kallithea Changeset - dd532af216d9

Changeset - dd532af216d9

Parent rev.

Child rev.

[Not reviewed]

beta

0 12 0

Marcin Kuzminski - 15 years ago 2010-11-11 01:05:43
marcin@python-works.com

#49 Enabled anonymous access for web interface controllable from permissions pannel

12 files changed with 113 insertions and 64 deletions:

rhodecode/controllers/admin/permissions.py

rhodecode/controllers/admin/settings.py

rhodecode/controllers/admin/users.py

rhodecode/controllers/login.py

rhodecode/lib/auth.py

rhodecode/lib/db_manage.py

rhodecode/model/forms.py

rhodecode/model/permission_model.py

rhodecode/model/user.py

rhodecode/public/css/style.css

rhodecode/templates/admin/permissions/permissions.html

rhodecode/templates/base/base.html

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/permissions.py

➞

Show inline comments

@@ @@ -54,13 +54,14 @@ class PermissionsController(BaseControll @@
         self.perms_choices = [('repository.none', _('None'),),
                               ('repository.read', _('Read'),),
                               ('repository.write', _('Write'),),
                               ('repository.admin', _('Admin'),)]
         self.register_choices = [
             ('hg.register.none', 'disabled'),
             ('hg.register.none',
                 _('disabled')),
             ('hg.register.manual_activate',
                             _('allowed with manual account activation')),
             ('hg.register.auto_activate',
                             _('allowed with automatic account activation')), ]
         self.create_choices = [('hg.create.none', _('Disabled')),
@@ @@ -139,14 +140,16 @@ class PermissionsController(BaseControll @@
         #url('edit_permission', id=ID)
         c.perms_choices = self.perms_choices
         c.register_choices = self.register_choices
         c.create_choices = self.create_choices
         if id == 'default':
             defaults = {'_method':'put'}
             for p in UserModel().get_by_username('default').user_perms:
             default_user = UserModel().get_by_username('default')
             defaults = {'_method':'put',
                         'anonymous':default_user.active}
             for p in default_user.user_perms:
                 if p.permission.permission_name.startswith('repository.'):
                     defaults['default_perm'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('hg.register.'):
                     defaults['default_register'] = p.permission.permission_name

rhodecode/controllers/admin/settings.py

➞

Show inline comments

@@ @@ -118,17 +118,21 @@ class SettingsController(BaseController) @@
             application_form = ApplicationSettingsForm()()
             try:
                 form_result = application_form.to_python(dict(request.POST))
                 try:
                     hgsettings1 = self.sa.query(RhodeCodeSettings)\
                     .filter(RhodeCodeSettings.app_settings_name == 'title').one()
                         .filter(RhodeCodeSettings.app_settings_name \
                                 == 'title').one()
                     hgsettings1.app_settings_value = form_result['rhodecode_title']
                     hgsettings2 = self.sa.query(RhodeCodeSettings)\
                     .filter(RhodeCodeSettings.app_settings_name == 'realm').one()
                         .filter(RhodeCodeSettings.app_settings_name \
                                 == 'realm').one()
                     hgsettings2.app_settings_value = form_result['rhodecode_realm']
                     self.sa.add(hgsettings1)
                     self.sa.add(hgsettings2)
                     self.sa.commit()

rhodecode/controllers/admin/users.py

➞

Show inline comments

@@ @@ -152,14 +152,13 @@ class UsersController(BaseController): @@
         """GET /users/id/edit: Form to edit an existing item"""
         # url('edit_user', id=ID)
         c.user = self.sa.query(User).get(id)
         if not c.user:
             return redirect(url('users'))
         if c.user.username == 'default':
             h.flash(_("You can't edit this user since it's"
               " crucial for entire application"), category='warning')
             h.flash(_("You can't edit this user"), category='warning')
             return redirect(url('users'))
         defaults = c.user.__dict__
         return htmlfill.render(
             render('admin/users/user_edit.html'),
             defaults=defaults,

rhodecode/controllers/login.py

➞

Show inline comments

@@ @@ -43,13 +43,15 @@ class LoginController(BaseController): @@
         super(LoginController, self).__before__()
     def index(self):
         #redirect if already logged in
         c.came_from = request.GET.get('came_from', None)
         if c.rhodecode_user.is_authenticated:
         if c.rhodecode_user.is_authenticated \
                             and c.rhodecode_user.username != 'default':
             return redirect(url('home'))
         if request.POST:
             #import Login Form validator class
             login_form = LoginForm()
             try:

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -23,12 +23,13 @@ Created on April 4, 2010 @@
 @author: marcink
 """
 from pylons import config, session, url, request
 from pylons.controllers.util import abort, redirect
 from rhodecode.lib.utils import get_repo_slug
 from rhodecode.model import meta
 from rhodecode.model.user import UserModel
 from rhodecode.model.caching_query import FromCache
 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
     UserToPerm
 import bcrypt
 from decorator import decorator
 import logging
@@ @@ -69,13 +70,12 @@ def get_crypt_password(password): @@
     return bcrypt.hashpw(password, bcrypt.gensalt(10))
 def check_password(password, hashed):
     return bcrypt.hashpw(password, hashed) == hashed
 def authfunc(environ, username, password):
     from rhodecode.model.user import UserModel
     user = UserModel().get_by_username(username, cache=False)
     if user:
         if user.active:
             if user.username == username and check_password(password, user.password):
                 log.info('user %s authenticated correctly', username)
@@ @@ -96,12 +96,14 @@ class AuthUser(object): @@
         self.email = ''
         self.user_id = None
         self.is_authenticated = False
         self.is_admin = False
         self.permissions = {}
     def __repr__(self):
         return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username)
 def set_available_permissions(config):
     """
     This function will propagate pylons globals with all available defined
     permission given in db. We don't wannt to check each time from db for new
     permissions since adding a new permission also requires application restart
@@ @@ -119,39 +121,12 @@ def set_available_permissions(config): @@
     config['available_permissions'] = [x.permission_name for x in all_perms]
 def set_base_path(config):
     config['base_path'] = config['pylons.app_globals'].base_path
 def fill_data(user):
     """
     Fills user data with those from database and log out user if not present
     in database
     :param user:
     """
     sa = meta.Session()
     try:
         dbuser = sa.query(User)\
         .options(FromCache('sql_cache_short', 'getuser_%s' % user.user_id))\
         .get(user.user_id)
     except:
         pass
     finally:
         meta.Session.remove()
     if dbuser:
         user.username = dbuser.username
         user.is_admin = dbuser.admin
         user.name = dbuser.name
         user.lastname = dbuser.lastname
         user.email = dbuser.email
     else:
         user.is_authenticated = False
     return user
 def fill_perms(user):
     """
     Fills user permission attribute with permissions taken from database
     :param user:
     """
@@ @@ -160,15 +135,13 @@ def fill_perms(user): @@
     user.permissions['repositories'] = {}
     user.permissions['global'] = set()
     #===========================================================================
     # fetch default permissions
     #===========================================================================
     default_user = sa.query(User)\
         .options(FromCache('sql_cache_short', 'getuser_%s' % 'default'))\
         .filter(User.username == 'default').scalar()
     default_user = UserModel(sa).get_by_username('default', cache=True)
     default_perms = sa.query(RepoToPerm, Repository, Permission)\
         .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
         .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
         .filter(RepoToPerm.user == default_user).all()
@@ @@ -228,14 +201,28 @@ def fill_perms(user): @@
 def get_user(session):
     """
     Gets user from session, and wraps permissions into user
     :param session:
     """
     user = session.get('rhodecode_user', AuthUser())
     #if the user is not logged in we check for anonymous access
     #if user is logged and it's a default user check if we still have anonymous
     #access enabled
     if user.user_id is None or user.username == 'default':
         anonymous_user = UserModel().get_by_username('default', cache=True)
         if anonymous_user.active is True:
             #then we set this user is logged in
             user.is_authenticated = True
         else:
             user.is_authenticated = False
     if user.is_authenticated:
         user = fill_data(user)
         user = UserModel().fill_data(user)
     user = fill_perms(user)
     session['rhodecode_user'] = user
     session.save()
     return user
 #===============================================================================
@@ @@ -283,24 +270,25 @@ class PermsDecorator(object): @@
     def __wrapper(self, func, *fargs, **fkwargs):
 #        _wrapper.__name__ = func.__name__
 #        _wrapper.__dict__.update(func.__dict__)
 #        _wrapper.__doc__ = func.__doc__
         self.user_perms = session.get('rhodecode_user', AuthUser()).permissions
         log.debug('checking %s permissions %s for %s',
            self.__class__.__name__, self.required_perms, func.__name__)
         self.user = session.get('rhodecode_user', AuthUser())
         self.user_perms = self.user.permissions
         log.debug('checking %s permissions %s for %s %s',
            self.__class__.__name__, self.required_perms, func.__name__,
                self.user)
         if self.check_permissions():
             log.debug('Permission granted for %s', func.__name__)
+            log.debug('Permission granted for %s %s', func.__name__, self.user)
             return func(*fargs, **fkwargs)
         else:
             log.warning('Permission denied for %s', func.__name__)
+            log.warning('Permission denied for %s %s', func.__name__, self.user)
             #redirect with forbidden ret code
             return abort(403)
     def check_permissions(self):
@@ @@ -380,22 +368,23 @@ class PermsFunction(object): @@
     def __call__(self, check_Location=''):
         user = session.get('rhodecode_user', False)
         if not user:
             return False
         self.user_perms = user.permissions
         self.granted_for = user.username
         log.debug('checking %s %s', self.__class__.__name__, self.required_perms)
         log.debug('checking %s %s %s', self.__class__.__name__,
                   self.required_perms, user)
         if self.check_permissions():
             log.debug('Permission granted for %s @%s', self.granted_for,
                       check_Location)
             log.debug('Permission granted for %s @ %s %s', self.granted_for,
                       check_Location, user)
             return True
         else:
             log.warning('Permission denied for %s @%s', self.granted_for,
                         check_Location)
             log.warning('Permission denied for %s @ %s %s', self.granted_for,
                         check_Location, user)
             return False
     def check_permissions(self):
         """Dummy function for overriding"""
         raise Exception('You have to write this function in child class')

rhodecode/lib/db_manage.py

➞

Show inline comments

@@ @@ -224,15 +224,15 @@ class DbManage(object): @@
     def create_default_user(self):
         log.info('creating default user')
         #create default user for handling default permissions.
         def_user = User()
         def_user.username = 'default'
         def_user.password = get_crypt_password(str(uuid.uuid1())[:8])
         def_user.name = 'default'
         def_user.lastname = 'default'
         def_user.email = 'default@default.com'
         def_user.name = 'Anonymous'
         def_user.lastname = 'User'
         def_user.email = 'anonymous@rhodecode.org'
         def_user.admin = False
         def_user.active = False
         try:
             self.sa.add(def_user)
             self.sa.commit()
         except:

rhodecode/model/forms.py

➞

Show inline comments

@@ @@ -355,11 +355,12 @@ def ApplicationUiSettingsForm(): @@
 def DefaultPermissionsForm(perms_choices, register_choices, create_choices):
     class _DefaultPermissionsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         overwrite_default = OneOf(['true', 'false'], if_missing='false')
         anonymous = OneOf(['True', 'False'], if_missing=False)
         default_perm = OneOf(perms_choices)
         default_register = OneOf(register_choices)
         default_create = OneOf(create_choices)
     return _DefaultPermissionsForm

rhodecode/model/permission_model.py

➞

Show inline comments

@@ @@ -56,36 +56,47 @@ class PermissionModel(object): @@
     def update(self, form_result):
         perm_user = self.sa.query(User)\
                 .filter(User.username == form_result['perm_user_name']).scalar()
         u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all()
         if len(u2p) != 3:
             raise Exception('There is more than 3 defined'
             ' permissions for default user. This should not happen please verify'
             ' your database')
             raise Exception('Defined: %s should be 3  permissions for default'
                             ' user. This should not happen please verify'
                             ' your database' % len(u2p))
         try:
             #stage 1 change defaults
             for p in u2p:
                 if p.permission.permission_name.startswith('repository.'):
                     p.permission = self.get_permission_by_name(form_result['default_perm'])
                     p.permission = self.get_permission_by_name(
                                        form_result['default_perm'])
                     self.sa.add(p)
                 if p.permission.permission_name.startswith('hg.register.'):
                     p.permission = self.get_permission_by_name(form_result['default_register'])
                     p.permission = self.get_permission_by_name(
                                        form_result['default_register'])
                     self.sa.add(p)
                 if p.permission.permission_name.startswith('hg.create.'):
                     p.permission = self.get_permission_by_name(form_result['default_create'])
                     p.permission = self.get_permission_by_name(
                                         form_result['default_create'])
                     self.sa.add(p)
             #stage 2 update all default permissions for repos if checked
             if form_result['overwrite_default'] == 'true':
                 for r2p in self.sa.query(RepoToPerm).filter(RepoToPerm.user == perm_user).all():
                     r2p.permission = self.get_permission_by_name(form_result['default_perm'])
                 for r2p in self.sa.query(RepoToPerm)\
                                .filter(RepoToPerm.user == perm_user).all():
                     r2p.permission = self.get_permission_by_name(
                                          form_result['default_perm'])
                     self.sa.add(r2p)
             #stage 3 set anonymous access
             if perm_user.username == 'default':
                 perm_user.active = bool(form_result['anonymous'])
                 self.sa.add(perm_user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise

rhodecode/model/user.py

➞

Show inline comments

@@ @@ -140,6 +140,27 @@ class UserModel(object): @@
             self.sa.rollback()
             raise
     def reset_password(self, data):
         from rhodecode.lib.celerylib import tasks, run_task
         run_task(tasks.reset_user_password, data['email'])
     def fill_data(self, user):
         """
         Fills user data with those from database and log out user if not
         present in database
         :param user:
         """
         log.debug('filling auth user data')
         try:
             dbuser = self.get(user.user_id)
             user.username = dbuser.username
             user.is_admin = dbuser.admin
             user.name = dbuser.name
             user.lastname = dbuser.lastname
             user.email = dbuser.email
         except:
             log.error(traceback.format_exc())
             user.is_authenticated = False
         return user

rhodecode/public/css/style.css

➞

Show inline comments

@@ @@ -2093,13 +2093,13 @@ border:1px solid #666; @@
+}
 #content div.box div.form div.fields div.field div.checkboxes div.checkbox,#content div.box div.form div.fields div.field div.radios div.radio {
 clear:both;
 overflow:hidden;
 margin:0;
-padding:2px 0;
+padding:2px 2px;
+}
 #content div.box div.form div.fields div.field div.checkboxes div.checkbox input,#content div.box div.form div.fields div.field div.radios div.radio input {
 float:left;
 margin:0;
+}

rhodecode/templates/admin/permissions/permissions.html

➞

Show inline comments

@@ @@ -23,13 +23,22 @@ @@
     </div>
     <h3>${_('Default permissions')}</h3>
     ${h.form(url('permission', id='default'),method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
             <div class="field">
                 <div class="label label-checkbox">
                     <label for="anonymous">${_('Anonymous access')}:</label>
                 </div>
                 <div class="checkboxes">
                     <div class="checkbox">
                         ${h.checkbox('anonymous',True)}
                     </div>
                 </div>
             </div>
 			<div class="field">
 				<div class="label">
 					<label for="default_perm">${_('Repository permission')}:</label>
 				</div>
 				<div class="select">
 					${h.select('default_perm','',c.perms_choices)}

rhodecode/templates/base/base.html

➞

Show inline comments

@@ @@ -17,18 +17,28 @@ @@
         <!-- user -->
         <ul id="logged-user">
             <li class="first">
 	            <div class="gravatar">
 	            	<img alt="gravatar" src="${h.gravatar_url(c.rhodecode_user.email,24)}" />
 	            </div>
 	        %if c.rhodecode_user.username == 'default':
                 <div class="account">
                     ${h.link_to('%s %s'%(c.rhodecode_user.name,c.rhodecode_user.lastname),h.url('#'))}<br/>
                     ${h.link_to(c.rhodecode_user.username,h.url('#'))}
                 </div>
             </li>
             <li class="last highlight">${h.link_to(u'Login',h.url('login_home'))}</li>
 	        %else:
 	            <div class="account">
 	            	${h.link_to('%s %s'%(c.rhodecode_user.name,c.rhodecode_user.lastname),h.url('admin_settings_my_account'))}<br/>
 	            	${h.link_to(c.rhodecode_user.username,h.url('admin_settings_my_account'))}
 	            </div>
             </li>
             <li class="last highlight">${h.link_to(u'Logout',h.url('logout_home'))}</li>
             %endif
         </ul>
         <!-- end user -->
         <div id="header-inner" class="title top-left-rounded-corner top-right-rounded-corner">
             <!-- logo -->
             <div id="logo">
                 <h1><a href="${h.url('home')}">${c.rhodecode_name}</a></h1>

0 comments (0 inline, 0 general)