY BIND TO LDAP SERVER
 LDAP_BIND_DN = ''
 LDAP_BIND_PASS = ''
         self.LDAP_BIND_DN = bind_dn
         self.LDAP_BIND_PASS = bind_pass
 if LDAP_USE_LDAPS:ldap_server_type = ldap_server_type + 's'
 LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,
                                        LDAP_SERVER_ADDRESS,
                                        LDAP_SERVER_PORT)
         ldap_server_type = 'ldap'
         if self.LDAP_USE_LDAPS:ldap_server_type = ldap_server_type + 's'
         self.LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,
                                                self.LDAP_SERVER_ADDRESS,
                                                self.LDAP_SERVER_PORT)
 BASE_DN = "ou=people,dc=server,dc=com"
 AUTH_DN = "uid=%s,%s"
         self.BASE_DN = base_dn
         self.AUTH_DN = "uid=%s,%s"
 def authenticate_ldap(username, password):
+    def authenticate_ldap(self, username, password):
     """Authenticate a user via LDAP and return his/her LDAP properties.
     Raises AuthenticationError if the credentials are rejected, or
     EnvironmentError if the LDAP server can't be reached.
         :param username: username
         :param password: password
     """
     try:
         import ldap
     except ImportError:
         raise Exception('Could not import ldap make sure You install python-ldap')
     from rhodecode.lib.helpers import chop_at
     uid = chop_at(username, "@%s" % LDAP_SERVER_ADDRESS)
     dn = AUTH_DN % (uid, BASE_DN)
     log.debug("Authenticating %r at %s", dn, LDAP_SERVER)
         uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS)
         dn = self.AUTH_DN % (uid, self.BASE_DN)
         log.debug("Authenticating %r at %s", dn, self.LDAP_SERVER)
     if "," in username:
         raise UsernameError("invalid character in username: ,")
     try:
         #ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts')
         server = ldap.initialize(LDAP_SERVER)
             ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts')
             ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10)
             server = ldap.initialize(self.LDAP_SERVER)
             if self.ldap_version == 2:
                 server.protocol = ldap.VERSION2
             else:
         server.protocol = ldap.VERSION3
         if LDAP_BIND_DN and LDAP_BIND_PASS:
             server.simple_bind_s(AUTH_DN % (LDAP_BIND_DN,
                                             LDAP_BIND_PASS),
                                             password)
             if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:
                 server.simple_bind_s(self.AUTH_DN % (self.LDAP_BIND_DN,
                                                 self.BASE_DN),
                                                 self.LDAP_BIND_PASS)
         server.simple_bind_s(dn, password)
         properties = server.search_s(dn, ldap.SCOPE_SUBTREE)
         if not properties:
             raise ldap.NO_SUCH_OBJECT()
     except ldap.NO_SUCH_OBJECT, e:
         log.debug("LDAP says no such user '%s' (%s)", uid, username)
         raise UsernameError()
     except ldap.INVALID_CREDENTIALS, e:
         log.debug("LDAP rejected password for user '%s' (%s)", uid, username)
         raise PasswordError()
     except ldap.SERVER_DOWN, e:
         raise EnvironmentError("can't access authentication server")
     return properties
             raise ConnectionError("LDAP can't access authentication server")
         return properties[0]
 print authenticate_ldap('test', 'test')

rhodecode/model/forms.py

➞

Show inline comments

 """ this is forms validation classes
 http://formencode.org/module-formencode.validators.html
 for list off all availible validators
 we can create our own validators
 The table below outlines the options which can be used in a schema in addition to the validators themselves
 pre_validators          []     These validators will be applied before the schema
 chained_validators      []     These validators will be applied after the schema
 allow_extra_fields      False     If True, then it is not an error when keys that aren't associated with a validator are present
 filter_extra_fields     False     If True, then keys that aren't associated with a validator are removed
 if_key_missing          NoDefault If this is given, then any keys that aren't available but are expected will be replaced with this value (and then validated). This does not override a present .if_missing attribute on validators. NoDefault is a special FormEncode class to mean that no default values has been specified and therefore missing keys shouldn't take a default value.
 ignore_key_missing      False     If True, then missing keys will be missing in the result, if the validator doesn't have .if_missing on it already
 <name> = formencode.validators.<name of validator>
 <name> must equal form name
 list=[1,2,3,4,5]
 for SELECT use formencode.All(OneOf(list), Int())
 """
 from formencode import All
 from formencode.validators import UnicodeString, OneOf, Int, Number, Regex, \
     Email, Bool, StringBoolean
 from pylons import session
 from pylons.i18n.translation import _
 from rhodecode.lib.auth import authfunc, get_crypt_password
 from rhodecode.lib.exceptions import LdapImportError
 from rhodecode.model import meta
 from rhodecode.model.user import UserModel
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.db import User
 from webhelpers.pylonslib.secure_form import authentication_token
 from vcs import BACKENDS
 import formencode
 import logging
 import os
 import rhodecode.lib.helpers as h
 log = logging.getLogger(__name__)
 #this is needed to translate the messages using _() in validators
 class State_obj(object):
     _ = staticmethod(_)
 #===============================================================================
 # VALIDATORS
 #===============================================================================
 class ValidAuthToken(formencode.validators.FancyValidator):
     messages = {'invalid_token':_('Token mismatch')}
     def validate_python(self, value, state):
         if value != authentication_token():
             raise formencode.Invalid(self.message('invalid_token', state,
                                             search_number=value), value, state)
 def ValidUsername(edit, old_data):
     class _ValidUsername(formencode.validators.FancyValidator):
         def validate_python(self, value, state):
             if value in ['default', 'new_user']:
                 raise formencode.Invalid(_('Invalid username'), value, state)
             #check if user is unique
             old_un = None
             if edit:
                 old_un = UserModel().get(old_data.get('user_id')).username
             if old_un != value or not edit:
                 if UserModel().get_by_username(value, cache=False):
                     raise formencode.Invalid(_('This username already exists') ,
                                              value, state)
     return _ValidUsername
 class ValidPassword(formencode.validators.FancyValidator):
     def to_python(self, value, state):
         if value:
             return get_crypt_password(value)
 class ValidAuth(formencode.validators.FancyValidator):
     messages = {
             'invalid_password':_('invalid password'),
             'invalid_login':_('invalid user name'),
-            'disabled_account':_('Your acccount is disabled')
+            'disabled_account':_('Your account is disabled')
+            }
     #error mapping
     e_dict = {'username':messages['invalid_login'],
               'password':messages['invalid_password']}
     e_dict_disable = {'username':messages['disabled_account']}
     def validate_python(self, value, state):
         password = value['password']
         username = value['username']
         user = UserModel().get_by_username(username)
         if authfunc(None, username, password):
             return value
         else:
             if user and user.active is False:
                 log.warning('user %s is disabled', username)
                 raise formencode.Invalid(self.message('disabled_account',
                                          state=State_obj),
                                          value, state,
                                          error_dict=self.e_dict_disable)
             else:
                 log.warning('user %s not authenticated', username)
                 raise formencode.Invalid(self.message('invalid_password',
                                          state=State_obj), value, state,
                                          error_dict=self.e_dict)
 class ValidRepoUser(formencode.validators.FancyValidator):
     def to_python(self, value, state):
         sa = meta.Session()
         try:
             self.user_db = sa.query(User)\
                 .filter(User.active == True)\
                 .filter(User.username == value).one()
         except Exception:
             raise formencode.Invalid(_('This username is not valid'),
                                      value, state)
         finally:
             meta.Session.remove()
         return self.user_db.user_id
 def ValidRepoName(edit, old_data):
     class _ValidRepoName(formencode.validators.FancyValidator):
         def to_python(self, value, state):
             slug = h.repo_name_slug(value)
             if slug in ['_admin']:
                 raise formencode.Invalid(_('This repository name is disallowed'),
                                          value, state)
             if old_data.get('repo_name') != value or not edit:
                 if RepoModel().get(slug, cache=False):
                     raise formencode.Invalid(_('This repository already exists') ,
                                              value, state)
             return slug
     return _ValidRepoName
 def ValidForkType(old_data):
     class _ValidForkType(formencode.validators.FancyValidator):
         def to_python(self, value, state):
             if old_data['repo_type'] != value:
                 raise formencode.Invalid(_('Fork have to be the same type as original'), value, state)
             return value
     return _ValidForkType
 class ValidPerms(formencode.validators.FancyValidator):
     messages = {'perm_new_user_name':_('This username is not valid')}
     def to_python(self, value, state):
         perms_update = []
         perms_new = []
         #build a list of permission to update and new permission to create
         for k, v in value.items():
             if k.startswith('perm_'):
                 if  k.startswith('perm_new_user'):
                     new_perm = value.get('perm_new_user', False)
                     new_user = value.get('perm_new_user_name', False)
                     if new_user and new_perm:
                         if (new_user, new_perm) not in perms_new:
                             perms_new.append((new_user, new_perm))
                 else:
                     usr = k[5:]
                     if usr == 'default':
                         if value['private']:
                             #set none for default when updating to private repo
                             v = 'repository.none'
                     perms_update.append((usr, v))
         value['perms_updates'] = perms_update
         value['perms_new'] = perms_new
         sa = meta.Session
         for k, v in perms_new:
             try:
                 self.user_db = sa.query(User)\
                     .filter(User.active == True)\
                     .filter(User.username == k).one()
             except Exception:
                 msg = self.message('perm_new_user_name',
                                      state=State_obj)
                 raise formencode.Invalid(msg, value, state, error_dict={'perm_new_user_name':msg})
         return value
 class ValidSettings(formencode.validators.FancyValidator):
     def to_python(self, value, state):
         #settings  form can't edit user
         if value.has_key('user'):
             del['value']['user']
         return value
 class ValidPath(formencode.validators.FancyValidator):
     def to_python(self, value, state):
         if not os.path.isdir(value):
             msg = _('This is not a valid path')
             raise formencode.Invalid(msg, value, state,
                                      error_dict={'paths_root_path':msg})
         return value
 def UniqSystemEmail(old_data):
     class _UniqSystemEmail(formencode.validators.FancyValidator):
         def to_python(self, value, state):
             if old_data.get('email') != value:
                 sa = meta.Session()
                 try:
                     user = sa.query(User).filter(User.email == value).scalar()
                     if user:
                         raise formencode.Invalid(_("That e-mail address is already taken") ,
                                                  value, state)
                 finally:
                     meta.Session.remove()
             return value
     return _UniqSystemEmail
 class ValidSystemEmail(formencode.validators.FancyValidator):
     def to_python(self, value, state):
         sa = meta.Session
         try:
             user = sa.query(User).filter(User.email == value).scalar()
             if  user is None:
                 raise formencode.Invalid(_("That e-mail address doesn't exist.") ,
                                          value, state)
         finally:
             meta.Session.remove()
         return value
 class LdapLibValidator(formencode.validators.FancyValidator):
     def to_python(self, value, state):
         try:
             import ldap
         except ImportError:
             raise LdapImportError
         return value
 #===============================================================================
 # FORMS
 #===============================================================================
 class LoginForm(formencode.Schema):
     allow_extra_fields = True
     filter_extra_fields = True
     username = UnicodeString(
                              strip=True,
                              min=1,
                              not_empty=True,
                              messages={
                                        'empty':_('Please enter a login'),
                                        'tooShort':_('Enter a value %(min)i characters long or more')}
+                            )
     password = UnicodeString(
                             strip=True,
                             min=6,
                             not_empty=True,
                             messages={
                                       'empty':_('Please enter a password'),
                                       'tooShort':_('Enter %(min)i characters or more')}
+                                )
     #chained validators have access to all data
     chained_validators = [ValidAuth]
 def UserForm(edit=False, old_data={}):
     class _UserForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         username = All(UnicodeString(strip=True, min=1, not_empty=True), ValidUsername(edit, old_data))
         if edit:
             new_password = All(UnicodeString(strip=True, min=6, not_empty=False), ValidPassword)
             admin = StringBoolean(if_missing=False)
         else:
             password = All(UnicodeString(strip=True, min=6, not_empty=True), ValidPassword)
         active = StringBoolean(if_missing=False)
         name = UnicodeString(strip=True, min=1, not_empty=True)
         lastname = UnicodeString(strip=True, min=1, not_empty=True)
         email = All(Email(not_empty=True), UniqSystemEmail(old_data))
     return _UserForm
 RegisterForm = UserForm
 def PasswordResetForm():
     class _PasswordResetForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         email = All(ValidSystemEmail(), Email(not_empty=True))
     return _PasswordResetForm
 def RepoForm(edit=False, old_data={}):
     class _RepoForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(UnicodeString(strip=True, min=1, not_empty=True), ValidRepoName(edit, old_data))
         description = UnicodeString(strip=True, min=1, not_empty=True)
         private = StringBoolean(if_missing=False)
         repo_type = OneOf(BACKENDS.keys())
         if edit:
             user = All(Int(not_empty=True), ValidRepoUser)
         chained_validators = [ValidPerms]
     return _RepoForm
 def RepoForkForm(edit=False, old_data={}):
     class _RepoForkForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         fork_name = All(UnicodeString(strip=True, min=1, not_empty=True), ValidRepoName(edit, old_data))
         description = UnicodeString(strip=True, min=1, not_empty=True)
         private = StringBoolean(if_missing=False)
         repo_type = All(ValidForkType(old_data), OneOf(BACKENDS.keys()))
     return _RepoForkForm
 def RepoSettingsForm(edit=False, old_data={}):
     class _RepoForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(UnicodeString(strip=True, min=1, not_empty=True), ValidRepoName(edit, old_data))
         description = UnicodeString(strip=True, min=1, not_empty=True)
         private = StringBoolean(if_missing=False)
         chained_validators = [ValidPerms, ValidSettings]
     return _RepoForm
 def ApplicationSettingsForm():
     class _ApplicationSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         rhodecode_title = UnicodeString(strip=True, min=1, not_empty=True)
         rhodecode_realm = UnicodeString(strip=True, min=1, not_empty=True)
     return _ApplicationSettingsForm
 def ApplicationUiSettingsForm():
     class _ApplicationUiSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         web_push_ssl = OneOf(['true', 'false'], if_missing='false')
         paths_root_path = All(ValidPath(), UnicodeString(strip=True, min=1, not_empty=True))
         hooks_changegroup_update = OneOf(['True', 'False'], if_missing=False)
         hooks_changegroup_repo_size = OneOf(['True', 'False'], if_missing=False)
         hooks_pretxnchangegroup_push_logger = OneOf(['True', 'False'], if_missing=False)
         hooks_preoutgoing_pull_logger = OneOf(['True', 'False'], if_missing=False)
     return _ApplicationUiSettingsForm
 def DefaultPermissionsForm(perms_choices, register_choices, create_choices):
     class _DefaultPermissionsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
-        overwrite_default = OneOf(['true', 'false'], if_missing='false')
+        overwrite_default = StringBoolean(if_missing=False)
         anonymous = OneOf(['True', 'False'], if_missing=False)
         default_perm = OneOf(perms_choices)
         default_register = OneOf(register_choices)
         default_create = OneOf(create_choices)
     return _DefaultPermissionsForm
 def LdapSettingsForm():
     class _LdapSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         pre_validators = [LdapLibValidator]
         ldap_active = StringBoolean(if_missing=False)
         ldap_host = UnicodeString(strip=True,)
         ldap_port = Number(strip=True,)
         ldap_ldaps = StringBoolean(if_missing=False)
         ldap_dn_user = UnicodeString(strip=True,)
         ldap_dn_pass = UnicodeString(strip=True,)
         ldap_base_dn = UnicodeString(strip=True,)
     return _LdapSettingsForm

rhodecode/model/permission.py

➞

Show inline comments

@@ @@ -3,101 +3,96 @@ @@
 # Model for permissions
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on Aug 20, 2010
 Model for permissions
 @author: marcink
 """
 from rhodecode.model.db import User, Permission, UserToPerm, RepoToPerm
 from rhodecode.model.caching_query import FromCache
 from rhodecode.model.meta import Session
 import logging
 import traceback
 log = logging.getLogger(__name__)
 class PermissionModel(object):
     def __init__(self):
         self.sa = Session()
     def get_permission(self, permission_id, cache=False):
         perm = self.sa.query(Permission)
         if cache:
             perm = perm.options(FromCache("sql_cache_short",
                                           "get_permission_%s" % permission_id))
         return perm.get(permission_id)
     def get_permission_by_name(self, name, cache=False):
         perm = self.sa.query(Permission)\
             .filter(Permission.permission_name == name)
         if cache:
             perm = perm.options(FromCache("sql_cache_short",
                                           "get_permission_%s" % name))
         return perm.scalar()
     def update(self, form_result):
         perm_user = self.sa.query(User)\
                 .filter(User.username == form_result['perm_user_name']).scalar()
         u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all()
         if len(u2p) != 3:
             raise Exception('Defined: %s should be 3  permissions for default'
                             ' user. This should not happen please verify'
                             ' your database' % len(u2p))
         try:
             #stage 1 change defaults
             for p in u2p:
                 if p.permission.permission_name.startswith('repository.'):
                     p.permission = self.get_permission_by_name(
                                        form_result['default_perm'])
                     self.sa.add(p)
                 if p.permission.permission_name.startswith('hg.register.'):
                     p.permission = self.get_permission_by_name(
                                        form_result['default_register'])
                     self.sa.add(p)
                 if p.permission.permission_name.startswith('hg.create.'):
                     p.permission = self.get_permission_by_name(
                                         form_result['default_create'])
                     self.sa.add(p)
             #stage 2 update all default permissions for repos if checked
             if form_result['overwrite_default'] == 'true':
                 for r2p in self.sa.query(RepoToPerm)\
                                .filter(RepoToPerm.user == perm_user).all():
                     r2p.permission = self.get_permission_by_name(
                                          form_result['default_perm'])
                     self.sa.add(r2p)
             #stage 3 set anonymous access
             if perm_user.username == 'default':
                 perm_user.active = bool(form_result['anonymous'])
                 self.sa.add(perm_user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise

rhodecode/model/settings.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # Model for RhodeCode settings
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on Nov 17, 2010
 Model for RhodeCode
 @author: marcink
 """
 from rhodecode.lib import helpers as h
 from rhodecode.model import meta
 from rhodecode.model.caching_query import FromCache
 from rhodecode.model.db import  RhodeCodeSettings
 from sqlalchemy.orm import joinedload
 from sqlalchemy.orm.session import make_transient
 import logging
 log = logging.getLogger(__name__)
 class SettingsModel(object):
     """
     Settings model
     """
     def __init__(self):
         self.sa = meta.Session()
     def get(self, settings_key, cache=False):
         r = self.sa.query(RhodeCodeSettings)\
             .filter(RhodeCodeSettings.app_settings_name == settings_key).scalar()
         if cache:
             r = r.options(FromCache("sql_cache_short",
                                           "get_setting_%s" % settings_key))
         return r
     def get_ldap_settings(self):
         """
         Returns ldap settings from database
         :returns:
         ldap_active
         ldap_host
         ldap_port
         ldap_ldaps
         ldap_dn_user
         ldap_dn_pass
         ldap_base_dn
         """
         r = self.sa.query(RhodeCodeSettings)\
                 .filter(RhodeCodeSettings.app_settings_name\
                         .startswith('ldap_'))\
                 .all()
         fd = {}
         for row in r:
             v = row.app_settings_value
             if v in ['0', '1']:
                 v = v == '1'
             fd.update({row.app_settings_name:v})
         return fd

rhodecode/model/user.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # Model for users
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 9, 2010
 Model for users
 :author: marcink
 """
 from pylons.i18n.translation import _
 from rhodecode.model.caching_query import FromCache
 from rhodecode.model.db import User
 from rhodecode.model.meta import Session
 import logging
 import traceback
 log = logging.getLogger(__name__)
 class DefaultUserException(Exception):pass
 class UserModel(object):
     def __init__(self):
         self.sa = Session()
     def get(self, user_id, cache=False):
         user = self.sa.query(User)
         if cache:
             user = user.options(FromCache("sql_cache_short",
                                           "get_user_%s" % user_id))
         return user.get(user_id)
     def get_by_username(self, username, cache=False):
         user = self.sa.query(User)\
             .filter(User.username == username)
         if cache:
             user = user.options(FromCache("sql_cache_short",
                                           "get_user_%s" % username))
         return user.scalar()
     def create(self, form_data):
         try:
             new_user = User()
             for k, v in form_data.items():
                 setattr(new_user, k, v)
             self.sa.add(new_user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def create_ldap(self, username, password):
         """
         Checks if user is in database, if not creates this user marked
         as ldap user
         :param username:
         :param password:
         """
         if self.get_by_username(username) is None:
             try:
                 new_user = User()
                 new_user.username = username
                 new_user.password = password
                 new_user.email = '%s@ldap.server' % username
                 new_user.active = True
                 new_user.is_ldap = True
                 new_user.name = '%s@ldap' % username
                 new_user.lastname = ''
                 self.sa.add(new_user)
                 self.sa.commit()
                 return True
             except:
                 log.error(traceback.format_exc())
                 self.sa.rollback()
                 raise
         return False
     def create_registration(self, form_data):
         from rhodecode.lib.celerylib import tasks, run_task
         try:
             new_user = User()
             for k, v in form_data.items():
                 if k != 'admin':
                     setattr(new_user, k, v)
             self.sa.add(new_user)
             self.sa.commit()
             body = ('New user registration\n'
                     'username: %s\n'
                     'email: %s\n')
             body = body % (form_data['username'], form_data['email'])
             run_task(tasks.send_email, None,
                      _('[RhodeCode] New User registration'),
                      body)
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def update(self, user_id, form_data):
         try:
             new_user = self.get(user_id, cache=False)
             if new_user.username == 'default':
                 raise DefaultUserException(
                                 _("You can't Edit this user since it's"
                                   " crucial for entire application"))
             for k, v in form_data.items():
                 if k == 'new_password' and v != '':
                     new_user.password = v
                 else:
                     setattr(new_user, k, v)
             self.sa.add(new_user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def update_my_account(self, user_id, form_data):
         try:
             new_user = self.get(user_id, cache=False)
             if new_user.username == 'default':
                 raise DefaultUserException(
                                 _("You can't Edit this user since it's"
                                   " crucial for entire application"))
             for k, v in form_data.items():
                 if k == 'new_password' and v != '':
                     new_user.password = v
                 else:
                     if k not in ['admin', 'active']:
                         setattr(new_user, k, v)
             self.sa.add(new_user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def delete(self, user_id):
         try:
             user = self.get(user_id, cache=False)
             if user.username == 'default':
                 raise DefaultUserException(
                                 _("You can't remove this user since it's"
                                   " crucial for entire application"))
             self.sa.delete(user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def reset_password(self, data):
         from rhodecode.lib.celerylib import tasks, run_task
         run_task(tasks.reset_user_password, data['email'])
     def fill_data(self, user):
         """
         Fills user data with those from database and log out user if not
         present in database
         :param user:
         """
         if not hasattr(user, 'user_id') or user.user_id is None:
             raise Exception('passed in user has to have the user_id attribute')
         log.debug('filling auth user data')
         try:

0 comments (0 inline, 0 general)