kallithea Changeset - b63adad7c4af

Changeset - b63adad7c4af

Parent rev.

Child rev.

[Not reviewed]

beta

0 3 0

Marcin Kuzminski - 14 years ago 2012-02-21 01:35:43
marcin@python-works.com

API updates
- update_user will do lookup by userid param that can be id or username
- all params are required for update_user api call
- get_user/s will return ldap_dn param which is more correct

3 files changed with 16 insertions and 12 deletions:

docs/api/api.rst

rhodecode/controllers/api/api.py

rhodecode/model/user.py

0 comments (0 inline, 0 general)

docs/api/api.rst

➞

Show inline comments

 .. _api:
 API
 ===
 Starting from RhodeCode version 1.2 a simple API was implemented.
 There's a single schema for calling all api methods. API is implemented
 with JSON protocol both ways. An url to send API request in RhodeCode is
 <your_server>/_admin/api
 API ACCESS FOR WEB VIEWS
 ++++++++++++++++++++++++
 API access can also be turned on for each web view in RhodeCode that is
 decorated with `@LoginRequired` decorator. To enable API access simple change
 the standard login decorator to `@LoginRequired(api_access=True)`.
 After this change, a rhodecode view can be accessed without login by adding a
 GET parameter `?api_key=<api_key>` to url. By default this is only
 enabled on RSS/ATOM feed views.
 API ACCESS
 ++++++++++
 All clients are required to send JSON-RPC spec JSON data::
+    {
         "id:<id>,
         "api_key":"<api_key>",
         "method":"<method_name>",
         "args":{"<arg_key>":"<arg_val>"}
+    }
 Example call for autopulling remotes repos using curl::
     curl https://server.com/_admin/api -X POST -H 'content-type:text/plain' --data-binary '{"id":1,"api_key":"xe7cdb2v278e4evbdf5vs04v832v0efvcbcve4a3","method":"pull","args":{"repo":"CPython"}}'
 Simply provide
  - *id* A value of any type, which is used to match the response with the request that it is replying to.
  - *api_key* for access and permission validation.
  - *method* is name of method to call
  - *args* is an key:value list of arguments to pass to method
 .. note::
     api_key can be found in your user account page
 RhodeCode API will return always a JSON-RPC response::
+    {
         "id":<id>,
         "result": "<result>",
         "error": null
+    }
 All responses from API will be `HTTP/1.0 200 OK`, if there's an error while
 calling api *error* key from response will contain failure description
 and result will be null.
 API METHODS
 +++++++++++
 pull
 ----
 Pulls given repo from remote location. Can be used to automatically keep
 remote repos up to date. This command can be executed only using api_key
 belonging to user with admin rights
 INPUT::
     api_key : "<api_key>"
     method :  "pull"
     args :    {
                 "repo_name" : "<reponame>"
+              }
 OUTPUT::
     result : "Pulled from <reponame>"
     error :  null
 get_user
 --------
 Get's an user by username, Returns empty result if user is not found.
 This command can be executed only using api_key belonging to user with admin
 rights.
 INPUT::
     api_key : "<api_key>"
     method :  "get_user"
     args :    {
                 "username" : "<username>"
+              }
 OUTPUT::
     result: None if user does not exist or
+            {
                 "id" :       "<id>",
                 "username" : "<username>",
                 "firstname": "<firstname>",
                 "lastname" : "<lastname>",
                 "email" :    "<email>",
                 "active" :   "<bool>",
                 "admin" :    "<bool>",
-                "ldap" :     "<ldap_dn>"
+                "ldap_dn" :  "<ldap_dn>"
+            }
     error:  null
 get_users
 ---------
 Lists all existing users. This command can be executed only using api_key
 belonging to user with admin rights.
 INPUT::
     api_key : "<api_key>"
     method :  "get_users"
     args :    { }
 OUTPUT::
     result: [
+              {
                 "id" :       "<id>",
                 "username" : "<username>",
                 "firstname": "<firstname>",
                 "lastname" : "<lastname>",
                 "email" :    "<email>",
                 "active" :   "<bool>",
                 "admin" :    "<bool>",
-                "ldap" :     "<ldap_dn>"
+                "ldap_dn" :  "<ldap_dn>"
               },
     	      …
+            ]
     error:  null
 create_user
 -----------
 Creates new user. This command can
 be executed only using api_key belonging to user with admin rights.
 INPUT::
     api_key : "<api_key>"
     method :  "create_user"
     args :    {
                 "username" :  "<username>",
                 "password" :  "<password>",
                 "email" :     "<useremail>",
                 "firstname" : "<firstname> = None",
                 "lastname" :  "<lastname> = None",
                 "active" :    "<bool> = True",
                 "admin" :     "<bool> = False",
                 "ldap_dn" :   "<ldap_dn> = None"
+              }
 OUTPUT::
     result: {
               "id" : "<new_user_id>",
               "msg" : "created new user <username>"
+            }
     error:  null
 update_user
 -----------
 updates current one if such user exists. This command can
 be executed only using api_key belonging to user with admin rights.
 INPUT::
     api_key : "<api_key>"
     method :  "update_user"
     args :    {
                 "userid" : "<user_id or username>",
                 "username" :  "<username>",
                 "password" :  "<password>",
                 "email" :     "<useremail>",
                 "firstname" : "<firstname> = None",
                 "lastname" :  "<lastname> = None",
                 "active" :    "<bool> = True",
                 "admin" :     "<bool> = False",
                 "ldap_dn" :   "<ldap_dn> = None"
                 "firstname" : "<firstname>",
                 "lastname" :  "<lastname>",
                 "active" :    "<bool>",
                 "admin" :     "<bool>",
                 "ldap_dn" :   "<ldap_dn>"
+              }
 OUTPUT::
     result: {
               "id" : "<edited_user_id>",
               "msg" : "updated user <username>"
+            }
     error:  null
 get_users_group
 ---------------
 Gets an existing users group. This command can be executed only using api_key
 belonging to user with admin rights.
 INPUT::
     api_key : "<api_key>"
     method :  "get_users_group"
     args :    {
                 "group_name" : "<name>"
+              }
 OUTPUT::
     result : None if group not exist
+             {
                "id" :         "<id>",
                "group_name" : "<groupname>",
                "active":      "<bool>",
                "members" :  [
                               { "id" :       "<userid>",
                                 "username" : "<username>",
                                 "firstname": "<firstname>",
                                 "lastname" : "<lastname>",
                                 "email" :    "<email>",
                                 "active" :   "<bool>",
                                 "admin" :    "<bool>",
                                 "ldap" :     "<ldap_dn>"
                               },
                               …
+                            ]
+             }
     error : null
 get_users_groups
 ----------------
 Lists all existing users groups. This command can be executed only using
 api_key belonging to user with admin rights.
 INPUT::
     api_key : "<api_key>"
     method :  "get_users_groups"
     args :    { }
 OUTPUT::
     result : [
+               {
                  "id" :         "<id>",
                  "group_name" : "<groupname>",
                  "active":      "<bool>",
                  "members" :  [
+	    	                    {
 	    	                      "id" :       "<userid>",
 	                              "username" : "<username>",
 	                              "firstname": "<firstname>",
 	                              "lastname" : "<lastname>",
 	                              "email" :    "<email>",
 	                              "active" :   "<bool>",
 	                              "admin" :    "<bool>",
 	                              "ldap" :     "<ldap_dn>"
 	                            },
 	    	                    …
+	                          ]
+	            }
+              ]
     error : null
 create_users_group
 ------------------
 Creates new users group. This command can be executed only using api_key
 belonging to user with admin rights
 INPUT::
     api_key : "<api_key>"
     method :  "create_users_group"
     args:     {
                 "group_name":  "<groupname>",
                 "active":"<bool> = True"
+              }
 OUTPUT::
     result: {
               "id":  "<newusersgroupid>",
               "msg": "created new users group <groupname>"
+            }
     error:  null
 add_user_to_users_group
 -----------------------
 Adds a user to a users group. If user exists in that group success will be
 `false`. This command can be executed only using api_key
 belonging to user with admin rights
 INPUT::
     api_key : "<api_key>"
     method :  "add_user_users_group"
     args:     {
                 "group_name" :  "<groupname>",
                 "username" :   "<username>"
+              }
 OUTPUT::
     result: {
               "id":  "<newusersgroupmemberid>",
               "success": True|False # depends on if member is in group
               "msg": "added member <username> to users group <groupname> |
                       User is already in that group"
+            }
     error:  null
 remove_user_from_users_group
 ----------------------------
 Removes a user from a users group. If user is not in given group success will
 be `false`. This command can be executed only
 using api_key belonging to user with admin rights
 INPUT::
     api_key : "<api_key>"
     method :  "remove_user_from_users_group"
     args:     {
                 "group_name" :  "<groupname>",
                 "username" :   "<username>"
+              }
 OUTPUT::
     result: {
               "success":  True|False,  # depends on if member is in group
               "msg": "removed member <username> from users group <groupname> |
                       User wasn't in group"
+            }
     error:  null
 get_repo
 --------
 Gets an existing repository. This command can be executed only using api_key
 belonging to user with admin rights
 INPUT::
     api_key : "<api_key>"
     method :  "get_repo"
     args:     {
                 "repo_name" : "<reponame>"
+              }
 OUTPUT::
     result: None if repository does not exist or
+            {
                 "id" :          "<id>",
                 "repo_name" :   "<reponame>"
                 "type" :        "<type>",
                 "description" : "<description>",
                 "members" :     [
                                   { "id" :         "<userid>",
                                     "username" :   "<username>",
                                     "firstname":   "<firstname>",
                                     "lastname" :   "<lastname>",
                                     "email" :      "<email>",
                                     "active" :     "<bool>",
                                     "admin" :      "<bool>",
                                     "ldap" :       "<ldap_dn>",
                                     "permission" : "repository.(read|write|admin)"
                                   },
                                   …
+                                  {
                                     "id" :       "<usersgroupid>",
                                     "name" :     "<usersgroupname>",
                                     "active":    "<bool>",
                                     "permission" : "repository.(read|write|admin)"
                                   },
                                   …
+                                ]
+            }
     error:  null
 get_repos
 ---------
 Lists all existing repositories. This command can be executed only using api_key
 belonging to user with admin rights
 INPUT::
     api_key : "<api_key>"
     method :  "get_repos"
     args:     { }
 OUTPUT::
     result: [
+              {
                 "id" :          "<id>",
                 "repo_name" :   "<reponame>"
                 "type" :        "<type>",
                 "description" : "<description>"
               },
               …
+            ]
     error:  null
 get_repo_nodes
 --------------
 returns a list of nodes and it's children in a flat list for a given path
 at given revision. It's possible to specify ret_type to show only `files` or
 `dirs`. This command can be executed only using api_key belonging to user
 with admin rights
 INPUT::
     api_key : "<api_key>"
     method :  "get_repo_nodes"
     args:     {
                 "repo_name" : "<reponame>",
                 "revision"  : "<revision>",
                 "root_path" : "<root_path>",
                 "ret_type"  : "<ret_type>" = 'all'
+              }
 OUTPUT::
     result: [
+              {
                 "name" :        "<name>"
                 "type" :        "<type>",
               },
               …
+            ]
     error:  null
 create_repo
 -----------
 Creates a repository. This command can be executed only using api_key
 belonging to user with admin rights.
 If repository name contains "/", all needed repository groups will be created.
 For example "foo/bar/baz" will create groups "foo", "bar" (with "foo" as parent),
 and create "baz" repository with "bar" as group.
 INPUT::
     api_key : "<api_key>"
     method :  "create_repo"
     args:     {
                 "repo_name" :   "<reponame>",
                 "owner_name" :  "<ownername>",
                 "description" : "<description> = ''",
                 "repo_type" :   "<type> = 'hg'",
                 "private" :     "<bool> = False",
                 "clone_uri" :   "<clone_uri> = None",
+              }
 OUTPUT::
     result: {
               "id": "<newrepoid>",
               "msg": "Created new repository <reponame>",
+            }
     error:  null
 delete_repo
 -----------
 Deletes a repository. This command can be executed only using api_key
 belonging to user with admin rights.
 INPUT::
     api_key : "<api_key>"
     method :  "delete_repo"
     args:     {
                 "repo_name" :   "<reponame>",
+              }
 OUTPUT::
     result: {
               "msg": "Deleted repository <reponame>",
+            }
     error:  null
 grant_user_permission
 ---------------------
 Grant permission for user on given repository, or update existing one
 if found. This command can be executed only using api_key belonging to user
 with admin rights.
 INPUT::
     api_key : "<api_key>"
     method :  "grant_user_permission"
     args:     {
                 "repo_name" :  "<reponame>",
                 "username" :   "<username>",
                 "perm" :       "(repository.(none|read|write|admin))",
+              }
 OUTPUT::
     result: {
               "msg" : "Granted perm: <perm> for user: <username> in repo: <reponame>"
+            }
     error:  null
 revoke_user_permission
 ----------------------
 Revoke permission for user on given repository. This command can be executed
 only using api_key belonging to user with admin rights.
 INPUT::
     api_key : "<api_key>"
     method  : "revoke_user_permission"
     args:     {
                 "repo_name" :  "<reponame>",
                 "username" :   "<username>",
+              }
 OUTPUT::
     result: {
               "msg" : "Revoked perm for user: <suername> in repo: <reponame>"
+            }
     error:  null
 grant_users_group_permission
 ----------------------------
 Grant permission for users group on given repository, or update
 existing one if found. This command can be executed only using
 api_key belonging to user with admin rights.
 INPUT::
     api_key : "<api_key>"
     method :  "grant_users_group_permission"
     args:     {
                 "repo_name" : "<reponame>",
                 "group_name" : "<usersgroupname>",
                 "perm" : "(repository.(none|read|write|admin))",
+              }
 OUTPUT::
     result: {
               "msg" : "Granted perm: <perm> for group: <usersgroupname> in repo: <reponame>"
+            }
     error:  null
 revoke_users_group_permission
 -----------------------------
 Revoke permission for users group on given repository.This command can be
 executed only using api_key belonging to user with admin rights.
 INPUT::
     api_key : "<api_key>"
     method  : "revoke_users_group_permission"
     args:     {
                 "repo_name" :  "<reponame>",
                 "users_group" :   "<usersgroupname>",
+              }
 OUTPUT::
     result: {
               "msg" : "Revoked perm for group: <usersgroupname> in repo: <reponame>"
+            }
     error:  null
@@ \ No newline at end of file @@

rhodecode/controllers/api/api.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.api
     ~~~~~~~~~~~~~~~~~~~~~~~~~
     API controller for RhodeCode
     :created_on: Aug 20, 2011
     :author: marcink
     :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 import traceback
 import logging
 from rhodecode.controllers.api import JSONRPCController, JSONRPCError
 from rhodecode.lib.auth import HasPermissionAllDecorator, \
     HasPermissionAnyDecorator, PasswordGenerator
 from rhodecode.model.meta import Session
 from rhodecode.model.scm import ScmModel
 from rhodecode.model.db import User, UsersGroup, RepoGroup, Repository
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.user import UserModel
 from rhodecode.model.users_group import UsersGroupModel
 from rhodecode.model.repos_group import ReposGroupModel
 log = logging.getLogger(__name__)
 class ApiController(JSONRPCController):
     """
     API Controller
     Each method needs to have USER as argument this is then based on given
     API_KEY propagated as instance of user object
     Preferably this should be first argument also
     Each function should also **raise** JSONRPCError for any
     errors that happens
     """
     @HasPermissionAllDecorator('hg.admin')
     def pull(self, apiuser, repo_name):
         """
         Dispatch pull action on given repo
         :param user:
         :param repo_name:
         """
         if Repository.is_valid(repo_name) is False:
             raise JSONRPCError('Unknown repo "%s"' % repo_name)
         try:
             ScmModel().pull_changes(repo_name, self.rhodecode_user.username)
             return 'Pulled from %s' % repo_name
         except Exception:
             raise JSONRPCError('Unable to pull changes from "%s"' % repo_name)
     @HasPermissionAllDecorator('hg.admin')
     def get_user(self, apiuser, username):
         """"
         Get a user by username
         :param apiuser:
         :param username:
         """
         user = User.get_by_username(username)
         if user is None:
             return user
         return dict(
             id=user.user_id,
             username=user.username,
             firstname=user.name,
             lastname=user.lastname,
             email=user.email,
             active=user.active,
             admin=user.admin,
-            ldap=user.ldap_dn
+            ldap_dn=user.ldap_dn
+        )
     @HasPermissionAllDecorator('hg.admin')
     def get_users(self, apiuser):
         """"
         Get all users
         :param apiuser:
         """
         result = []
         for user in User.getAll():
             result.append(
                 dict(
                     id=user.user_id,
                     username=user.username,
                     firstname=user.name,
                     lastname=user.lastname,
                     email=user.email,
                     active=user.active,
                     admin=user.admin,
-                    ldap=user.ldap_dn
+                    ldap_dn=user.ldap_dn
+                )
+            )
         return result
     @HasPermissionAllDecorator('hg.admin')
     def create_user(self, apiuser, username, email, password, firstname=None,
                     lastname=None, active=True, admin=False, ldap_dn=None):
         """
         Create new user
         :param apiuser:
         :param username:
         :param password:
         :param email:
         :param name:
         :param lastname:
         :param active:
         :param admin:
         :param ldap_dn:
         """
         if User.get_by_username(username):
             raise JSONRPCError("user %s already exist" % username)
         if User.get_by_email(email, case_insensitive=True):
             raise JSONRPCError("email %s already exist" % email)
         if ldap_dn:
             # generate temporary password if ldap_dn
             password = PasswordGenerator().gen_password(length=8)
         try:
             usr = UserModel().create_or_update(
                 username, password, email, firstname,
                 lastname, active, admin, ldap_dn
+            )
             Session.commit()
             return dict(
                 id=usr.user_id,
                 msg='created new user %s' % username
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to create user %s' % username)
     @HasPermissionAllDecorator('hg.admin')
     def update_user(self, apiuser, username, password, email, firstname=None,
                     lastname=None, active=True, admin=False, ldap_dn=None):
     def update_user(self, apiuser, userid, username, password, email,
                     firstname, lastname, active, admin, ldap_dn):
         """
         Updates given user
         :param apiuser:
         :param username:
         :param password:
         :param email:
         :param name:
         :param lastname:
         :param active:
         :param admin:
         :param ldap_dn:
         """
-        if not User.get_by_username(username):
+        if not UserModel().get_user(userid):
             raise JSONRPCError("user %s does not exist" % username)
         try:
             usr = UserModel().create_or_update(
                 username, password, email, firstname,
                 lastname, active, admin, ldap_dn
+            )
             Session.commit()
             return dict(
                 id=usr.user_id,
                 msg='updated user %s' % username
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to update user %s' % username)
     @HasPermissionAllDecorator('hg.admin')
     def get_users_group(self, apiuser, group_name):
         """"
         Get users group by name
         :param apiuser:
         :param group_name:
         """
         users_group = UsersGroup.get_by_group_name(group_name)
         if not users_group:
             return None
         members = []
         for user in users_group.members:
             user = user.user
             members.append(dict(id=user.user_id,
                             username=user.username,
                             firstname=user.name,
                             lastname=user.lastname,
                             email=user.email,
                             active=user.active,
                             admin=user.admin,
                             ldap=user.ldap_dn))
         return dict(id=users_group.users_group_id,
                     group_name=users_group.users_group_name,
                     active=users_group.users_group_active,
                     members=members)
     @HasPermissionAllDecorator('hg.admin')
     def get_users_groups(self, apiuser):
         """"
         Get all users groups
         :param apiuser:
         """
         result = []
         for users_group in UsersGroup.getAll():
             members = []
             for user in users_group.members:
                 user = user.user
                 members.append(dict(id=user.user_id,
                                 username=user.username,
                                 firstname=user.name,
                                 lastname=user.lastname,
                                 email=user.email,
                                 active=user.active,
                                 admin=user.admin,
                                 ldap=user.ldap_dn))
             result.append(dict(id=users_group.users_group_id,
                                 group_name=users_group.users_group_name,
                                 active=users_group.users_group_active,
                                 members=members))
         return result
     @HasPermissionAllDecorator('hg.admin')
     def create_users_group(self, apiuser, group_name, active=True):
         """
         Creates an new usergroup
         :param group_name:
         :param active:
         """
         if self.get_users_group(apiuser, group_name):
             raise JSONRPCError("users group %s already exist" % group_name)
         try:
             ug = UsersGroupModel().create(name=group_name, active=active)
             Session.commit()
             return dict(id=ug.users_group_id,
                         msg='created new users group %s' % group_name)
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to create group %s' % group_name)
     @HasPermissionAllDecorator('hg.admin')
     def add_user_to_users_group(self, apiuser, group_name, username):
         """"
         Add a user to a group
         :param apiuser:
         :param group_name:
         :param username:
         """
         try:
             users_group = UsersGroup.get_by_group_name(group_name)
             if not users_group:
                 raise JSONRPCError('unknown users group %s' % group_name)
             user = User.get_by_username(username)
             if user is None:
                 raise JSONRPCError('unknown user %s' % username)
             ugm = UsersGroupModel().add_user_to_group(users_group, user)
             success = True if ugm != True else False
             msg = 'added member %s to users group %s' % (username, group_name)
             msg = msg if success else 'User is already in that group'
             Session.commit()
             return dict(
                 id=ugm.users_group_member_id if ugm != True else None,
                 success=success,
                 msg=msg
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to add users group member')
     @HasPermissionAllDecorator('hg.admin')
     def remove_user_from_users_group(self, apiuser, group_name, username):
         """
         Remove user from a group
         :param apiuser
         :param group_name
         :param username
         """
         try:
             users_group = UsersGroup.get_by_group_name(group_name)
             if not users_group:
                 raise JSONRPCError('unknown users group %s' % group_name)
             user = User.get_by_username(username)
             if user is None:
                 raise JSONRPCError('unknown user %s' % username)
             success = UsersGroupModel().remove_user_from_group(users_group, user)
             msg = 'removed member %s from users group %s' % (username, group_name)
             msg = msg if success else "User wasn't in group"
             Session.commit()
             return dict(success=success, msg=msg)
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to remove user from group')
     @HasPermissionAnyDecorator('hg.admin')
     def get_repo(self, apiuser, repo_name):
         """"
         Get repository by name
         :param apiuser:
         :param repo_name:
         """
         repo = Repository.get_by_repo_name(repo_name)
         if repo is None:
             raise JSONRPCError('unknown repository %s' % repo)
         members = []
         for user in repo.repo_to_perm:
             perm = user.permission.permission_name
             user = user.user
             members.append(
                 dict(
                     type_="user",
                     id=user.user_id,
                     username=user.username,
                     firstname=user.name,
                     lastname=user.lastname,
                     email=user.email,
                     active=user.active,
                     admin=user.admin,
                     ldap=user.ldap_dn,
                     permission=perm
+                )
+            )
         for users_group in repo.users_group_to_perm:
             perm = users_group.permission.permission_name
             users_group = users_group.users_group
             members.append(
                 dict(
                     type_="users_group",
                     id=users_group.users_group_id,
                     name=users_group.users_group_name,
                     active=users_group.users_group_active,
                     permission=perm
+                )
+            )
         return dict(
             id=repo.repo_id,
             repo_name=repo.repo_name,
             type=repo.repo_type,
             description=repo.description,
             members=members
+        )
     @HasPermissionAnyDecorator('hg.admin')
     def get_repos(self, apiuser):
         """"
         Get all repositories
         :param apiuser:
         """
         result = []
         for repository in Repository.getAll():
             result.append(
                 dict(
                     id=repository.repo_id,
                     repo_name=repository.repo_name,
                     type=repository.repo_type,
                     description=repository.description
+                )
+            )
         return result
     @HasPermissionAnyDecorator('hg.admin')
     def get_repo_nodes(self, apiuser, repo_name, revision, root_path,
                        ret_type='all'):
         """
         returns a list of nodes and it's children
         for a given path at given revision. It's possible to specify ret_type
         to show only files or dirs
         :param apiuser:
         :param repo_name: name of repository
         :param revision: revision for which listing should be done
         :param root_path: path from which start displaying
         :param ret_type: return type 'all|files|dirs' nodes
         """
         try:
             _d, _f = ScmModel().get_nodes(repo_name, revision, root_path,
                                           flat=False)
             _map = {
                 'all': _d + _f,
                 'files': _f,
                 'dirs': _d,
+            }
             return _map[ret_type]
         except KeyError:
             raise JSONRPCError('ret_type must be one of %s' % _map.keys())
         except Exception, e:
             raise JSONRPCError(e)
     @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
     def create_repo(self, apiuser, repo_name, owner_name, description='',
                     repo_type='hg', private=False, clone_uri=None):
         """
         Create repository, if clone_url is given it makes a remote clone
         :param apiuser:
         :param repo_name:
         :param owner_name:
         :param description:
         :param repo_type:
         :param private:
         :param clone_uri:
         """
         try:
             owner = User.get_by_username(owner_name)
             if owner is None:
                 raise JSONRPCError('unknown user %s' % owner_name)
             if Repository.get_by_repo_name(repo_name):
                 raise JSONRPCError("repo %s already exist" % repo_name)
             groups = repo_name.split('/')
             real_name = groups[-1]
             groups = groups[:-1]
             parent_id = None
             for g in groups:
                 group = RepoGroup.get_by_group_name(g)
                 if not group:
                     group = ReposGroupModel().create(g, '', parent_id)
                 parent_id = group.group_id
             repo = RepoModel().create(
                 dict(
                     repo_name=real_name,
                     repo_name_full=repo_name,
                     description=description,
                     private=private,
                     repo_type=repo_type,
                     repo_group=parent_id,
                     clone_uri=clone_uri
                 ),
                 owner
+            )
             Session.commit()
             return dict(
                 id=repo.repo_id,
                 msg="Created new repository %s" % repo.repo_name
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to create repository %s' % repo_name)
     @HasPermissionAnyDecorator('hg.admin')
     def delete_repo(self, apiuser, repo_name):
         """
         Deletes a given repository
         :param repo_name:
         """
         if not Repository.get_by_repo_name(repo_name):
             raise JSONRPCError("repo %s does not exist" % repo_name)
         try:
             RepoModel().delete(repo_name)
             Session.commit()
             return dict(
                 msg='Deleted repository %s' % repo_name
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError('failed to delete repository %s' % repo_name)
     @HasPermissionAnyDecorator('hg.admin')
     def grant_user_permission(self, apiuser, repo_name, username, perm):
         """
         Grant permission for user on given repository, or update existing one
         if found
         :param repo_name:
         :param username:
         :param perm:
         """
         try:
             repo = Repository.get_by_repo_name(repo_name)
             if repo is None:
                 raise JSONRPCError('unknown repository %s' % repo)
             user = User.get_by_username(username)
             if user is None:
                 raise JSONRPCError('unknown user %s' % username)
             RepoModel().grant_user_permission(repo=repo, user=user, perm=perm)
             Session.commit()
             return dict(
                 msg='Granted perm: %s for user: %s in repo: %s' % (
                     perm, username, repo_name
+                )
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to edit permission %(repo)s for %(user)s' % dict(
                     user=username, repo=repo_name
+                )
+            )
     @HasPermissionAnyDecorator('hg.admin')
     def revoke_user_permission(self, apiuser, repo_name, username):
         """
         Revoke permission for user on given repository
         :param repo_name:
         :param username:
         """
         try:
             repo = Repository.get_by_repo_name(repo_name)
             if repo is None:
                 raise JSONRPCError('unknown repository %s' % repo)
             user = User.get_by_username(username)
             if user is None:
                 raise JSONRPCError('unknown user %s' % username)
             RepoModel().revoke_user_permission(repo=repo_name, user=username)
             Session.commit()
             return dict(
                 msg='Revoked perm for user: %s in repo: %s' % (
                     username, repo_name
+                )
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to edit permission %(repo)s for %(user)s' % dict(
                     user=username, repo=repo_name
+                )
+            )
     @HasPermissionAnyDecorator('hg.admin')
     def grant_users_group_permission(self, apiuser, repo_name, group_name, perm):
         """
         Grant permission for users group on given repository, or update
         existing one if found
         :param repo_name:
         :param group_name:
         :param perm:
         """
         try:
             repo = Repository.get_by_repo_name(repo_name)
             if repo is None:
                 raise JSONRPCError('unknown repository %s' % repo)
             user_group = UsersGroup.get_by_group_name(group_name)
             if user_group is None:
                 raise JSONRPCError('unknown users group %s' % user_group)
             RepoModel().grant_users_group_permission(repo=repo_name,
                                                      group_name=group_name,
                                                      perm=perm)
             Session.commit()
             return dict(
                 msg='Granted perm: %s for group: %s in repo: %s' % (
                     perm, group_name, repo_name
+                )
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to edit permission %(repo)s for %(usersgr)s' % dict(
                     usersgr=group_name, repo=repo_name
+                )
+            )
     @HasPermissionAnyDecorator('hg.admin')
     def revoke_users_group_permission(self, apiuser, repo_name, group_name):
         """
         Revoke permission for users group on given repository
         :param repo_name:
         :param group_name:
         """
         try:
             repo = Repository.get_by_repo_name(repo_name)
             if repo is None:
                 raise JSONRPCError('unknown repository %s' % repo)
             user_group = UsersGroup.get_by_group_name(group_name)
             if user_group is None:
                 raise JSONRPCError('unknown users group %s' % user_group)
             RepoModel().revoke_users_group_permission(repo=repo_name,
                                                       group_name=group_name)
             Session.commit()
             return dict(
                 msg='Revoked perm for group: %s in repo: %s' % (
                     group_name, repo_name
+                )
+            )
         except Exception:
             log.error(traceback.format_exc())
             raise JSONRPCError(
                 'failed to edit permission %(repo)s for %(usersgr)s' % dict(
                     usersgr=group_name, repo=repo_name
+                )
+            )

rhodecode/model/user.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.model.user
     ~~~~~~~~~~~~~~~~~~~~
     users model for RhodeCode
     :created_on: Apr 9, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import traceback
 from pylons import url
 from pylons.i18n.translation import _
 from rhodecode.lib import safe_unicode
 from rhodecode.lib.caching_query import FromCache
 from rhodecode.model import BaseModel
 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
     UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \
     Notification, RepoGroup, UserRepoGroupToPerm, UsersGroup
 from rhodecode.lib.exceptions import DefaultUserException, \
     UserOwnsReposException
 from sqlalchemy.exc import DatabaseError
 from rhodecode.lib import generate_api_key
 from sqlalchemy.orm import joinedload
 log = logging.getLogger(__name__)
 PERM_WEIGHTS = {
     'repository.none': 0,
     'repository.read': 1,
     'repository.write': 3,
     'repository.admin': 4,
     'group.none': 0,
     'group.read': 1,
     'group.write': 3,
     'group.admin': 4,
+}
 class UserModel(BaseModel):
     def __get_user(self, user):
         return self._get_instance(User, user, callback=User.get_by_username)
     def __get_perm(self, permission):
         return self._get_instance(Permission, permission,
                                   callback=Permission.get_by_key)
     def get(self, user_id, cache=False):
         user = self.sa.query(User)
         if cache:
             user = user.options(FromCache("sql_cache_short",
                                           "get_user_%s" % user_id))
         return user.get(user_id)
     def get_user(self, user):
         return self.__get_user(user)
     def get_by_username(self, username, cache=False, case_insensitive=False):
         if case_insensitive:
             user = self.sa.query(User).filter(User.username.ilike(username))
         else:
             user = self.sa.query(User)\
                 .filter(User.username == username)
         if cache:
             user = user.options(FromCache("sql_cache_short",
                                           "get_user_%s" % username))
         return user.scalar()
     def get_by_api_key(self, api_key, cache=False):
         return User.get_by_api_key(api_key, cache)
     def create(self, form_data):
         try:
             new_user = User()
             for k, v in form_data.items():
                 setattr(new_user, k, v)
             new_user.api_key = generate_api_key(form_data['username'])
             self.sa.add(new_user)
             return new_user
         except:
             log.error(traceback.format_exc())
             raise
     def create_or_update(self, username, password, email, name, lastname,
                          active=True, admin=False, ldap_dn=None):
         """
         Creates a new instance if not found, or updates current one
         :param username:
         :param password:
         :param email:
         :param active:
         :param name:
         :param lastname:
         :param active:
         :param admin:
         :param ldap_dn:
         """
         from rhodecode.lib.auth import get_crypt_password
         log.debug('Checking for %s account in RhodeCode database' % username)
         user = User.get_by_username(username, case_insensitive=True)
         if user is None:
             log.debug('creating new user %s' % username)
             new_user = User()
         else:
             log.debug('updating user %s' % username)
             new_user = user
         try:
             new_user.username = username
             new_user.admin = admin
             new_user.password = get_crypt_password(password)
             new_user.api_key = generate_api_key(username)
             new_user.email = email
             new_user.active = active
             new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
             new_user.name = name
             new_user.lastname = lastname
             self.sa.add(new_user)
             return new_user
         except (DatabaseError,):
             log.error(traceback.format_exc())
             raise
     def create_for_container_auth(self, username, attrs):
         """
         Creates the given user if it's not already in the database
         :param username:
         :param attrs:
         """
         if self.get_by_username(username, case_insensitive=True) is None:
             # autogenerate email for container account without one
             generate_email = lambda usr: '%s@container_auth.account' % usr
             try:
                 new_user = User()
                 new_user.username = username
                 new_user.password = None
                 new_user.api_key = generate_api_key(username)
                 new_user.email = attrs['email']
                 new_user.active = attrs.get('active', True)
                 new_user.name = attrs['name'] or generate_email(username)
                 new_user.lastname = attrs['lastname']
                 self.sa.add(new_user)
                 return new_user
             except (DatabaseError,):
                 log.error(traceback.format_exc())
                 self.sa.rollback()
                 raise
         log.debug('User %s already exists. Skipping creation of account'
                   ' for container auth.', username)
         return None
     def create_ldap(self, username, password, user_dn, attrs):
         """
         Checks if user is in database, if not creates this user marked
         as ldap user
         :param username:
         :param password:
         :param user_dn:
         :param attrs:
         """
         from rhodecode.lib.auth import get_crypt_password
         log.debug('Checking for such ldap account in RhodeCode database')
         if self.get_by_username(username, case_insensitive=True) is None:
             # autogenerate email for ldap account without one
             generate_email = lambda usr: '%s@ldap.account' % usr
             try:
                 new_user = User()
                 username = username.lower()
                 # add ldap account always lowercase
                 new_user.username = username
                 new_user.password = get_crypt_password(password)
                 new_user.api_key = generate_api_key(username)
                 new_user.email = attrs['email'] or generate_email(username)
                 new_user.active = attrs.get('active', True)
                 new_user.ldap_dn = safe_unicode(user_dn)
                 new_user.name = attrs['name']
                 new_user.lastname = attrs['lastname']
                 self.sa.add(new_user)
                 return new_user
             except (DatabaseError,):
                 log.error(traceback.format_exc())
                 self.sa.rollback()
                 raise
         log.debug('this %s user exists skipping creation of ldap account',
                   username)
         return None
     def create_registration(self, form_data):
         from rhodecode.model.notification import NotificationModel
         try:
             new_user = User()
             for k, v in form_data.items():
                 if k != 'admin':
                     setattr(new_user, k, v)
             self.sa.add(new_user)
             self.sa.flush()
             # notification to admins
             subject = _('new user registration')
             body = ('New user registration\n'
                     '---------------------\n'
                     '- Username: %s\n'
                     '- Full Name: %s\n'
                     '- Email: %s\n')
             body = body % (new_user.username, new_user.full_name,
                            new_user.email)
             edit_url = url('edit_user', id=new_user.user_id, qualified=True)
             kw = {'registered_user_url': edit_url}
             NotificationModel().create(created_by=new_user, subject=subject,
                                        body=body, recipients=None,
                                        type_=Notification.TYPE_REGISTRATION,
                                        email_kwargs=kw)
         except:
             log.error(traceback.format_exc())
             raise
     def update(self, user_id, form_data):
         try:
             user = self.get(user_id, cache=False)
             if user.username == 'default':
                 raise DefaultUserException(
                                 _("You can't Edit this user since it's"
                                   " crucial for entire application"))
             for k, v in form_data.items():
                 if k == 'new_password' and v != '':
                     user.password = v
                     user.api_key = generate_api_key(user.username)
                 else:
                     setattr(user, k, v)
             self.sa.add(user)
         except:
             log.error(traceback.format_exc())
             raise
     def update_my_account(self, user_id, form_data):
         try:
             user = self.get(user_id, cache=False)
             if user.username == 'default':
                 raise DefaultUserException(
                                 _("You can't Edit this user since it's"
                                   " crucial for entire application"))
             for k, v in form_data.items():
                 if k == 'new_password' and v != '':
                     user.password = v
                     user.api_key = generate_api_key(user.username)
                 else:
                     if k not in ['admin', 'active']:
                         setattr(user, k, v)
             self.sa.add(user)
         except:
             log.error(traceback.format_exc())
             raise
     def delete(self, user):
         user = self.__get_user(user)
         try:
             if user.username == 'default':
                 raise DefaultUserException(
                                 _("You can't remove this user since it's"
                                   " crucial for entire application"))
             if user.repositories:
                 raise UserOwnsReposException(_('This user still owns %s '
                                                'repositories and cannot be '
                                                'removed. Switch owners or '
                                                'remove those repositories') \
                                                % user.repositories)
             self.sa.delete(user)
         except:
             log.error(traceback.format_exc())
             raise
     def reset_password_link(self, data):
         from rhodecode.lib.celerylib import tasks, run_task
         run_task(tasks.send_password_link, data['email'])
     def reset_password(self, data):
         from rhodecode.lib.celerylib import tasks, run_task
         run_task(tasks.reset_user_password, data['email'])
     def fill_data(self, auth_user, user_id=None, api_key=None):
         """
         Fetches auth_user by user_id,or api_key if present.
         Fills auth_user attributes with those taken from database.
         Additionally set's is_authenitated if lookup fails
         present in database
         :param auth_user: instance of user to set attributes
         :param user_id: user id to fetch by
         :param api_key: api key to fetch by
         """
         if user_id is None and api_key is None:
             raise Exception('You need to pass user_id or api_key')
         try:
             if api_key:
                 dbuser = self.get_by_api_key(api_key)
             else:
                 dbuser = self.get(user_id)
             if dbuser is not None and dbuser.active:
                 log.debug('filling %s data' % dbuser)
                 for k, v in dbuser.get_dict().items():
                     setattr(auth_user, k, v)
             else:
                 return False
         except:
             log.error(traceback.format_exc())
             auth_user.is_authenticated = False
             return False
         return True
     def fill_perms(self, user):
         """
         Fills user permission attribute with permissions taken from database
         works for permissions given for repositories, and for permissions that
         are granted to groups
         :param user: user instance to fill his perms
         """
         RK = 'repositories'
         GK = 'repositories_groups'
         GLOBAL = 'global'
         user.permissions[RK] = {}
         user.permissions[GK] = {}
         user.permissions[GLOBAL] = set()
         #======================================================================
         # fetch default permissions
         #======================================================================
         default_user = User.get_by_username('default', cache=True)
         default_user_id = default_user.user_id
         default_repo_perms = Permission.get_default_perms(default_user_id)
         default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)
         if user.is_admin:
             #==================================================================
             # admin user have all default rights for repositories
             # and groups set to admin
             #==================================================================
             user.permissions[GLOBAL].add('hg.admin')
             # repositories
             for perm in default_repo_perms:
                 r_k = perm.UserRepoToPerm.repository.repo_name
                 p = 'repository.admin'
                 user.permissions[RK][r_k] = p
             # repositories groups
             for perm in default_repo_groups_perms:
                 rg_k = perm.UserRepoGroupToPerm.group.group_name
                 p = 'group.admin'
                 user.permissions[GK][rg_k] = p
         else:
             #==================================================================
             # set default permissions first for repositories and groups
             #==================================================================
             uid = user.user_id
             # default global permissions
             default_global_perms = self.sa.query(UserToPerm)\
                 .filter(UserToPerm.user_id == default_user_id)
             for perm in default_global_perms:
                 user.permissions[GLOBAL].add(perm.permission.permission_name)
             # default for repositories
             for perm in default_repo_perms:
                 r_k = perm.UserRepoToPerm.repository.repo_name
                 if perm.Repository.private and not (perm.Repository.user_id == uid):
                     # disable defaults for private repos,
                     p = 'repository.none'
                 elif perm.Repository.user_id == uid:
                     # set admin if owner
                     p = 'repository.admin'
                 else:
                     p = perm.Permission.permission_name
                 user.permissions[RK][r_k] = p
             # default for repositories groups
             for perm in default_repo_groups_perms:
                 rg_k = perm.UserRepoGroupToPerm.group.group_name
                 p = perm.Permission.permission_name
                 user.permissions[GK][rg_k] = p
             #==================================================================
             # overwrite default with user permissions if any
             #==================================================================
             # user global
             user_perms = self.sa.query(UserToPerm)\
                     .options(joinedload(UserToPerm.permission))\
                     .filter(UserToPerm.user_id == uid).all()
             for perm in user_perms:
                 user.permissions[GLOBAL].add(perm.permission.permission_name)
             # user repositories
             user_repo_perms = \
              self.sa.query(UserRepoToPerm, Permission, Repository)\
              .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
              .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\
              .filter(UserRepoToPerm.user_id == uid)\
              .all()
             for perm in user_repo_perms:
                 # set admin if owner
                 r_k = perm.UserRepoToPerm.repository.repo_name
                 if perm.Repository.user_id == uid:
                     p = 'repository.admin'
                 else:
                     p = perm.Permission.permission_name
                 user.permissions[RK][r_k] = p
             #==================================================================
             # check if user is part of groups for this repository and fill in
             # (or replace with higher) permissions
             #==================================================================
             # users group global
             user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\
                 .options(joinedload(UsersGroupToPerm.permission))\
                 .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==
                        UsersGroupMember.users_group_id))\
                 .filter(UsersGroupMember.user_id == uid).all()
             for perm in user_perms_from_users_groups:
                 user.permissions[GLOBAL].add(perm.permission.permission_name)
             # users group repositories
             user_repo_perms_from_users_groups = \
              self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\
              .join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\
              .join((Permission, UsersGroupRepoToPerm.permission_id == Permission.permission_id))\
              .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == UsersGroupMember.users_group_id))\
              .filter(UsersGroupMember.user_id == uid)\
              .all()
             for perm in user_repo_perms_from_users_groups:
                 r_k = perm.UsersGroupRepoToPerm.repository.repo_name
                 p = perm.Permission.permission_name
                 cur_perm = user.permissions[RK][r_k]
                 # overwrite permission only if it's greater than permission
                 # given from other sources
                 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
                     user.permissions[RK][r_k] = p
             #==================================================================
             # get access for this user for repos group and override defaults
             #==================================================================
             # user repositories groups
             user_repo_groups_perms = \
              self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\
              .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
              .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\
              .filter(UserRepoToPerm.user_id == uid)\
              .all()
             for perm in user_repo_groups_perms:
                 rg_k = perm.UserRepoGroupToPerm.group.group_name
                 p = perm.Permission.permission_name
                 cur_perm = user.permissions[GK][rg_k]
                 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
                     user.permissions[GK][rg_k] = p
         return user
     def has_perm(self, user, perm):
         if not isinstance(perm, Permission):
             raise Exception('perm needs to be an instance of Permission class '
                             'got %s instead' % type(perm))
         user = self.__get_user(user)
         return UserToPerm.query().filter(UserToPerm.user == user)\
             .filter(UserToPerm.permission == perm).scalar() is not None
     def grant_perm(self, user, perm):
         """
         Grant user global permissions
         :param user:
         :param perm:
         """
         user = self.__get_user(user)
         perm = self.__get_perm(perm)
         new = UserToPerm()
         new.user = user
         new.permission = perm
         self.sa.add(new)
     def revoke_perm(self, user, perm):
         """
         Revoke users global permissions
         :param user:
         :param perm:
         """
         user = self.__get_user(user)
         perm = self.__get_perm(perm)
         obj = UserToPerm.query().filter(UserToPerm.user == user)\
                 .filter(UserToPerm.permission == perm).scalar()
         if obj:
             self.sa.delete(obj)

0 comments (0 inline, 0 general)