kallithea Changeset - dd532af216d9

Changeset - dd532af216d9

Parent rev.

Child rev.

[Not reviewed]

beta

0 12 0

Marcin Kuzminski - 15 years ago 2010-11-11 01:05:43
marcin@python-works.com

#49 Enabled anonymous access for web interface controllable from permissions pannel

12 files changed with 203 insertions and 154 deletions:

rhodecode/controllers/admin/permissions.py

rhodecode/controllers/admin/settings.py

rhodecode/controllers/admin/users.py

rhodecode/controllers/login.py

rhodecode/lib/auth.py

108

rhodecode/lib/db_manage.py

rhodecode/model/forms.py

rhodecode/model/permission_model.py

rhodecode/model/user.py

rhodecode/public/css/style.css

rhodecode/templates/admin/permissions/permissions.html

rhodecode/templates/base/base.html

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/permissions.py

➞

Show inline comments

@@ @@ -36,53 +36,54 @@ from rhodecode.model.user import UserMod @@
 import formencode
 import logging
 import traceback
 log = logging.getLogger(__name__)
 class PermissionsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('permission', 'permissions')
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(PermissionsController, self).__before__()
         self.perms_choices = [('repository.none', _('None'),),
                               ('repository.read', _('Read'),),
                               ('repository.write', _('Write'),),
                               ('repository.admin', _('Admin'),)]
         self.register_choices = [
             ('hg.register.none', 'disabled'),
             ('hg.register.none',
                 _('disabled')),
             ('hg.register.manual_activate',
-                            _('allowed with manual account activation')),
                 _('allowed with manual account activation')),
             ('hg.register.auto_activate',
-                            _('allowed with automatic account activation')), ]
                 _('allowed with automatic account activation')), ]
         self.create_choices = [('hg.create.none', _('Disabled')),
                                ('hg.create.repository', _('Enabled'))]
     def index(self, format='html'):
         """GET /permissions: All items in the collection"""
         # url('permissions')
     def create(self):
         """POST /permissions: Create a new item"""
         # url('permissions')
     def new(self, format='html'):
         """GET /permissions/new: Form to create a new item"""
         # url('new_permission')
     def update(self, id):
         """PUT /permissions/id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('permission', id=ID),
         #           method='put')
@@ @@ -121,42 +122,44 @@ class PermissionsController(BaseControll @@
     def delete(self, id):
         """DELETE /permissions/id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('permission', id=ID),
         #           method='delete')
         # url('permission', id=ID)
     def show(self, id, format='html'):
         """GET /permissions/id: Show a specific item"""
         # url('permission', id=ID)
     def edit(self, id, format='html'):
         """GET /permissions/id/edit: Form to edit an existing item"""
         #url('edit_permission', id=ID)
         c.perms_choices = self.perms_choices
         c.register_choices = self.register_choices
         c.create_choices = self.create_choices
         if id == 'default':
             defaults = {'_method':'put'}
             for p in UserModel().get_by_username('default').user_perms:
             default_user = UserModel().get_by_username('default')
             defaults = {'_method':'put',
                         'anonymous':default_user.active}
             for p in default_user.user_perms:
                 if p.permission.permission_name.startswith('repository.'):
                     defaults['default_perm'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('hg.register.'):
                     defaults['default_register'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('hg.create.'):
                     defaults['default_create'] = p.permission.permission_name
             return htmlfill.render(
                         render('admin/permissions/permissions.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=True,)
         else:
             return redirect(url('admin_home'))

rhodecode/controllers/admin/settings.py

➞

Show inline comments

@@ @@ -100,53 +100,57 @@ class SettingsController(BaseController) @@
             log.debug('Rescanning directories with destroy=%s', rm_obsolete)
             initial = HgModel().repo_scan(g.paths[0][1], g.baseui)
             for repo_name in initial.keys():
                 invalidate_cache('get_repo_cached_%s' % repo_name)
             repo2db_mapper(initial, rm_obsolete)
             h.flash(_('Repositories successfully rescanned'), category='success')
         if setting_id == 'whoosh':
             repo_location = get_hg_ui_settings()['paths_root_path']
             full_index = request.POST.get('full_index', False)
             task = run_task(tasks.whoosh_index, repo_location, full_index)
             h.flash(_('Whoosh reindex task scheduled'), category='success')
         if setting_id == 'global':
             application_form = ApplicationSettingsForm()()
             try:
                 form_result = application_form.to_python(dict(request.POST))
                 try:
                     hgsettings1 = self.sa.query(RhodeCodeSettings)\
                     .filter(RhodeCodeSettings.app_settings_name == 'title').one()
                         .filter(RhodeCodeSettings.app_settings_name \
                                 == 'title').one()
                     hgsettings1.app_settings_value = form_result['rhodecode_title']
                     hgsettings2 = self.sa.query(RhodeCodeSettings)\
                     .filter(RhodeCodeSettings.app_settings_name == 'realm').one()
                         .filter(RhodeCodeSettings.app_settings_name \
                                 == 'realm').one()
                     hgsettings2.app_settings_value = form_result['rhodecode_realm']
                     self.sa.add(hgsettings1)
                     self.sa.add(hgsettings2)
                     self.sa.commit()
                     set_rhodecode_config(config)
                     h.flash(_('Updated application settings'),
                             category='success')
                 except:
                     log.error(traceback.format_exc())
                     h.flash(_('error occurred during updating application settings'),
                             category='error')
                     self.sa.rollback()
             except formencode.Invalid, errors:
                 return htmlfill.render(
                      render('admin/settings/settings.html'),
                      defaults=errors.value,
                      errors=errors.error_dict or {},
                      prefix_error=False,

rhodecode/controllers/admin/users.py

➞

Show inline comments

@@ @@ -24,145 +24,144 @@ users controller for pylons @@
 @author: marcink
 """
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.db import User, UserLog
 from rhodecode.model.forms import UserForm
 from rhodecode.model.user import UserModel, DefaultUserException
 import formencode
 import logging
 import traceback
 log = logging.getLogger(__name__)
 class UsersController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('user', 'users')
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(UsersController, self).__before__()
     def index(self, format='html'):
         """GET /users: All items in the collection"""
         # url('users')
         c.users_list = self.sa.query(User).all()
         c.users_list = self.sa.query(User).all()
         return render('admin/users/users.html')
     def create(self):
         """POST /users: Create a new item"""
         # url('users')
         user_model = UserModel()
         login_form = UserForm()()
         try:
             form_result = login_form.to_python(dict(request.POST))
             user_model.create(form_result)
             h.flash(_('created user %s') % form_result['username'],
                     category='success')
             #action_logger(self.rhodecode_user, 'new_user', '', '', self.sa)
         except formencode.Invalid, errors:
             return htmlfill.render(
                 render('admin/users/user_add.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
-                encoding="UTF-8")
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occured during creation of user %s') \
-                    % request.POST.get('username'), category='error')
                     % request.POST.get('username'), category='error')
         return redirect(url('users'))
     def new(self, format='html'):
         """GET /users/new: Form to create a new item"""
         # url('new_user')
         return render('admin/users/user_add.html')
     def update(self, id):
         """PUT /users/id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('user', id=ID),
         #           method='put')
         # url('user', id=ID)
         user_model = UserModel()
         c.user = user_model.get(id)
         _form = UserForm(edit=True, old_data={'user_id':id,
                                               'email':c.user.email})()
         form_result = {}
         try:
             form_result = _form.to_python(dict(request.POST))
             user_model.update(id, form_result)
             h.flash(_('User updated succesfully'), category='success')
         except formencode.Invalid, errors:
             return htmlfill.render(
                 render('admin/users/user_edit.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
-                encoding="UTF-8")
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occured during update of user %s') \
                     % form_result.get('username'), category='error')
         return redirect(url('users'))
     def delete(self, id):
         """DELETE /users/id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('user', id=ID),
         #           method='delete')
         # url('user', id=ID)
         user_model = UserModel()
         try:
             user_model.delete(id)
             h.flash(_('sucessfully deleted user'), category='success')
         except DefaultUserException, e:
             h.flash(str(e), category='warning')
         except Exception:
             h.flash(_('An error occured during deletion of user'),
-                    category='error')
                     category='error')
         return redirect(url('users'))
     def show(self, id, format='html'):
         """GET /users/id: Show a specific item"""
         # url('user', id=ID)
     def edit(self, id, format='html'):
         """GET /users/id/edit: Form to edit an existing item"""
         # url('edit_user', id=ID)
         c.user = self.sa.query(User).get(id)
         if not c.user:
             return redirect(url('users'))
         if c.user.username == 'default':
             h.flash(_("You can't edit this user since it's"
               " crucial for entire application"), category='warning')
             h.flash(_("You can't edit this user"), category='warning')
             return redirect(url('users'))
         defaults = c.user.__dict__
         return htmlfill.render(
             render('admin/users/user_edit.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )
+        )

rhodecode/controllers/login.py

➞

Show inline comments

@@ @@ -25,49 +25,51 @@ login controller for pylons @@
 """
 from formencode import htmlfill
 from pylons import request, response, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from rhodecode.lib.auth import AuthUser, HasPermissionAnyDecorator
 from rhodecode.lib.base import BaseController, render
 import rhodecode.lib.helpers as h
 from pylons.i18n.translation import _
 from rhodecode.model.forms import LoginForm, RegisterForm, PasswordResetForm
 from rhodecode.model.user import UserModel
 import formencode
 import logging
 log = logging.getLogger(__name__)
 class LoginController(BaseController):
     def __before__(self):
         super(LoginController, self).__before__()
     def index(self):
         #redirect if already logged in
         c.came_from = request.GET.get('came_from', None)
         if c.rhodecode_user.is_authenticated:
         if c.rhodecode_user.is_authenticated \
                             and c.rhodecode_user.username != 'default':
             return redirect(url('home'))
         if request.POST:
             #import Login Form validator class
             login_form = LoginForm()
             try:
                 c.form_result = login_form.to_python(dict(request.POST))
                 username = c.form_result['username']
                 user = UserModel().get_by_username(username)
                 auth_user = AuthUser()
                 auth_user.username = user.username
                 auth_user.is_authenticated = True
                 auth_user.is_admin = user.admin
                 auth_user.user_id = user.user_id
                 auth_user.name = user.name
                 auth_user.lastname = user.lastname
                 session['rhodecode_user'] = auth_user
                 session.save()
                 log.info('user %s is now authenticated', username)
                 user.update_lastlogin()
                 if c.came_from:
                     return redirect(c.came_from)

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -5,482 +5,471 @@ @@
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 4, 2010
 @author: marcink
 """
 from pylons import config, session, url, request
 from pylons.controllers.util import abort, redirect
 from rhodecode.lib.utils import get_repo_slug
 from rhodecode.model import meta
 from rhodecode.model.user import UserModel
 from rhodecode.model.caching_query import FromCache
 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
-    UserToPerm
     UserToPerm
 import bcrypt
 from decorator import decorator
 import logging
 import random
-log = logging.getLogger(__name__)
 log = logging.getLogger(__name__)
 class PasswordGenerator(object):
     """This is a simple class for generating password from
         different sets of characters
         usage:
         passwd_gen = PasswordGenerator()
         #print 8-letter password containing only big and small letters of alphabet
         print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
     """
     ALPHABETS_NUM = r'''1234567890'''#[0]
     ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1]
     ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2]
     ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''    #[3]
     ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4]
     ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5]
     ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
     ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6]
     ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7]
     def __init__(self, passwd=''):
         self.passwd = passwd
     def gen_password(self, len, type):
         self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
         return self.passwd
 def get_crypt_password(password):
     """Cryptographic function used for password hashing based on sha1
     :param password: password to hash
-    """
     """
     return bcrypt.hashpw(password, bcrypt.gensalt(10))
 def check_password(password, hashed):
     return bcrypt.hashpw(password, hashed) == hashed
 def authfunc(environ, username, password):
     from rhodecode.model.user import UserModel
     user = UserModel().get_by_username(username, cache=False)
     if user:
         if user.active:
             if user.username == username and check_password(password, user.password):
                 log.info('user %s authenticated correctly', username)
                 return True
         else:
             log.error('user %s is disabled', username)
     return False
 class  AuthUser(object):
     """
     A simple object that handles a mercurial username for authentication
     """
     def __init__(self):
         self.username = 'None'
         self.name = ''
         self.lastname = ''
         self.email = ''
         self.user_id = None
         self.is_authenticated = False
         self.is_admin = False
         self.permissions = {}
     def __repr__(self):
         return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username)
 def set_available_permissions(config):
     """
     This function will propagate pylons globals with all available defined
     permission given in db. We don't wannt to check each time from db for new
     permissions since adding a new permission also requires application restart
     ie. to decorate new views with the newly created permission
     :param config:
     """
     log.info('getting information about all available permissions')
     try:
         sa = meta.Session()
         all_perms = sa.query(Permission).all()
     except:
         pass
     finally:
         meta.Session.remove()
     config['available_permissions'] = [x.permission_name for x in all_perms]
 def set_base_path(config):
     config['base_path'] = config['pylons.app_globals'].base_path
 def fill_data(user):
     """
     Fills user data with those from database and log out user if not present
     in database
     :param user:
     """
     sa = meta.Session()
     try:
         dbuser = sa.query(User)\
         .options(FromCache('sql_cache_short', 'getuser_%s' % user.user_id))\
         .get(user.user_id)
     except:
         pass
     finally:
         meta.Session.remove()
     if dbuser:
         user.username = dbuser.username
         user.is_admin = dbuser.admin
         user.name = dbuser.name
         user.lastname = dbuser.lastname
         user.email = dbuser.email
     else:
         user.is_authenticated = False
     return user
 def fill_perms(user):
     """
     Fills user permission attribute with permissions taken from database
     :param user:
     """
     sa = meta.Session()
     user.permissions['repositories'] = {}
     user.permissions['global'] = set()
     #===========================================================================
     # fetch default permissions
     #===========================================================================
     default_user = sa.query(User)\
         .options(FromCache('sql_cache_short', 'getuser_%s' % 'default'))\
         .filter(User.username == 'default').scalar()
     default_user = UserModel(sa).get_by_username('default', cache=True)
     default_perms = sa.query(RepoToPerm, Repository, Permission)\
         .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
         .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
         .filter(RepoToPerm.user == default_user).all()
     if user.is_admin:
         #=======================================================================
         # #admin have all default rights set to admin
         #=======================================================================
         user.permissions['global'].add('hg.admin')
         for perm in default_perms:
             p = 'repository.admin'
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
     else:
         #=======================================================================
         # set default permissions
         #=======================================================================
         #default global
         default_global_perms = sa.query(UserToPerm)\
-            .filter(UserToPerm.user == sa.query(User).filter(User.username ==
             .filter(UserToPerm.user == sa.query(User).filter(User.username ==
             'default').one())
         for perm in default_global_perms:
             user.permissions['global'].add(perm.permission.permission_name)
         #default repositories
         for perm in default_perms:
             if perm.Repository.private and not perm.Repository.user_id == user.user_id:
                 #disable defaults for private repos,
                 p = 'repository.none'
             elif perm.Repository.user_id == user.user_id:
                 #set admin if owner
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
         #=======================================================================
         # #overwrite default with user permissions if any
         #=======================================================================
         user_perms = sa.query(RepoToPerm, Permission, Repository)\
             .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
             .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
             .filter(RepoToPerm.user_id == user.user_id).all()
         for perm in user_perms:
             if perm.Repository.user_id == user.user_id:#set admin if owner
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
-    meta.Session.remove()
     meta.Session.remove()
     return user
 def get_user(session):
     """
     Gets user from session, and wraps permissions into user
     :param session:
     """
     user = session.get('rhodecode_user', AuthUser())
     #if the user is not logged in we check for anonymous access
     #if user is logged and it's a default user check if we still have anonymous
     #access enabled
     if user.user_id is None or user.username == 'default':
         anonymous_user = UserModel().get_by_username('default', cache=True)
         if anonymous_user.active is True:
             #then we set this user is logged in
             user.is_authenticated = True
         else:
             user.is_authenticated = False
     if user.is_authenticated:
         user = fill_data(user)
         user = UserModel().fill_data(user)
     user = fill_perms(user)
     session['rhodecode_user'] = user
     session.save()
     return user
 #===============================================================================
 # CHECK DECORATORS
 #===============================================================================
 class LoginRequired(object):
     """Must be logged in to execute this function else redirect to login page"""
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
         user = session.get('rhodecode_user', AuthUser())
         log.debug('Checking login required for user:%s', user.username)
         if user.is_authenticated:
             log.debug('user %s is authenticated', user.username)
             return func(*fargs, **fkwargs)
         else:
             log.warn('user %s not authenticated', user.username)
             p = ''
             if request.environ.get('SCRIPT_NAME') != '/':
                 p += request.environ.get('SCRIPT_NAME')
             p += request.environ.get('PATH_INFO')
             if request.environ.get('QUERY_STRING'):
                 p += '?' + request.environ.get('QUERY_STRING')
             log.debug('redirecting to login page with %s', p)
             log.debug('redirecting to login page with %s', p)
             return redirect(url('login_home', came_from=p))
 class PermsDecorator(object):
     """Base class for decorators"""
     def __init__(self, *required_perms):
         available_perms = config['available_permissions']
         for perm in required_perms:
             if perm not in available_perms:
                 raise Exception("'%s' permission is not defined" % perm)
         self.required_perms = set(required_perms)
         self.user_perms = None
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
 #        _wrapper.__name__ = func.__name__
 #        _wrapper.__dict__.update(func.__dict__)
 #        _wrapper.__doc__ = func.__doc__
         self.user = session.get('rhodecode_user', AuthUser())
         self.user_perms = self.user.permissions
         log.debug('checking %s permissions %s for %s %s',
            self.__class__.__name__, self.required_perms, func.__name__,
                self.user)
         self.user_perms = session.get('rhodecode_user', AuthUser()).permissions
         log.debug('checking %s permissions %s for %s',
            self.__class__.__name__, self.required_perms, func.__name__)
         if self.check_permissions():
             log.debug('Permission granted for %s', func.__name__)
             log.debug('Permission granted for %s %s', func.__name__, self.user)
             return func(*fargs, **fkwargs)
         else:
             log.warning('Permission denied for %s', func.__name__)
+            log.warning('Permission denied for %s %s', func.__name__, self.user)
             #redirect with forbidden ret code
             return abort(403)
     def check_permissions(self):
         """Dummy function for overriding"""
         raise Exception('You have to write this function in child class')
 class HasPermissionAllDecorator(PermsDecorator):
     """Checks for access permission for all given predicates. All of them
     have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         if self.required_perms.issubset(self.user_perms.get('global')):
             return True
         return False
 class HasPermissionAnyDecorator(PermsDecorator):
     """Checks for access permission for any of given predicates. In order to
     fulfill the request any of predicates must be meet
     """
     def check_permissions(self):
         if self.required_perms.intersection(self.user_perms.get('global')):
             return True
         return False
 class HasRepoPermissionAllDecorator(PermsDecorator):
     """Checks for access permission for all given predicates for specific
     repository. All of them have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         repo_name = get_repo_slug(request)
         try:
             user_perms = set([self.user_perms['repositories'][repo_name]])
         except KeyError:
             return False
         if self.required_perms.issubset(user_perms):
             return True
         return False
 class HasRepoPermissionAnyDecorator(PermsDecorator):
     """Checks for access permission for any of given predicates for specific
     repository. In order to fulfill the request any of predicates must be meet
     """
     def check_permissions(self):
         repo_name = get_repo_slug(request)
         try:
             user_perms = set([self.user_perms['repositories'][repo_name]])
         except KeyError:
             return False
         if self.required_perms.intersection(user_perms):
             return True
         return False
 #===============================================================================
 # CHECK FUNCTIONS
 #===============================================================================
 class PermsFunction(object):
     """Base function for other check functions"""
     def __init__(self, *perms):
         available_perms = config['available_permissions']
         for perm in perms:
             if perm not in available_perms:
                 raise Exception("'%s' permission in not defined" % perm)
         self.required_perms = set(perms)
         self.user_perms = None
         self.granted_for = ''
         self.repo_name = None
     def __call__(self, check_Location=''):
         user = session.get('rhodecode_user', False)
         if not user:
             return False
         self.user_perms = user.permissions
         self.granted_for = user.username
         log.debug('checking %s %s', self.__class__.__name__, self.required_perms)
         self.granted_for = user.username
         log.debug('checking %s %s %s', self.__class__.__name__,
                   self.required_perms, user)
         if self.check_permissions():
             log.debug('Permission granted for %s @%s', self.granted_for,
                       check_Location)
             log.debug('Permission granted for %s @ %s %s', self.granted_for,
                       check_Location, user)
             return True
         else:
             log.warning('Permission denied for %s @%s', self.granted_for,
                         check_Location)
             return False
             log.warning('Permission denied for %s @ %s %s', self.granted_for,
                         check_Location, user)
             return False
     def check_permissions(self):
         """Dummy function for overriding"""
         raise Exception('You have to write this function in child class')
 class HasPermissionAll(PermsFunction):
     def check_permissions(self):
         if self.required_perms.issubset(self.user_perms.get('global')):
             return True
         return False
 class HasPermissionAny(PermsFunction):
     def check_permissions(self):
         if self.required_perms.intersection(self.user_perms.get('global')):
             return True
         return False
 class HasRepoPermissionAll(PermsFunction):
     def __call__(self, repo_name=None, check_Location=''):
         self.repo_name = repo_name
         return super(HasRepoPermissionAll, self).__call__(check_Location)
     def check_permissions(self):
         if not self.repo_name:
             self.repo_name = get_repo_slug(request)
         try:
             self.user_perms = set([self.user_perms['repositories']\
                                    [self.repo_name]])
         except KeyError:
             return False
-        self.granted_for = self.repo_name
         self.granted_for = self.repo_name
         if self.required_perms.issubset(self.user_perms):
             return True
         return False
 class HasRepoPermissionAny(PermsFunction):
     def __call__(self, repo_name=None, check_Location=''):
         self.repo_name = repo_name
         return super(HasRepoPermissionAny, self).__call__(check_Location)
     def check_permissions(self):
         if not self.repo_name:
             self.repo_name = get_repo_slug(request)
         try:
             self.user_perms = set([self.user_perms['repositories']\
                                    [self.repo_name]])
         except KeyError:
             return False
         self.granted_for = self.repo_name
         if self.required_perms.intersection(self.user_perms):
             return True
         return False
 #===============================================================================
 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
 #===============================================================================
 class HasPermissionAnyMiddleware(object):
     def __init__(self, *perms):
         self.required_perms = set(perms)
     def __call__(self, user, repo_name):
         usr = AuthUser()
         usr.user_id = user.user_id
         usr.username = user.username
         usr.is_admin = user.admin
         try:
             self.user_perms = set([fill_perms(usr)\
                                    .permissions['repositories'][repo_name]])
         except:
             self.user_perms = set()
         self.granted_for = ''
         self.username = user.username
-        self.repo_name = repo_name
         self.repo_name = repo_name
         return self.check_permissions()
     def check_permissions(self):
         log.debug('checking mercurial protocol '
                   'permissions for user:%s repository:%s',
                                                 self.username, self.repo_name)
         if self.required_perms.intersection(self.user_perms):
             log.debug('permission granted')
             return True
         log.debug('permission denied')
         return False

rhodecode/lib/db_manage.py

➞

Show inline comments

@@ @@ -117,59 +117,59 @@ class DbManage(object): @@
     def config_prompt(self, test_repo_path=''):
         log.info('Setting up repositories config')
         if not self.tests and not test_repo_path:
             path = raw_input('Specify valid full path to your repositories'
                         ' you can change this later in application settings:')
         else:
             path = test_repo_path
         if not os.path.isdir(path):
             log.error('You entered wrong path: %s', path)
             sys.exit()
         hooks1 = RhodeCodeUi()
         hooks1.ui_section = 'hooks'
         hooks1.ui_key = 'changegroup.update'
         hooks1.ui_value = 'hg update >&2'
         hooks1.ui_active = False
         hooks2 = RhodeCodeUi()
         hooks2.ui_section = 'hooks'
         hooks2.ui_key = 'changegroup.repo_size'
         hooks2.ui_value = 'python:rhodecode.lib.hooks.repo_size'
         hooks3 = RhodeCodeUi()
         hooks3.ui_section = 'hooks'
         hooks3.ui_key = 'pretxnchangegroup.push_logger'
         hooks3.ui_value = 'python:rhodecode.lib.hooks.log_push_action'
         hooks4 = RhodeCodeUi()
         hooks4.ui_section = 'hooks'
         hooks4.ui_key = 'preoutgoing.pull_logger'
         hooks4.ui_value = 'python:rhodecode.lib.hooks.log_pull_action'
         web1 = RhodeCodeUi()
         web1.ui_section = 'web'
         web1.ui_key = 'push_ssl'
         web1.ui_value = 'false'
         web2 = RhodeCodeUi()
         web2.ui_section = 'web'
         web2.ui_key = 'allow_archive'
         web2.ui_value = 'gz zip bz2'
         web3 = RhodeCodeUi()
         web3.ui_section = 'web'
         web3.ui_key = 'allow_push'
         web3.ui_value = '*'
         web4 = RhodeCodeUi()
         web4.ui_section = 'web'
         web4.ui_key = 'baseurl'
         web4.ui_value = '/'
         paths = RhodeCodeUi()
         paths.ui_section = 'paths'
         paths.ui_key = '/'
@@ @@ -206,51 +206,51 @@ class DbManage(object): @@
     def create_user(self, username, password, email='', admin=False):
         log.info('creating administrator user %s', username)
         new_user = User()
         new_user.username = username
         new_user.password = get_crypt_password(password)
         new_user.name = 'RhodeCode'
         new_user.lastname = 'Admin'
         new_user.email = email
         new_user.admin = admin
         new_user.active = True
         try:
             self.sa.add(new_user)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
     def create_default_user(self):
         log.info('creating default user')
         #create default user for handling default permissions.
         def_user = User()
         def_user.username = 'default'
         def_user.password = get_crypt_password(str(uuid.uuid1())[:8])
         def_user.name = 'default'
         def_user.lastname = 'default'
         def_user.email = 'default@default.com'
         def_user.name = 'Anonymous'
         def_user.lastname = 'User'
         def_user.email = 'anonymous@rhodecode.org'
         def_user.admin = False
         def_user.active = False
         try:
             self.sa.add(def_user)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
     def create_permissions(self):
         #module.(access|create|change|delete)_[name]
         #module.(read|write|owner)
         perms = [('repository.none', 'Repository no access'),
                  ('repository.read', 'Repository read access'),
                  ('repository.write', 'Repository write access'),
                  ('repository.admin', 'Repository admin access'),
                  ('hg.admin', 'Hg Administrator'),
                  ('hg.create.repository', 'Repository create'),
                  ('hg.create.none', 'Repository creation disabled'),
                  ('hg.register.none', 'Register disabled'),
                  ('hg.register.manual_activate', 'Register new user with rhodecode without manual activation'),
                  ('hg.register.auto_activate', 'Register new user with rhodecode without auto activation'),
+                ]

rhodecode/model/forms.py

➞

Show inline comments

@@ @@ -337,29 +337,30 @@ def ApplicationSettingsForm(): @@
         filter_extra_fields = False
         rhodecode_title = UnicodeString(strip=True, min=1, not_empty=True)
         rhodecode_realm = UnicodeString(strip=True, min=1, not_empty=True)
     return _ApplicationSettingsForm
 def ApplicationUiSettingsForm():
     class _ApplicationUiSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         web_push_ssl = OneOf(['true', 'false'], if_missing='false')
         paths_root_path = All(ValidPath(), UnicodeString(strip=True, min=1, not_empty=True))
         hooks_changegroup_update = OneOf(['True', 'False'], if_missing=False)
         hooks_changegroup_repo_size = OneOf(['True', 'False'], if_missing=False)
         hooks_pretxnchangegroup_push_logger = OneOf(['True', 'False'], if_missing=False)
         hooks_preoutgoing_pull_logger = OneOf(['True', 'False'], if_missing=False)
     return _ApplicationUiSettingsForm
 def DefaultPermissionsForm(perms_choices, register_choices, create_choices):
     class _DefaultPermissionsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         overwrite_default = OneOf(['true', 'false'], if_missing='false')
         anonymous = OneOf(['True', 'False'], if_missing=False)
         default_perm = OneOf(perms_choices)
         default_register = OneOf(register_choices)
         default_create = OneOf(create_choices)
     return _DefaultPermissionsForm

rhodecode/model/permission_model.py

➞

Show inline comments

@@ @@ -38,58 +38,69 @@ class PermissionModel(object): @@
             self.sa = Session()
         else:
             self.sa = sa
     def get_permission(self, permission_id, cache=False):
         perm = self.sa.query(Permission)
         if cache:
             perm = perm.options(FromCache("sql_cache_short",
                                           "get_permission_%s" % permission_id))
         return perm.get(permission_id)
     def get_permission_by_name(self, name, cache=False):
         perm = self.sa.query(Permission)\
             .filter(Permission.permission_name == name)
         if cache:
             perm = perm.options(FromCache("sql_cache_short",
                                           "get_permission_%s" % name))
         return perm.scalar()
     def update(self, form_result):
         perm_user = self.sa.query(User)\
                 .filter(User.username == form_result['perm_user_name']).scalar()
         u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all()
         if len(u2p) != 3:
             raise Exception('There is more than 3 defined'
             ' permissions for default user. This should not happen please verify'
             ' your database')
             raise Exception('Defined: %s should be 3  permissions for default'
                             ' user. This should not happen please verify'
                             ' your database' % len(u2p))
         try:
             #stage 1 change defaults
             for p in u2p:
                 if p.permission.permission_name.startswith('repository.'):
                     p.permission = self.get_permission_by_name(form_result['default_perm'])
                     p.permission = self.get_permission_by_name(
                                        form_result['default_perm'])
                     self.sa.add(p)
                 if p.permission.permission_name.startswith('hg.register.'):
                     p.permission = self.get_permission_by_name(form_result['default_register'])
                     p.permission = self.get_permission_by_name(
                                        form_result['default_register'])
                     self.sa.add(p)
                 if p.permission.permission_name.startswith('hg.create.'):
                     p.permission = self.get_permission_by_name(form_result['default_create'])
                     p.permission = self.get_permission_by_name(
                                         form_result['default_create'])
                     self.sa.add(p)
             #stage 2 update all default permissions for repos if checked
             if form_result['overwrite_default'] == 'true':
                 for r2p in self.sa.query(RepoToPerm).filter(RepoToPerm.user == perm_user).all():
                     r2p.permission = self.get_permission_by_name(form_result['default_perm'])
                 for r2p in self.sa.query(RepoToPerm)\
                                .filter(RepoToPerm.user == perm_user).all():
                     r2p.permission = self.get_permission_by_name(
                                          form_result['default_perm'])
                     self.sa.add(r2p)
             #stage 3 set anonymous access
             if perm_user.username == 'default':
                 perm_user.active = bool(form_result['anonymous'])
                 self.sa.add(perm_user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise

rhodecode/model/user.py

➞

Show inline comments

@@ @@ -122,24 +122,45 @@ class UserModel(object): @@
             self.sa.add(new_user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def delete(self, user_id):
         try:
             user = self.get(user_id, cache=False)
             if user.username == 'default':
                 raise DefaultUserException(
                                 _("You can't remove this user since it's"
                                   " crucial for entire application"))
             self.sa.delete(user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def reset_password(self, data):
         from rhodecode.lib.celerylib import tasks, run_task
         run_task(tasks.reset_user_password, data['email'])
     def fill_data(self, user):
         """
         Fills user data with those from database and log out user if not
         present in database
         :param user:
         """
         log.debug('filling auth user data')
         try:
             dbuser = self.get(user.user_id)
             user.username = dbuser.username
             user.is_admin = dbuser.admin
             user.name = dbuser.name
             user.lastname = dbuser.lastname
             user.email = dbuser.email
         except:
             log.error(traceback.format_exc())
             user.is_authenticated = False
         return user

rhodecode/public/css/style.css

➞

Show inline comments

@@ @@ -2075,49 +2075,49 @@ border-bottom:1px solid #c6d880; @@
+}
 #content div.box-left div.form div.fields div.field div.textarea,#content div.box-right div.form div.fields div.field div.textarea,#content div.box div.form div.fields div.field div.select select,#content div.box table th.selected input,#content div.box table td.selected input {
 margin:0;
+}
 #content div.box div.form div.fields div.field div.select,#content div.box div.form div.fields div.field div.checkboxes,#content div.box div.form div.fields div.field div.radios {
 margin:0 0 0 200px;
 padding:0;
+}
 #content div.box div.form div.fields div.field div.select a:hover,#content div.box div.form div.fields div.field div.select a.ui-selectmenu:hover,#content div.box div.action a:hover {
 color:#000;
 text-decoration:none;
+}
 #content div.box div.form div.fields div.field div.select a.ui-selectmenu-focus,#content div.box div.action a.ui-selectmenu-focus {
 border:1px solid #666;
+}
 #content div.box div.form div.fields div.field div.checkboxes div.checkbox,#content div.box div.form div.fields div.field div.radios div.radio {
 clear:both;
 overflow:hidden;
 margin:0;
-padding:2px 0;
+padding:2px 2px;
+}
 #content div.box div.form div.fields div.field div.checkboxes div.checkbox input,#content div.box div.form div.fields div.field div.radios div.radio input {
 float:left;
 margin:0;
+}
 #content div.box div.form div.fields div.field div.checkboxes div.checkbox label,#content div.box div.form div.fields div.field div.radios div.radio label {
 height:1%;
 display:block;
 float:left;
 margin:3px 0 0 4px;
+}
 div.form div.fields div.field div.button input,#content div.box div.form div.fields div.buttons input,div.form div.fields div.buttons input,#content div.box div.action div.button input {
 color:#000;
 font-family:Lucida Grande, Verdana, Lucida Sans Regular, Lucida Sans Unicode, Arial, sans-serif;
 font-size:11px;
 font-weight:700;
 margin:0;
+}
 div.form div.fields div.field div.button .ui-state-default,#content div.box div.form div.fields div.buttons input.ui-state-default {
 background:#e5e3e3 url("../images/button.png") repeat-x;

rhodecode/templates/admin/permissions/permissions.html

➞

Show inline comments

@@ @@ -5,49 +5,58 @@ @@
     ${_('Permissions administration')} - ${c.rhodecode_name}
 </%def>
 <%def name="breadcrumbs_links()">
     ${h.link_to(_('Admin'),h.url('admin_home'))}
     &raquo;
     ${_('Permissions')}
 </%def>
 <%def name="page_nav()">
 	${self.menu('admin')}
 </%def>
 <%def name="main()">
 <div class="box">
     <!-- box / title -->
     <div class="title">
         ${self.breadcrumbs()}
     </div>
     <h3>${_('Default permissions')}</h3>
     ${h.form(url('permission', id='default'),method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
             <div class="field">
                 <div class="label label-checkbox">
                     <label for="anonymous">${_('Anonymous access')}:</label>
                 </div>
                 <div class="checkboxes">
                     <div class="checkbox">
                         ${h.checkbox('anonymous',True)}
                     </div>
                 </div>
             </div>
 			<div class="field">
 				<div class="label">
 					<label for="default_perm">${_('Repository permission')}:</label>
 				</div>
 				<div class="select">
 					${h.select('default_perm','',c.perms_choices)}
 		                ${h.checkbox('overwrite_default','true')}
 		                <label for="overwrite_default">
 		                <span class="tooltip"
 		                tooltip_title="${h.tooltip(_('All default permissions on each repository will be reset to choosen permission, note that all custom default permission on repositories will be lost'))}">
 		                ${_('overwrite existing settings')}</span> </label>
 				</div>
 			</div>
 			<div class="field">
 		        <div class="label">
 		            <label for="default_register">${_('Registration')}:</label>
 		        </div>
 				<div class="select">
 					${h.select('default_register','',c.register_choices)}
 				</div>
 			</div>
              <div class="field">
                 <div class="label">

rhodecode/templates/base/base.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" id="mainhtml">
 <head>
     <title>${next.title()}</title>
     <link rel="icon" href="/images/hgicon.png" type="image/png" />
     <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
     <meta name="robots" content="index, nofollow"/>
     <!-- stylesheets -->
     ${self.css()}
     <!-- scripts -->
     ${self.js()}
 </head>
 <body>
     <!-- header -->
     <div id="header">
         <!-- user -->
         <ul id="logged-user">
             <li class="first">
 	            <div class="gravatar">
 	            	<img alt="gravatar" src="${h.gravatar_url(c.rhodecode_user.email,24)}" />
 	            </div>
 	        %if c.rhodecode_user.username == 'default':
                 <div class="account">
                     ${h.link_to('%s %s'%(c.rhodecode_user.name,c.rhodecode_user.lastname),h.url('#'))}<br/>
                     ${h.link_to(c.rhodecode_user.username,h.url('#'))}
                 </div>
             </li>
             <li class="last highlight">${h.link_to(u'Login',h.url('login_home'))}</li>
 	        %else:
 	            <div class="account">
 	            	${h.link_to('%s %s'%(c.rhodecode_user.name,c.rhodecode_user.lastname),h.url('admin_settings_my_account'))}<br/>
 	            	${h.link_to(c.rhodecode_user.username,h.url('admin_settings_my_account'))}
 	            </div>
             </li>
             <li class="last highlight">${h.link_to(u'Logout',h.url('logout_home'))}</li>
             %endif
         </ul>
         <!-- end user -->
         <div id="header-inner" class="title top-left-rounded-corner top-right-rounded-corner">
             <!-- logo -->
             <div id="logo">
                 <h1><a href="${h.url('home')}">${c.rhodecode_name}</a></h1>
             </div>
             <!-- end logo -->
             <!-- menu -->
             ${self.page_nav()}
             <!-- quick -->
         </div>
     </div>
     <!-- end header -->
 	<!-- CONTENT -->
 	<div id="content">
         <div class="flash_msg">
             <% messages = h.flash.pop_messages() %>
             % if messages:
             <ul id="flash-messages">
                 % for message in messages:
                 <li class="${message.category}_msg">${message}</li>
                 % endfor

0 comments (0 inline, 0 general)