Changeset - ff6a8196ebfe
Parent rev.
Child rev.
[Not reviewed]
beta
0 2 0
Marcin Kuzminski - 15 years ago 2010-11-13 02:50:32
marcin@python-works.com
fixed anonymous access bug.
2 files changed with 6 insertions and 2 deletions:
rhodecode/lib/auth.py
1
2
rhodecode/model/user.py
5
0 comments (0 inline, 0 general)
rhodecode/lib/auth.py
Show inline comments
 
@@ -164,106 +164,105 @@ def fill_perms(user):
 
        #=======================================================================
 
        # set default permissions
 
        #=======================================================================
 

			




	
	
	
		
 
        #default global

			




	
	
	
		
 
        default_global_perms = sa.query(UserToPerm)\

			




	
	
	
		
 
            .filter(UserToPerm.user == sa.query(User).filter(User.username ==

			




	
	
	
		
 
            'default').one())

			




	
	
	
		
 

			




	
	
	
		
 
        for perm in default_global_perms:

			




	
	
	
		
 
            user.permissions['global'].add(perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
        #default repositories

			




	
	
	
		
 
        for perm in default_perms:

			




	
	
	
		
 
            if perm.Repository.private and not perm.Repository.user_id == user.user_id:

			




	
	
	
		
 
                #disable defaults for private repos,

			




	
	
	
		
 
                p = 'repository.none'

			




	
	
	
		
 
            elif perm.Repository.user_id == user.user_id:

			




	
	
	
		
 
                #set admin if owner

			




	
	
	
		
 
                p = 'repository.admin'

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                p = perm.Permission.permission_name

			




	
	
	
		
 

			




	
	
	
		
 
            user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

			




	
	
	
		
 

			




	
	
	
		
 
        #=======================================================================

			




	
	
	
		
 
        # #overwrite default with user permissions if any

			




	
	
	
		
 
        #=======================================================================

			




	
	
	
		
 
        user_perms = sa.query(RepoToPerm, Permission, Repository)\

			




	
	
	
		
 
            .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\

			




	
	
	
		
 
            .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\

			




	
	
	
		
 
            .filter(RepoToPerm.user_id == user.user_id).all()

			




	
	
	
		
 

			




	
	
	
		
 
        for perm in user_perms:

			




	
	
	
		
 
            if perm.Repository.user_id == user.user_id:#set admin if owner

			




	
	
	
		
 
                p = 'repository.admin'

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                p = perm.Permission.permission_name

			




	
	
	
		
 
            user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

			




	
	
	
		
 
    meta.Session.remove()

			




	
	
	
		
 
    return user

			




	
	
	
		
 

			




	
	
	
		
 
def get_user(session):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Gets user from session, and wraps permissions into user

			




	
	
	
		
 
    :param session:

			




	
	
	
		
 
    """

			




	
	
	
		
 
    user = session.get('rhodecode_user', AuthUser())

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    #if the user is not logged in we check for anonymous access

			




	
	
	
		
 
    #if user is logged and it's a default user check if we still have anonymous

			




	
	
	
		
 
    #access enabled

			




	
	
	
		
 
    if user.user_id is None or user.username == 'default':

			




	
	
	
		
 
        anonymous_user = UserModel().get_by_username('default', cache=True)

			




	
	
	
		
 
        if anonymous_user.active is True:

			




	
	
	
		
 
            #then we set this user is logged in

			




	
	
	
		
 
            user.is_authenticated = True

			




	
	
	
		
 
            user.user_id = anonymous_user.user_id

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            user.is_authenticated = False

			




	
	
	
		
 

			




	
	
	
		
 
    if user.is_authenticated:

			




	
	
	
		
 
        user = UserModel().fill_data(user)

			




	
	
	
		
 

			




	
	
	
		
 
    user = fill_perms(user)

			




	
	
	
		
 
    session['rhodecode_user'] = user

			




	
	
	
		
 
    session.save()

			




	
	
	
		
 
    return user

			




	
	
	
		
 

			




	
	
	
		
 
#===============================================================================

			




	
	
	
		
 
# CHECK DECORATORS

			




	
	
	
		
 
#===============================================================================

			




	
	
	
		
 
class LoginRequired(object):

			




	
	
	
		
 
    """Must be logged in to execute this function else redirect to login page"""

			




	
	
	
		
 

			




	
	
	
		
 
    def __call__(self, func):

			




	
	
	
		
 
        return decorator(self.__wrapper, func)

			




	
	
	
		
 

			




	
	
	
		
 
    def __wrapper(self, func, *fargs, **fkwargs):

			




	
	
	
		
 
        user = session.get('rhodecode_user', AuthUser())

			




	
	
	
		
 
        log.debug('Checking login required for user:%s', user.username)

			




	
	
	
		
 
        if user.is_authenticated:

			




	
	
	
		
 
            log.debug('user %s is authenticated', user.username)

			




	
	
	
		
 
            return func(*fargs, **fkwargs)

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            log.warn('user %s not authenticated', user.username)

			




	
	
	
		
 

			




	
	
	
		
 
            p = ''

			




	
	
	
		
 
            if request.environ.get('SCRIPT_NAME') != '/':

			




	
	
	
		
 
                p += request.environ.get('SCRIPT_NAME')

			




	
	
	
		
 

			




	
	
	
		
 
            p += request.environ.get('PATH_INFO')

			




	
	
	
		
 
            if request.environ.get('QUERY_STRING'):

			




	
	
	
		
 
                p += '?' + request.environ.get('QUERY_STRING')

			




	
	
	
		
 

			




	
	
	
		
 
            log.debug('redirecting to login page with %s', p)

			




	
	
	
		
 
            return redirect(url('login_home', came_from=p))

			




	
	
	
		
 

			




	
	
	
		
 
class PermsDecorator(object):

			




	
	
	
		
 
    """Base class for decorators"""

			




	
	
	
		
 

			




	
	
	
		
 
    def __init__(self, *required_perms):

			




	
	
	
		
 
        available_perms = config['available_permissions']

			




	
	
	
		
 
        for perm in required_perms:

			




	
	
	
		
 
            if perm not in available_perms:

			




	
	
	
		
 
                raise Exception("'%s' permission is not defined" % perm)

			




        

    


    
    

    

        

                

                    rhodecode/model/user.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -106,61 +106,66 @@ class UserModel(object):

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def update_my_account(self, user_id, form_data):

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            new_user = self.get(user_id, cache=False)

			




	
	
	
		
 
            if new_user.username == 'default':

			




	
	
	
		
 
                raise DefaultUserException(

			




	
	
	
		
 
                                _("You can't Edit this user since it's"

			




	
	
	
		
 
                                  " crucial for entire application"))

			




	
	
	
		
 
            for k, v in form_data.items():

			




	
	
	
		
 
                if k == 'new_password' and v != '':

			




	
	
	
		
 
                    new_user.password = v

			




	
	
	
		
 
                else:

			




	
	
	
		
 
                    if k not in ['admin', 'active']:

			




	
	
	
		
 
                        setattr(new_user, k, v)

			




	
	
	
		
 

			




	
	
	
		
 
            self.sa.add(new_user)

			




	
	
	
		
 
            self.sa.commit()

			




	
	
	
		
 
        except:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            self.sa.rollback()

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def delete(self, user_id):

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            user = self.get(user_id, cache=False)

			




	
	
	
		
 
            if user.username == 'default':

			




	
	
	
		
 
                raise DefaultUserException(

			




	
	
	
		
 
                                _("You can't remove this user since it's"

			




	
	
	
		
 
                                  " crucial for entire application"))

			




	
	
	
		
 
            self.sa.delete(user)

			




	
	
	
		
 
            self.sa.commit()

			




	
	
	
		
 
        except:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            self.sa.rollback()

			




	
	
	
		
 
            raise

			




	
	
	
		
 

			




	
	
	
		
 
    def reset_password(self, data):

			




	
	
	
		
 
        from rhodecode.lib.celerylib import tasks, run_task

			




	
	
	
		
 
        run_task(tasks.reset_user_password, data['email'])

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    def fill_data(self, user):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Fills user data with those from database and log out user if not 

			




	
	
	
		
 
        present in database

			




	
	
	
		
 
        :param user:

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        if not hasattr(user, 'user_id') or user.user_id is None:

			




	
	
	
		
 
            raise Exception('passed in user has to have the user_id attribute')

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
        log.debug('filling auth user data')

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            dbuser = self.get(user.user_id)

			




	
	
	
		
 
            user.username = dbuser.username

			




	
	
	
		
 
            user.is_admin = dbuser.admin

			




	
	
	
		
 
            user.name = dbuser.name

			




	
	
	
		
 
            user.lastname = dbuser.lastname

			




	
	
	
		
 
            user.email = dbuser.email

			




	
	
	
		
 
        except:

			




	
	
	
		
 
            log.error(traceback.format_exc())

			




	
	
	
		
 
            user.is_authenticated = False

			




	
	
	
		
 

			




	
	
	
		
 
        return user

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.