kallithea Changeset - c0cc8f8a71b0

Changeset - c0cc8f8a71b0

Parent rev.

Child rev.

[Not reviewed]

beta

0 10 3

Marcin Kuzminski - 13 years ago 2012-09-07 02:20:02
marcin@python-works.com

Permissions on group can be set in recursive mode setting defined permission to all children
- more explicit permissions
- fixes for empty values in permission form

13 files changed with 613 insertions and 61 deletions:

rhodecode/controllers/admin/repos_groups.py

rhodecode/model/forms.py

rhodecode/model/repo.py

rhodecode/model/repos_group.py

125

rhodecode/model/user.py

rhodecode/model/validators.py

rhodecode/templates/admin/repos_groups/repos_group_edit_perms.html

rhodecode/tests/functional/test_compare.py

rhodecode/tests/models/common.py

116

rhodecode/tests/models/test_permissions.py

rhodecode/tests/models/test_repos_groups.py

rhodecode/tests/models/test_user_permissions_on_groups.py

161

rhodecode/tests/models/test_users_group_permissions_on_groups.py

170

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/repos_groups.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.controllers.admin.repos_groups
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Repositories groups controller for RhodeCode
     :created_on: Mar 23, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import logging
 import traceback
 import formencode
 from formencode import htmlfill
 from pylons import request, tmpl_context as c, url
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 from sqlalchemy.exc import IntegrityError
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAnyDecorator,\
     HasReposGroupPermissionAnyDecorator
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.db import RepoGroup
 from rhodecode.model.repos_group import ReposGroupModel
 from rhodecode.model.forms import ReposGroupForm
 from rhodecode.model.meta import Session
 from rhodecode.model.repo import RepoModel
 from webob.exc import HTTPInternalServerError, HTTPNotFound
 from rhodecode.lib.utils2 import str2bool
 log = logging.getLogger(__name__)
 class ReposGroupsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('repos_group', 'repos_groups')
     @LoginRequired()
     def __before__(self):
         super(ReposGroupsController, self).__before__()
     def __load_defaults(self):
         c.repo_groups = RepoGroup.groups_choices()
         c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
         repo_model = RepoModel()
         c.users_array = repo_model.get_users_js()
         c.users_groups_array = repo_model.get_users_groups_js()
     def __load_data(self, group_id):
         """
         Load defaults settings for edit, and update
         :param group_id:
         """
         self.__load_defaults()
         repo_group = RepoGroup.get_or_404(group_id)
         data = repo_group.get_dict()
         data['group_name'] = repo_group.name
         # fill repository users
         for p in repo_group.repo_group_to_perm:
             data.update({'u_perm_%s' % p.user.username:
                              p.permission.permission_name})
         # fill repository groups
         for p in repo_group.users_group_to_perm:
             data.update({'g_perm_%s' % p.users_group.users_group_name:
                              p.permission.permission_name})
         return data
     @HasPermissionAnyDecorator('hg.admin')
     def index(self, format='html'):
         """GET /repos_groups: All items in the collection"""
         # url('repos_groups')
         sk = lambda g: g.parents[0].group_name if g.parents else g.group_name
         c.groups = sorted(RepoGroup.query().all(), key=sk)
         return render('admin/repos_groups/repos_groups_show.html')
     @HasPermissionAnyDecorator('hg.admin')
     def create(self):
         """POST /repos_groups: Create a new item"""
         # url('repos_groups')
         self.__load_defaults()
         repos_group_form = ReposGroupForm(available_groups =
                                           c.repo_groups_choices)()
         try:
             form_result = repos_group_form.to_python(dict(request.POST))
             ReposGroupModel().create(
                     group_name=form_result['group_name'],
                     group_description=form_result['group_description'],
                     parent=form_result['group_parent_id']
+            )
             Session().commit()
             h.flash(_('created repos group %s') \
                     % form_result['group_name'], category='success')
             #TODO: in futureaction_logger(, '', '', '', self.sa)
         except formencode.Invalid, errors:
             return htmlfill.render(
                 render('admin/repos_groups/repos_groups_add.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occurred during creation of repos group %s') \
                     % request.POST.get('group_name'), category='error')
         return redirect(url('repos_groups'))
     @HasPermissionAnyDecorator('hg.admin')
     def new(self, format='html'):
         """GET /repos_groups/new: Form to create a new item"""
         # url('new_repos_group')
         self.__load_defaults()
         return render('admin/repos_groups/repos_groups_add.html')
     @HasPermissionAnyDecorator('hg.admin')
     def update(self, id):
         """PUT /repos_groups/id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('repos_group', id=ID),
         #           method='put')
         # url('repos_group', id=ID)
         self.__load_defaults()
         c.repos_group = RepoGroup.get(id)
         repos_group_form = ReposGroupForm(
             edit=True,
             old_data=c.repos_group.get_dict(),
             available_groups=c.repo_groups_choices
         )()
         try:
             form_result = repos_group_form.to_python(dict(request.POST))
             ReposGroupModel().update(id, form_result)
             Session().commit()
             h.flash(_('updated repos group %s') \
                     % form_result['group_name'], category='success')
             #TODO: in futureaction_logger(, '', '', '', self.sa)
         except formencode.Invalid, errors:
             return htmlfill.render(
                 render('admin/repos_groups/repos_groups_edit.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occurred during update of repos group %s') \
                     % request.POST.get('group_name'), category='error')
         return redirect(url('edit_repos_group', id=id))
     @HasPermissionAnyDecorator('hg.admin')
     def delete(self, id):
         """DELETE /repos_groups/id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('repos_group', id=ID),
         #           method='delete')
         # url('repos_group', id=ID)
         gr = RepoGroup.get(id)
         repos = gr.repositories.all()
         if repos:
             h.flash(_('This group contains %s repositores and cannot be '
                       'deleted') % len(repos),
                     category='error')
             return redirect(url('repos_groups'))
         try:
             ReposGroupModel().delete(id)
             Session().commit()
             h.flash(_('removed repos group %s') % gr.group_name,
                     category='success')
             #TODO: in future action_logger(, '', '', '', self.sa)
         except IntegrityError, e:
             if str(e.message).find('groups_group_parent_id_fkey') != -1:
                 log.error(traceback.format_exc())
                 h.flash(_('Cannot delete this group it still contains '
                           'subgroups'),
                         category='warning')
             else:
                 log.error(traceback.format_exc())
                 h.flash(_('error occurred during deletion of repos '
                           'group %s') % gr.group_name, category='error')
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occurred during deletion of repos '
                       'group %s') % gr.group_name, category='error')
         return redirect(url('repos_groups'))
     @HasReposGroupPermissionAnyDecorator('group.admin')
     def delete_repos_group_user_perm(self, group_name):
         """
         DELETE an existing repositories group permission user
         :param group_name:
         """
         try:
             ReposGroupModel().revoke_user_permission(
                 repos_group=group_name, user=request.POST['user_id']
             recursive = str2bool(request.POST.get('recursive', False))
             ReposGroupModel().delete_permission(
                 repos_group=group_name, obj=request.POST['user_id'],
                 obj_type='user', recursive=recursive
+            )
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of group user'),
                     category='error')
             raise HTTPInternalServerError()
     @HasReposGroupPermissionAnyDecorator('group.admin')
     def delete_repos_group_users_group_perm(self, group_name):
         """
         DELETE an existing repositories group permission users group
         :param group_name:
         """
         try:
             ReposGroupModel().revoke_users_group_permission(
                 repos_group=group_name,
                 group_name=request.POST['users_group_id']
             recursive = str2bool(request.POST.get('recursive', False))
             ReposGroupModel().delete_permission(
                 repos_group=group_name, obj=request.POST['users_group_id'],
                 obj_type='users_group', recursive=recursive
+            )
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during deletion of group'
                       ' users groups'),
                     category='error')
             raise HTTPInternalServerError()
     def show_by_name(self, group_name):
         """
         This is a proxy that does a lookup group_name -> id, and shows
         the group by id view instead
         """
         group_name = group_name.rstrip('/')
         id_ = RepoGroup.get_by_group_name(group_name)
         if id_:
             return self.show(id_.group_id)
         raise HTTPNotFound
     @HasReposGroupPermissionAnyDecorator('group.read', 'group.write',
                                          'group.admin')
     def show(self, id, format='html'):
         """GET /repos_groups/id: Show a specific item"""
         # url('repos_group', id=ID)
         c.group = RepoGroup.get_or_404(id)
         c.group_repos = c.group.repositories.all()
         #overwrite our cached list with current filter
         gr_filter = c.group_repos
         c.cached_repo_list = self.scm_model.get_repos(all_repos=gr_filter)
         c.repos_list = c.cached_repo_list
         c.repo_cnt = 0
         c.groups = RepoGroup.query().order_by(RepoGroup.group_name)\
             .filter(RepoGroup.group_parent_id == id).all()
         return render('admin/repos_groups/repos_groups.html')
     @HasPermissionAnyDecorator('hg.admin')
     def edit(self, id, format='html'):
         """GET /repos_groups/id/edit: Form to edit an existing item"""
         # url('edit_repos_group', id=ID)
         c.repos_group = ReposGroupModel()._get_repos_group(id)
         defaults = self.__load_data(c.repos_group.group_id)
         # we need to exclude this group from the group list for editing
         c.repo_groups = filter(lambda x: x[0] != c.repos_group.group_id,
                                c.repo_groups)
         return htmlfill.render(
             render('admin/repos_groups/repos_groups_edit.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )

rhodecode/model/forms.py

➞

Show inline comments

 """ this is forms validation classes
 http://formencode.org/module-formencode.validators.html
 for list off all availible validators
 we can create our own validators
 The table below outlines the options which can be used in a schema in addition to the validators themselves
 pre_validators          []     These validators will be applied before the schema
 chained_validators      []     These validators will be applied after the schema
 allow_extra_fields      False     If True, then it is not an error when keys that aren't associated with a validator are present
 filter_extra_fields     False     If True, then keys that aren't associated with a validator are removed
 if_key_missing          NoDefault If this is given, then any keys that aren't available but are expected will be replaced with this value (and then validated). This does not override a present .if_missing attribute on validators. NoDefault is a special FormEncode class to mean that no default values has been specified and therefore missing keys shouldn't take a default value.
 ignore_key_missing      False     If True, then missing keys will be missing in the result, if the validator doesn't have .if_missing on it already
 <name> = formencode.validators.<name of validator>
 <name> must equal form name
 list=[1,2,3,4,5]
 for SELECT use formencode.All(OneOf(list), Int())
 """
 import logging
 import formencode
 from formencode import All
 from pylons.i18n.translation import _
 from rhodecode.model import validators as v
 from rhodecode import BACKENDS
 log = logging.getLogger(__name__)
 class LoginForm(formencode.Schema):
     allow_extra_fields = True
     filter_extra_fields = True
     username = v.UnicodeString(
         strip=True,
         min=1,
         not_empty=True,
         messages={
            'empty': _(u'Please enter a login'),
            'tooShort': _(u'Enter a value %(min)i characters long or more')}
+    )
     password = v.UnicodeString(
         strip=False,
         min=3,
         not_empty=True,
         messages={
             'empty': _(u'Please enter a password'),
             'tooShort': _(u'Enter %(min)i characters or more')}
+    )
     remember = v.StringBoolean(if_missing=False)
     chained_validators = [v.ValidAuth()]
 def UserForm(edit=False, old_data={}):
     class _UserForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         username = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                        v.ValidUsername(edit, old_data))
         if edit:
             new_password = All(
                 v.ValidPassword(),
                 v.UnicodeString(strip=False, min=6, not_empty=False)
+            )
             password_confirmation = All(
                 v.ValidPassword(),
                 v.UnicodeString(strip=False, min=6, not_empty=False),
+            )
             admin = v.StringBoolean(if_missing=False)
         else:
             password = All(
                 v.ValidPassword(),
                 v.UnicodeString(strip=False, min=6, not_empty=True)
+            )
             password_confirmation = All(
                 v.ValidPassword(),
                 v.UnicodeString(strip=False, min=6, not_empty=False)
+            )
         active = v.StringBoolean(if_missing=False)
         firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
         lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
         email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))
         chained_validators = [v.ValidPasswordsMatch()]
     return _UserForm
 def UsersGroupForm(edit=False, old_data={}, available_members=[]):
     class _UsersGroupForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         users_group_name = All(
             v.UnicodeString(strip=True, min=1, not_empty=True),
             v.ValidUsersGroup(edit, old_data)
+        )
         users_group_active = v.StringBoolean(if_missing=False)
         if edit:
             users_group_members = v.OneOf(
                 available_members, hideList=False, testValueList=True,
                 if_missing=None, not_empty=False
+            )
     return _UsersGroupForm
 def ReposGroupForm(edit=False, old_data={}, available_groups=[]):
     class _ReposGroupForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         group_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                                v.SlugifyName())
         group_description = v.UnicodeString(strip=True, min=1,
                                                 not_empty=True)
         group_parent_id = v.OneOf(available_groups, hideList=False,
                                         testValueList=True,
                                         if_missing=None, not_empty=False)
         enable_locking = v.StringBoolean(if_missing=False)
         recursive = v.StringBoolean(if_missing=False)
         chained_validators = [v.ValidReposGroup(edit, old_data),
                               v.ValidPerms('group')]
     return _ReposGroupForm
 def RegisterForm(edit=False, old_data={}):
     class _RegisterForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         username = All(
             v.ValidUsername(edit, old_data),
             v.UnicodeString(strip=True, min=1, not_empty=True)
+        )
         password = All(
             v.ValidPassword(),
             v.UnicodeString(strip=False, min=6, not_empty=True)
+        )
         password_confirmation = All(
             v.ValidPassword(),
             v.UnicodeString(strip=False, min=6, not_empty=True)
+        )
         active = v.StringBoolean(if_missing=False)
         firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
         lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
         email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))
         chained_validators = [v.ValidPasswordsMatch()]
     return _RegisterForm
 def PasswordResetForm():
     class _PasswordResetForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         email = All(v.ValidSystemEmail(), v.Email(not_empty=True))
     return _PasswordResetForm
 def RepoForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
              repo_groups=[], landing_revs=[]):
     class _RepoForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                         v.SlugifyName())
         clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False))
         repo_group = v.OneOf(repo_groups, hideList=True)
         repo_type = v.OneOf(supported_backends)
         description = v.UnicodeString(strip=True, min=1, not_empty=False)
         private = v.StringBoolean(if_missing=False)
         enable_statistics = v.StringBoolean(if_missing=False)
         enable_downloads = v.StringBoolean(if_missing=False)
         enable_locking = v.StringBoolean(if_missing=False)
         landing_rev = v.OneOf(landing_revs, hideList=True)
         if edit:
             #this is repo owner
             user = All(v.UnicodeString(not_empty=True), v.ValidRepoUser())
         chained_validators = [v.ValidCloneUri(),
                               v.ValidRepoName(edit, old_data),
                               v.ValidPerms()]
     return _RepoForm
 def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
                  repo_groups=[], landing_revs=[]):
     class _RepoForkForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                         v.SlugifyName())
         repo_group = v.OneOf(repo_groups, hideList=True)
         repo_type = All(v.ValidForkType(old_data), v.OneOf(supported_backends))
         description = v.UnicodeString(strip=True, min=1, not_empty=True)
         private = v.StringBoolean(if_missing=False)
         copy_permissions = v.StringBoolean(if_missing=False)
         update_after_clone = v.StringBoolean(if_missing=False)
         fork_parent_id = v.UnicodeString()
         chained_validators = [v.ValidForkName(edit, old_data)]
         landing_rev = v.OneOf(landing_revs, hideList=True)
     return _RepoForkForm
 def RepoSettingsForm(edit=False, old_data={},
                      supported_backends=BACKENDS.keys(), repo_groups=[],
                      landing_revs=[]):
     class _RepoForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
                         v.SlugifyName())
         description = v.UnicodeString(strip=True, min=1, not_empty=True)
         repo_group = v.OneOf(repo_groups, hideList=True)
         private = v.StringBoolean(if_missing=False)
         landing_rev = v.OneOf(landing_revs, hideList=True)
         chained_validators = [v.ValidRepoName(edit, old_data), v.ValidPerms(),
                               v.ValidSettings()]
     return _RepoForm
 def ApplicationSettingsForm():
     class _ApplicationSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         rhodecode_title = v.UnicodeString(strip=True, min=1, not_empty=True)
         rhodecode_realm = v.UnicodeString(strip=True, min=1, not_empty=True)
         rhodecode_ga_code = v.UnicodeString(strip=True, min=1, not_empty=False)
     return _ApplicationSettingsForm
 def ApplicationVisualisationForm():
     class _ApplicationVisualisationForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         rhodecode_show_public_icon = v.StringBoolean(if_missing=False)
         rhodecode_show_private_icon = v.StringBoolean(if_missing=False)
         rhodecode_stylify_metatags = v.StringBoolean(if_missing=False)
     return _ApplicationVisualisationForm
 def ApplicationUiSettingsForm():
     class _ApplicationUiSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         web_push_ssl = v.StringBoolean(if_missing=False)
         paths_root_path = All(
             v.ValidPath(),
             v.UnicodeString(strip=True, min=1, not_empty=True)
+        )
         hooks_changegroup_update = v.StringBoolean(if_missing=False)
         hooks_changegroup_repo_size = v.StringBoolean(if_missing=False)
         hooks_changegroup_push_logger = v.StringBoolean(if_missing=False)
         hooks_outgoing_pull_logger = v.StringBoolean(if_missing=False)
         extensions_largefiles = v.StringBoolean(if_missing=False)
         extensions_hgsubversion = v.StringBoolean(if_missing=False)
         extensions_hggit = v.StringBoolean(if_missing=False)
     return _ApplicationUiSettingsForm
 def DefaultPermissionsForm(perms_choices, register_choices, create_choices,
                            fork_choices):
     class _DefaultPermissionsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         overwrite_default = v.StringBoolean(if_missing=False)
         anonymous = v.StringBoolean(if_missing=False)
         default_perm = v.OneOf(perms_choices)
         default_register = v.OneOf(register_choices)
         default_create = v.OneOf(create_choices)
         default_fork = v.OneOf(fork_choices)
     return _DefaultPermissionsForm
 def LdapSettingsForm(tls_reqcert_choices, search_scope_choices,
                      tls_kind_choices):
     class _LdapSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         #pre_validators = [LdapLibValidator]
         ldap_active = v.StringBoolean(if_missing=False)
         ldap_host = v.UnicodeString(strip=True,)
         ldap_port = v.Number(strip=True,)
         ldap_tls_kind = v.OneOf(tls_kind_choices)
         ldap_tls_reqcert = v.OneOf(tls_reqcert_choices)
         ldap_dn_user = v.UnicodeString(strip=True,)
         ldap_dn_pass = v.UnicodeString(strip=True,)
         ldap_base_dn = v.UnicodeString(strip=True,)
         ldap_filter = v.UnicodeString(strip=True,)
         ldap_search_scope = v.OneOf(search_scope_choices)
         ldap_attr_login = All(
             v.AttrLoginValidator(),
             v.UnicodeString(strip=True,)
+        )
         ldap_attr_firstname = v.UnicodeString(strip=True,)
         ldap_attr_lastname = v.UnicodeString(strip=True,)
         ldap_attr_email = v.UnicodeString(strip=True,)
     return _LdapSettingsForm
 def UserExtraEmailForm():
     class _UserExtraEmailForm(formencode.Schema):
         email = All(v.UniqSystemEmail(), v.Email)
     return _UserExtraEmailForm
 def PullRequestForm():
     class _PullRequestForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         user = v.UnicodeString(strip=True, required=True)
         org_repo = v.UnicodeString(strip=True, required=True)
         org_ref = v.UnicodeString(strip=True, required=True)
         other_repo = v.UnicodeString(strip=True, required=True)
         other_ref = v.UnicodeString(strip=True, required=True)
         revisions = All(v.NotReviewedRevisions()(), v.UniqueList(not_empty=True))
         review_members = v.UniqueList(not_empty=True)
         pullrequest_title = v.UnicodeString(strip=True, required=True, min=3)
         pullrequest_desc = v.UnicodeString(strip=True, required=False)
     return _PullRequestForm

rhodecode/model/repo.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.model.repo
     ~~~~~~~~~~~~~~~~~~~~
     Repository model for rhodecode
     :created_on: Jun 5, 2010
     :author: marcink
     :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from __future__ import with_statement
 import os
 import shutil
 import logging
 import traceback
 from datetime import datetime
 from rhodecode.lib.vcs.backends import get_backend
 from rhodecode.lib.compat import json
 from rhodecode.lib.utils2 import LazyProperty, safe_str, safe_unicode
 from rhodecode.lib.caching_query import FromCache
 from rhodecode.lib.hooks import log_create_repository
 from rhodecode.model import BaseModel
 from rhodecode.model.db import Repository, UserRepoToPerm, User, Permission, \
     Statistics, UsersGroup, UsersGroupRepoToPerm, RhodeCodeUi, RepoGroup
 from rhodecode.lib import helpers as h
 log = logging.getLogger(__name__)
 class RepoModel(BaseModel):
     cls = Repository
     URL_SEPARATOR = Repository.url_sep()
     def __get_users_group(self, users_group):
         return self._get_instance(UsersGroup, users_group,
                                   callback=UsersGroup.get_by_group_name)
     def _get_repos_group(self, repos_group):
         return self._get_instance(RepoGroup, repos_group,
                                   callback=RepoGroup.get_by_group_name)
     @LazyProperty
     def repos_path(self):
         """
         Get's the repositories root path from database
         """
         q = self.sa.query(RhodeCodeUi).filter(RhodeCodeUi.ui_key == '/').one()
         return q.ui_value
     def get(self, repo_id, cache=False):
         repo = self.sa.query(Repository)\
             .filter(Repository.repo_id == repo_id)
         if cache:
             repo = repo.options(FromCache("sql_cache_short",
                                           "get_repo_%s" % repo_id))
         return repo.scalar()
     def get_repo(self, repository):
         return self._get_repo(repository)
     def get_by_repo_name(self, repo_name, cache=False):
         repo = self.sa.query(Repository)\
             .filter(Repository.repo_name == repo_name)
         if cache:
             repo = repo.options(FromCache("sql_cache_short",
                                           "get_repo_%s" % repo_name))
         return repo.scalar()
     def get_users_js(self):
         users = self.sa.query(User).filter(User.active == True).all()
         return json.dumps([
+            {
              'id': u.user_id,
              'fname': u.name,
              'lname': u.lastname,
              'nname': u.username,
              'gravatar_lnk': h.gravatar_url(u.email, 14)
             } for u in users]
+        )
     def get_users_groups_js(self):
         users_groups = self.sa.query(UsersGroup)\
             .filter(UsersGroup.users_group_active == True).all()
         return json.dumps([
+            {
              'id': gr.users_group_id,
              'grname': gr.users_group_name,
              'grmembers': len(gr.members),
             } for gr in users_groups]
+        )
     def _get_defaults(self, repo_name):
         """
         Get's information about repository, and returns a dict for
         usage in forms
         :param repo_name:
         """
         repo_info = Repository.get_by_repo_name(repo_name)
         if repo_info is None:
             return None
         defaults = repo_info.get_dict()
         group, repo_name = repo_info.groups_and_repo
         defaults['repo_name'] = repo_name
         defaults['repo_group'] = getattr(group[-1] if group else None,
                                          'group_id', None)
         # fill owner
         if repo_info.user:
             defaults.update({'user': repo_info.user.username})
         else:
             replacement_user = User.query().filter(User.admin ==
                                                    True).first().username
             defaults.update({'user': replacement_user})
         # fill repository users
         for p in repo_info.repo_to_perm:
             defaults.update({'u_perm_%s' % p.user.username:
                              p.permission.permission_name})
         # fill repository groups
         for p in repo_info.users_group_to_perm:
             defaults.update({'g_perm_%s' % p.users_group.users_group_name:
                              p.permission.permission_name})
         return defaults
     def update(self, repo_name, form_data):
         try:
             cur_repo = self.get_by_repo_name(repo_name, cache=False)
             # update permissions
             for member, perm, member_type in form_data['perms_updates']:
                 if member_type == 'user':
                     # this updates existing one
                     RepoModel().grant_user_permission(
                         repo=cur_repo, user=member, perm=perm
+                    )
                 else:
                     RepoModel().grant_users_group_permission(
                         repo=cur_repo, group_name=member, perm=perm
+                    )
             # set new permissions
             for member, perm, member_type in form_data['perms_new']:
                 if member_type == 'user':
                     RepoModel().grant_user_permission(
                         repo=cur_repo, user=member, perm=perm
+                    )
                 else:
                     RepoModel().grant_users_group_permission(
                         repo=cur_repo, group_name=member, perm=perm
+                    )
             # update current repo
             for k, v in form_data.items():
                 if k == 'user':
                     cur_repo.user = User.get_by_username(v)
                 elif k == 'repo_name':
                     pass
                 elif k == 'repo_group':
                     cur_repo.group = RepoGroup.get(v)
                 else:
                     setattr(cur_repo, k, v)
             new_name = cur_repo.get_new_name(form_data['repo_name'])
             cur_repo.repo_name = new_name
             self.sa.add(cur_repo)
             if repo_name != new_name:
                 # rename repository
                 self.__rename_repo(old=repo_name, new=new_name)
             return cur_repo
         except:
             log.error(traceback.format_exc())
             raise
     def create_repo(self, repo_name, repo_type, description, owner,
                     private=False, clone_uri=None, repos_group=None,
                     landing_rev='tip', just_db=False, fork_of=None,
                     copy_fork_permissions=False):
         """
         Create repository
         """
         from rhodecode.model.scm import ScmModel
         owner = self._get_user(owner)
         fork_of = self._get_repo(fork_of)
         repos_group = self._get_repos_group(repos_group)
         try:
             # repo name is just a name of repository
             # while repo_name_full is a full qualified name that is combined
             # with name and path of group
             repo_name_full = repo_name
             repo_name = repo_name.split(self.URL_SEPARATOR)[-1]
             new_repo = Repository()
             new_repo.enable_statistics = False
             new_repo.repo_name = repo_name_full
             new_repo.repo_type = repo_type
             new_repo.user = owner
             new_repo.group = repos_group
             new_repo.description = description or repo_name
             new_repo.private = private
             new_repo.clone_uri = clone_uri
             new_repo.landing_rev = landing_rev
             if repos_group:
                 new_repo.enable_locking = repos_group.enable_locking
             if fork_of:
                 parent_repo = fork_of
                 new_repo.fork = parent_repo
             self.sa.add(new_repo)
             def _create_default_perms():
                 # create default permission
                 repo_to_perm = UserRepoToPerm()
                 default = 'repository.read'
                 for p in User.get_by_username('default').user_perms:
                     if p.permission.permission_name.startswith('repository.'):
                         default = p.permission.permission_name
                         break
                 default_perm = 'repository.none' if private else default
                 repo_to_perm.permission_id = self.sa.query(Permission)\
                         .filter(Permission.permission_name == default_perm)\
                         .one().permission_id
                 repo_to_perm.repository = new_repo
                 repo_to_perm.user_id = User.get_by_username('default').user_id
                 self.sa.add(repo_to_perm)
             if fork_of:
                 if copy_fork_permissions:
                     repo = fork_of
                     user_perms = UserRepoToPerm.query()\
                         .filter(UserRepoToPerm.repository == repo).all()
                     group_perms = UsersGroupRepoToPerm.query()\
                         .filter(UsersGroupRepoToPerm.repository == repo).all()
                     for perm in user_perms:
                         UserRepoToPerm.create(perm.user, new_repo,
                                               perm.permission)
                     for perm in group_perms:
                         UsersGroupRepoToPerm.create(perm.users_group, new_repo,
                                                     perm.permission)
                 else:
                     _create_default_perms()
             else:
                 _create_default_perms()
             if not just_db:
                 self.__create_repo(repo_name, repo_type,
                                    repos_group,
                                    clone_uri)
                 log_create_repository(new_repo.get_dict(),
                                       created_by=owner.username)
             # now automatically start following this repository as owner
             ScmModel(self.sa).toggle_following_repo(new_repo.repo_id,
                                                     owner.user_id)
             return new_repo
         except:
             log.error(traceback.format_exc())
             raise
     def create(self, form_data, cur_user, just_db=False, fork=None):
         """
         Backward compatibility function, just a wrapper on top of create_repo
         :param form_data:
         :param cur_user:
         :param just_db:
         :param fork:
         """
         repo_name = form_data['repo_name_full']
         repo_type = form_data['repo_type']
         description = form_data['description']
         owner = cur_user
         private = form_data['private']
         clone_uri = form_data.get('clone_uri')
         repos_group = form_data['repo_group']
         landing_rev = form_data['landing_rev']
         copy_fork_permissions = form_data.get('copy_permissions')
         fork_of = form_data.get('fork_parent_id')
         return self.create_repo(
             repo_name, repo_type, description, owner, private, clone_uri,
             repos_group, landing_rev, just_db, fork_of, copy_fork_permissions
+        )
     def create_fork(self, form_data, cur_user):
         """
         Simple wrapper into executing celery task for fork creation
         :param form_data:
         :param cur_user:
         """
         from rhodecode.lib.celerylib import tasks, run_task
         run_task(tasks.create_repo_fork, form_data, cur_user)
     def delete(self, repo):
         repo = self._get_repo(repo)
         if repo:
             try:
                 self.sa.delete(repo)
                 self.__delete_repo(repo)
             except:
                 log.error(traceback.format_exc())
                 raise
     def grant_user_permission(self, repo, user, perm):
         """
         Grant permission for user on given repository, or update existing one
         if found
         :param repo: Instance of Repository, repository_id, or repository name
         :param user: Instance of User, user_id or username
         :param perm: Instance of Permission, or permission_name
         """
         user = self._get_user(user)
         repo = self._get_repo(repo)
         permission = self._get_perm(perm)
         # check if we have that permission already
         obj = self.sa.query(UserRepoToPerm)\
             .filter(UserRepoToPerm.user == user)\
             .filter(UserRepoToPerm.repository == repo)\
             .scalar()
         if obj is None:
             # create new !
             obj = UserRepoToPerm()
         obj.repository = repo
         obj.user = user
         obj.permission = permission
         self.sa.add(obj)
         log.debug('Granted perm %s to %s on %s' % (perm, user, repo))
     def revoke_user_permission(self, repo, user):
         """
         Revoke permission for user on given repository
         :param repo: Instance of Repository, repository_id, or repository name
         :param user: Instance of User, user_id or username
         """
         user = self._get_user(user)
         repo = self._get_repo(repo)
         obj = self.sa.query(UserRepoToPerm)\
             .filter(UserRepoToPerm.repository == repo)\
             .filter(UserRepoToPerm.user == user)\
             .one()
             .scalar()
         if obj:
         self.sa.delete(obj)
             log.debug('Revoked perm on %s on %s' % (repo, user))
     def grant_users_group_permission(self, repo, group_name, perm):
         """
         Grant permission for users group on given repository, or update
         existing one if found
         :param repo: Instance of Repository, repository_id, or repository name
         :param group_name: Instance of UserGroup, users_group_id,
             or users group name
         :param perm: Instance of Permission, or permission_name
         """
         repo = self._get_repo(repo)
         group_name = self.__get_users_group(group_name)
         permission = self._get_perm(perm)
         # check if we have that permission already
         obj = self.sa.query(UsersGroupRepoToPerm)\
             .filter(UsersGroupRepoToPerm.users_group == group_name)\
             .filter(UsersGroupRepoToPerm.repository == repo)\
             .scalar()
         if obj is None:
             # create new
             obj = UsersGroupRepoToPerm()
         obj.repository = repo
         obj.users_group = group_name
         obj.permission = permission
         self.sa.add(obj)
         log.debug('Granted perm %s to %s on %s' % (perm, group_name, repo))
     def revoke_users_group_permission(self, repo, group_name):
         """
         Revoke permission for users group on given repository
         :param repo: Instance of Repository, repository_id, or repository name
         :param group_name: Instance of UserGroup, users_group_id,
             or users group name
         """
         repo = self._get_repo(repo)
         group_name = self.__get_users_group(group_name)
         obj = self.sa.query(UsersGroupRepoToPerm)\
             .filter(UsersGroupRepoToPerm.repository == repo)\
             .filter(UsersGroupRepoToPerm.users_group == group_name)\
             .one()
             .scalar()
         if obj:
         self.sa.delete(obj)
             log.debug('Revoked perm to %s on %s' % (repo, group_name))
     def delete_stats(self, repo_name):
         """
         removes stats for given repo
         :param repo_name:
         """
         try:
             obj = self.sa.query(Statistics)\
                     .filter(Statistics.repository ==
                             self.get_by_repo_name(repo_name))\
                     .one()
             self.sa.delete(obj)
         except:
             log.error(traceback.format_exc())
             raise
     def __create_repo(self, repo_name, alias, parent, clone_uri=False):
         """
         makes repository on filesystem. It's group aware means it'll create
         a repository within a group, and alter the paths accordingly of
         group location
         :param repo_name:
         :param alias:
         :param parent_id:
         :param clone_uri:
         """
         from rhodecode.lib.utils import is_valid_repo, is_valid_repos_group
         from rhodecode.model.scm import ScmModel
         if parent:
             new_parent_path = os.sep.join(parent.full_path_splitted)
         else:
             new_parent_path = ''
         # we need to make it str for mercurial
         repo_path = os.path.join(*map(lambda x: safe_str(x),
                                 [self.repos_path, new_parent_path, repo_name]))
         # check if this path is not a repository
         if is_valid_repo(repo_path, self.repos_path):
             raise Exception('This path %s is a valid repository' % repo_path)
         # check if this path is a group
         if is_valid_repos_group(repo_path, self.repos_path):
             raise Exception('This path %s is a valid group' % repo_path)
         log.info('creating repo %s in %s @ %s' % (
                      repo_name, safe_unicode(repo_path), clone_uri
+                )
+        )
         backend = get_backend(alias)
         if alias == 'hg':
             backend(repo_path, create=True, src_url=clone_uri)
         elif alias == 'git':
             r = backend(repo_path, create=True, src_url=clone_uri, bare=True)
             # add rhodecode hook into this repo
             ScmModel().install_git_hook(repo=r)
         else:
             raise Exception('Undefined alias %s' % alias)
     def __rename_repo(self, old, new):
         """
         renames repository on filesystem
         :param old: old name
         :param new: new name
         """
         log.info('renaming repo from %s to %s' % (old, new))
         old_path = os.path.join(self.repos_path, old)
         new_path = os.path.join(self.repos_path, new)
         if os.path.isdir(new_path):
             raise Exception(
                 'Was trying to rename to already existing dir %s' % new_path
+            )
         shutil.move(old_path, new_path)
     def __delete_repo(self, repo):
         """
         removes repo from filesystem, the removal is acctually made by
         added rm__ prefix into dir, and rename internat .hg/.git dirs so this
         repository is no longer valid for rhodecode, can be undeleted later on
         by reverting the renames on this repository
         :param repo: repo object
         """
         rm_path = os.path.join(self.repos_path, repo.repo_name)
         log.info("Removing %s" % (rm_path))
         # disable hg/git internal that it doesn't get detected as repo
         alias = repo.repo_type
         bare = getattr(repo.scm_instance, 'bare', False)
         if not bare:
             # skip this for bare git repos
             shutil.move(os.path.join(rm_path, '.%s' % alias),
                         os.path.join(rm_path, 'rm__.%s' % alias))
         # disable repo
         _now = datetime.now()
         _ms = str(_now.microsecond).rjust(6, '0')
         _d = 'rm__%s__%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms),
                              repo.repo_name)
         shutil.move(rm_path, os.path.join(self.repos_path, _d))

rhodecode/model/repos_group.py

➞

Show inline comments

 # -*- coding: utf-8 -*-
 """
     rhodecode.model.user_group
     ~~~~~~~~~~~~~~~~~~~~~~~~~~
     users groups model for RhodeCode
     :created_on: Jan 25, 2011
     :author: marcink
     :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import os
 import logging
 import traceback
 import shutil
 from rhodecode.lib.utils2 import LazyProperty
 from rhodecode.model import BaseModel
 from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \
     User, Permission, UsersGroupRepoGroupToPerm, UsersGroup
+    User, Permission, UsersGroupRepoGroupToPerm, UsersGroup, Repository
 log = logging.getLogger(__name__)
 class ReposGroupModel(BaseModel):
     cls = RepoGroup
     def __get_users_group(self, users_group):
         return self._get_instance(UsersGroup, users_group,
                                   callback=UsersGroup.get_by_group_name)
     def _get_repos_group(self, repos_group):
         return self._get_instance(RepoGroup, repos_group,
                                   callback=RepoGroup.get_by_group_name)
     @LazyProperty
     def repos_path(self):
         """
         Get's the repositories root path from database
         """
         q = RhodeCodeUi.get_by_key('/')
         return q.ui_value
     def _create_default_perms(self, new_group):
         # create default permission
         repo_group_to_perm = UserRepoGroupToPerm()
         default_perm = 'group.read'
         for p in User.get_by_username('default').user_perms:
             if p.permission.permission_name.startswith('group.'):
                 default_perm = p.permission.permission_name
                 break
         repo_group_to_perm.permission_id = self.sa.query(Permission)\
                 .filter(Permission.permission_name == default_perm)\
                 .one().permission_id
         repo_group_to_perm.group = new_group
         repo_group_to_perm.user_id = User.get_by_username('default').user_id
         self.sa.add(repo_group_to_perm)
     def __create_group(self, group_name):
         """
         makes repositories group on filesystem
         :param repo_name:
         :param parent_id:
         """
         create_path = os.path.join(self.repos_path, group_name)
         log.debug('creating new group in %s' % create_path)
         if os.path.isdir(create_path):
             raise Exception('That directory already exists !')
         os.makedirs(create_path)
     def __rename_group(self, old, new):
         """
         Renames a group on filesystem
         :param group_name:
         """
         if old == new:
             log.debug('skipping group rename')
             return
         log.debug('renaming repos group from %s to %s' % (old, new))
         old_path = os.path.join(self.repos_path, old)
         new_path = os.path.join(self.repos_path, new)
         log.debug('renaming repos paths from %s to %s' % (old_path, new_path))
         if os.path.isdir(new_path):
             raise Exception('Was trying to rename to already '
                             'existing dir %s' % new_path)
         shutil.move(old_path, new_path)
     def __delete_group(self, group):
+    def __delete_group(self, group, force_delete=False):
         """
         Deletes a group from a filesystem
         :param group: instance of group from database
         :param force_delete: use shutil rmtree to remove all objects
         """
         paths = group.full_path.split(RepoGroup.url_sep())
         paths = os.sep.join(paths)
         rm_path = os.path.join(self.repos_path, paths)
         if os.path.isdir(rm_path):
             # delete only if that path really exists
             os.rmdir(rm_path)
             if force_delete:
                 shutil.rmtree(rm_path)
             else:
                 os.rmdir(rm_path)  # this raises an exception when there are still objects inside
     def create(self, group_name, group_description, parent=None, just_db=False):
         try:
             new_repos_group = RepoGroup()
             new_repos_group.group_description = group_description
             new_repos_group.parent_group = self._get_repos_group(parent)
             new_repos_group.group_name = new_repos_group.get_new_name(group_name)
             self.sa.add(new_repos_group)
             self._create_default_perms(new_repos_group)
             if not just_db:
                 # we need to flush here, in order to check if database won't
                 # throw any exceptions, create filesystem dirs at the very end
                 self.sa.flush()
                 self.__create_group(new_repos_group.group_name)
             return new_repos_group
         except:
             log.error(traceback.format_exc())
             raise
     def _update_permissions(self, repos_group, perms_new=None,
                             perms_updates=None, recursive=False):
         from rhodecode.model.repo import RepoModel
         if not perms_new:
             perms_new = []
         if not perms_updates:
             perms_updates = []
         def _set_perm_user(obj, user, perm):
             if isinstance(obj, RepoGroup):
                 ReposGroupModel().grant_user_permission(
                     repos_group=obj, user=user, perm=perm
+                )
             elif isinstance(obj, Repository):
                 # we set group permission but we have to switch to repo
                 # permission
                 perm = perm.replace('group.', 'repository.')
                 RepoModel().grant_user_permission(
                     repo=obj, user=user, perm=perm
+                )
         def _set_perm_group(obj, users_group, perm):
             if isinstance(obj, RepoGroup):
                 ReposGroupModel().grant_users_group_permission(
                     repos_group=obj, group_name=users_group, perm=perm
+                )
             elif isinstance(obj, Repository):
                 # we set group permission but we have to switch to repo
                 # permission
                 perm = perm.replace('group.', 'repository.')
                 RepoModel().grant_users_group_permission(
                     repo=obj, group_name=users_group, perm=perm
+                )
         updates = []
         log.debug('Now updating permissions for %s in recursive mode:%s'
                   % (repos_group, recursive))
         for obj in repos_group.recursive_groups_and_repos():
             if not recursive:
                 obj = repos_group
             # update permissions
             for member, perm, member_type in perms_updates:
                 ## set for user
                 if member_type == 'user':
                     # this updates also current one if found
                     _set_perm_user(obj, user=member, perm=perm)
                 ## set for users group
                 else:
                     _set_perm_group(obj, users_group=member, perm=perm)
             # set new permissions
             for member, perm, member_type in perms_new:
                 if member_type == 'user':
                     _set_perm_user(obj, user=member, perm=perm)
                 else:
                     _set_perm_group(obj, users_group=member, perm=perm)
             updates.append(obj)
             #if it's not recursive call
             # break the loop and don't proceed with other changes
             if not recursive:
                 break
         return updates
     def update(self, repos_group_id, form_data):
         try:
             repos_group = RepoGroup.get(repos_group_id)
             # update permissions
             for member, perm, member_type in form_data['perms_updates']:
                 if member_type == 'user':
                     # this updates also current one if found
                     ReposGroupModel().grant_user_permission(
                         repos_group=repos_group, user=member, perm=perm
+                    )
                 else:
                     ReposGroupModel().grant_users_group_permission(
                         repos_group=repos_group, group_name=member, perm=perm
+                    )
             # set new permissions
             for member, perm, member_type in form_data['perms_new']:
                 if member_type == 'user':
                     ReposGroupModel().grant_user_permission(
                         repos_group=repos_group, user=member, perm=perm
+                    )
                 else:
                     ReposGroupModel().grant_users_group_permission(
                         repos_group=repos_group, group_name=member, perm=perm
+                    )
             recursive = form_data['recursive']
             # iterate over all members(if in recursive mode) of this groups and
             # set the permissions !
             # this can be potentially heavy operation
             self._update_permissions(repos_group, form_data['perms_new'],
                                      form_data['perms_updates'], recursive)
             old_path = repos_group.full_path
             # change properties
             repos_group.group_description = form_data['group_description']
             repos_group.parent_group = RepoGroup.get(form_data['group_parent_id'])
             repos_group.group_parent_id = form_data['group_parent_id']
             repos_group.enable_locking = form_data['enable_locking']
             repos_group.group_name = repos_group.get_new_name(form_data['group_name'])
             new_path = repos_group.full_path
             self.sa.add(repos_group)
             # iterate over all members of this groups and set the locking !
             # this can be potentially heavy operation
             for obj in repos_group.recursive_groups_and_repos():
                 #set the value from it's parent
                 obj.enable_locking = repos_group.enable_locking
                 self.sa.add(obj)
             # we need to get all repositories from this new group and
             # rename them accordingly to new group path
             for r in repos_group.repositories:
                 r.repo_name = r.get_new_name(r.just_name)
                 self.sa.add(r)
             self.__rename_group(old_path, new_path)
             return repos_group
         except:
             log.error(traceback.format_exc())
             raise
     def delete(self, repos_group):
+    def delete(self, repos_group, force_delete=False):
         repos_group = self._get_repos_group(repos_group)
         try:
             self.sa.delete(repos_group)
             self.__delete_group(repos_group)
+            self.__delete_group(repos_group, force_delete)
         except:
             log.exception('Error removing repos_group %s' % repos_group)
             raise
     def delete_permission(self, repos_group, obj, obj_type, recursive):
         """
         Revokes permission for repos_group for given obj(user or users_group),
         obj_type can be user or users group
         :param repos_group:
         :param obj: user or users group id
         :param obj_type: user or users group type
         :param recursive: recurse to all children of group
         """
         from rhodecode.model.repo import RepoModel
         repos_group = self._get_repos_group(repos_group)
         for el in repos_group.recursive_groups_and_repos():
             if not recursive:
                 # if we don't recurse set the permission on only the top level
                 # object
                 el = repos_group
             if isinstance(el, RepoGroup):
                 if obj_type == 'user':
                     ReposGroupModel().revoke_user_permission(el, user=obj)
                 elif obj_type == 'users_group':
                     ReposGroupModel().revoke_users_group_permission(el, group_name=obj)
                 else:
                     raise Exception('undefined object type %s' % obj_type)
             elif isinstance(el, Repository):
                 if obj_type == 'user':
                     RepoModel().revoke_user_permission(el, user=obj)
                 elif obj_type == 'users_group':
                     RepoModel().revoke_users_group_permission(el, group_name=obj)
                 else:
                     raise Exception('undefined object type %s' % obj_type)
             #if it's not recursive call
             # break the loop and don't proceed with other changes
             if not recursive:
                 break
     def grant_user_permission(self, repos_group, user, perm):
         """
         Grant permission for user on given repositories group, or update
         existing one if found
         :param repos_group: Instance of ReposGroup, repositories_group_id,
             or repositories_group name
         :param user: Instance of User, user_id or username
         :param perm: Instance of Permission, or permission_name
         """
         repos_group = self._get_repos_group(repos_group)
         user = self._get_user(user)
         permission = self._get_perm(perm)
         # check if we have that permission already
         obj = self.sa.query(UserRepoGroupToPerm)\
             .filter(UserRepoGroupToPerm.user == user)\
             .filter(UserRepoGroupToPerm.group == repos_group)\
             .scalar()
         if obj is None:
             # create new !
             obj = UserRepoGroupToPerm()
         obj.group = repos_group
         obj.user = user
         obj.permission = permission
         self.sa.add(obj)
         log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group))
     def revoke_user_permission(self, repos_group, user):
         """
         Revoke permission for user on given repositories group
         :param repos_group: Instance of ReposGroup, repositories_group_id,
             or repositories_group name
         :param user: Instance of User, user_id or username
         """
         repos_group = self._get_repos_group(repos_group)
         user = self._get_user(user)
         obj = self.sa.query(UserRepoGroupToPerm)\
             .filter(UserRepoGroupToPerm.user == user)\
             .filter(UserRepoGroupToPerm.group == repos_group)\
             .one()
             .scalar()
         if obj:
         self.sa.delete(obj)
             log.debug('Revoked perm on %s on %s' % (repos_group, user))
     def grant_users_group_permission(self, repos_group, group_name, perm):
         """
         Grant permission for users group on given repositories group, or update
         existing one if found
         :param repos_group: Instance of ReposGroup, repositories_group_id,
             or repositories_group name
         :param group_name: Instance of UserGroup, users_group_id,
             or users group name
         :param perm: Instance of Permission, or permission_name
         """
         repos_group = self._get_repos_group(repos_group)
         group_name = self.__get_users_group(group_name)
         permission = self._get_perm(perm)
         # check if we have that permission already
         obj = self.sa.query(UsersGroupRepoGroupToPerm)\
             .filter(UsersGroupRepoGroupToPerm.group == repos_group)\
             .filter(UsersGroupRepoGroupToPerm.users_group == group_name)\
             .scalar()
         if obj is None:
             # create new
             obj = UsersGroupRepoGroupToPerm()
         obj.group = repos_group
         obj.users_group = group_name
         obj.permission = permission
         self.sa.add(obj)
         log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group))
     def revoke_users_group_permission(self, repos_group, group_name):
         """
         Revoke permission for users group on given repositories group
         :param repos_group: Instance of ReposGroup, repositories_group_id,
             or repositories_group name
         :param group_name: Instance of UserGroup, users_group_id,
             or users group name
         """
         repos_group = self._get_repos_group(repos_group)
         group_name = self.__get_users_group(group_name)
         obj = self.sa.query(UsersGroupRepoGroupToPerm)\
             .filter(UsersGroupRepoGroupToPerm.group == repos_group)\
             .filter(UsersGroupRepoGroupToPerm.users_group == group_name)\
             .one()
             .scalar()
         if obj:
         self.sa.delete(obj)
             log.debug('Revoked perm to %s on %s' % (repos_group, group_name))

rhodecode/model/user.py

➞

Show inline comments

@@ @@ -183,487 +183,487 @@ class UserModel(BaseModel): @@
         :param username:
         :param password:
         :param user_dn:
         :param attrs:
         """
         from rhodecode.lib.auth import get_crypt_password
         log.debug('Checking for such ldap account in RhodeCode database')
         if self.get_by_username(username, case_insensitive=True) is None:
             # autogenerate email for ldap account without one
             generate_email = lambda usr: '%s@ldap.account' % usr
             try:
                 new_user = User()
                 username = username.lower()
                 # add ldap account always lowercase
                 new_user.username = username
                 new_user.password = get_crypt_password(password)
                 new_user.api_key = generate_api_key(username)
                 new_user.email = attrs['email'] or generate_email(username)
                 new_user.active = attrs.get('active', True)
                 new_user.ldap_dn = safe_unicode(user_dn)
                 new_user.name = attrs['name']
                 new_user.lastname = attrs['lastname']
                 self.sa.add(new_user)
                 return new_user
             except (DatabaseError,):
                 log.error(traceback.format_exc())
                 self.sa.rollback()
                 raise
         log.debug('this %s user exists skipping creation of ldap account',
                   username)
         return None
     def create_registration(self, form_data):
         from rhodecode.model.notification import NotificationModel
         try:
             form_data['admin'] = False
             new_user = self.create(form_data)
             self.sa.add(new_user)
             self.sa.flush()
             # notification to admins
             subject = _('new user registration')
             body = ('New user registration\n'
                     '---------------------\n'
                     '- Username: %s\n'
                     '- Full Name: %s\n'
                     '- Email: %s\n')
             body = body % (new_user.username, new_user.full_name,
                            new_user.email)
             edit_url = url('edit_user', id=new_user.user_id, qualified=True)
             kw = {'registered_user_url': edit_url}
             NotificationModel().create(created_by=new_user, subject=subject,
                                        body=body, recipients=None,
                                        type_=Notification.TYPE_REGISTRATION,
                                        email_kwargs=kw)
         except:
             log.error(traceback.format_exc())
             raise
     def update(self, user_id, form_data):
         from rhodecode.lib.auth import get_crypt_password
         try:
             user = self.get(user_id, cache=False)
             if user.username == 'default':
                 raise DefaultUserException(
                                 _("You can't Edit this user since it's"
                                   " crucial for entire application"))
             for k, v in form_data.items():
                 if k == 'new_password' and v:
                     user.password = get_crypt_password(v)
                     user.api_key = generate_api_key(user.username)
                 else:
                     if k == 'firstname':
                         k = 'name'
                     setattr(user, k, v)
             self.sa.add(user)
         except:
             log.error(traceback.format_exc())
             raise
     def update_user(self, user, **kwargs):
         from rhodecode.lib.auth import get_crypt_password
         try:
             user = self._get_user(user)
             if user.username == 'default':
                 raise DefaultUserException(
                     _("You can't Edit this user since it's"
                       " crucial for entire application")
+                )
             for k, v in kwargs.items():
                 if k == 'password' and v:
                     v = get_crypt_password(v)
                     user.api_key = generate_api_key(user.username)
                 setattr(user, k, v)
             self.sa.add(user)
             return user
         except:
             log.error(traceback.format_exc())
             raise
     def update_my_account(self, user_id, form_data):
         from rhodecode.lib.auth import get_crypt_password
         try:
             user = self.get(user_id, cache=False)
             if user.username == 'default':
                 raise DefaultUserException(
                     _("You can't Edit this user since it's"
                       " crucial for entire application")
+                )
             for k, v in form_data.items():
                 if k == 'new_password' and v:
                     user.password = get_crypt_password(v)
                     user.api_key = generate_api_key(user.username)
                 else:
                     if k == 'firstname':
                         k = 'name'
                     if k not in ['admin', 'active']:
                         setattr(user, k, v)
             self.sa.add(user)
         except:
             log.error(traceback.format_exc())
             raise
     def delete(self, user):
         user = self._get_user(user)
         try:
             if user.username == 'default':
                 raise DefaultUserException(
                     _(u"You can't remove this user since it's"
                       " crucial for entire application")
+                )
             if user.repositories:
                 repos = [x.repo_name for x in user.repositories]
                 raise UserOwnsReposException(
                     _(u'user "%s" still owns %s repositories and cannot be '
                       'removed. Switch owners or remove those repositories. %s')
                     % (user.username, len(repos), ', '.join(repos))
+                )
             self.sa.delete(user)
         except:
             log.error(traceback.format_exc())
             raise
     def reset_password_link(self, data):
         from rhodecode.lib.celerylib import tasks, run_task
         run_task(tasks.send_password_link, data['email'])
     def reset_password(self, data):
         from rhodecode.lib.celerylib import tasks, run_task
         run_task(tasks.reset_user_password, data['email'])
     def fill_data(self, auth_user, user_id=None, api_key=None):
         """
         Fetches auth_user by user_id,or api_key if present.
         Fills auth_user attributes with those taken from database.
         Additionally set's is_authenitated if lookup fails
         present in database
         :param auth_user: instance of user to set attributes
         :param user_id: user id to fetch by
         :param api_key: api key to fetch by
         """
         if user_id is None and api_key is None:
             raise Exception('You need to pass user_id or api_key')
         try:
             if api_key:
                 dbuser = self.get_by_api_key(api_key)
             else:
                 dbuser = self.get(user_id)
             if dbuser is not None and dbuser.active:
                 log.debug('filling %s data' % dbuser)
                 for k, v in dbuser.get_dict().items():
                     setattr(auth_user, k, v)
             else:
                 return False
         except:
             log.error(traceback.format_exc())
             auth_user.is_authenticated = False
             return False
         return True
     def fill_perms(self, user):
         """
         Fills user permission attribute with permissions taken from database
         works for permissions given for repositories, and for permissions that
         are granted to groups
         :param user: user instance to fill his perms
         """
         RK = 'repositories'
         GK = 'repositories_groups'
         GLOBAL = 'global'
         user.permissions[RK] = {}
         user.permissions[GK] = {}
         user.permissions[GLOBAL] = set()
         #======================================================================
         # fetch default permissions
         #======================================================================
         default_user = User.get_by_username('default', cache=True)
         default_user_id = default_user.user_id
         default_repo_perms = Permission.get_default_perms(default_user_id)
         default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)
         if user.is_admin:
             #==================================================================
             # admin user have all default rights for repositories
             # and groups set to admin
             #==================================================================
             user.permissions[GLOBAL].add('hg.admin')
             # repositories
             for perm in default_repo_perms:
                 r_k = perm.UserRepoToPerm.repository.repo_name
                 p = 'repository.admin'
                 user.permissions[RK][r_k] = p
             # repositories groups
             for perm in default_repo_groups_perms:
                 rg_k = perm.UserRepoGroupToPerm.group.group_name
                 p = 'group.admin'
                 user.permissions[GK][rg_k] = p
             return user
         #==================================================================
         # SET DEFAULTS GLOBAL, REPOS, REPOS GROUPS
         #==================================================================
         uid = user.user_id
         # default global permissions taken fron the default user
         default_global_perms = self.sa.query(UserToPerm)\
             .filter(UserToPerm.user_id == default_user_id)
         for perm in default_global_perms:
             user.permissions[GLOBAL].add(perm.permission.permission_name)
         # defaults for repositories, taken from default user
         for perm in default_repo_perms:
             r_k = perm.UserRepoToPerm.repository.repo_name
             if perm.Repository.private and not (perm.Repository.user_id == uid):
                 # disable defaults for private repos,
                 p = 'repository.none'
             elif perm.Repository.user_id == uid:
                 # set admin if owner
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
             user.permissions[RK][r_k] = p
         # defaults for repositories groups taken from default user permission
         # on given group
         for perm in default_repo_groups_perms:
             rg_k = perm.UserRepoGroupToPerm.group.group_name
             p = perm.Permission.permission_name
             user.permissions[GK][rg_k] = p
         #======================================================================
         # !! OVERRIDE GLOBALS !! with user permissions if any found
         #======================================================================
         # those can be configured from groups or users explicitly
         _configurable = set(['hg.fork.none', 'hg.fork.repository',
                              'hg.create.none', 'hg.create.repository'])
         # USER GROUPS comes first
         # users group global permissions
         user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\
             .options(joinedload(UsersGroupToPerm.permission))\
             .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==
                    UsersGroupMember.users_group_id))\
             .filter(UsersGroupMember.user_id == uid)\
             .order_by(UsersGroupToPerm.users_group_id)\
             .all()
         #need to group here by groups since user can be in more than one group
         _grouped = [[x, list(y)] for x, y in
                     itertools.groupby(user_perms_from_users_groups,
                                       lambda x:x.users_group)]
         for gr, perms in _grouped:
             # since user can be in multiple groups iterate over them and
             # select the lowest permissions first (more explicit)
             ##TODO: do this^^
             if not gr.inherit_default_permissions:
                 # NEED TO IGNORE all configurable permissions and
                 # replace them with explicitly set
                 user.permissions[GLOBAL] = user.permissions[GLOBAL]\
                                                 .difference(_configurable)
             for perm in perms:
                 user.permissions[GLOBAL].add(perm.permission.permission_name)
         # user specific global permissions
         user_perms = self.sa.query(UserToPerm)\
                 .options(joinedload(UserToPerm.permission))\
                 .filter(UserToPerm.user_id == uid).all()
         if not user.inherit_default_permissions:
             # NEED TO IGNORE all configurable permissions and
             # replace them with explicitly set
             user.permissions[GLOBAL] = user.permissions[GLOBAL]\
                                             .difference(_configurable)
             for perm in user_perms:
                 user.permissions[GLOBAL].add(perm.permission.permission_name)
         #======================================================================
         # !! REPO PERMISSIONS !!
         #======================================================================
         #======================================================================
         # check if user is part of user groups for this repository and
         # fill in (or NOT replace with higher `or 1` permissions
         #======================================================================
         # users group for repositories permissions
         user_repo_perms_from_users_groups = \
          self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\
             .join((Repository, UsersGroupRepoToPerm.repository_id ==
                    Repository.repo_id))\
             .join((Permission, UsersGroupRepoToPerm.permission_id ==
                    Permission.permission_id))\
             .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==
                    UsersGroupMember.users_group_id))\
             .filter(UsersGroupMember.user_id == uid)\
             .all()
         for perm in user_repo_perms_from_users_groups:
             r_k = perm.UsersGroupRepoToPerm.repository.repo_name
             p = perm.Permission.permission_name
             cur_perm = user.permissions[RK][r_k]
             # overwrite permission only if it's greater than permission
             # given from other sources
             if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1:  # disable check
                 user.permissions[RK][r_k] = p
         # user explicit permissions for repositories
         user_repo_perms = \
          self.sa.query(UserRepoToPerm, Permission, Repository)\
             .join((Repository, UserRepoToPerm.repository_id ==
                    Repository.repo_id))\
             .join((Permission, UserRepoToPerm.permission_id ==
                    Permission.permission_id))\
             .filter(UserRepoToPerm.user_id == uid)\
             .all()
         for perm in user_repo_perms:
             # set admin if owner
             r_k = perm.UserRepoToPerm.repository.repo_name
             if perm.Repository.user_id == uid:
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
             user.permissions[RK][r_k] = p
         # REPO GROUP
         #==================================================================
         # get access for this user for repos group and override defaults
         #==================================================================
         # user explicit permissions for repository
         user_repo_groups_perms = \
          self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\
          .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
          .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\
          .filter(UserRepoGroupToPerm.user_id == uid)\
          .all()
         for perm in user_repo_groups_perms:
             rg_k = perm.UserRepoGroupToPerm.group.group_name
             p = perm.Permission.permission_name
             cur_perm = user.permissions[GK][rg_k]
             if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
+            if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1:  # disable check
                 user.permissions[GK][rg_k] = p
         # REPO GROUP + USER GROUP
         #==================================================================
         # check if user is part of user groups for this repo group and
         # fill in (or replace with higher) permissions
         #==================================================================
         # users group for repositories permissions
         user_repo_group_perms_from_users_groups = \
          self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\
          .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\
          .join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\
          .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\
          .filter(UsersGroupMember.user_id == uid)\
          .all()
         for perm in user_repo_group_perms_from_users_groups:
             g_k = perm.UsersGroupRepoGroupToPerm.group.group_name
             p = perm.Permission.permission_name
             cur_perm = user.permissions[GK][g_k]
             # overwrite permission only if it's greater than permission
             # given from other sources
             if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
+            if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1:  # disable check
                 user.permissions[GK][g_k] = p
         return user
     def has_perm(self, user, perm):
         perm = self._get_perm(perm)
         user = self._get_user(user)
         return UserToPerm.query().filter(UserToPerm.user == user)\
             .filter(UserToPerm.permission == perm).scalar() is not None
     def grant_perm(self, user, perm):
         """
         Grant user global permissions
         :param user:
         :param perm:
         """
         user = self._get_user(user)
         perm = self._get_perm(perm)
         # if this permission is already granted skip it
         _perm = UserToPerm.query()\
             .filter(UserToPerm.user == user)\
             .filter(UserToPerm.permission == perm)\
             .scalar()
         if _perm:
             return
         new = UserToPerm()
         new.user = user
         new.permission = perm
         self.sa.add(new)
     def revoke_perm(self, user, perm):
         """
         Revoke users global permissions
         :param user:
         :param perm:
         """
         user = self._get_user(user)
         perm = self._get_perm(perm)
         obj = UserToPerm.query()\
                 .filter(UserToPerm.user == user)\
                 .filter(UserToPerm.permission == perm)\
                 .scalar()
         if obj:
             self.sa.delete(obj)
     def add_extra_email(self, user, email):
         """
         Adds email address to UserEmailMap
         :param user:
         :param email:
         """
         from rhodecode.model import forms
         form = forms.UserExtraEmailForm()()
         data = form.to_python(dict(email=email))
         user = self._get_user(user)
         obj = UserEmailMap()
         obj.user = user
         obj.email = data['email']
         self.sa.add(obj)
         return obj
     def delete_extra_email(self, user, email_id):
         """
         Removes email address from UserEmailMap
         :param user:
         :param email_id:
         """
         user = self._get_user(user)
         obj = UserEmailMap.query().get(email_id)
         if obj:
             self.sa.delete(obj)

rhodecode/model/validators.py

➞

Show inline comments

@@ @@ -118,559 +118,559 @@ def ValidRepoUser(): @@
             try:
                 User.query().filter(User.active == True)\
                     .filter(User.username == value).one()
             except Exception:
                 msg = M(self, 'invalid_username', state, username=value)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(username=msg)
+                )
     return _validator
 def ValidUsersGroup(edit=False, old_data={}):
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'invalid_group': _(u'Invalid users group name'),
             'group_exist': _(u'Users group "%(usersgroup)s" already exists'),
             'invalid_usersgroup_name':
                 _(u'users group name may only contain  alphanumeric '
                   'characters underscores, periods or dashes and must begin '
                   'with alphanumeric character')
+        }
         def validate_python(self, value, state):
             if value in ['default']:
                 msg = M(self, 'invalid_group', state)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(users_group_name=msg)
+                )
             #check if group is unique
             old_ugname = None
             if edit:
                 old_id = old_data.get('users_group_id')
                 old_ugname = UsersGroup.get(old_id).users_group_name
             if old_ugname != value or not edit:
                 is_existing_group = UsersGroup.get_by_group_name(value,
                                                         case_insensitive=True)
                 if is_existing_group:
                     msg = M(self, 'group_exist', state, usersgroup=value)
                     raise formencode.Invalid(msg, value, state,
                         error_dict=dict(users_group_name=msg)
+                    )
             if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:
                 msg = M(self, 'invalid_usersgroup_name', state)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(users_group_name=msg)
+                )
     return _validator
 def ValidReposGroup(edit=False, old_data={}):
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'group_parent_id': _(u'Cannot assign this group as parent'),
             'group_exists': _(u'Group "%(group_name)s" already exists'),
             'repo_exists':
                 _(u'Repository with name "%(group_name)s" already exists')
+        }
         def validate_python(self, value, state):
             # TODO WRITE VALIDATIONS
             group_name = value.get('group_name')
             group_parent_id = value.get('group_parent_id')
             # slugify repo group just in case :)
             slug = repo_name_slug(group_name)
             # check for parent of self
             parent_of_self = lambda: (
                 old_data['group_id'] == int(group_parent_id)
                 if group_parent_id else False
+            )
             if edit and parent_of_self():
                 msg = M(self, 'group_parent_id', state)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(group_parent_id=msg)
+                )
             old_gname = None
             if edit:
                 old_gname = RepoGroup.get(old_data.get('group_id')).group_name
             if old_gname != group_name or not edit:
                 # check group
                 gr = RepoGroup.query()\
                       .filter(RepoGroup.group_name == slug)\
                       .filter(RepoGroup.group_parent_id == group_parent_id)\
                       .scalar()
                 if gr:
                     msg = M(self, 'group_exists', state, group_name=slug)
                     raise formencode.Invalid(msg, value, state,
                             error_dict=dict(group_name=msg)
+                    )
                 # check for same repo
                 repo = Repository.query()\
                       .filter(Repository.repo_name == slug)\
                       .scalar()
                 if repo:
                     msg = M(self, 'repo_exists', state, group_name=slug)
                     raise formencode.Invalid(msg, value, state,
                             error_dict=dict(group_name=msg)
+                    )
     return _validator
 def ValidPassword():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'invalid_password':
                 _(u'Invalid characters (non-ascii) in password')
+        }
         def validate_python(self, value, state):
             try:
                 (value or '').decode('ascii')
             except UnicodeError:
                 msg = M(self, 'invalid_password', state)
                 raise formencode.Invalid(msg, value, state,)
     return _validator
 def ValidPasswordsMatch():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'password_mismatch': _(u'Passwords do not match'),
+        }
         def validate_python(self, value, state):
             pass_val = value.get('password') or value.get('new_password')
             if pass_val != value['password_confirmation']:
                 msg = M(self, 'password_mismatch', state)
                 raise formencode.Invalid(msg, value, state,
                      error_dict=dict(password_confirmation=msg)
+                )
     return _validator
 def ValidAuth():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'invalid_password': _(u'invalid password'),
             'invalid_username': _(u'invalid user name'),
             'disabled_account': _(u'Your account is disabled')
+        }
         def validate_python(self, value, state):
             from rhodecode.lib.auth import authenticate
             password = value['password']
             username = value['username']
             if not authenticate(username, password):
                 user = User.get_by_username(username)
                 if user and user.active is False:
                     log.warning('user %s is disabled' % username)
                     msg = M(self, 'disabled_account', state)
                     raise formencode.Invalid(msg, value, state,
                         error_dict=dict(username=msg)
+                    )
                 else:
                     log.warning('user %s failed to authenticate' % username)
                     msg = M(self, 'invalid_username', state)
                     msg2 = M(self, 'invalid_password', state)
                     raise formencode.Invalid(msg, value, state,
                         error_dict=dict(username=msg, password=msg2)
+                    )
     return _validator
 def ValidAuthToken():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'invalid_token': _(u'Token mismatch')
+        }
         def validate_python(self, value, state):
             if value != authentication_token():
                 msg = M(self, 'invalid_token', state)
                 raise formencode.Invalid(msg, value, state)
     return _validator
 def ValidRepoName(edit=False, old_data={}):
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'invalid_repo_name':
                 _(u'Repository name %(repo)s is disallowed'),
             'repository_exists':
                 _(u'Repository named %(repo)s already exists'),
             'repository_in_group_exists': _(u'Repository "%(repo)s" already '
                                             'exists in group "%(group)s"'),
             'same_group_exists': _(u'Repositories group with name "%(repo)s" '
                                    'already exists')
+        }
         def _to_python(self, value, state):
             repo_name = repo_name_slug(value.get('repo_name', ''))
             repo_group = value.get('repo_group')
             if repo_group:
                 gr = RepoGroup.get(repo_group)
                 group_path = gr.full_path
                 group_name = gr.group_name
                 # value needs to be aware of group name in order to check
                 # db key This is an actual just the name to store in the
                 # database
                 repo_name_full = group_path + RepoGroup.url_sep() + repo_name
             else:
                 group_name = group_path = ''
                 repo_name_full = repo_name
             value['repo_name'] = repo_name
             value['repo_name_full'] = repo_name_full
             value['group_path'] = group_path
             value['group_name'] = group_name
             return value
         def validate_python(self, value, state):
             repo_name = value.get('repo_name')
             repo_name_full = value.get('repo_name_full')
             group_path = value.get('group_path')
             group_name = value.get('group_name')
             if repo_name in [ADMIN_PREFIX, '']:
                 msg = M(self, 'invalid_repo_name', state, repo=repo_name)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(repo_name=msg)
+                )
             rename = old_data.get('repo_name') != repo_name_full
             create = not edit
             if rename or create:
                 if group_path != '':
                     if Repository.get_by_repo_name(repo_name_full):
                         msg = M(self, 'repository_in_group_exists', state,
                                 repo=repo_name, group=group_name)
                         raise formencode.Invalid(msg, value, state,
                             error_dict=dict(repo_name=msg)
+                        )
                 elif RepoGroup.get_by_group_name(repo_name_full):
                         msg = M(self, 'same_group_exists', state,
                                 repo=repo_name)
                         raise formencode.Invalid(msg, value, state,
                             error_dict=dict(repo_name=msg)
+                        )
                 elif Repository.get_by_repo_name(repo_name_full):
                         msg = M(self, 'repository_exists', state,
                                 repo=repo_name)
                         raise formencode.Invalid(msg, value, state,
                             error_dict=dict(repo_name=msg)
+                        )
             return value
     return _validator
 def ValidForkName(*args, **kwargs):
     return ValidRepoName(*args, **kwargs)
 def SlugifyName():
     class _validator(formencode.validators.FancyValidator):
         def _to_python(self, value, state):
             return repo_name_slug(value)
         def validate_python(self, value, state):
             pass
     return _validator
 def ValidCloneUri():
     from rhodecode.lib.utils import make_ui
     def url_handler(repo_type, url, ui=None):
         if repo_type == 'hg':
             from rhodecode.lib.vcs.backends.hg.repository import MercurialRepository
             from mercurial.httppeer import httppeer
             if url.startswith('http'):
                 ## initially check if it's at least the proper URL
                 ## or does it pass basic auth
                 MercurialRepository._check_url(url)
                 httppeer(ui, url)._capabilities()
             elif url.startswith('svn+http'):
                 from hgsubversion.svnrepo import svnremoterepo
                 svnremoterepo(ui, url).capabilities
             elif url.startswith('git+http'):
                 raise NotImplementedError()
         elif repo_type == 'git':
             from rhodecode.lib.vcs.backends.git.repository import GitRepository
             if url.startswith('http'):
                 ## initially check if it's at least the proper URL
                 ## or does it pass basic auth
                 GitRepository._check_url(url)
             elif url.startswith('svn+http'):
                 raise NotImplementedError()
             elif url.startswith('hg+http'):
                 raise NotImplementedError()
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'clone_uri': _(u'invalid clone url'),
             'invalid_clone_uri': _(u'Invalid clone url, provide a '
                                     'valid clone http(s)/svn+http(s) url')
+        }
         def validate_python(self, value, state):
             repo_type = value.get('repo_type')
             url = value.get('clone_uri')
             if not url:
                 pass
             else:
                 try:
                     url_handler(repo_type, url, make_ui('db', clear_session=False))
                 except Exception:
                     log.exception('Url validation failed')
                     msg = M(self, 'clone_uri')
                     raise formencode.Invalid(msg, value, state,
                         error_dict=dict(clone_uri=msg)
+                    )
     return _validator
 def ValidForkType(old_data={}):
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'invalid_fork_type': _(u'Fork have to be the same type as parent')
+        }
         def validate_python(self, value, state):
             if old_data['repo_type'] != value:
                 msg = M(self, 'invalid_fork_type', state)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(repo_type=msg)
+                )
     return _validator
 def ValidPerms(type_='repo'):
     if type_ == 'group':
         EMPTY_PERM = 'group.none'
     elif type_ == 'repo':
         EMPTY_PERM = 'repository.none'
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'perm_new_member_name':
                 _(u'This username or users group name is not valid')
+        }
         def to_python(self, value, state):
             perms_update = OrderedSet()
             perms_new = OrderedSet()
             # build a list of permission to update and new permission to create
             #CLEAN OUT ORG VALUE FROM NEW MEMBERS, and group them using
             new_perms_group = defaultdict(dict)
             for k, v in value.copy().iteritems():
                 if k.startswith('perm_new_member'):
                     del value[k]
                     _type, part = k.split('perm_new_member_')
                     args = part.split('_')
                     if len(args) == 1:
                         new_perms_group[args[0]]['perm'] = v
                     elif len(args) == 2:
                         _key, pos = args
                         new_perms_group[pos][_key] = v
             # fill new permissions in order of how they were added
             for k in sorted(map(int, new_perms_group.keys())):
                 perm_dict = new_perms_group[str(k)]
                 new_member = perm_dict['name']
                 new_perm = perm_dict['perm']
                 new_type = perm_dict['type']
                 new_member = perm_dict.get('name')
                 new_perm = perm_dict.get('perm')
                 new_type = perm_dict.get('type')
                 if new_member and new_perm and new_type:
                     perms_new.add((new_member, new_perm, new_type))
             for k, v in value.iteritems():
                 if k.startswith('u_perm_') or k.startswith('g_perm_'):
                     member = k[7:]
                     t = {'u': 'user',
                          'g': 'users_group'
                     }[k[0]]
                     if member == 'default':
                         if value.get('private'):
                             # set none for default when updating to
                             # private repo
                             v = EMPTY_PERM
                     perms_update.add((member, v, t))
             value['perms_updates'] = list(perms_update)
             value['perms_new'] = list(perms_new)
             # update permissions
             for k, v, t in perms_new:
                 try:
                     if t is 'user':
                         self.user_db = User.query()\
                             .filter(User.active == True)\
                             .filter(User.username == k).one()
                     if t is 'users_group':
                         self.user_db = UsersGroup.query()\
                             .filter(UsersGroup.users_group_active == True)\
                             .filter(UsersGroup.users_group_name == k).one()
                 except Exception:
                     log.exception('Updated permission failed')
                     msg = M(self, 'perm_new_member_type', state)
                     raise formencode.Invalid(msg, value, state,
                         error_dict=dict(perm_new_member_name=msg)
+                    )
             return value
     return _validator
 def ValidSettings():
     class _validator(formencode.validators.FancyValidator):
         def _to_python(self, value, state):
             # settings  form can't edit user
             if 'user' in value:
                 del value['user']
             return value
         def validate_python(self, value, state):
             pass
     return _validator
 def ValidPath():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'invalid_path': _(u'This is not a valid path')
+        }
         def validate_python(self, value, state):
             if not os.path.isdir(value):
                 msg = M(self, 'invalid_path', state)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(paths_root_path=msg)
+                )
     return _validator
 def UniqSystemEmail(old_data={}):
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'email_taken': _(u'This e-mail address is already taken')
+        }
         def _to_python(self, value, state):
             return value.lower()
         def validate_python(self, value, state):
             if (old_data.get('email') or '').lower() != value:
                 user = User.get_by_email(value, case_insensitive=True)
                 if user:
                     msg = M(self, 'email_taken', state)
                     raise formencode.Invalid(msg, value, state,
                         error_dict=dict(email=msg)
+                    )
     return _validator
 def ValidSystemEmail():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'non_existing_email': _(u'e-mail "%(email)s" does not exist.')
+        }
         def _to_python(self, value, state):
             return value.lower()
         def validate_python(self, value, state):
             user = User.get_by_email(value, case_insensitive=True)
             if user is None:
                 msg = M(self, 'non_existing_email', state, email=value)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(email=msg)
+                )
     return _validator
 def LdapLibValidator():
     class _validator(formencode.validators.FancyValidator):
         messages = {
+        }
         def validate_python(self, value, state):
             try:
                 import ldap
                 ldap  # pyflakes silence !
             except ImportError:
                 raise LdapImportError()
     return _validator
 def AttrLoginValidator():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'invalid_cn':
                   _(u'The LDAP Login attribute of the CN must be specified - '
                     'this is the name of the attribute that is equivalent '
                     'to "username"')
+        }
         def validate_python(self, value, state):
             if not value or not isinstance(value, (str, unicode)):
                 msg = M(self, 'invalid_cn', state)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(ldap_attr_login=msg)
+                )
     return _validator
 def NotReviewedRevisions():
     class _validator(formencode.validators.FancyValidator):
         messages = {
             'rev_already_reviewed':
                   _(u'Revisions %(revs)s are already part of pull request '
                     'or have set status')
+        }
         def validate_python(self, value, state):
             # check revisions if they are not reviewed, or a part of another
             # pull request
             statuses = ChangesetStatus.query()\
                 .filter(ChangesetStatus.revision.in_(value)).all()
             errors = []
             for cs in statuses:
                 if cs.pull_request_id:
                     errors.append(['pull_req', cs.revision[:12]])
                 elif cs.status:
                     errors.append(['status', cs.revision[:12]])
             if errors:
                 revs = ','.join([x[1] for x in errors])
                 msg = M(self, 'rev_already_reviewed', state, revs=revs)
                 raise formencode.Invalid(msg, value, state,
                     error_dict=dict(revisions=revs)
+                )
     return _validator

rhodecode/templates/admin/repos_groups/repos_group_edit_perms.html

➞

Show inline comments

 <table id="permissions_manage" class="noborder">
     <tr>
         <td>${_('none')}</td>
         <td>${_('read')}</td>
         <td>${_('write')}</td>
         <td>${_('admin')}</td>
         <td>${_('member')}</td>
         <td></td>
     </tr>
     ## USERS
     %for r2p in c.repos_group.repo_group_to_perm:
         <tr id="id${id(r2p.user.username)}">
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.none')}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.read')}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.write')}</td>
             <td>${h.radio('u_perm_%s' % r2p.user.username,'group.admin')}</td>
             <td style="white-space: nowrap;">
                 <img class="perm-gravatar" src="${h.gravatar_url(r2p.user.email,14)}"/>${r2p.user.username if r2p.user.username != 'default' else _('default')}
             </td>
             <td>
               %if r2p.user.username !='default':
                 <span class="delete_icon action_button" onclick="ajaxActionUser(${r2p.user.user_id},'${'id%s'%id(r2p.user.username)}')">
                 ${_('revoke')}
                 </span>
               %endif
             </td>
         </tr>
     %endfor
     ## USERS GROUPS
     %for g2p in c.repos_group.users_group_to_perm:
         <tr id="id${id(g2p.users_group.users_group_name)}">
             <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.none')}</td>
             <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.read')}</td>
             <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.write')}</td>
             <td>${h.radio('g_perm_%s' % g2p.users_group.users_group_name,'group.admin')}</td>
             <td style="white-space: nowrap;">
                 <img class="perm-gravatar" src="${h.url('/images/icons/group.png')}"/>${g2p.users_group.users_group_name}
             </td>
             <td>
                 <span class="delete_icon action_button" onclick="ajaxActionUsersGroup(${g2p.users_group.users_group_id},'${'id%s'%id(g2p.users_group.users_group_name)}')">
                 ${_('revoke')}
                 </span>
             </td>
         </tr>
     %endfor
 <%
     _tmpl = h.literal("""' \
         <td><input type="radio" value="group.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
         <td><input type="radio" value="group.read" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
         <td><input type="radio" value="group.write" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
         <td><input type="radio" value="group.admin" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
         <td class="ac"> \
             <div class="perm_ac" id="perm_ac_{0}"> \
                 <input class="yui-ac-input" id="perm_new_member_name_{0}" name="perm_new_member_name_{0}" value="" type="text"> \
                 <input id="perm_new_member_type_{0}" name="perm_new_member_type_{0}" value="" type="hidden">  \
                 <div id="perm_container_{0}"></div> \
             </div> \
         </td> \
         <td></td>'""")
     %>
     ## ADD HERE DYNAMICALLY NEW INPUTS FROM THE '_tmpl'
     <tr class="new_members last_new_member" id="add_perm_input"></tr>
     <tr>
         <td colspan="6">
             <span id="add_perm" class="add_icon" style="cursor: pointer;">
             ${_('Add another member')}
             </span>
         </td>
     </tr>
     <tr>
         <td colspan="6">
            ${h.checkbox('recursive',value="True", label=_('apply to parents'))}
            <span class="help-block">${_('Set or revoke permission to all children of that group, including repositories and other groups')}</span>
         </td>
     </tr>
 </table>
 <script type="text/javascript">
 function ajaxActionUser(user_id, field_id) {
     var sUrl = "${h.url('delete_repos_group_user_perm',group_name=c.repos_group.group_name)}";
     var callback = {
         success: function (o) {
             var tr = YUD.get(String(field_id));
             tr.parentNode.removeChild(tr);
         },
         failure: function (o) {
             alert("${_('Failed to remove user')}");
         },
     };
     var postData = '_method=delete&user_id=' + user_id;
     var recursive = YUD.get('recursive').checked;
     var postData = '_method=delete&recursive={0}&user_id={1}'.format(recursive,user_id);
     var request = YAHOO.util.Connect.asyncRequest('POST', sUrl, callback, postData);
 };
 function ajaxActionUsersGroup(users_group_id,field_id){
     var sUrl = "${h.url('delete_repos_group_users_group_perm',group_name=c.repos_group.group_name)}";
     var callback = {
         success:function(o){
             var tr = YUD.get(String(field_id));
             tr.parentNode.removeChild(tr);
         },
         failure:function(o){
             alert("${_('Failed to remove users group')}");
         },
     };
     var postData = '_method=delete&users_group_id='+users_group_id;
     var recursive = YUD.get('recursive').checked;
     var postData = '_method=delete&recursive={0}&users_group_id={1}'.format(recursive,users_group_id);
     var request = YAHOO.util.Connect.asyncRequest('POST', sUrl, callback, postData);
 };
 YUE.onDOMReady(function () {
     if (!YUD.hasClass('perm_new_member_name', 'error')) {
         YUD.setStyle('add_perm_input', 'display', 'none');
+    }
     YAHOO.util.Event.addListener('add_perm', 'click', function () {
     	addPermAction(${_tmpl}, ${c.users_array|n}, ${c.users_groups_array|n});
     });
 });
 </script>

rhodecode/tests/functional/test_compare.py

➞

Show inline comments

 from rhodecode.tests import *
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.meta import Session
 from rhodecode.model.db import Repository
 from rhodecode.model.scm import ScmModel
 from rhodecode.lib.vcs.backends.base import EmptyChangeset
 class TestCompareController(TestController):
     def test_index_tag(self):
         self.log_user()
         tag1 = '0.1.3'
         tag2 = '0.1.2'
         response = self.app.get(url(controller='compare', action='index',
                                     repo_name=HG_REPO,
                                     org_ref_type="tag",
                                     org_ref=tag1,
                                     other_ref_type="tag",
                                     other_ref=tag2,
                                     ))
         response.mustcontain('%s@%s -> %s@%s' % (HG_REPO, tag1, HG_REPO, tag2))
         ## outgoing changesets between tags
         response.mustcontain('''<a href="/%s/changeset/17544fbfcd33ffb439e2b728b5d526b1ef30bfcf">r120:17544fbfcd33</a>''' % HG_REPO)
         response.mustcontain('''<a href="/%s/changeset/36e0fc9d2808c5022a24f49d6658330383ed8666">r119:36e0fc9d2808</a>''' % HG_REPO)
         response.mustcontain('''<a href="/%s/changeset/bb1a3ab98cc45cb934a77dcabf87a5a598b59e97">r118:bb1a3ab98cc4</a>''' % HG_REPO)
         response.mustcontain('''<a href="/%s/changeset/41fda979f02fda216374bf8edac4e83f69e7581c">r117:41fda979f02f</a>''' % HG_REPO)
         response.mustcontain('''<a href="/%s/changeset/9749bfbfc0d2eba208d7947de266303b67c87cda">r116:9749bfbfc0d2</a>''' % HG_REPO)
         response.mustcontain('''<a href="/%s/changeset/70d4cef8a37657ee4cf5aabb3bd9f68879769816">r115:70d4cef8a376</a>''' % HG_REPO)
         response.mustcontain('''<a href="/%s/changeset/c5ddebc06eaaba3010c2d66ea6ec9d074eb0f678">r112:c5ddebc06eaa</a>''' % HG_REPO)
         ## files diff
         response.mustcontain('''<div class="node"><a href="/%s/compare/tag@%s...tag@%s#C--1c5cf9e91c12">docs/api/utils/index.rst</a></div>''' % (HG_REPO, tag1, tag2))
         response.mustcontain('''<div class="node"><a href="/%s/compare/tag@%s...tag@%s#C--e3305437df55">test_and_report.sh</a></div>''' % (HG_REPO, tag1, tag2))
         response.mustcontain('''<div class="node"><a href="/%s/compare/tag@%s...tag@%s#C--c8e92ef85cd1">.hgignore</a></div>''' % (HG_REPO, tag1, tag2))
         response.mustcontain('''<div class="node"><a href="/%s/compare/tag@%s...tag@%s#C--6e08b694d687">.hgtags</a></div>''' % (HG_REPO, tag1, tag2))
         response.mustcontain('''<div class="node"><a href="/%s/compare/tag@%s...tag@%s#C--2c14b00f3393">docs/api/index.rst</a></div>''' % (HG_REPO, tag1, tag2))
         response.mustcontain('''<div class="node"><a href="/%s/compare/tag@%s...tag@%s#C--430ccbc82bdf">vcs/__init__.py</a></div>''' % (HG_REPO, tag1, tag2))
         response.mustcontain('''<div class="node"><a href="/%s/compare/tag@%s...tag@%s#C--9c390eb52cd6">vcs/backends/hg.py</a></div>''' % (HG_REPO, tag1, tag2))
         response.mustcontain('''<div class="node"><a href="/%s/compare/tag@%s...tag@%s#C--ebb592c595c0">vcs/utils/__init__.py</a></div>''' % (HG_REPO, tag1, tag2))
         response.mustcontain('''<div class="node"><a href="/%s/compare/tag@%s...tag@%s#C--7abc741b5052">vcs/utils/annotate.py</a></div>''' % (HG_REPO, tag1, tag2))
         response.mustcontain('''<div class="node"><a href="/%s/compare/tag@%s...tag@%s#C--2ef0ef106c56">vcs/utils/diffs.py</a></div>''' % (HG_REPO, tag1, tag2))
         response.mustcontain('''<div class="node"><a href="/%s/compare/tag@%s...tag@%s#C--3150cb87d4b7">vcs/utils/lazy.py</a></div>''' % (HG_REPO, tag1, tag2))
     def test_index_branch(self):
         self.log_user()
         response = self.app.get(url(controller='compare', action='index',
                                     repo_name=HG_REPO,
                                     org_ref_type="branch",
                                     org_ref='default',
                                     other_ref_type="branch",
                                     other_ref='default',
                                     ))
         response.mustcontain('%s@default -> %s@default' % (HG_REPO, HG_REPO))
         # branch are equal
         response.mustcontain('<tr><td>No changesets</td></tr>')
     def test_compare_revisions(self):
         self.log_user()
         rev1 = '3d8f361e72ab'
         rev2 = 'b986218ba1c9'
         response = self.app.get(url(controller='compare', action='index',
                                     repo_name=HG_REPO,
                                     org_ref_type="rev",
                                     org_ref=rev1,
                                     other_ref_type="rev",
                                     other_ref=rev2,
                                     ))
         response.mustcontain('%s@%s -> %s@%s' % (HG_REPO, rev1, HG_REPO, rev2))
         ## outgoing changesets between those revisions
         response.mustcontain("""<a href="/%s/changeset/3d8f361e72ab303da48d799ff1ac40d5ac37c67e">r1:%s</a>""" % (HG_REPO, rev1))
         ## files
         response.mustcontain("""<a href="/%s/compare/rev@%s...rev@%s#C--c8e92ef85cd1">.hgignore</a>""" % (HG_REPO, rev1, rev2))
     def test_compare_remote_repos(self):
         self.log_user()
         form_data = dict(
             repo_name=HG_FORK,
             repo_name_full=HG_FORK,
             repo_group=None,
             repo_type='hg',
             description='',
             private=False,
             copy_permissions=False,
             landing_rev='tip',
             update_after_clone=False,
             fork_parent_id=Repository.get_by_repo_name(HG_REPO),
+        )
         RepoModel().create_fork(form_data, cur_user=TEST_USER_ADMIN_LOGIN)
         Session().commit()
         rev1 = '7d4bc8ec6be5'
         rev2 = '56349e29c2af'
         response = self.app.get(url(controller='compare', action='index',
                                     repo_name=HG_REPO,
                                     org_ref_type="rev",
                                     org_ref=rev1,
                                     other_ref_type="rev",
                                     other_ref=rev2,
                                     repo=HG_FORK
                                     ))
         try:
             response.mustcontain('%s@%s -> %s@%s' % (HG_REPO, rev1, HG_FORK, rev2))
             ## outgoing changesets between those revisions
             response.mustcontain("""<a href="/%s/changeset/7d4bc8ec6be56c0f10425afb40b6fc315a4c25e7">r6:%s</a>""" % (HG_REPO, rev1))
             response.mustcontain("""<a href="/%s/changeset/6fff84722075f1607a30f436523403845f84cd9e">r5:6fff84722075</a>""" % (HG_REPO))
             response.mustcontain("""<a href="/%s/changeset/2dda4e345facb0ccff1a191052dd1606dba6781d">r4:2dda4e345fac</a>""" % (HG_REPO))
             ## files
             response.mustcontain("""<a href="/%s/compare/rev@%s...rev@%s#C--9c390eb52cd6">vcs/backends/hg.py</a>""" % (HG_REPO, rev1, rev2))
             response.mustcontain("""<a href="/%s/compare/rev@%s...rev@%s#C--41b41c1f2796">vcs/backends/__init__.py</a>""" % (HG_REPO, rev1, rev2))
             response.mustcontain("""<a href="/%s/compare/rev@%s...rev@%s#C--2f574d260608">vcs/backends/base.py</a>""" % (HG_REPO, rev1, rev2))
         finally:
             RepoModel().delete(HG_FORK)
     def test_compare_extra_commits(self):
         self.log_user()
         repo1 = RepoModel().create_repo(repo_name='one', repo_type='hg',
                                         description='diff-test',
                                         owner=TEST_USER_ADMIN_LOGIN)
         repo2 = RepoModel().create_repo(repo_name='one-fork', repo_type='hg',
                                         description='diff-test',
                                         owner=TEST_USER_ADMIN_LOGIN)
         Session().commit()
         r1_id = repo1.repo_id
         r1_name = repo1.repo_name
         r2_id = repo2.repo_id
         r2_name = repo2.repo_name
         #commit something !
         cs0 = ScmModel().create_node(
             repo=repo1.scm_instance, repo_name=r1_name,
             cs=EmptyChangeset(alias='hg'), user=TEST_USER_ADMIN_LOGIN,
             author=TEST_USER_ADMIN_LOGIN,
             message='commit1',
             content='line1',
             f_path='file1'
+        )
         cs0_prim = ScmModel().create_node(
             repo=repo2.scm_instance, repo_name=r2_name,
             cs=EmptyChangeset(alias='hg'), user=TEST_USER_ADMIN_LOGIN,
             author=TEST_USER_ADMIN_LOGIN,
             message='commit1',
             content='line1',
             f_path='file1'
+        )
         cs1 = ScmModel().commit_change(
             repo=repo2.scm_instance, repo_name=r2_name,
             cs=cs0_prim, user=TEST_USER_ADMIN_LOGIN, author=TEST_USER_ADMIN_LOGIN,
             message='commit2',
             content='line1\nline2',
             f_path='file1'
+        )
         rev1 = 'default'
         rev2 = 'default'
         response = self.app.get(url(controller='compare', action='index',
                                     repo_name=r2_name,
                                     org_ref_type="branch",
                                     org_ref=rev1,
                                     other_ref_type="branch",
                                     other_ref=rev2,
                                     repo=r1_name
                                     ))
         try:
             response.mustcontain('%s@%s -> %s@%s' % (r2_name, rev1, r1_name, rev2))
             response.mustcontain("""<div class="message">commit2</div>""")
             response.mustcontain("""<a href="/%s/changeset/%s">r1:%s</a>""" % (r2_name, cs1.raw_id, cs1.short_id))
             ## files
             response.mustcontain("""<a href="/%s/compare/branch@%s...branch@%s#C--826e8142e6ba">file1</a>""" % (r2_name, rev1, rev2))
         finally:
             RepoModel().delete(r1_id)
             RepoModel().delete(r2_id)
     def test_org_repo_new_commits_after_forking(self):
         self.log_user()
         repo1 = RepoModel().create_repo(repo_name='one', repo_type='hg',
                                         description='diff-test',
                                         owner=TEST_USER_ADMIN_LOGIN)
         Session().commit()
         r1_id = repo1.repo_id
         r1_name = repo1.repo_name
         #commit something initially !
         cs0 = ScmModel().create_node(
             repo=repo1.scm_instance, repo_name=r1_name,
             cs=EmptyChangeset(alias='hg'), user=TEST_USER_ADMIN_LOGIN,
             author=TEST_USER_ADMIN_LOGIN,
             message='commit1',
             content='line1',
             f_path='file1'
+        )
         Session().commit()
         self.assertEqual(repo1.scm_instance.revisions, [cs0.raw_id])
         #fork the repo1
         repo2 = RepoModel().create_repo(repo_name='one-fork', repo_type='hg',
                                 description='compare-test',
                                 clone_uri=repo1.repo_full_path,
                                 owner=TEST_USER_ADMIN_LOGIN, fork_of='one')
         Session().commit()
         self.assertEqual(repo2.scm_instance.revisions, [cs0.raw_id])
         r2_id = repo2.repo_id
         r2_name = repo2.repo_name
         #make 3 new commits in fork
         cs1 = ScmModel().create_node(
             repo=repo2.scm_instance, repo_name=r2_name,
             cs=repo2.scm_instance[-1], user=TEST_USER_ADMIN_LOGIN,
             author=TEST_USER_ADMIN_LOGIN,
             message='commit1-fork',
             content='file1-line1-from-fork',
             f_path='file1-fork'
+        )
         cs2 = ScmModel().create_node(
             repo=repo2.scm_instance, repo_name=r2_name,
             cs=cs1, user=TEST_USER_ADMIN_LOGIN,
             author=TEST_USER_ADMIN_LOGIN,
             message='commit2-fork',
             content='file2-line1-from-fork',
             f_path='file2-fork'
+        )
         cs3 = ScmModel().create_node(
             repo=repo2.scm_instance, repo_name=r2_name,
             cs=cs2, user=TEST_USER_ADMIN_LOGIN,
             author=TEST_USER_ADMIN_LOGIN,
             message='commit3-fork',
             content='file3-line1-from-fork',
             f_path='file3-fork'
+        )
         #compare !
         rev1 = 'default'
         rev2 = 'default'
         response = self.app.get(url(controller='compare', action='index',
                                     repo_name=r2_name,
                                     org_ref_type="branch",
                                     org_ref=rev1,
                                     other_ref_type="branch",
                                     other_ref=rev2,
                                     repo=r1_name
                                     ))
         try:
             response.mustcontain('%s@%s -> %s@%s' % (r2_name, rev1, r1_name, rev2))
             response.mustcontain("""file1-line1-from-fork""")
             response.mustcontain("""file2-line1-from-fork""")
             response.mustcontain("""file3-line1-from-fork""")
             #add new commit into parent !
             cs0 = ScmModel().create_node(
                 repo=repo1.scm_instance, repo_name=r1_name,
                 cs=EmptyChangeset(alias='hg'), user=TEST_USER_ADMIN_LOGIN,
                 author=TEST_USER_ADMIN_LOGIN,
                 message='commit2',
                 content='line1',
                 f_path='file2'
+            )
             #compare !
             rev1 = 'default'
             rev2 = 'default'
             response = self.app.get(url(controller='compare', action='index',
                                         repo_name=r2_name,
                                         org_ref_type="branch",
                                         org_ref=rev1,
                                         other_ref_type="branch",
                                         other_ref=rev2,
                                         repo=r1_name
                                         ))
             response.mustcontain('%s@%s -> %s@%s' % (r2_name, rev1, r1_name, rev2))
             response.mustcontain("""file1-line1-from-fork""")
             response.mustcontain("""file2-line1-from-fork""")
             response.mustcontain("""file3-line1-from-fork""")
         finally:
             RepoModel().delete(r2_id)
             RepoModel().delete(r1_id)

rhodecode/tests/models/common.py

➞

Show inline comments

@@ new file 100644 @@
 import os
 import unittest
 import functools
 from rhodecode.tests import *
 from rhodecode.model.repos_group import ReposGroupModel
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.db import RepoGroup, Repository, User
 from rhodecode.model.user import UserModel
 from rhodecode.lib.auth import AuthUser
 from rhodecode.model.meta import Session
 def _make_group(path, desc='desc', parent_id=None,
                  skip_if_exists=False):
     gr = RepoGroup.get_by_group_name(path)
     if gr and skip_if_exists:
         return gr
     if isinstance(parent_id, RepoGroup):
         parent_id = parent_id.group_id
     gr = ReposGroupModel().create(path, desc, parent_id)
     return gr
 def _make_repo(name, repos_group=None, repo_type='hg'):
     return RepoModel().create_repo(name, repo_type, 'desc',
                                    TEST_USER_ADMIN_LOGIN,
                                    repos_group=repos_group)
 def _destroy_project_tree(test_u1_id):
     Session.remove()
     repos_group = RepoGroup.get_by_group_name(group_name='g0')
     for el in reversed(repos_group.recursive_groups_and_repos()):
         if isinstance(el, Repository):
             RepoModel().delete(el)
         elif isinstance(el, RepoGroup):
             ReposGroupModel().delete(el, force_delete=True)
     u = User.get(test_u1_id)
     Session().delete(u)
     Session().commit()
 def _create_project_tree():
     """
     Creates a tree of groups and repositories to test permissions
     structure
      [g0] - group `g0` with 3 subgroups
+     |
      |__[g0_1] group g0_1 with 2 groups 0 repos
      |  |
      |  |__[g0_1_1] group g0_1_1 with 1 group 2 repos
      |  |   |__<g0/g0_1/g0_1_1/g0_1_1_r1>
      |  |   |__<g0/g0_1/g0_1_1/g0_1_1_r2>
      |  |__<g0/g0_1/g0_1_r1>
+     |
      |__[g0_2] 2 repos
      |  |
      |  |__<g0/g0_2/g0_2_r1>
      |  |__<g0/g0_2/g0_2_r2>
+     |
      |__[g0_3] 1 repo
+        |
         |_<g0/g0_3/g0_3_r1>
     """
     test_u1 = UserModel().create_or_update(
         username=u'test_u1', password=u'qweqwe',
         email=u'test_u1@rhodecode.org', firstname=u'test_u1', lastname=u'test_u1'
+    )
     g0 = _make_group('g0')
     g0_1 = _make_group('g0_1', parent_id=g0)
     g0_1_1 = _make_group('g0_1_1', parent_id=g0_1)
     g0_1_1_r1 = _make_repo('g0/g0_1/g0_1_1/g0_1_1_r1', repos_group=g0_1_1)
     g0_1_1_r2 = _make_repo('g0/g0_1/g0_1_1/g0_1_1_r2', repos_group=g0_1_1)
     g0_1_r1 = _make_repo('g0/g0_1/g0_1_r1', repos_group=g0_1)
     g0_2 = _make_group('g0_2', parent_id=g0)
     g0_2_r1 = _make_repo('g0/g0_2/g0_2_r1', repos_group=g0_2)
     g0_2_r2 = _make_repo('g0/g0_2/g0_2_r2', repos_group=g0_2)
     g0_3 = _make_group('g0_3', parent_id=g0)
     g0_3_r1 = _make_repo('g0/g0_3/g0_3_r1', repos_group=g0_3)
     return test_u1
 def expected_count(group_name, objects=False):
     repos_group = RepoGroup.get_by_group_name(group_name=group_name)
     objs = repos_group.recursive_groups_and_repos()
     if objects:
         return objs
     return len(objs)
 def _check_expected_count(items, repo_items, expected):
     should_be = len(items + repo_items)
     there_are = len(expected)
     assert  should_be == there_are, ('%s != %s' % ((items + repo_items), expected))
 def check_tree_perms(obj_name, repo_perm, prefix, expected_perm):
     assert repo_perm == expected_perm, ('obj:`%s` got perm:`%s` should:`%s`'
                                     % (obj_name, repo_perm, expected_perm))
 def _get_perms(filter_='', recursive=True, key=None, test_u1_id=None):
     test_u1 = AuthUser(user_id=test_u1_id)
     for k, v in test_u1.permissions[key].items():
         if recursive and k.startswith(filter_):
             yield k, v
         elif not recursive:
             if k == filter_:
                 yield k, v

rhodecode/tests/models/test_permissions.py

➞

Show inline comments

 import os
 import unittest
 from rhodecode.tests import *
+from rhodecode.tests.models.common import _make_group
 from rhodecode.model.repos_group import ReposGroupModel
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.db import RepoGroup, User, UsersGroupRepoGroupToPerm
 from rhodecode.model.user import UserModel
 from rhodecode.model.meta import Session
 from rhodecode.model.users_group import UsersGroupModel
 from rhodecode.lib.auth import AuthUser
 def _make_group(path, desc='desc', parent_id=None,
                  skip_if_exists=False):
     gr = RepoGroup.get_by_group_name(path)
     if gr and skip_if_exists:
         return gr
     gr = ReposGroupModel().create(path, desc, parent_id)
     return gr
 class TestPermissions(unittest.TestCase):
     def __init__(self, methodName='runTest'):
         super(TestPermissions, self).__init__(methodName=methodName)
     def setUp(self):
         self.u1 = UserModel().create_or_update(
             username=u'u1', password=u'qweqwe',
             email=u'u1@rhodecode.org', firstname=u'u1', lastname=u'u1'
+        )
         self.u2 = UserModel().create_or_update(
             username=u'u2', password=u'qweqwe',
             email=u'u2@rhodecode.org', firstname=u'u2', lastname=u'u2'
+        )
         self.u3 = UserModel().create_or_update(
             username=u'u3', password=u'qweqwe',
             email=u'u3@rhodecode.org', firstname=u'u3', lastname=u'u3'
+        )
         self.anon = User.get_by_username('default')
         self.a1 = UserModel().create_or_update(
             username=u'a1', password=u'qweqwe',
             email=u'a1@rhodecode.org', firstname=u'a1', lastname=u'a1', admin=True
+        )
         Session().commit()
     def tearDown(self):
         if hasattr(self, 'test_repo'):
             RepoModel().delete(repo=self.test_repo)
         UserModel().delete(self.u1)
         UserModel().delete(self.u2)
         UserModel().delete(self.u3)
         UserModel().delete(self.a1)
         if hasattr(self, 'g1'):
             ReposGroupModel().delete(self.g1.group_id)
         if hasattr(self, 'g2'):
             ReposGroupModel().delete(self.g2.group_id)
         if hasattr(self, 'ug1'):
             UsersGroupModel().delete(self.ug1, force=True)
         Session().commit()
     def test_default_perms_set(self):
         u1_auth = AuthUser(user_id=self.u1.user_id)
         perms = {
             'repositories_groups': {},
             'global': set([u'hg.create.repository', u'repository.read',
                            u'hg.register.manual_activate']),
             'repositories': {u'vcs_test_hg': u'repository.read'}
+        }
         self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
                          perms['repositories'][HG_REPO])
         new_perm = 'repository.write'
         RepoModel().grant_user_permission(repo=HG_REPO, user=self.u1,
                                           perm=new_perm)
         Session().commit()
         u1_auth = AuthUser(user_id=self.u1.user_id)
         self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
                          new_perm)
     def test_default_admin_perms_set(self):
         a1_auth = AuthUser(user_id=self.a1.user_id)
         perms = {
             'repositories_groups': {},
             'global': set([u'hg.admin']),
             'repositories': {u'vcs_test_hg': u'repository.admin'}
+        }
         self.assertEqual(a1_auth.permissions['repositories'][HG_REPO],
                          perms['repositories'][HG_REPO])
         new_perm = 'repository.write'
         RepoModel().grant_user_permission(repo=HG_REPO, user=self.a1,
                                           perm=new_perm)
         Session().commit()
         # cannot really downgrade admins permissions !? they still get's set as
         # admin !
         u1_auth = AuthUser(user_id=self.a1.user_id)
         self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
                          perms['repositories'][HG_REPO])
     def test_default_group_perms(self):
         self.g1 = _make_group('test1', skip_if_exists=True)
         self.g2 = _make_group('test2', skip_if_exists=True)
         u1_auth = AuthUser(user_id=self.u1.user_id)
         perms = {
             'repositories_groups': {u'test1': 'group.read', u'test2': 'group.read'},
             'global': set([u'hg.create.repository', u'repository.read', u'hg.register.manual_activate']),
             'repositories': {u'vcs_test_hg': u'repository.read'}
+        }
         self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
                          perms['repositories'][HG_REPO])
         self.assertEqual(u1_auth.permissions['repositories_groups'],
                          perms['repositories_groups'])
     def test_default_admin_group_perms(self):
         self.g1 = _make_group('test1', skip_if_exists=True)
         self.g2 = _make_group('test2', skip_if_exists=True)
         a1_auth = AuthUser(user_id=self.a1.user_id)
         perms = {
             'repositories_groups': {u'test1': 'group.admin', u'test2': 'group.admin'},
             'global': set(['hg.admin']),
             'repositories': {u'vcs_test_hg': 'repository.admin'}
+        }
         self.assertEqual(a1_auth.permissions['repositories'][HG_REPO],
                          perms['repositories'][HG_REPO])
         self.assertEqual(a1_auth.permissions['repositories_groups'],
                          perms['repositories_groups'])
     def test_propagated_permission_from_users_group_by_explicit_perms_exist(self):
         # make group
         self.ug1 = UsersGroupModel().create('G1')
         # add user to group
         UsersGroupModel().add_user_to_group(self.ug1, self.u1)
         # set permission to lower
         new_perm = 'repository.none'
         RepoModel().grant_user_permission(repo=HG_REPO, user=self.u1, perm=new_perm)
         Session().commit()
         u1_auth = AuthUser(user_id=self.u1.user_id)
         self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
                          new_perm)
         # grant perm for group this should not override permission from user
         # since it has explicitly set
         new_perm_gr = 'repository.write'
         RepoModel().grant_users_group_permission(repo=HG_REPO,
                                                  group_name=self.ug1,
                                                  perm=new_perm_gr)
         # check perms
         u1_auth = AuthUser(user_id=self.u1.user_id)
         perms = {
             'repositories_groups': {},
             'global': set([u'hg.create.repository', u'repository.read',
                            u'hg.register.manual_activate']),
             'repositories': {u'vcs_test_hg': u'repository.read'}
+        }
         self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
                          new_perm)
         self.assertEqual(u1_auth.permissions['repositories_groups'],
                          perms['repositories_groups'])
     def test_propagated_permission_from_users_group(self):
         # make group
         self.ug1 = UsersGroupModel().create('G1')
         # add user to group
         UsersGroupModel().add_user_to_group(self.ug1, self.u3)
         # grant perm for group this should override default permission from user
         new_perm_gr = 'repository.write'
         RepoModel().grant_users_group_permission(repo=HG_REPO,
                                                  group_name=self.ug1,
                                                  perm=new_perm_gr)
         # check perms
         u3_auth = AuthUser(user_id=self.u3.user_id)
         perms = {
             'repositories_groups': {},
             'global': set([u'hg.create.repository', u'repository.read',
                            u'hg.register.manual_activate']),
             'repositories': {u'vcs_test_hg': u'repository.read'}
+        }
         self.assertEqual(u3_auth.permissions['repositories'][HG_REPO],
                          new_perm_gr)
         self.assertEqual(u3_auth.permissions['repositories_groups'],
                          perms['repositories_groups'])
     def test_propagated_permission_from_users_group_lower_weight(self):
         # make group
         self.ug1 = UsersGroupModel().create('G1')
         # add user to group
         UsersGroupModel().add_user_to_group(self.ug1, self.u1)
         # set permission to lower
         new_perm_h = 'repository.write'
         RepoModel().grant_user_permission(repo=HG_REPO, user=self.u1,
                                           perm=new_perm_h)
         Session().commit()
         u1_auth = AuthUser(user_id=self.u1.user_id)
         self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
                          new_perm_h)
         # grant perm for group this should NOT override permission from user
         # since it's lower than granted
         new_perm_l = 'repository.read'
         RepoModel().grant_users_group_permission(repo=HG_REPO,
                                                  group_name=self.ug1,
                                                  perm=new_perm_l)
         # check perms
         u1_auth = AuthUser(user_id=self.u1.user_id)
         perms = {
             'repositories_groups': {},
             'global': set([u'hg.create.repository', u'repository.read',
                            u'hg.register.manual_activate']),
             'repositories': {u'vcs_test_hg': u'repository.write'}
+        }
         self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
                          new_perm_h)
         self.assertEqual(u1_auth.permissions['repositories_groups'],
                          perms['repositories_groups'])
     def test_repo_in_group_permissions(self):
         self.g1 = _make_group('group1', skip_if_exists=True)
         self.g2 = _make_group('group2', skip_if_exists=True)
         Session().commit()
         # both perms should be read !
         u1_auth = AuthUser(user_id=self.u1.user_id)
         self.assertEqual(u1_auth.permissions['repositories_groups'],
                          {u'group1': u'group.read', u'group2': u'group.read'})
         a1_auth = AuthUser(user_id=self.anon.user_id)
         self.assertEqual(a1_auth.permissions['repositories_groups'],
                  {u'group1': u'group.read', u'group2': u'group.read'})
         #Change perms to none for both groups
         ReposGroupModel().grant_user_permission(repos_group=self.g1,
                                                 user=self.anon,
                                                 perm='group.none')
         ReposGroupModel().grant_user_permission(repos_group=self.g2,
                                                 user=self.anon,
                                                 perm='group.none')
         u1_auth = AuthUser(user_id=self.u1.user_id)
         self.assertEqual(u1_auth.permissions['repositories_groups'],
                  {u'group1': u'group.none', u'group2': u'group.none'})
         a1_auth = AuthUser(user_id=self.anon.user_id)
         self.assertEqual(a1_auth.permissions['repositories_groups'],
                  {u'group1': u'group.none', u'group2': u'group.none'})
         # add repo to group
         name = RepoGroup.url_sep().join([self.g1.group_name, 'test_perm'])
         self.test_repo = RepoModel().create_repo(
             repo_name=name,
             repo_type='hg',
             description='',
             repos_group=self.g1,
             owner=self.u1,
+        )
         Session().commit()
         u1_auth = AuthUser(user_id=self.u1.user_id)
         self.assertEqual(u1_auth.permissions['repositories_groups'],
                  {u'group1': u'group.none', u'group2': u'group.none'})
         a1_auth = AuthUser(user_id=self.anon.user_id)
         self.assertEqual(a1_auth.permissions['repositories_groups'],
                  {u'group1': u'group.none', u'group2': u'group.none'})
         #grant permission for u2 !
         ReposGroupModel().grant_user_permission(repos_group=self.g1,
                                                 user=self.u2,
                                                 perm='group.read')
         ReposGroupModel().grant_user_permission(repos_group=self.g2,
                                                 user=self.u2,
                                                 perm='group.read')
         Session().commit()
         self.assertNotEqual(self.u1, self.u2)
         #u1 and anon should have not change perms while u2 should !
         u1_auth = AuthUser(user_id=self.u1.user_id)
         self.assertEqual(u1_auth.permissions['repositories_groups'],
                  {u'group1': u'group.none', u'group2': u'group.none'})
         u2_auth = AuthUser(user_id=self.u2.user_id)
         self.assertEqual(u2_auth.permissions['repositories_groups'],
                  {u'group1': u'group.read', u'group2': u'group.read'})
         a1_auth = AuthUser(user_id=self.anon.user_id)
         self.assertEqual(a1_auth.permissions['repositories_groups'],
                  {u'group1': u'group.none', u'group2': u'group.none'})
     def test_repo_group_user_as_user_group_member(self):
         # create Group1
         self.g1 = _make_group('group1', skip_if_exists=True)
         Session().commit()
         a1_auth = AuthUser(user_id=self.anon.user_id)
         self.assertEqual(a1_auth.permissions['repositories_groups'],
                          {u'group1': u'group.read'})
         # set default permission to none
         ReposGroupModel().grant_user_permission(repos_group=self.g1,
                                                 user=self.anon,
                                                 perm='group.none')
         # make group
         self.ug1 = UsersGroupModel().create('G1')
         # add user to group
         UsersGroupModel().add_user_to_group(self.ug1, self.u1)
         Session().commit()
         # check if user is in the group
         membrs = [x.user_id for x in UsersGroupModel().get(self.ug1.users_group_id).members]
         self.assertEqual(membrs, [self.u1.user_id])
         # add some user to that group
         # check his permissions
         a1_auth = AuthUser(user_id=self.anon.user_id)
         self.assertEqual(a1_auth.permissions['repositories_groups'],
                          {u'group1': u'group.none'})
         u1_auth = AuthUser(user_id=self.u1.user_id)
         self.assertEqual(u1_auth.permissions['repositories_groups'],
                          {u'group1': u'group.none'})
         # grant ug1 read permissions for
         ReposGroupModel().grant_users_group_permission(repos_group=self.g1,
                                                        group_name=self.ug1,
                                                        perm='group.read')
         Session().commit()
         # check if the
         obj = Session().query(UsersGroupRepoGroupToPerm)\
             .filter(UsersGroupRepoGroupToPerm.group == self.g1)\
             .filter(UsersGroupRepoGroupToPerm.users_group == self.ug1)\
             .scalar()
         self.assertEqual(obj.permission.permission_name, 'group.read')
         a1_auth = AuthUser(user_id=self.anon.user_id)
         self.assertEqual(a1_auth.permissions['repositories_groups'],
                          {u'group1': u'group.none'})
         u1_auth = AuthUser(user_id=self.u1.user_id)
         self.assertEqual(u1_auth.permissions['repositories_groups'],
                          {u'group1': u'group.read'})
     def test_inherited_permissions_from_default_on_user_enabled(self):
         user_model = UserModel()
         # enable fork and create on default user
         usr = 'default'
         user_model.revoke_perm(usr, 'hg.create.none')
         user_model.grant_perm(usr, 'hg.create.repository')
         user_model.revoke_perm(usr, 'hg.fork.none')
         user_model.grant_perm(usr, 'hg.fork.repository')
         # make sure inherit flag is turned on
         self.u1.inherit_default_permissions = True
         Session().commit()
         u1_auth = AuthUser(user_id=self.u1.user_id)
         # this user will have inherited permissions from default user
         self.assertEqual(u1_auth.permissions['global'],
                          set(['hg.create.repository', 'hg.fork.repository',
                               'hg.register.manual_activate',
                               'repository.read']))
     def test_inherited_permissions_from_default_on_user_disabled(self):
         user_model = UserModel()
         # disable fork and create on default user
         usr = 'default'
         user_model.revoke_perm(usr, 'hg.create.repository')
         user_model.grant_perm(usr, 'hg.create.none')
         user_model.revoke_perm(usr, 'hg.fork.repository')
         user_model.grant_perm(usr, 'hg.fork.none')
         # make sure inherit flag is turned on
         self.u1.inherit_default_permissions = True
         Session().commit()
         u1_auth = AuthUser(user_id=self.u1.user_id)
         # this user will have inherited permissions from default user
         self.assertEqual(u1_auth.permissions['global'],
                          set(['hg.create.none', 'hg.fork.none',
                               'hg.register.manual_activate',
                               'repository.read']))
     def test_non_inherited_permissions_from_default_on_user_enabled(self):
         user_model = UserModel()
         # enable fork and create on default user
         usr = 'default'
         user_model.revoke_perm(usr, 'hg.create.none')
         user_model.grant_perm(usr, 'hg.create.repository')
         user_model.revoke_perm(usr, 'hg.fork.none')
         user_model.grant_perm(usr, 'hg.fork.repository')
         #disable global perms on specific user
         user_model.revoke_perm(self.u1, 'hg.create.repository')
         user_model.grant_perm(self.u1, 'hg.create.none')
         user_model.revoke_perm(self.u1, 'hg.fork.repository')
         user_model.grant_perm(self.u1, 'hg.fork.none')
         # make sure inherit flag is turned off
         self.u1.inherit_default_permissions = False
         Session().commit()
         u1_auth = AuthUser(user_id=self.u1.user_id)
         # this user will have non inherited permissions from he's
         # explicitly set permissions
         self.assertEqual(u1_auth.permissions['global'],

rhodecode/tests/models/test_repos_groups.py

➞

Show inline comments

 import os
 import unittest
 from rhodecode.tests import *
 from rhodecode.model.repos_group import ReposGroupModel
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.db import RepoGroup, User
+from rhodecode.model.db import RepoGroup, User, Repository
 from rhodecode.model.meta import Session
 from sqlalchemy.exc import IntegrityError
 def _make_group(path, desc='desc', parent_id=None,
                  skip_if_exists=False):
     gr = RepoGroup.get_by_group_name(path)
     if gr and skip_if_exists:
         return gr
     if isinstance(parent_id, RepoGroup):
         parent_id = parent_id.group_id
     gr = ReposGroupModel().create(path, desc, parent_id)
     return gr
 class TestReposGroups(unittest.TestCase):
     def setUp(self):
         self.g1 = _make_group('test1', skip_if_exists=True)
         Session().commit()
         self.g2 = _make_group('test2', skip_if_exists=True)
         Session().commit()
         self.g3 = _make_group('test3', skip_if_exists=True)
         Session().commit()
     def tearDown(self):
         print 'out'
     def __check_path(self, *path):
         """
         Checks the path for existance !
         """
         path = [TESTS_TMP_PATH] + list(path)
         path = os.path.join(*path)
         return os.path.isdir(path)
     def _check_folders(self):
         print os.listdir(TESTS_TMP_PATH)
     def __delete_group(self, id_):
         ReposGroupModel().delete(id_)
     def __update_group(self, id_, path, desc='desc', parent_id=None):
         form_data = dict(
             group_name=path,
             group_description=desc,
             group_parent_id=parent_id,
             perms_updates=[],
             perms_new=[],
             enable_locking=False
             enable_locking=False,
             recursive=False
+        )
         gr = ReposGroupModel().update(id_, form_data)
         return gr
     def test_create_group(self):
         g = _make_group('newGroup')
         self.assertEqual(g.full_path, 'newGroup')
         self.assertTrue(self.__check_path('newGroup'))
     def test_create_same_name_group(self):
         self.assertRaises(IntegrityError, lambda: _make_group('newGroup'))
         Session().rollback()
     def test_same_subgroup(self):
         sg1 = _make_group('sub1', parent_id=self.g1.group_id)
         self.assertEqual(sg1.parent_group, self.g1)
         self.assertEqual(sg1.full_path, 'test1/sub1')
         self.assertTrue(self.__check_path('test1', 'sub1'))
         ssg1 = _make_group('subsub1', parent_id=sg1.group_id)
         self.assertEqual(ssg1.parent_group, sg1)
         self.assertEqual(ssg1.full_path, 'test1/sub1/subsub1')
         self.assertTrue(self.__check_path('test1', 'sub1', 'subsub1'))
     def test_remove_group(self):
         sg1 = _make_group('deleteme')
         self.__delete_group(sg1.group_id)
         self.assertEqual(RepoGroup.get(sg1.group_id), None)
         self.assertFalse(self.__check_path('deteteme'))
         sg1 = _make_group('deleteme', parent_id=self.g1.group_id)
         self.__delete_group(sg1.group_id)
         self.assertEqual(RepoGroup.get(sg1.group_id), None)
         self.assertFalse(self.__check_path('test1', 'deteteme'))
     def test_rename_single_group(self):
         sg1 = _make_group('initial')
         new_sg1 = self.__update_group(sg1.group_id, 'after')
         self.assertTrue(self.__check_path('after'))
         self.assertEqual(RepoGroup.get_by_group_name('initial'), None)
     def test_update_group_parent(self):
         sg1 = _make_group('initial', parent_id=self.g1.group_id)
         new_sg1 = self.__update_group(sg1.group_id, 'after', parent_id=self.g1.group_id)
         self.assertTrue(self.__check_path('test1', 'after'))
         self.assertEqual(RepoGroup.get_by_group_name('test1/initial'), None)
         new_sg1 = self.__update_group(sg1.group_id, 'after', parent_id=self.g3.group_id)
         self.assertTrue(self.__check_path('test3', 'after'))
         self.assertEqual(RepoGroup.get_by_group_name('test3/initial'), None)
         new_sg1 = self.__update_group(sg1.group_id, 'hello')
         self.assertTrue(self.__check_path('hello'))
         self.assertEqual(RepoGroup.get_by_group_name('hello'), new_sg1)
     def test_subgrouping_with_repo(self):
         g1 = _make_group('g1')
         g2 = _make_group('g2')
         # create new repo
         form_data = dict(repo_name='john',
                          repo_name_full='john',
                          fork_name=None,
                          description=None,
                          repo_group=None,
                          private=False,
                          repo_type='hg',
                          clone_uri=None,
                          landing_rev='tip',
                          enable_locking=False)
                          enable_locking=False,
                          recursive=False)
         cur_user = User.get_by_username(TEST_USER_ADMIN_LOGIN)
         r = RepoModel().create(form_data, cur_user)
         self.assertEqual(r.repo_name, 'john')
         # put repo into group
         form_data = form_data
         form_data['repo_group'] = g1.group_id
         form_data['perms_new'] = []
         form_data['perms_updates'] = []
         RepoModel().update(r.repo_name, form_data)
         self.assertEqual(r.repo_name, 'g1/john')
         self.__update_group(g1.group_id, 'g1', parent_id=g2.group_id)
         self.assertTrue(self.__check_path('g2', 'g1'))
         # test repo
         self.assertEqual(r.repo_name, RepoGroup.url_sep().join(['g2', 'g1',
                                                                 r.just_name]))
     def test_move_to_root(self):
         g1 = _make_group('t11')
         Session().commit()
         g2 = _make_group('t22', parent_id=g1.group_id)
         Session().commit()
         self.assertEqual(g2.full_path, 't11/t22')
         self.assertTrue(self.__check_path('t11', 't22'))
         g2 = self.__update_group(g2.group_id, 'g22', parent_id=None)
         Session().commit()
         self.assertEqual(g2.group_name, 'g22')
         # we moved out group from t1 to '' so it's full path should be 'g2'
         self.assertEqual(g2.full_path, 'g22')
         self.assertFalse(self.__check_path('t11', 't22'))
         self.assertTrue(self.__check_path('g22'))

rhodecode/tests/models/test_user_permissions_on_groups.py

➞

Show inline comments

@@ new file 100644 @@
 import os
 import unittest
 import functools
 from rhodecode.tests import *
 from rhodecode.model.repos_group import ReposGroupModel
 from rhodecode.model.db import RepoGroup, Repository, User
 from rhodecode.model.meta import Session
 from nose.tools import with_setup
 from rhodecode.tests.models.common import _create_project_tree, check_tree_perms, \
     _get_perms, _check_expected_count, expected_count, _destroy_project_tree
 from rhodecode.model.repo import RepoModel
 test_u1_id = None
 _get_repo_perms = None
 _get_group_perms = None
 def permissions_setup_func(group_name='g0', perm='group.read', recursive=True):
     """
     Resets all permissions to perm attribute
     """
     repos_group = RepoGroup.get_by_group_name(group_name=group_name)
     if not repos_group:
         raise Exception('Cannot get group %s' % group_name)
     perms_updates = [[test_u1_id, perm, 'user']]
     ReposGroupModel()._update_permissions(repos_group,
                                           perms_updates=perms_updates,
                                           recursive=recursive)
     Session().commit()
 def setup_module():
     global test_u1_id, _get_repo_perms, _get_group_perms
     test_u1 = _create_project_tree()
     Session().commit()
     test_u1_id = test_u1.user_id
     _get_repo_perms = functools.partial(_get_perms, key='repositories',
                                         test_u1_id=test_u1_id)
     _get_group_perms = functools.partial(_get_perms, key='repositories_groups',
                                          test_u1_id=test_u1_id)
 def teardown_module():
     _destroy_project_tree(test_u1_id)
 @with_setup(permissions_setup_func)
 def test_user_permissions_on_group_without_recursive_mode():
     # set permission to g0 non-recursive mode
     recursive = False
     group = 'g0'
     permissions_setup_func(group, 'group.write', recursive=recursive)
     items = [x for x in _get_repo_perms(group, recursive)]
     expected = 0
     assert len(items) == expected, ' %s != %s' % (len(items), expected)
     for name, perm in items:
         yield check_tree_perms, name, perm, group, 'repository.read'
     items = [x for x in _get_group_perms(group, recursive)]
     expected = 1
     assert len(items) == expected, ' %s != %s' % (len(items), expected)
     for name, perm in items:
         yield check_tree_perms, name, perm, group, 'group.write'
 @with_setup(permissions_setup_func)
 def test_user_permissions_on_group_without_recursive_mode_subgroup():
     # set permission to g0 non-recursive mode
     recursive = False
     group = 'g0/g0_1'
     permissions_setup_func(group, 'group.write', recursive=recursive)
     items = [x for x in _get_repo_perms(group, recursive)]
     expected = 0
     assert len(items) == expected, ' %s != %s' % (len(items), expected)
     for name, perm in items:
         yield check_tree_perms, name, perm, group, 'repository.read'
     items = [x for x in _get_group_perms(group, recursive)]
     expected = 1
     assert len(items) == expected, ' %s != %s' % (len(items), expected)
     for name, perm in items:
         yield check_tree_perms, name, perm, group, 'group.write'
 @with_setup(permissions_setup_func)
 def test_user_permissions_on_group_with_recursive_mode():
     # set permission to g0 recursive mode, all children including
     # other repos and groups should have this permission now set !
     recursive = True
     group = 'g0'
     permissions_setup_func(group, 'group.write', recursive=recursive)
     repo_items = [x for x in _get_repo_perms(group, recursive)]
     items = [x for x in _get_group_perms(group, recursive)]
     _check_expected_count(items, repo_items, expected_count(group, True))
     for name, perm in repo_items:
         yield check_tree_perms, name, perm, group, 'repository.write'
     for name, perm in items:
         yield check_tree_perms, name, perm, group, 'group.write'
 @with_setup(permissions_setup_func)
 def test_user_permissions_on_group_with_recursive_mode_inner_group():
     ## set permission to g0_3 group to none
     recursive = True
     group = 'g0/g0_3'
     permissions_setup_func(group, 'group.none', recursive=recursive)
     repo_items = [x for x in _get_repo_perms(group, recursive)]
     items = [x for x in _get_group_perms(group, recursive)]
     _check_expected_count(items, repo_items, expected_count(group, True))
     for name, perm in repo_items:
         yield check_tree_perms, name, perm, group, 'repository.none'
     for name, perm in items:
         yield check_tree_perms, name, perm, group, 'group.none'
 @with_setup(permissions_setup_func)
 def test_user_permissions_on_group_with_recursive_mode_deepest():
     ## set permission to g0_3 group to none
     recursive = True
     group = 'g0/g0_1/g0_1_1'
     permissions_setup_func(group, 'group.write', recursive=recursive)
     repo_items = [x for x in _get_repo_perms(group, recursive)]
     items = [x for x in _get_group_perms(group, recursive)]
     _check_expected_count(items, repo_items, expected_count(group, True))
     for name, perm in repo_items:
         yield check_tree_perms, name, perm, group, 'repository.write'
     for name, perm in items:
         yield check_tree_perms, name, perm, group, 'group.write'
 @with_setup(permissions_setup_func)
 def test_user_permissions_on_group_with_recursive_mode_only_with_repos():
     ## set permission to g0_3 group to none
     recursive = True
     group = 'g0/g0_2'
     permissions_setup_func(group, 'group.admin', recursive=recursive)
     repo_items = [x for x in _get_repo_perms(group, recursive)]
     items = [x for x in _get_group_perms(group, recursive)]
     _check_expected_count(items, repo_items, expected_count(group, True))
     for name, perm in repo_items:
         yield check_tree_perms, name, perm, group, 'repository.admin'
     for name, perm in items:
         yield check_tree_perms, name, perm, group, 'group.admin'

rhodecode/tests/models/test_users_group_permissions_on_groups.py

➞

Show inline comments

@@ new file 100644 @@
 import os
 import unittest
 import functools
 from rhodecode.tests import *
 from rhodecode.model.repos_group import ReposGroupModel
 from rhodecode.model.db import RepoGroup, Repository, User
 from rhodecode.model.meta import Session
 from nose.tools import with_setup
 from rhodecode.tests.models.common import _create_project_tree, check_tree_perms, \
     _get_perms, _check_expected_count, expected_count, _destroy_project_tree
 from rhodecode.model.users_group import UsersGroupModel
 from rhodecode.model.repo import RepoModel
 test_u2_id = None
 test_u2_gr_id = None
 _get_repo_perms = None
 _get_group_perms = None
 def permissions_setup_func(group_name='g0', perm='group.read', recursive=True):
     """
     Resets all permissions to perm attribute
     """
     repos_group = RepoGroup.get_by_group_name(group_name=group_name)
     if not repos_group:
         raise Exception('Cannot get group %s' % group_name)
     perms_updates = [[test_u2_gr_id, perm, 'users_group']]
     ReposGroupModel()._update_permissions(repos_group,
                                           perms_updates=perms_updates,
                                           recursive=recursive)
     Session().commit()
 def setup_module():
     global test_u2_id, test_u2_gr_id, _get_repo_perms, _get_group_perms
     test_u2 = _create_project_tree()
     Session().commit()
     test_u2_id = test_u2.user_id
     gr1 = UsersGroupModel().create(name='perms_group_1')
     Session().commit()
     test_u2_gr_id = gr1.users_group_id
     UsersGroupModel().add_user_to_group(gr1, user=test_u2_id)
     Session().commit()
     _get_repo_perms = functools.partial(_get_perms, key='repositories',
                                         test_u1_id=test_u2_id)
     _get_group_perms = functools.partial(_get_perms, key='repositories_groups',
                                          test_u1_id=test_u2_id)
 def teardown_module():
     _destroy_project_tree(test_u2_id)
 @with_setup(permissions_setup_func)
 def test_user_permissions_on_group_without_recursive_mode():
     # set permission to g0 non-recursive mode
     recursive = False
     group = 'g0'
     permissions_setup_func(group, 'group.write', recursive=recursive)
     items = [x for x in _get_repo_perms(group, recursive)]
     expected = 0
     assert len(items) == expected, ' %s != %s' % (len(items), expected)
     for name, perm in items:
         yield check_tree_perms, name, perm, group, 'repository.read'
     items = [x for x in _get_group_perms(group, recursive)]
     expected = 1
     assert len(items) == expected, ' %s != %s' % (len(items), expected)
     for name, perm in items:
         yield check_tree_perms, name, perm, group, 'group.write'
 @with_setup(permissions_setup_func)
 def test_user_permissions_on_group_without_recursive_mode_subgroup():
     # set permission to g0 non-recursive mode
     recursive = False
     group = 'g0/g0_1'
     permissions_setup_func(group, 'group.write', recursive=recursive)
     items = [x for x in _get_repo_perms(group, recursive)]
     expected = 0
     assert len(items) == expected, ' %s != %s' % (len(items), expected)
     for name, perm in items:
         yield check_tree_perms, name, perm, group, 'repository.read'
     items = [x for x in _get_group_perms(group, recursive)]
     expected = 1
     assert len(items) == expected, ' %s != %s' % (len(items), expected)
     for name, perm in items:
         yield check_tree_perms, name, perm, group, 'group.write'
 @with_setup(permissions_setup_func)
 def test_user_permissions_on_group_with_recursive_mode():
     # set permission to g0 recursive mode, all children including
     # other repos and groups should have this permission now set !
     recursive = True
     group = 'g0'
     permissions_setup_func(group, 'group.write', recursive=recursive)
     repo_items = [x for x in _get_repo_perms(group, recursive)]
     items = [x for x in _get_group_perms(group, recursive)]
     _check_expected_count(items, repo_items, expected_count(group, True))
     for name, perm in repo_items:
         yield check_tree_perms, name, perm, group, 'repository.write'
     for name, perm in items:
         yield check_tree_perms, name, perm, group, 'group.write'
 @with_setup(permissions_setup_func)
 def test_user_permissions_on_group_with_recursive_mode_inner_group():
     ## set permission to g0_3 group to none
     recursive = True
     group = 'g0/g0_3'
     permissions_setup_func(group, 'group.none', recursive=recursive)
     repo_items = [x for x in _get_repo_perms(group, recursive)]
     items = [x for x in _get_group_perms(group, recursive)]
     _check_expected_count(items, repo_items, expected_count(group, True))
     for name, perm in repo_items:
         yield check_tree_perms, name, perm, group, 'repository.none'
     for name, perm in items:
         yield check_tree_perms, name, perm, group, 'group.none'
 @with_setup(permissions_setup_func)
 def test_user_permissions_on_group_with_recursive_mode_deepest():
     ## set permission to g0_3 group to none
     recursive = True
     group = 'g0/g0_1/g0_1_1'
     permissions_setup_func(group, 'group.write', recursive=recursive)
     repo_items = [x for x in _get_repo_perms(group, recursive)]
     items = [x for x in _get_group_perms(group, recursive)]
     _check_expected_count(items, repo_items, expected_count(group, True))
     for name, perm in repo_items:
         yield check_tree_perms, name, perm, group, 'repository.write'
     for name, perm in items:
         yield check_tree_perms, name, perm, group, 'group.write'
 @with_setup(permissions_setup_func)
 def test_user_permissions_on_group_with_recursive_mode_only_with_repos():
     ## set permission to g0_3 group to none
     recursive = True
     group = 'g0/g0_2'
     permissions_setup_func(group, 'group.admin', recursive=recursive)
     repo_items = [x for x in _get_repo_perms(group, recursive)]
     items = [x for x in _get_group_perms(group, recursive)]
     _check_expected_count(items, repo_items, expected_count(group, True))
     for name, perm in repo_items:
         yield check_tree_perms, name, perm, group, 'repository.admin'
     for name, perm in items:
         yield check_tree_perms, name, perm, group, 'group.admin'

0 comments (0 inline, 0 general)