kallithea Changeset - dd532af216d9

Changeset - dd532af216d9

Parent rev.

Child rev.

[Not reviewed]

beta

0 12 0

Marcin Kuzminski - 15 years ago 2010-11-11 01:05:43
marcin@python-works.com

#49 Enabled anonymous access for web interface controllable from permissions pannel

12 files changed with 113 insertions and 64 deletions:

rhodecode/controllers/admin/permissions.py

rhodecode/controllers/admin/settings.py

rhodecode/controllers/admin/users.py

rhodecode/controllers/login.py

rhodecode/lib/auth.py

rhodecode/lib/db_manage.py

rhodecode/model/forms.py

rhodecode/model/permission_model.py

rhodecode/model/user.py

rhodecode/public/css/style.css

rhodecode/templates/admin/permissions/permissions.html

rhodecode/templates/base/base.html

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/permissions.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # permissions controller for pylons
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 27, 2010
 permissions controller for pylons
 @author: marcink
 """
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
 from rhodecode.lib.base import BaseController, render
 from rhodecode.model.forms import UserForm, DefaultPermissionsForm
 from rhodecode.model.permission_model import PermissionModel
 from rhodecode.model.user import UserModel
 import formencode
 import logging
 import traceback
 log = logging.getLogger(__name__)
 class PermissionsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('permission', 'permissions')
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(PermissionsController, self).__before__()
         self.perms_choices = [('repository.none', _('None'),),
                               ('repository.read', _('Read'),),
                               ('repository.write', _('Write'),),
                               ('repository.admin', _('Admin'),)]
         self.register_choices = [
             ('hg.register.none', 'disabled'),
             ('hg.register.none',
                 _('disabled')),
             ('hg.register.manual_activate',
                             _('allowed with manual account activation')),
             ('hg.register.auto_activate',
                             _('allowed with automatic account activation')), ]
         self.create_choices = [('hg.create.none', _('Disabled')),
                                ('hg.create.repository', _('Enabled'))]
     def index(self, format='html'):
         """GET /permissions: All items in the collection"""
         # url('permissions')
     def create(self):
         """POST /permissions: Create a new item"""
         # url('permissions')
     def new(self, format='html'):
         """GET /permissions/new: Form to create a new item"""
         # url('new_permission')
     def update(self, id):
         """PUT /permissions/id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('permission', id=ID),
         #           method='put')
         # url('permission', id=ID)
         permission_model = PermissionModel()
         _form = DefaultPermissionsForm([x[0] for x in self.perms_choices],
                                        [x[0] for x in self.register_choices],
                                        [x[0] for x in self.create_choices])()
         try:
             form_result = _form.to_python(dict(request.POST))
             form_result.update({'perm_user_name':id})
             permission_model.update(form_result)
             h.flash(_('Default permissions updated succesfully'),
                     category='success')
         except formencode.Invalid, errors:
             c.perms_choices = self.perms_choices
             c.register_choices = self.register_choices
             c.create_choices = self.create_choices
             return htmlfill.render(
                 render('admin/permissions/permissions.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occured during update of permissions'),
                     category='error')
         return redirect(url('edit_permission', id=id))
     def delete(self, id):
         """DELETE /permissions/id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('permission', id=ID),
         #           method='delete')
         # url('permission', id=ID)
     def show(self, id, format='html'):
         """GET /permissions/id: Show a specific item"""
         # url('permission', id=ID)
     def edit(self, id, format='html'):
         """GET /permissions/id/edit: Form to edit an existing item"""
         #url('edit_permission', id=ID)
         c.perms_choices = self.perms_choices
         c.register_choices = self.register_choices
         c.create_choices = self.create_choices
         if id == 'default':
             defaults = {'_method':'put'}
             for p in UserModel().get_by_username('default').user_perms:
             default_user = UserModel().get_by_username('default')
             defaults = {'_method':'put',
                         'anonymous':default_user.active}
             for p in default_user.user_perms:
                 if p.permission.permission_name.startswith('repository.'):
                     defaults['default_perm'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('hg.register.'):
                     defaults['default_register'] = p.permission.permission_name
                 if p.permission.permission_name.startswith('hg.create.'):
                     defaults['default_create'] = p.permission.permission_name
             return htmlfill.render(
                         render('admin/permissions/permissions.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=True,)
         else:
             return redirect(url('admin_home'))

rhodecode/controllers/admin/settings.py

➞

Show inline comments

@@ @@ -28,197 +28,201 @@ from pylons import request, session, tmp @@
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode.lib import helpers as h
 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
     HasPermissionAnyDecorator
 from rhodecode.lib.base import BaseController, render
 from rhodecode.lib.utils import repo2db_mapper, invalidate_cache, \
     set_rhodecode_config, get_hg_settings, get_hg_ui_settings
 from rhodecode.model.db import RhodeCodeSettings, RhodeCodeUi, Repository
 from rhodecode.model.forms import UserForm, ApplicationSettingsForm, \
     ApplicationUiSettingsForm
 from rhodecode.model.hg import HgModel
 from rhodecode.model.user import UserModel
 from rhodecode.lib.celerylib import tasks, run_task
 from sqlalchemy import func
 import formencode
 import logging
 import traceback
 log = logging.getLogger(__name__)
 class SettingsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('setting', 'settings', controller='admin/settings',
     #         path_prefix='/admin', name_prefix='admin_')
     @LoginRequired()
     def __before__(self):
         c.admin_user = session.get('admin_user')
         c.admin_username = session.get('admin_username')
         super(SettingsController, self).__before__()
     @HasPermissionAllDecorator('hg.admin')
     def index(self, format='html'):
         """GET /admin/settings: All items in the collection"""
         # url('admin_settings')
         defaults = get_hg_settings()
         defaults.update(get_hg_ui_settings())
         return htmlfill.render(
             render('admin/settings/settings.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )
     @HasPermissionAllDecorator('hg.admin')
     def create(self):
         """POST /admin/settings: Create a new item"""
         # url('admin_settings')
     @HasPermissionAllDecorator('hg.admin')
     def new(self, format='html'):
         """GET /admin/settings/new: Form to create a new item"""
         # url('admin_new_setting')
     @HasPermissionAllDecorator('hg.admin')
     def update(self, setting_id):
         """PUT /admin/settings/setting_id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('admin_setting', setting_id=ID),
         #           method='put')
         # url('admin_setting', setting_id=ID)
         if setting_id == 'mapping':
             rm_obsolete = request.POST.get('destroy', False)
             log.debug('Rescanning directories with destroy=%s', rm_obsolete)
             initial = HgModel().repo_scan(g.paths[0][1], g.baseui)
             for repo_name in initial.keys():
                 invalidate_cache('get_repo_cached_%s' % repo_name)
             repo2db_mapper(initial, rm_obsolete)
             h.flash(_('Repositories successfully rescanned'), category='success')
         if setting_id == 'whoosh':
             repo_location = get_hg_ui_settings()['paths_root_path']
             full_index = request.POST.get('full_index', False)
             task = run_task(tasks.whoosh_index, repo_location, full_index)
             h.flash(_('Whoosh reindex task scheduled'), category='success')
         if setting_id == 'global':
             application_form = ApplicationSettingsForm()()
             try:
                 form_result = application_form.to_python(dict(request.POST))
                 try:
                     hgsettings1 = self.sa.query(RhodeCodeSettings)\
                     .filter(RhodeCodeSettings.app_settings_name == 'title').one()
                         .filter(RhodeCodeSettings.app_settings_name \
                                 == 'title').one()
                     hgsettings1.app_settings_value = form_result['rhodecode_title']
                     hgsettings2 = self.sa.query(RhodeCodeSettings)\
                     .filter(RhodeCodeSettings.app_settings_name == 'realm').one()
                         .filter(RhodeCodeSettings.app_settings_name \
                                 == 'realm').one()
                     hgsettings2.app_settings_value = form_result['rhodecode_realm']
                     self.sa.add(hgsettings1)
                     self.sa.add(hgsettings2)
                     self.sa.commit()
                     set_rhodecode_config(config)
                     h.flash(_('Updated application settings'),
                             category='success')
                 except:
                     log.error(traceback.format_exc())
                     h.flash(_('error occurred during updating application settings'),
                             category='error')
                     self.sa.rollback()
             except formencode.Invalid, errors:
                 return htmlfill.render(
                      render('admin/settings/settings.html'),
                      defaults=errors.value,
                      errors=errors.error_dict or {},
                      prefix_error=False,
                      encoding="UTF-8")
         if setting_id == 'mercurial':
             application_form = ApplicationUiSettingsForm()()
             try:
                 form_result = application_form.to_python(dict(request.POST))
                 try:
                     hgsettings1 = self.sa.query(RhodeCodeUi)\
                     .filter(RhodeCodeUi.ui_key == 'push_ssl').one()
                     hgsettings1.ui_value = form_result['web_push_ssl']
                     hgsettings2 = self.sa.query(RhodeCodeUi)\
                     .filter(RhodeCodeUi.ui_key == '/').one()
                     hgsettings2.ui_value = form_result['paths_root_path']
                     #HOOKS
                     hgsettings3 = self.sa.query(RhodeCodeUi)\
                     .filter(RhodeCodeUi.ui_key == 'changegroup.update').one()
                     hgsettings3.ui_active = bool(form_result['hooks_changegroup_update'])
                     hgsettings4 = self.sa.query(RhodeCodeUi)\
                     .filter(RhodeCodeUi.ui_key == 'changegroup.repo_size').one()
                     hgsettings4.ui_active = bool(form_result['hooks_changegroup_repo_size'])
                     hgsettings5 = self.sa.query(RhodeCodeUi)\
                     .filter(RhodeCodeUi.ui_key == 'pretxnchangegroup.push_logger').one()
                     hgsettings5.ui_active = bool(form_result['hooks_pretxnchangegroup_push_logger'])
                     hgsettings6 = self.sa.query(RhodeCodeUi)\
                     .filter(RhodeCodeUi.ui_key == 'preoutgoing.pull_logger').one()
                     hgsettings6.ui_active = bool(form_result['hooks_preoutgoing_pull_logger'])
                     self.sa.add(hgsettings1)
                     self.sa.add(hgsettings2)
                     self.sa.add(hgsettings3)
                     self.sa.add(hgsettings4)
                     self.sa.add(hgsettings5)
                     self.sa.add(hgsettings6)
                     self.sa.commit()
                     h.flash(_('Updated mercurial settings'),
                             category='success')
                 except:
                     log.error(traceback.format_exc())
                     h.flash(_('error occurred during updating application settings'),
                             category='error')
                     self.sa.rollback()
             except formencode.Invalid, errors:
                 return htmlfill.render(
                      render('admin/settings/settings.html'),
                      defaults=errors.value,
                      errors=errors.error_dict or {},
                      prefix_error=False,
                      encoding="UTF-8")
         return redirect(url('admin_settings'))
     @HasPermissionAllDecorator('hg.admin')
     def delete(self, setting_id):
         """DELETE /admin/settings/setting_id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />

rhodecode/controllers/admin/users.py

➞

Show inline comments

@@ @@ -62,107 +62,106 @@ class UsersController(BaseController): @@
         return render('admin/users/users.html')
     def create(self):
         """POST /users: Create a new item"""
         # url('users')
         user_model = UserModel()
         login_form = UserForm()()
         try:
             form_result = login_form.to_python(dict(request.POST))
             user_model.create(form_result)
             h.flash(_('created user %s') % form_result['username'],
                     category='success')
             #action_logger(self.rhodecode_user, 'new_user', '', '', self.sa)
         except formencode.Invalid, errors:
             return htmlfill.render(
                 render('admin/users/user_add.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occured during creation of user %s') \
                     % request.POST.get('username'), category='error')
         return redirect(url('users'))
     def new(self, format='html'):
         """GET /users/new: Form to create a new item"""
         # url('new_user')
         return render('admin/users/user_add.html')
     def update(self, id):
         """PUT /users/id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('user', id=ID),
         #           method='put')
         # url('user', id=ID)
         user_model = UserModel()
         c.user = user_model.get(id)
         _form = UserForm(edit=True, old_data={'user_id':id,
                                               'email':c.user.email})()
         form_result = {}
         try:
             form_result = _form.to_python(dict(request.POST))
             user_model.update(id, form_result)
             h.flash(_('User updated succesfully'), category='success')
         except formencode.Invalid, errors:
             return htmlfill.render(
                 render('admin/users/user_edit.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occured during update of user %s') \
                     % form_result.get('username'), category='error')
         return redirect(url('users'))
     def delete(self, id):
         """DELETE /users/id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('user', id=ID),
         #           method='delete')
         # url('user', id=ID)
         user_model = UserModel()
         try:
             user_model.delete(id)
             h.flash(_('sucessfully deleted user'), category='success')
         except DefaultUserException, e:
             h.flash(str(e), category='warning')
         except Exception:
             h.flash(_('An error occured during deletion of user'),
                     category='error')
         return redirect(url('users'))
     def show(self, id, format='html'):
         """GET /users/id: Show a specific item"""
         # url('user', id=ID)
     def edit(self, id, format='html'):
         """GET /users/id/edit: Form to edit an existing item"""
         # url('edit_user', id=ID)
         c.user = self.sa.query(User).get(id)
         if not c.user:
             return redirect(url('users'))
         if c.user.username == 'default':
             h.flash(_("You can't edit this user since it's"
               " crucial for entire application"), category='warning')
             h.flash(_("You can't edit this user"), category='warning')
             return redirect(url('users'))
         defaults = c.user.__dict__
         return htmlfill.render(
             render('admin/users/user_edit.html'),
             defaults=defaults,
             encoding="UTF-8",
             force_defaults=False
+        )

rhodecode/controllers/login.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # login controller for pylons
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 22, 2010
 login controller for pylons
 @author: marcink
 """
 from formencode import htmlfill
 from pylons import request, response, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from rhodecode.lib.auth import AuthUser, HasPermissionAnyDecorator
 from rhodecode.lib.base import BaseController, render
 import rhodecode.lib.helpers as h
 from pylons.i18n.translation import _
 from rhodecode.model.forms import LoginForm, RegisterForm, PasswordResetForm
 from rhodecode.model.user import UserModel
 import formencode
 import logging
 log = logging.getLogger(__name__)
 class LoginController(BaseController):
     def __before__(self):
         super(LoginController, self).__before__()
     def index(self):
         #redirect if already logged in
         c.came_from = request.GET.get('came_from', None)
         if c.rhodecode_user.is_authenticated:
         if c.rhodecode_user.is_authenticated \
                             and c.rhodecode_user.username != 'default':
             return redirect(url('home'))
         if request.POST:
             #import Login Form validator class
             login_form = LoginForm()
             try:
                 c.form_result = login_form.to_python(dict(request.POST))
                 username = c.form_result['username']
                 user = UserModel().get_by_username(username)
                 auth_user = AuthUser()
                 auth_user.username = user.username
                 auth_user.is_authenticated = True
                 auth_user.is_admin = user.admin
                 auth_user.user_id = user.user_id
                 auth_user.name = user.name
                 auth_user.lastname = user.lastname
                 session['rhodecode_user'] = auth_user
                 session.save()
                 log.info('user %s is now authenticated', username)
                 user.update_lastlogin()
                 if c.came_from:
                     return redirect(c.came_from)
                 else:
                     return redirect(url('home'))
             except formencode.Invalid, errors:
                 return htmlfill.render(
                     render('/login.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8")
         return render('/login.html')
     @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',
                                'hg.register.manual_activate')
     def register(self):
         user_model = UserModel()
         c.auto_active = False
         for perm in user_model.get_by_username('default', cache=False).user_perms:
             if perm.permission.permission_name == 'hg.register.auto_activate':
                 c.auto_active = True
                 break
         if request.POST:
             register_form = RegisterForm()()
             try:
                 form_result = register_form.to_python(dict(request.POST))
                 form_result['active'] = c.auto_active
                 user_model.create_registration(form_result)
                 h.flash(_('You have successfully registered into rhodecode'),
                             category='success')
                 return redirect(url('login_home'))
             except formencode.Invalid, errors:
                 return htmlfill.render(
                     render('/register.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8")
         return render('/register.html')
     def password_reset(self):
         user_model = UserModel()
         if request.POST:
             password_reset_form = PasswordResetForm()()
             try:
                 form_result = password_reset_form.to_python(dict(request.POST))
                 user_model.reset_password(form_result)
                 h.flash(_('Your new password was sent'),
                             category='success')
                 return redirect(url('login_home'))
             except formencode.Invalid, errors:
                 return htmlfill.render(
                     render('/password_reset.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8")
         return render('/password_reset.html')
     def logout(self):
         session['rhodecode_user'] = AuthUser()
         session.save()
         log.info('Logging out and setting user as Empty')
         redirect(url('home'))

rhodecode/lib/auth.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # authentication and permission libraries
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 4, 2010
 @author: marcink
 """
 from pylons import config, session, url, request
 from pylons.controllers.util import abort, redirect
 from rhodecode.lib.utils import get_repo_slug
 from rhodecode.model import meta
 from rhodecode.model.user import UserModel
 from rhodecode.model.caching_query import FromCache
 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
     UserToPerm
 import bcrypt
 from decorator import decorator
 import logging
 import random
 log = logging.getLogger(__name__)
 class PasswordGenerator(object):
     """This is a simple class for generating password from
         different sets of characters
         usage:
         passwd_gen = PasswordGenerator()
         #print 8-letter password containing only big and small letters of alphabet
         print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
     """
     ALPHABETS_NUM = r'''1234567890'''#[0]
     ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1]
     ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2]
     ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''    #[3]
     ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4]
     ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5]
     ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
     ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6]
     ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7]
     def __init__(self, passwd=''):
         self.passwd = passwd
     def gen_password(self, len, type):
         self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
         return self.passwd
 def get_crypt_password(password):
     """Cryptographic function used for password hashing based on sha1
     :param password: password to hash
     """
     return bcrypt.hashpw(password, bcrypt.gensalt(10))
 def check_password(password, hashed):
     return bcrypt.hashpw(password, hashed) == hashed
 def authfunc(environ, username, password):
     from rhodecode.model.user import UserModel
     user = UserModel().get_by_username(username, cache=False)
     if user:
         if user.active:
             if user.username == username and check_password(password, user.password):
                 log.info('user %s authenticated correctly', username)
                 return True
         else:
             log.error('user %s is disabled', username)
     return False
 class  AuthUser(object):
     """
     A simple object that handles a mercurial username for authentication
     """
     def __init__(self):
         self.username = 'None'
         self.name = ''
         self.lastname = ''
         self.email = ''
         self.user_id = None
         self.is_authenticated = False
         self.is_admin = False
         self.permissions = {}
     def __repr__(self):
         return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username)
 def set_available_permissions(config):
     """
     This function will propagate pylons globals with all available defined
     permission given in db. We don't wannt to check each time from db for new
     permissions since adding a new permission also requires application restart
     ie. to decorate new views with the newly created permission
     :param config:
     """
     log.info('getting information about all available permissions')
     try:
         sa = meta.Session()
         all_perms = sa.query(Permission).all()
     except:
         pass
     finally:
         meta.Session.remove()
     config['available_permissions'] = [x.permission_name for x in all_perms]
 def set_base_path(config):
     config['base_path'] = config['pylons.app_globals'].base_path
 def fill_data(user):
     """
     Fills user data with those from database and log out user if not present
     in database
     :param user:
     """
     sa = meta.Session()
     try:
         dbuser = sa.query(User)\
         .options(FromCache('sql_cache_short', 'getuser_%s' % user.user_id))\
         .get(user.user_id)
     except:
         pass
     finally:
         meta.Session.remove()
     if dbuser:
         user.username = dbuser.username
         user.is_admin = dbuser.admin
         user.name = dbuser.name
         user.lastname = dbuser.lastname
         user.email = dbuser.email
     else:
         user.is_authenticated = False
     return user
 def fill_perms(user):
     """
     Fills user permission attribute with permissions taken from database
     :param user:
     """
     sa = meta.Session()
     user.permissions['repositories'] = {}
     user.permissions['global'] = set()
     #===========================================================================
     # fetch default permissions
     #===========================================================================
     default_user = sa.query(User)\
         .options(FromCache('sql_cache_short', 'getuser_%s' % 'default'))\
         .filter(User.username == 'default').scalar()
     default_user = UserModel(sa).get_by_username('default', cache=True)
     default_perms = sa.query(RepoToPerm, Repository, Permission)\
         .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
         .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
         .filter(RepoToPerm.user == default_user).all()
     if user.is_admin:
         #=======================================================================
         # #admin have all default rights set to admin
         #=======================================================================
         user.permissions['global'].add('hg.admin')
         for perm in default_perms:
             p = 'repository.admin'
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
     else:
         #=======================================================================
         # set default permissions
         #=======================================================================
         #default global
         default_global_perms = sa.query(UserToPerm)\
             .filter(UserToPerm.user == sa.query(User).filter(User.username ==
             'default').one())
         for perm in default_global_perms:
             user.permissions['global'].add(perm.permission.permission_name)
         #default repositories
         for perm in default_perms:
             if perm.Repository.private and not perm.Repository.user_id == user.user_id:
                 #disable defaults for private repos,
                 p = 'repository.none'
             elif perm.Repository.user_id == user.user_id:
                 #set admin if owner
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
         #=======================================================================
         # #overwrite default with user permissions if any
         #=======================================================================
         user_perms = sa.query(RepoToPerm, Permission, Repository)\
             .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
             .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
             .filter(RepoToPerm.user_id == user.user_id).all()
         for perm in user_perms:
             if perm.Repository.user_id == user.user_id:#set admin if owner
                 p = 'repository.admin'
             else:
                 p = perm.Permission.permission_name
             user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
     meta.Session.remove()
     return user
 def get_user(session):
     """
     Gets user from session, and wraps permissions into user
     :param session:
     """
     user = session.get('rhodecode_user', AuthUser())
     #if the user is not logged in we check for anonymous access
     #if user is logged and it's a default user check if we still have anonymous
     #access enabled
     if user.user_id is None or user.username == 'default':
         anonymous_user = UserModel().get_by_username('default', cache=True)
         if anonymous_user.active is True:
             #then we set this user is logged in
             user.is_authenticated = True
         else:
             user.is_authenticated = False
     if user.is_authenticated:
         user = fill_data(user)
         user = UserModel().fill_data(user)
     user = fill_perms(user)
     session['rhodecode_user'] = user
     session.save()
     return user
 #===============================================================================
 # CHECK DECORATORS
 #===============================================================================
 class LoginRequired(object):
     """Must be logged in to execute this function else redirect to login page"""
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
         user = session.get('rhodecode_user', AuthUser())
         log.debug('Checking login required for user:%s', user.username)
         if user.is_authenticated:
             log.debug('user %s is authenticated', user.username)
             return func(*fargs, **fkwargs)
         else:
             log.warn('user %s not authenticated', user.username)
             p = ''
             if request.environ.get('SCRIPT_NAME') != '/':
                 p += request.environ.get('SCRIPT_NAME')
             p += request.environ.get('PATH_INFO')
             if request.environ.get('QUERY_STRING'):
                 p += '?' + request.environ.get('QUERY_STRING')
             log.debug('redirecting to login page with %s', p)
             return redirect(url('login_home', came_from=p))
 class PermsDecorator(object):
     """Base class for decorators"""
     def __init__(self, *required_perms):
         available_perms = config['available_permissions']
         for perm in required_perms:
             if perm not in available_perms:
                 raise Exception("'%s' permission is not defined" % perm)
         self.required_perms = set(required_perms)
         self.user_perms = None
     def __call__(self, func):
         return decorator(self.__wrapper, func)
     def __wrapper(self, func, *fargs, **fkwargs):
 #        _wrapper.__name__ = func.__name__
 #        _wrapper.__dict__.update(func.__dict__)
 #        _wrapper.__doc__ = func.__doc__
         self.user_perms = session.get('rhodecode_user', AuthUser()).permissions
         log.debug('checking %s permissions %s for %s',
            self.__class__.__name__, self.required_perms, func.__name__)
         self.user = session.get('rhodecode_user', AuthUser())
         self.user_perms = self.user.permissions
         log.debug('checking %s permissions %s for %s %s',
            self.__class__.__name__, self.required_perms, func.__name__,
                self.user)
         if self.check_permissions():
             log.debug('Permission granted for %s', func.__name__)
+            log.debug('Permission granted for %s %s', func.__name__, self.user)
             return func(*fargs, **fkwargs)
         else:
             log.warning('Permission denied for %s', func.__name__)
+            log.warning('Permission denied for %s %s', func.__name__, self.user)
             #redirect with forbidden ret code
             return abort(403)
     def check_permissions(self):
         """Dummy function for overriding"""
         raise Exception('You have to write this function in child class')
 class HasPermissionAllDecorator(PermsDecorator):
     """Checks for access permission for all given predicates. All of them
     have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         if self.required_perms.issubset(self.user_perms.get('global')):
             return True
         return False
 class HasPermissionAnyDecorator(PermsDecorator):
     """Checks for access permission for any of given predicates. In order to
     fulfill the request any of predicates must be meet
     """
     def check_permissions(self):
         if self.required_perms.intersection(self.user_perms.get('global')):
             return True
         return False
 class HasRepoPermissionAllDecorator(PermsDecorator):
     """Checks for access permission for all given predicates for specific
     repository. All of them have to be meet in order to fulfill the request
     """
     def check_permissions(self):
         repo_name = get_repo_slug(request)
         try:
             user_perms = set([self.user_perms['repositories'][repo_name]])
         except KeyError:
             return False
         if self.required_perms.issubset(user_perms):
             return True
         return False
 class HasRepoPermissionAnyDecorator(PermsDecorator):
     """Checks for access permission for any of given predicates for specific
     repository. In order to fulfill the request any of predicates must be meet
     """
     def check_permissions(self):
         repo_name = get_repo_slug(request)
         try:
             user_perms = set([self.user_perms['repositories'][repo_name]])
         except KeyError:
             return False
         if self.required_perms.intersection(user_perms):
             return True
         return False
 #===============================================================================
 # CHECK FUNCTIONS
 #===============================================================================
 class PermsFunction(object):
     """Base function for other check functions"""
     def __init__(self, *perms):
         available_perms = config['available_permissions']
         for perm in perms:
             if perm not in available_perms:
                 raise Exception("'%s' permission in not defined" % perm)
         self.required_perms = set(perms)
         self.user_perms = None
         self.granted_for = ''
         self.repo_name = None
     def __call__(self, check_Location=''):
         user = session.get('rhodecode_user', False)
         if not user:
             return False
         self.user_perms = user.permissions
         self.granted_for = user.username
         log.debug('checking %s %s', self.__class__.__name__, self.required_perms)
         log.debug('checking %s %s %s', self.__class__.__name__,
                   self.required_perms, user)
         if self.check_permissions():
             log.debug('Permission granted for %s @%s', self.granted_for,
                       check_Location)
             log.debug('Permission granted for %s @ %s %s', self.granted_for,
                       check_Location, user)
             return True
         else:
             log.warning('Permission denied for %s @%s', self.granted_for,
                         check_Location)
             log.warning('Permission denied for %s @ %s %s', self.granted_for,
                         check_Location, user)
             return False
     def check_permissions(self):
         """Dummy function for overriding"""
         raise Exception('You have to write this function in child class')
 class HasPermissionAll(PermsFunction):
     def check_permissions(self):
         if self.required_perms.issubset(self.user_perms.get('global')):
             return True
         return False
 class HasPermissionAny(PermsFunction):
     def check_permissions(self):
         if self.required_perms.intersection(self.user_perms.get('global')):
             return True
         return False
 class HasRepoPermissionAll(PermsFunction):
     def __call__(self, repo_name=None, check_Location=''):
         self.repo_name = repo_name
         return super(HasRepoPermissionAll, self).__call__(check_Location)
     def check_permissions(self):
         if not self.repo_name:
             self.repo_name = get_repo_slug(request)
         try:
             self.user_perms = set([self.user_perms['repositories']\
                                    [self.repo_name]])
         except KeyError:
             return False
         self.granted_for = self.repo_name
         if self.required_perms.issubset(self.user_perms):
             return True
         return False
 class HasRepoPermissionAny(PermsFunction):
     def __call__(self, repo_name=None, check_Location=''):
         self.repo_name = repo_name
         return super(HasRepoPermissionAny, self).__call__(check_Location)
     def check_permissions(self):
         if not self.repo_name:
             self.repo_name = get_repo_slug(request)
         try:
             self.user_perms = set([self.user_perms['repositories']\
                                    [self.repo_name]])
         except KeyError:
             return False
         self.granted_for = self.repo_name
         if self.required_perms.intersection(self.user_perms):
             return True
         return False
 #===============================================================================
 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
 #===============================================================================
 class HasPermissionAnyMiddleware(object):
     def __init__(self, *perms):
         self.required_perms = set(perms)
     def __call__(self, user, repo_name):
         usr = AuthUser()
         usr.user_id = user.user_id
         usr.username = user.username
         usr.is_admin = user.admin
         try:
             self.user_perms = set([fill_perms(usr)\
                                    .permissions['repositories'][repo_name]])
         except:
             self.user_perms = set()
         self.granted_for = ''
         self.username = user.username
         self.repo_name = repo_name
         return self.check_permissions()
     def check_permissions(self):
         log.debug('checking mercurial protocol '
                   'permissions for user:%s repository:%s',
                                                 self.username, self.repo_name)
         if self.required_perms.intersection(self.user_perms):
             log.debug('permission granted')
             return True
         log.debug('permission denied')
         return False

rhodecode/lib/db_manage.py

➞

Show inline comments

@@ @@ -134,167 +134,167 @@ class DbManage(object): @@
         hooks1.ui_value = 'hg update >&2'
         hooks1.ui_active = False
         hooks2 = RhodeCodeUi()
         hooks2.ui_section = 'hooks'
         hooks2.ui_key = 'changegroup.repo_size'
         hooks2.ui_value = 'python:rhodecode.lib.hooks.repo_size'
         hooks3 = RhodeCodeUi()
         hooks3.ui_section = 'hooks'
         hooks3.ui_key = 'pretxnchangegroup.push_logger'
         hooks3.ui_value = 'python:rhodecode.lib.hooks.log_push_action'
         hooks4 = RhodeCodeUi()
         hooks4.ui_section = 'hooks'
         hooks4.ui_key = 'preoutgoing.pull_logger'
         hooks4.ui_value = 'python:rhodecode.lib.hooks.log_pull_action'
         web1 = RhodeCodeUi()
         web1.ui_section = 'web'
         web1.ui_key = 'push_ssl'
         web1.ui_value = 'false'
         web2 = RhodeCodeUi()
         web2.ui_section = 'web'
         web2.ui_key = 'allow_archive'
         web2.ui_value = 'gz zip bz2'
         web3 = RhodeCodeUi()
         web3.ui_section = 'web'
         web3.ui_key = 'allow_push'
         web3.ui_value = '*'
         web4 = RhodeCodeUi()
         web4.ui_section = 'web'
         web4.ui_key = 'baseurl'
         web4.ui_value = '/'
         paths = RhodeCodeUi()
         paths.ui_section = 'paths'
         paths.ui_key = '/'
         paths.ui_value = path
         hgsettings1 = RhodeCodeSettings()
         hgsettings1.app_settings_name = 'realm'
         hgsettings1.app_settings_value = 'RhodeCode authentication'
         hgsettings2 = RhodeCodeSettings()
         hgsettings2.app_settings_name = 'title'
         hgsettings2.app_settings_value = 'RhodeCode'
         try:
             self.sa.add(hooks1)
             self.sa.add(hooks2)
             self.sa.add(hooks3)
             self.sa.add(hooks4)
             self.sa.add(web1)
             self.sa.add(web2)
             self.sa.add(web3)
             self.sa.add(web4)
             self.sa.add(paths)
             self.sa.add(hgsettings1)
             self.sa.add(hgsettings2)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
         log.info('created ui config')
     def create_user(self, username, password, email='', admin=False):
         log.info('creating administrator user %s', username)
         new_user = User()
         new_user.username = username
         new_user.password = get_crypt_password(password)
         new_user.name = 'RhodeCode'
         new_user.lastname = 'Admin'
         new_user.email = email
         new_user.admin = admin
         new_user.active = True
         try:
             self.sa.add(new_user)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
     def create_default_user(self):
         log.info('creating default user')
         #create default user for handling default permissions.
         def_user = User()
         def_user.username = 'default'
         def_user.password = get_crypt_password(str(uuid.uuid1())[:8])
         def_user.name = 'default'
         def_user.lastname = 'default'
         def_user.email = 'default@default.com'
         def_user.name = 'Anonymous'
         def_user.lastname = 'User'
         def_user.email = 'anonymous@rhodecode.org'
         def_user.admin = False
         def_user.active = False
         try:
             self.sa.add(def_user)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise
     def create_permissions(self):
         #module.(access|create|change|delete)_[name]
         #module.(read|write|owner)
         perms = [('repository.none', 'Repository no access'),
                  ('repository.read', 'Repository read access'),
                  ('repository.write', 'Repository write access'),
                  ('repository.admin', 'Repository admin access'),
                  ('hg.admin', 'Hg Administrator'),
                  ('hg.create.repository', 'Repository create'),
                  ('hg.create.none', 'Repository creation disabled'),
                  ('hg.register.none', 'Register disabled'),
                  ('hg.register.manual_activate', 'Register new user with rhodecode without manual activation'),
                  ('hg.register.auto_activate', 'Register new user with rhodecode without auto activation'),
+                ]
         for p in perms:
             new_perm = Permission()
             new_perm.permission_name = p[0]
             new_perm.permission_longname = p[1]
             try:
                 self.sa.add(new_perm)
                 self.sa.commit()
             except:
                 self.sa.rollback()
                 raise
     def populate_default_permissions(self):
         log.info('creating default user permissions')
         default_user = self.sa.query(User)\
         .filter(User.username == 'default').scalar()
         reg_perm = UserToPerm()
         reg_perm.user = default_user
         reg_perm.permission = self.sa.query(Permission)\
         .filter(Permission.permission_name == 'hg.register.manual_activate')\
         .scalar()
         create_repo_perm = UserToPerm()
         create_repo_perm.user = default_user
         create_repo_perm.permission = self.sa.query(Permission)\
         .filter(Permission.permission_name == 'hg.create.repository')\
         .scalar()
         default_repo_perm = UserToPerm()
         default_repo_perm.user = default_user
         default_repo_perm.permission = self.sa.query(Permission)\
         .filter(Permission.permission_name == 'repository.read')\
         .scalar()
         try:
             self.sa.add(reg_perm)
             self.sa.add(create_repo_perm)
             self.sa.add(default_repo_perm)
             self.sa.commit()
         except:
             self.sa.rollback()
             raise

rhodecode/model/forms.py

➞

Show inline comments

@@ @@ -265,101 +265,102 @@ class LoginForm(formencode.Schema): @@
                                       'tooShort':_('Enter %(min)i characters or more')}
+                                )
     #chained validators have access to all data
     chained_validators = [ValidAuth]
 def UserForm(edit=False, old_data={}):
     class _UserForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         username = All(UnicodeString(strip=True, min=1, not_empty=True), ValidUsername(edit, old_data))
         if edit:
             new_password = All(UnicodeString(strip=True, min=6, not_empty=False), ValidPassword)
             admin = StringBoolean(if_missing=False)
         else:
             password = All(UnicodeString(strip=True, min=6, not_empty=True), ValidPassword)
         active = StringBoolean(if_missing=False)
         name = UnicodeString(strip=True, min=1, not_empty=True)
         lastname = UnicodeString(strip=True, min=1, not_empty=True)
         email = All(Email(not_empty=True), UniqSystemEmail(old_data))
     return _UserForm
 RegisterForm = UserForm
 def PasswordResetForm():
     class _PasswordResetForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         email = All(ValidSystemEmail(), Email(not_empty=True))
     return _PasswordResetForm
 def RepoForm(edit=False, old_data={}):
     class _RepoForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(UnicodeString(strip=True, min=1, not_empty=True), ValidRepoName(edit, old_data))
         description = UnicodeString(strip=True, min=1, not_empty=True)
         private = StringBoolean(if_missing=False)
         repo_type = OneOf(BACKENDS.keys())
         if edit:
             user = All(Int(not_empty=True), ValidRepoUser)
         chained_validators = [ValidPerms]
     return _RepoForm
 def RepoForkForm(edit=False, old_data={}):
     class _RepoForkForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         fork_name = All(UnicodeString(strip=True, min=1, not_empty=True), ValidRepoName(edit, old_data))
         description = UnicodeString(strip=True, min=1, not_empty=True)
         private = StringBoolean(if_missing=False)
         repo_type = All(ValidForkType(old_data), OneOf(BACKENDS.keys()))
     return _RepoForkForm
 def RepoSettingsForm(edit=False, old_data={}):
     class _RepoForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(UnicodeString(strip=True, min=1, not_empty=True), ValidRepoName(edit, old_data))
         description = UnicodeString(strip=True, min=1, not_empty=True)
         private = StringBoolean(if_missing=False)
         chained_validators = [ValidPerms, ValidSettings]
     return _RepoForm
 def ApplicationSettingsForm():
     class _ApplicationSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         rhodecode_title = UnicodeString(strip=True, min=1, not_empty=True)
         rhodecode_realm = UnicodeString(strip=True, min=1, not_empty=True)
     return _ApplicationSettingsForm
 def ApplicationUiSettingsForm():
     class _ApplicationUiSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         web_push_ssl = OneOf(['true', 'false'], if_missing='false')
         paths_root_path = All(ValidPath(), UnicodeString(strip=True, min=1, not_empty=True))
         hooks_changegroup_update = OneOf(['True', 'False'], if_missing=False)
         hooks_changegroup_repo_size = OneOf(['True', 'False'], if_missing=False)
         hooks_pretxnchangegroup_push_logger = OneOf(['True', 'False'], if_missing=False)
         hooks_preoutgoing_pull_logger = OneOf(['True', 'False'], if_missing=False)
     return _ApplicationUiSettingsForm
 def DefaultPermissionsForm(perms_choices, register_choices, create_choices):
     class _DefaultPermissionsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         overwrite_default = OneOf(['true', 'false'], if_missing='false')
         anonymous = OneOf(['True', 'False'], if_missing=False)
         default_perm = OneOf(perms_choices)
         default_register = OneOf(register_choices)
         default_create = OneOf(create_choices)
     return _DefaultPermissionsForm

rhodecode/model/permission_model.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # Model for permissions
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on Aug 20, 2010
 Model for permissions
 @author: marcink
 """
 from rhodecode.model.db import User, Permission, UserToPerm, RepoToPerm
 from rhodecode.model.caching_query import FromCache
 from rhodecode.model.meta import Session
 import logging
 import traceback
 log = logging.getLogger(__name__)
 class PermissionModel(object):
     def __init__(self, sa=None):
         if not sa:
             self.sa = Session()
         else:
             self.sa = sa
     def get_permission(self, permission_id, cache=False):
         perm = self.sa.query(Permission)
         if cache:
             perm = perm.options(FromCache("sql_cache_short",
                                           "get_permission_%s" % permission_id))
         return perm.get(permission_id)
     def get_permission_by_name(self, name, cache=False):
         perm = self.sa.query(Permission)\
             .filter(Permission.permission_name == name)
         if cache:
             perm = perm.options(FromCache("sql_cache_short",
                                           "get_permission_%s" % name))
         return perm.scalar()
     def update(self, form_result):
         perm_user = self.sa.query(User)\
                 .filter(User.username == form_result['perm_user_name']).scalar()
         u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all()
         if len(u2p) != 3:
             raise Exception('There is more than 3 defined'
             ' permissions for default user. This should not happen please verify'
             ' your database')
             raise Exception('Defined: %s should be 3  permissions for default'
                             ' user. This should not happen please verify'
                             ' your database' % len(u2p))
         try:
             #stage 1 change defaults
             for p in u2p:
                 if p.permission.permission_name.startswith('repository.'):
                     p.permission = self.get_permission_by_name(form_result['default_perm'])
                     p.permission = self.get_permission_by_name(
                                        form_result['default_perm'])
                     self.sa.add(p)
                 if p.permission.permission_name.startswith('hg.register.'):
                     p.permission = self.get_permission_by_name(form_result['default_register'])
                     p.permission = self.get_permission_by_name(
                                        form_result['default_register'])
                     self.sa.add(p)
                 if p.permission.permission_name.startswith('hg.create.'):
                     p.permission = self.get_permission_by_name(form_result['default_create'])
                     p.permission = self.get_permission_by_name(
                                         form_result['default_create'])
                     self.sa.add(p)
             #stage 2 update all default permissions for repos if checked
             if form_result['overwrite_default'] == 'true':
                 for r2p in self.sa.query(RepoToPerm).filter(RepoToPerm.user == perm_user).all():
                     r2p.permission = self.get_permission_by_name(form_result['default_perm'])
                 for r2p in self.sa.query(RepoToPerm)\
                                .filter(RepoToPerm.user == perm_user).all():
                     r2p.permission = self.get_permission_by_name(
                                          form_result['default_perm'])
                     self.sa.add(r2p)
             #stage 3 set anonymous access
             if perm_user.username == 'default':
                 perm_user.active = bool(form_result['anonymous'])
                 self.sa.add(perm_user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise

rhodecode/model/user.py

➞

Show inline comments

@@ @@ -50,96 +50,117 @@ class UserModel(object): @@
         return user.get(user_id)
     def get_by_username(self, username, cache=False):
         user = self.sa.query(User)\
             .filter(User.username == username)
         if cache:
             user = user.options(FromCache("sql_cache_short",
                                           "get_user_%s" % username))
         return user.scalar()
     def create(self, form_data):
         try:
             new_user = User()
             for k, v in form_data.items():
                 setattr(new_user, k, v)
             self.sa.add(new_user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def create_registration(self, form_data):
         try:
             new_user = User()
             for k, v in form_data.items():
                 if k != 'admin':
                     setattr(new_user, k, v)
             self.sa.add(new_user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def update(self, user_id, form_data):
         try:
             new_user = self.get(user_id, cache=False)
             if new_user.username == 'default':
                 raise DefaultUserException(
                                 _("You can't Edit this user since it's"
                                   " crucial for entire application"))
             for k, v in form_data.items():
                 if k == 'new_password' and v != '':
                     new_user.password = v
                 else:
                     setattr(new_user, k, v)
             self.sa.add(new_user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def update_my_account(self, user_id, form_data):
         try:
             new_user = self.get(user_id, cache=False)
             if new_user.username == 'default':
                 raise DefaultUserException(
                                 _("You can't Edit this user since it's"
                                   " crucial for entire application"))
             for k, v in form_data.items():
                 if k == 'new_password' and v != '':
                     new_user.password = v
                 else:
                     if k not in ['admin', 'active']:
                         setattr(new_user, k, v)
             self.sa.add(new_user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def delete(self, user_id):
         try:
             user = self.get(user_id, cache=False)
             if user.username == 'default':
                 raise DefaultUserException(
                                 _("You can't remove this user since it's"
                                   " crucial for entire application"))
             self.sa.delete(user)
             self.sa.commit()
         except:
             log.error(traceback.format_exc())
             self.sa.rollback()
             raise
     def reset_password(self, data):
         from rhodecode.lib.celerylib import tasks, run_task
         run_task(tasks.reset_user_password, data['email'])
     def fill_data(self, user):
         """
         Fills user data with those from database and log out user if not
         present in database
         :param user:
         """
         log.debug('filling auth user data')
         try:
             dbuser = self.get(user.user_id)
             user.username = dbuser.username
             user.is_admin = dbuser.admin
             user.name = dbuser.name
             user.lastname = dbuser.lastname
             user.email = dbuser.email
         except:
             log.error(traceback.format_exc())
             user.is_authenticated = False
         return user

rhodecode/public/css/style.css

➞

Show inline comments

@@ @@ -2003,193 +2003,193 @@ border:none; @@
+}
 img.icon,.right .merge img {
 vertical-align:bottom;
+}
 #header ul#logged-user,#content div.box div.title ul.links,#content div.box div.message div.dismiss,#content div.box div.traffic div.legend ul {
 float:right;
 margin:0;
 padding:0;
+}
 #header #header-inner #home,#header #header-inner #logo,#content div.box ul.left,#content div.box ol.left,#content div.box div.pagination-left,div#commit_history,div#legend_data,div#legend_container,div#legend_choices {
 float:left;
+}
 #header #header-inner #quick li:hover ul ul,#header #header-inner #quick li:hover ul ul ul,#header #header-inner #quick li:hover ul ul ul ul,#content #left #menu ul.closed,#content #left #menu li ul.collapsed,.yui-tt-shadow {
 display:none;
+}
 #header #header-inner #quick li:hover ul,#header #header-inner #quick li li:hover ul,#header #header-inner #quick li li li:hover ul,#header #header-inner #quick li li li li:hover ul,#content #left #menu ul.opened,#content #left #menu li ul.expanded {
 display:block;
+}
 #content div.box div.title ul.links li a:hover,#content div.box div.title ul.links li.ui-tabs-selected a {
 color:#bfe3ff;
+}
 #content div.box ol.lower-roman,#content div.box ol.upper-roman,#content div.box ol.lower-alpha,#content div.box ol.upper-alpha,#content div.box ol.decimal {
 margin:10px 24px 10px 44px;
+}
 #content div.box div.form,#content div.box div.table,#content div.box div.traffic {
 clear:both;
 overflow:hidden;
 margin:0;
 padding:0 20px 10px;
+}
 #content div.box div.form div.fields,#login div.form,#login div.form div.fields,#register div.form,#register div.form div.fields {
 clear:both;
 overflow:hidden;
 margin:0;
 padding:0;
+}
 #content div.box div.form div.fields div.field div.label-checkbox,#content div.box div.form div.fields div.field div.label-radio,#content div.box div.form div.fields div.field div.label-textarea {
 padding:0 0 0 5px !important;
+}
 #content div.box div.form div.fields div.field div.label span,#login div.form div.fields div.field div.label span,#register div.form div.fields div.field div.label span {
 height:1%;
 display:block;
 color:#363636;
 margin:0;
 padding:2px 0 0;
+}
 #content div.box div.form div.fields div.field div.input input.error,#login div.form div.fields div.field div.input input.error,#register div.form div.fields div.field div.input input.error {
 background:#FBE3E4;
 border-top:1px solid #e1b2b3;
 border-left:1px solid #e1b2b3;
 border-right:1px solid #FBC2C4;
 border-bottom:1px solid #FBC2C4;
+}
 #content div.box div.form div.fields div.field div.input input.success,#login div.form div.fields div.field div.input input.success,#register div.form div.fields div.field div.input input.success {
 background:#E6EFC2;
 border-top:1px solid #cebb98;
 border-left:1px solid #cebb98;
 border-right:1px solid #c6d880;
 border-bottom:1px solid #c6d880;
+}
 #content div.box-left div.form div.fields div.field div.textarea,#content div.box-right div.form div.fields div.field div.textarea,#content div.box div.form div.fields div.field div.select select,#content div.box table th.selected input,#content div.box table td.selected input {
 margin:0;
+}
 #content div.box div.form div.fields div.field div.select,#content div.box div.form div.fields div.field div.checkboxes,#content div.box div.form div.fields div.field div.radios {
 margin:0 0 0 200px;
 padding:0;
+}
 #content div.box div.form div.fields div.field div.select a:hover,#content div.box div.form div.fields div.field div.select a.ui-selectmenu:hover,#content div.box div.action a:hover {
 color:#000;
 text-decoration:none;
+}
 #content div.box div.form div.fields div.field div.select a.ui-selectmenu-focus,#content div.box div.action a.ui-selectmenu-focus {
 border:1px solid #666;
+}
 #content div.box div.form div.fields div.field div.checkboxes div.checkbox,#content div.box div.form div.fields div.field div.radios div.radio {
 clear:both;
 overflow:hidden;
 margin:0;
-padding:2px 0;
+padding:2px 2px;
+}
 #content div.box div.form div.fields div.field div.checkboxes div.checkbox input,#content div.box div.form div.fields div.field div.radios div.radio input {
 float:left;
 margin:0;
+}
 #content div.box div.form div.fields div.field div.checkboxes div.checkbox label,#content div.box div.form div.fields div.field div.radios div.radio label {
 height:1%;
 display:block;
 float:left;
 margin:3px 0 0 4px;
+}
 div.form div.fields div.field div.button input,#content div.box div.form div.fields div.buttons input,div.form div.fields div.buttons input,#content div.box div.action div.button input {
 color:#000;
 font-family:Lucida Grande, Verdana, Lucida Sans Regular, Lucida Sans Unicode, Arial, sans-serif;
 font-size:11px;
 font-weight:700;
 margin:0;
+}
 div.form div.fields div.field div.button .ui-state-default,#content div.box div.form div.fields div.buttons input.ui-state-default {
 background:#e5e3e3 url("../images/button.png") repeat-x;
 border-top:1px solid #DDD;
 border-left:1px solid #c6c6c6;
 border-right:1px solid #DDD;
 border-bottom:1px solid #c6c6c6;
 color:#515151;
 outline:none;
 margin:0;
 padding:6px 12px;
+}
 div.form div.fields div.field div.button .ui-state-hover,#content div.box div.form div.fields div.buttons input.ui-state-hover {
 background:#b4b4b4 url("../images/button_selected.png") repeat-x;
 border-top:1px solid #ccc;
 border-left:1px solid #bebebe;
 border-right:1px solid #b1b1b1;
 border-bottom:1px solid #afafaf;
 color:#515151;
 outline:none;
 margin:0;
 padding:6px 12px;
+}
 div.form div.fields div.field div.highlight,#content div.box div.form div.fields div.buttons div.highlight {
 display:inline;
+}
 #content div.box div.form div.fields div.buttons,div.form div.fields div.buttons {
 margin:10px 0 0 200px;
 padding:0;
+}
 #content div.box-left div.form div.fields div.buttons,#content div.box-right div.form div.fields div.buttons,div.box-left div.form div.fields div.buttons,div.box-right div.form div.fields div.buttons {
 margin:10px 0 0;
+}
 #content div.box table td.user,#content div.box table td.address {
 width:10%;
 text-align:center;
+}
 #content div.box div.action div.button,#login div.form div.fields div.field div.input div.link,#register div.form div.fields div.field div.input div.link {
 text-align:right;
 margin:6px 0 0;
 padding:0;
+}
 #content div.box div.action div.button input.ui-state-default,#login div.form div.fields div.buttons input.ui-state-default,#register div.form div.fields div.buttons input.ui-state-default {
 background:#e5e3e3 url("../images/button.png") repeat-x;
 border-top:1px solid #DDD;
 border-left:1px solid #c6c6c6;
 border-right:1px solid #DDD;
 border-bottom:1px solid #c6c6c6;
 color:#515151;
 margin:0;
 padding:6px 12px;
+}
 #content div.box div.action div.button input.ui-state-hover,#login div.form div.fields div.buttons input.ui-state-hover,#register div.form div.fields div.buttons input.ui-state-hover {
 background:#b4b4b4 url("../images/button_selected.png") repeat-x;
 border-top:1px solid #ccc;
 border-left:1px solid #bebebe;
 border-right:1px solid #b1b1b1;
 border-bottom:1px solid #afafaf;
 color:#515151;
 margin:0;
 padding:6px 12px;
+}
 #content div.box div.pagination div.results,#content div.box div.pagination-wh div.results {
 text-align:left;
 float:left;
 margin:0;

rhodecode/templates/admin/permissions/permissions.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 <%inherit file="/base/base.html"/>
 <%def name="title()">
     ${_('Permissions administration')} - ${c.rhodecode_name}
 </%def>
 <%def name="breadcrumbs_links()">
     ${h.link_to(_('Admin'),h.url('admin_home'))}
     &raquo;
     ${_('Permissions')}
 </%def>
 <%def name="page_nav()">
 	${self.menu('admin')}
 </%def>
 <%def name="main()">
 <div class="box">
     <!-- box / title -->
     <div class="title">
         ${self.breadcrumbs()}
     </div>
     <h3>${_('Default permissions')}</h3>
     ${h.form(url('permission', id='default'),method='put')}
     <div class="form">
         <!-- fields -->
         <div class="fields">
             <div class="field">
                 <div class="label label-checkbox">
                     <label for="anonymous">${_('Anonymous access')}:</label>
                 </div>
                 <div class="checkboxes">
                     <div class="checkbox">
                         ${h.checkbox('anonymous',True)}
                     </div>
                 </div>
             </div>
 			<div class="field">
 				<div class="label">
 					<label for="default_perm">${_('Repository permission')}:</label>
 				</div>
 				<div class="select">
 					${h.select('default_perm','',c.perms_choices)}
 		                ${h.checkbox('overwrite_default','true')}
 		                <label for="overwrite_default">
 		                <span class="tooltip"
 		                tooltip_title="${h.tooltip(_('All default permissions on each repository will be reset to choosen permission, note that all custom default permission on repositories will be lost'))}">
 		                ${_('overwrite existing settings')}</span> </label>
 				</div>
 			</div>
 			<div class="field">
 		        <div class="label">
 		            <label for="default_register">${_('Registration')}:</label>
 		        </div>
 				<div class="select">
 					${h.select('default_register','',c.register_choices)}
 				</div>
 			</div>
              <div class="field">
                 <div class="label">
                     <label for="default_create">${_('Repository creation')}:</label>
                 </div>
 				<div class="select">
 					${h.select('default_create','',c.create_choices)}
 				</div>
              </div>
 	        <div class="buttons">
 	        ${h.submit('set','set',class_="ui-button ui-widget ui-state-default ui-corner-all")}
 	        </div>
         </div>
     </div>
     ${h.end_form()}
 </div>
 </%def>

rhodecode/templates/base/base.html

➞

Show inline comments

 ## -*- coding: utf-8 -*-
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" id="mainhtml">
 <head>
     <title>${next.title()}</title>
     <link rel="icon" href="/images/hgicon.png" type="image/png" />
     <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
     <meta name="robots" content="index, nofollow"/>
     <!-- stylesheets -->
     ${self.css()}
     <!-- scripts -->
     ${self.js()}
 </head>
 <body>
     <!-- header -->
     <div id="header">
         <!-- user -->
         <ul id="logged-user">
             <li class="first">
 	            <div class="gravatar">
 	            	<img alt="gravatar" src="${h.gravatar_url(c.rhodecode_user.email,24)}" />
 	            </div>
 	        %if c.rhodecode_user.username == 'default':
                 <div class="account">
                     ${h.link_to('%s %s'%(c.rhodecode_user.name,c.rhodecode_user.lastname),h.url('#'))}<br/>
                     ${h.link_to(c.rhodecode_user.username,h.url('#'))}
                 </div>
             </li>
             <li class="last highlight">${h.link_to(u'Login',h.url('login_home'))}</li>
 	        %else:
 	            <div class="account">
 	            	${h.link_to('%s %s'%(c.rhodecode_user.name,c.rhodecode_user.lastname),h.url('admin_settings_my_account'))}<br/>
 	            	${h.link_to(c.rhodecode_user.username,h.url('admin_settings_my_account'))}
 	            </div>
             </li>
             <li class="last highlight">${h.link_to(u'Logout',h.url('logout_home'))}</li>
             %endif
         </ul>
         <!-- end user -->
         <div id="header-inner" class="title top-left-rounded-corner top-right-rounded-corner">
             <!-- logo -->
             <div id="logo">
                 <h1><a href="${h.url('home')}">${c.rhodecode_name}</a></h1>
             </div>
             <!-- end logo -->
             <!-- menu -->
             ${self.page_nav()}
             <!-- quick -->
         </div>
     </div>
     <!-- end header -->
 	<!-- CONTENT -->
 	<div id="content">
         <div class="flash_msg">
             <% messages = h.flash.pop_messages() %>
             % if messages:
             <ul id="flash-messages">
                 % for message in messages:
                 <li class="${message.category}_msg">${message}</li>
                 % endfor
             </ul>
             % endif
         </div>
 	    <div id="main">
 	        ${next.main()}
 	    </div>
 	</div>
     <!-- END CONTENT -->
 	<!-- footer -->
 	<div id="footer">
 	   <div id="footer-inner" class="title bottom-left-rounded-corner bottom-right-rounded-corner">
 	       <div>
 	           <p class="footer-link">${h.link_to(_('Submit a bug'),h.url('bugtracker'))}</p>
 		       <p class="footer-link">${h.link_to(_('GPL license'),h.url('gpl_license'))}</p>
 		       <p>RhodeCode ${c.rhodecode_version} &copy; 2010 by Marcin Kuzminski</p>
 	       </div>
 	   </div>
         <script type="text/javascript">${h.tooltip.activate()}</script>
 	</div>
 	<!-- end footer -->
 </body>
 </html>
 ### MAKO DEFS ###
 <%def name="page_nav()">
 	${self.menu()}
 </%def>
 <%def name="menu(current=None)">
 		<%
 		def is_current(selected):
 			if selected == current:
 				return h.literal('class="current"')
 		%>
 		%if current not in ['home','admin']:
 		   ##REGULAR MENU
 	        <ul id="quick">
 				<!-- repo switcher -->
 				<li>
 					<a id="repo_switcher" title="${_('Switch repository')}" href="#">
                     <span class="icon">
                         <img src="/images/icons/database.png" alt="${_('Products')}" />
                     </span>
                     <span>&darr;</span>
 					</a>
 					<ul class="repo_switcher">
                         %for repo in c.cached_repo_list:
                           %if repo['repo'].dbrepo.private:
                              <li>${h.link_to(repo['repo'].name,h.url('summary_home',repo_name=repo['repo'].name),class_="private_repo %s" % repo['repo'].dbrepo.repo_type)}</li>
                           %else:
                              <li>${h.link_to(repo['repo'].name,h.url('summary_home',repo_name=repo['repo'].name),class_="public_repo %s" % repo['repo'].dbrepo.repo_type)}</li>
                           %endif
                         %endfor
 					</ul>
 				</li>
 	            <li ${is_current('summary')}>
 	               <a title="${_('Summary')}" href="${h.url('summary_home',repo_name=c.repo_name)}">
 	               <span class="icon">
 	                   <img src="/images/icons/clipboard_16.png" alt="${_('Summary')}" />
 	               </span>
 	               <span>${_('Summary')}</span>
 	               </a>
 	            </li>
                 ##<li ${is_current('shortlog')}>
                 ##   <a title="${_('Shortlog')}" href="${h.url('shortlog_home',repo_name=c.repo_name)}">
                 ##   <span class="icon">
                 ##       <img src="/images/icons/application_view_list.png" alt="${_('Shortlog')}" />
                 ##   </span>

0 comments (0 inline, 0 general)