Changeset - d4b6c8541bd9
Parent rev.
Child rev.
[Not reviewed]
beta
0 2 0
Marcin Kuzminski - 14 years ago 2012-03-01 00:01:22
marcin@python-works.com
fixes issue when user tried to resubmit same permission into user/user_groups
2 files changed with 19 insertions and 2 deletions:
rhodecode/model/user.py
11
2
rhodecode/model/users_group.py
8
0 comments (0 inline, 0 general)
rhodecode/model/user.py
Show inline comments
 
@@ -438,115 +438,124 @@ class UserModel(BaseModel):
 
                    .options(joinedload(UserToPerm.permission))\
 
                    .filter(UserToPerm.user_id == uid).all()
 

			




	
	
	
		
 
            for perm in user_perms:

			




	
	
	
		
 
                user.permissions[GLOBAL].add(perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
            # user repositories

			




	
	
	
		
 
            user_repo_perms = \

			




	
	
	
		
 
             self.sa.query(UserRepoToPerm, Permission, Repository)\

			




	
	
	
		
 
             .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\

			




	
	
	
		
 
             .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\

			




	
	
	
		
 
             .filter(UserRepoToPerm.user_id == uid)\

			




	
	
	
		
 
             .all()

			




	
	
	
		
 

			




	
	
	
		
 
            for perm in user_repo_perms:

			




	
	
	
		
 
                # set admin if owner

			




	
	
	
		
 
                r_k = perm.UserRepoToPerm.repository.repo_name

			




	
	
	
		
 
                if perm.Repository.user_id == uid:

			




	
	
	
		
 
                    p = 'repository.admin'

			




	
	
	
		
 
                else:

			




	
	
	
		
 
                    p = perm.Permission.permission_name

			




	
	
	
		
 
                user.permissions[RK][r_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
            #==================================================================

			




	
	
	
		
 
            # check if user is part of groups for this repository and fill in

			




	
	
	
		
 
            # (or replace with higher) permissions

			




	
	
	
		
 
            #==================================================================

			




	
	
	
		
 

			




	
	
	
		
 
            # users group global

			




	
	
	
		
 
            user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\

			




	
	
	
		
 
                .options(joinedload(UsersGroupToPerm.permission))\

			




	
	
	
		
 
                .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==

			




	
	
	
		
 
                       UsersGroupMember.users_group_id))\

			




	
	
	
		
 
                .filter(UsersGroupMember.user_id == uid).all()

			




	
	
	
		
 

			




	
	
	
		
 
            for perm in user_perms_from_users_groups:

			




	
	
	
		
 
                user.permissions[GLOBAL].add(perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
            # users group repositories

			




	
	
	
		
 
            user_repo_perms_from_users_groups = \

			




	
	
	
		
 
             self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\

			




	
	
	
		
 
             .join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\

			




	
	
	
		
 
             .join((Permission, UsersGroupRepoToPerm.permission_id == Permission.permission_id))\

			




	
	
	
		
 
             .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == UsersGroupMember.users_group_id))\

			




	
	
	
		
 
             .filter(UsersGroupMember.user_id == uid)\

			




	
	
	
		
 
             .all()

			




	
	
	
		
 

			




	
	
	
		
 
            for perm in user_repo_perms_from_users_groups:

			




	
	
	
		
 
                r_k = perm.UsersGroupRepoToPerm.repository.repo_name

			




	
	
	
		
 
                p = perm.Permission.permission_name

			




	
	
	
		
 
                cur_perm = user.permissions[RK][r_k]

			




	
	
	
		
 
                # overwrite permission only if it's greater than permission

			




	
	
	
		
 
                # given from other sources

			




	
	
	
		
 
                if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:

			




	
	
	
		
 
                    user.permissions[RK][r_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
            #==================================================================

			




	
	
	
		
 
            # get access for this user for repos group and override defaults

			




	
	
	
		
 
            #==================================================================

			




	
	
	
		
 

			




	
	
	
		
 
            # user repositories groups

			




	
	
	
		
 
            user_repo_groups_perms = \

			




	
	
	
		
 
             self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\

			




	
	
	
		
 
             .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\

			




	
	
	
		
 
             .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\

			




	
	
	
		
 
             .filter(UserRepoToPerm.user_id == uid)\

			




	
	
	
		
 
             .all()

			




	
	
	
		
 

			




	
	
	
		
 
            for perm in user_repo_groups_perms:

			




	
	
	
		
 
                rg_k = perm.UserRepoGroupToPerm.group.group_name

			




	
	
	
		
 
                p = perm.Permission.permission_name

			




	
	
	
		
 
                cur_perm = user.permissions[GK][rg_k]

			




	
	
	
		
 
                if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:

			




	
	
	
		
 
                    user.permissions[GK][rg_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
        return user

			




	
	
	
		
 

			




	
	
	
		
 
    def has_perm(self, user, perm):

			




	
	
	
		
 
        if not isinstance(perm, Permission):

			




	
	
	
		
 
            raise Exception('perm needs to be an instance of Permission class '

			




	
	
	
		
 
                            'got %s instead' % type(perm))

			




	
	
	
		
 

			




	
	
	
		
 
        user = self.__get_user(user)

			




	
	
	
		
 

			




	
	
	
		
 
        return UserToPerm.query().filter(UserToPerm.user == user)\

			




	
	
	
		
 
            .filter(UserToPerm.permission == perm).scalar() is not None

			




	
	
	
		
 

			




	
	
	
		
 
    def grant_perm(self, user, perm):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Grant user global permissions

			




	
	
	
		
 

			




	
	
	
		
 
        :param user:

			




	
	
	
		
 
        :param perm:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        user = self.__get_user(user)

			




	
	
	
		
 
        perm = self.__get_perm(perm)

			




	
	
	
		
 
        # if this permission is already granted skip it

			




	
	
	
		
 
        _perm = UserToPerm.query()\

			




	
	
	
		
 
            .filter(UserToPerm.user == user)\

			




	
	
	
		
 
            .filter(UserToPerm.permission == perm)\

			




	
	
	
		
 
            .scalar()

			




	
	
	
		
 
        if _perm:

			




	
	
	
		
 
            return

			




	
	
	
		
 
        new = UserToPerm()

			




	
	
	
		
 
        new.user = user

			




	
	
	
		
 
        new.permission = perm

			




	
	
	
		
 
        self.sa.add(new)

			




	
	
	
		
 

			




	
	
	
		
 
    def revoke_perm(self, user, perm):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Revoke users global permissions

			




	
	
	
		
 

			




	
	
	
		
 
        :param user:

			




	
	
	
		
 
        :param perm:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        user = self.__get_user(user)

			




	
	
	
		
 
        perm = self.__get_perm(perm)

			




	
	
	
		
 

			




	
	
	
		
 
        obj = UserToPerm.query().filter(UserToPerm.user == user)\

			




	
	
	
		
 
                .filter(UserToPerm.permission == perm).scalar()

			




	
	
	
		
 
        obj = UserToPerm.query()\

			




	
	
	
		
 
                .filter(UserToPerm.user == user)\

			




	
	
	
		
 
                .filter(UserToPerm.permission == perm)\

			




	
	
	
		
 
                .scalar()

			




	
	
	
		
 
        if obj:

			




	
	
	
		
 
            self.sa.delete(obj)

			




        

    


    
    

    

        

                

                    rhodecode/model/users_group.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -79,110 +79,118 @@ class UsersGroupModel(BaseModel):

			




	
	
	
		
 
                        v = [v] if isinstance(v, basestring) else v

			




	
	
	
		
 
                        for u_id in set(v):

			




	
	
	
		
 
                            member = UsersGroupMember(users_group.users_group_id, u_id)

			




	
	
	
		
 
                            members_list.append(member)

			




	
	
	
		
 
                    setattr(users_group, 'members', members_list)

			




	
	
	
		
 
                setattr(users_group, k, v)

			




	
	
	
		
 

			




	
	
	
		
 
            self.sa.add(users_group)

			




	
	
	
		
 
        except:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def delete(self, users_group, force=False):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Deletes repos group, unless force flag is used

			




	
	
	
		
 
        raises exception if there are members in that group, else deletes

			




	
	
	
		
 
        group and users

			




	
	
	
		
 

			




	
	
	
		
 
        :param users_group:

			




	
	
	
		
 
        :param force:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            users_group = self.__get_users_group(users_group)

			




	
	
	
		
 

			




	
	
	
		
 
            # check if this group is not assigned to repo

			




	
	
	
		
 
            assigned_groups = UsersGroupRepoToPerm.query()\

			




	
	
	
		
 
                .filter(UsersGroupRepoToPerm.users_group == users_group).all()

			




	
	
	
		
 

			




	
	
	
		
 
            if assigned_groups and force is False:

			




	
	
	
		
 
                raise UsersGroupsAssignedException('RepoGroup assigned to %s' %

			




	
	
	
		
 
                                                   assigned_groups)

			




	
	
	
		
 

			




	
	
	
		
 
            self.sa.delete(users_group)

			




	
	
	
		
 
        except:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def add_user_to_group(self, users_group, user):

			




	
	
	
		
 
        users_group = self.__get_users_group(users_group)

			




	
	
	
		
 
        user = self.__get_user(user)

			




	
	
	
		
 

			




	
	
	
		
 
        for m in users_group.members:

			




	
	
	
		
 
            u = m.user

			




	
	
	
		
 
            if u.user_id == user.user_id:

			




	
	
	
		
 
                return True

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            users_group_member = UsersGroupMember()

			




	
	
	
		
 
            users_group_member.user = user

			




	
	
	
		
 
            users_group_member.users_group = users_group

			




	
	
	
		
 

			




	
	
	
		
 
            users_group.members.append(users_group_member)

			




	
	
	
		
 
            user.group_member.append(users_group_member)

			




	
	
	
		
 

			




	
	
	
		
 
            self.sa.add(users_group_member)

			




	
	
	
		
 
            return users_group_member

			




	
	
	
		
 
        except:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def remove_user_from_group(self, users_group, user):

			




	
	
	
		
 
        users_group = self.__get_users_group(users_group)

			




	
	
	
		
 
        user = self.__get_user(user)

			




	
	
	
		
 

			




	
	
	
		
 
        users_group_member = None

			




	
	
	
		
 
        for m in users_group.members:

			




	
	
	
		
 
            if m.user.user_id == user.user_id:

			




	
	
	
		
 
                # Found this user's membership row

			




	
	
	
		
 
                users_group_member = m

			




	
	
	
		
 
                break

			




	
	
	
		
 

			




	
	
	
		
 
        if users_group_member:

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                self.sa.delete(users_group_member)

			




	
	
	
		
 
                return True

			




	
	
	
		
 
            except:

			




	
	
	
		
 
                log.error(traceback.format_exc())

			




	
	
	
		
 
                raise

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            # User isn't in that group

			




	
	
	
		
 
            return False

			




	
	
	
		
 

			




	
	
	
		
 
    def has_perm(self, users_group, perm):

			




	
	
	
		
 
        users_group = self.__get_users_group(users_group)

			




	
	
	
		
 
        perm = self.__get_perm(perm)

			




	
	
	
		
 

			




	
	
	
		
 
        return UsersGroupToPerm.query()\

			




	
	
	
		
 
            .filter(UsersGroupToPerm.users_group == users_group)\

			




	
	
	
		
 
            .filter(UsersGroupToPerm.permission == perm).scalar() is not None

			




	
	
	
		
 

			




	
	
	
		
 
    def grant_perm(self, users_group, perm):

			




	
	
	
		
 
        if not isinstance(perm, Permission):

			




	
	
	
		
 
            raise Exception('perm needs to be an instance of Permission class')

			




	
	
	
		
 

			




	
	
	
		
 
        users_group = self.__get_users_group(users_group)

			




	
	
	
		
 

			




	
	
	
		
 
        # if this permission is already granted skip it

			




	
	
	
		
 
        _perm = UsersGroupToPerm.query()\

			




	
	
	
		
 
            .filter(UsersGroupToPerm.users_group == users_group)\

			




	
	
	
		
 
            .filter(UsersGroupToPerm.permission == perm)\

			




	
	
	
		
 
            .scalar()

			




	
	
	
		
 
        if _perm:

			




	
	
	
		
 
            return

			




	
	
	
		
 

			




	
	
	
		
 
        new = UsersGroupToPerm()

			




	
	
	
		
 
        new.users_group = users_group

			




	
	
	
		
 
        new.permission = perm

			




	
	
	
		
 
        self.sa.add(new)

			




	
	
	
		
 

			




	
	
	
		
 
    def revoke_perm(self, users_group, perm):

			




	
	
	
		
 
        users_group = self.__get_users_group(users_group)

			




	
	
	
		
 
        perm = self.__get_perm(perm)

			




	
	
	
		
 

			




	
	
	
		
 
        obj = UsersGroupToPerm.query()\

			




	
	
	
		
 
            .filter(UsersGroupToPerm.users_group == users_group)\

			




	
	
	
		
 
            .filter(UsersGroupToPerm.permission == perm).scalar()

			




	
	
	
		
 
        if obj:

			




	
	
	
		
 
            self.sa.delete(obj)

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.