diff --git a/rhodecode/model/repos_group.py b/rhodecode/model/repos_group.py deleted file mode 100644 --- a/rhodecode/model/repos_group.py +++ /dev/null @@ -1,443 +0,0 @@ -# -*- coding: utf-8 -*- -""" - rhodecode.model.user_group - ~~~~~~~~~~~~~~~~~~~~~~~~~~ - - repo group model for RhodeCode - - :created_on: Jan 25, 2011 - :author: marcink - :copyright: (C) 2011-2012 Marcin Kuzminski - :license: GPLv3, see COPYING for more details. -""" -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -import os -import logging -import traceback -import shutil -import datetime - -from rhodecode.lib.utils2 import LazyProperty - -from rhodecode.model import BaseModel -from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \ - User, Permission, UserGroupRepoGroupToPerm, UserGroup, Repository - -log = logging.getLogger(__name__) - - -class ReposGroupModel(BaseModel): - - cls = RepoGroup - - def _get_user_group(self, users_group): - return self._get_instance(UserGroup, users_group, - callback=UserGroup.get_by_group_name) - - def _get_repo_group(self, repos_group): - return self._get_instance(RepoGroup, repos_group, - callback=RepoGroup.get_by_group_name) - - @LazyProperty - def repos_path(self): - """ - Gets the repositories root path from database - """ - - q = RhodeCodeUi.get_by_key('/') - return q.ui_value - - def _create_default_perms(self, new_group): - # create default permission - default_perm = 'group.read' - def_user = User.get_default_user() - for p in def_user.user_perms: - if p.permission.permission_name.startswith('group.'): - default_perm = p.permission.permission_name - break - - repo_group_to_perm = UserRepoGroupToPerm() - repo_group_to_perm.permission = Permission.get_by_key(default_perm) - - repo_group_to_perm.group = new_group - repo_group_to_perm.user_id = def_user.user_id - return repo_group_to_perm - - def __create_group(self, group_name): - """ - makes repository group on filesystem - - :param repo_name: - :param parent_id: - """ - - create_path = os.path.join(self.repos_path, group_name) - log.debug('creating new group in %s' % create_path) - - if os.path.isdir(create_path): - raise Exception('That directory already exists !') - - os.makedirs(create_path) - - def __rename_group(self, old, new): - """ - Renames a group on filesystem - - :param group_name: - """ - - if old == new: - log.debug('skipping group rename') - return - - log.debug('renaming repository group from %s to %s' % (old, new)) - - old_path = os.path.join(self.repos_path, old) - new_path = os.path.join(self.repos_path, new) - - log.debug('renaming repos paths from %s to %s' % (old_path, new_path)) - - if os.path.isdir(new_path): - raise Exception('Was trying to rename to already ' - 'existing dir %s' % new_path) - shutil.move(old_path, new_path) - - def __delete_group(self, group, force_delete=False): - """ - Deletes a group from a filesystem - - :param group: instance of group from database - :param force_delete: use shutil rmtree to remove all objects - """ - paths = group.full_path.split(RepoGroup.url_sep()) - paths = os.sep.join(paths) - - rm_path = os.path.join(self.repos_path, paths) - log.info("Removing group %s" % (rm_path)) - # delete only if that path really exists - if os.path.isdir(rm_path): - if force_delete: - shutil.rmtree(rm_path) - else: - #archive that group` - _now = datetime.datetime.now() - _ms = str(_now.microsecond).rjust(6, '0') - _d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms), - group.name) - shutil.move(rm_path, os.path.join(self.repos_path, _d)) - - def create(self, group_name, group_description, owner, parent=None, just_db=False): - try: - user = self._get_user(owner) - new_repos_group = RepoGroup() - new_repos_group.user = user - new_repos_group.group_description = group_description or group_name - new_repos_group.parent_group = self._get_repo_group(parent) - new_repos_group.group_name = new_repos_group.get_new_name(group_name) - - self.sa.add(new_repos_group) - perm_obj = self._create_default_perms(new_repos_group) - self.sa.add(perm_obj) - - #create an ADMIN permission for owner except if we're super admin, - #later owner should go into the owner field of groups - if not user.is_admin: - self.grant_user_permission(repos_group=new_repos_group, - user=owner, perm='group.admin') - - if not just_db: - # we need to flush here, in order to check if database won't - # throw any exceptions, create filesystem dirs at the very end - self.sa.flush() - self.__create_group(new_repos_group.group_name) - - return new_repos_group - except Exception: - log.error(traceback.format_exc()) - raise - - def _update_permissions(self, repos_group, perms_new=None, - perms_updates=None, recursive=False, - check_perms=True): - from rhodecode.model.repo import RepoModel - from rhodecode.lib.auth import HasUserGroupPermissionAny - - if not perms_new: - perms_new = [] - if not perms_updates: - perms_updates = [] - - def _set_perm_user(obj, user, perm): - if isinstance(obj, RepoGroup): - self.grant_user_permission( - repos_group=obj, user=user, perm=perm - ) - elif isinstance(obj, Repository): - # private repos will not allow to change the default permissions - # using recursive mode - if obj.private and user == User.DEFAULT_USER: - return - - # we set group permission but we have to switch to repo - # permission - perm = perm.replace('group.', 'repository.') - RepoModel().grant_user_permission( - repo=obj, user=user, perm=perm - ) - - def _set_perm_group(obj, users_group, perm): - if isinstance(obj, RepoGroup): - self.grant_users_group_permission( - repos_group=obj, group_name=users_group, perm=perm - ) - elif isinstance(obj, Repository): - # we set group permission but we have to switch to repo - # permission - perm = perm.replace('group.', 'repository.') - RepoModel().grant_users_group_permission( - repo=obj, group_name=users_group, perm=perm - ) - - # start updates - updates = [] - log.debug('Now updating permissions for %s in recursive mode:%s' - % (repos_group, recursive)) - - for obj in repos_group.recursive_groups_and_repos(): - #obj is an instance of a group or repositories in that group - if not recursive: - obj = repos_group - - # update permissions - for member, perm, member_type in perms_updates: - ## set for user - if member_type == 'user': - # this updates also current one if found - _set_perm_user(obj, user=member, perm=perm) - ## set for user group - else: - #check if we have permissions to alter this usergroup - req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') - if not check_perms or HasUserGroupPermissionAny(*req_perms)(member): - _set_perm_group(obj, users_group=member, perm=perm) - # set new permissions - for member, perm, member_type in perms_new: - if member_type == 'user': - _set_perm_user(obj, user=member, perm=perm) - else: - #check if we have permissions to alter this usergroup - req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') - if not check_perms or HasUserGroupPermissionAny(*req_perms)(member): - _set_perm_group(obj, users_group=member, perm=perm) - updates.append(obj) - #if it's not recursive call - # break the loop and don't proceed with other changes - if not recursive: - break - return updates - - def update(self, repos_group, form_data): - - try: - repos_group = self._get_repo_group(repos_group) - old_path = repos_group.full_path - - # change properties - repos_group.group_description = form_data['group_description'] - repos_group.group_parent_id = form_data['group_parent_id'] - repos_group.enable_locking = form_data['enable_locking'] - - repos_group.parent_group = RepoGroup.get(form_data['group_parent_id']) - repos_group.group_name = repos_group.get_new_name(form_data['group_name']) - new_path = repos_group.full_path - self.sa.add(repos_group) - - # iterate over all members of this groups and do fixes - # set locking if given - # if obj is a repoGroup also fix the name of the group according - # to the parent - # if obj is a Repo fix it's name - # this can be potentially heavy operation - for obj in repos_group.recursive_groups_and_repos(): - #set the value from it's parent - obj.enable_locking = repos_group.enable_locking - if isinstance(obj, RepoGroup): - new_name = obj.get_new_name(obj.name) - log.debug('Fixing group %s to new name %s' \ - % (obj.group_name, new_name)) - obj.group_name = new_name - elif isinstance(obj, Repository): - # we need to get all repositories from this new group and - # rename them accordingly to new group path - new_name = obj.get_new_name(obj.just_name) - log.debug('Fixing repo %s to new name %s' \ - % (obj.repo_name, new_name)) - obj.repo_name = new_name - self.sa.add(obj) - - self.__rename_group(old_path, new_path) - - return repos_group - except Exception: - log.error(traceback.format_exc()) - raise - - def delete(self, repos_group, force_delete=False): - repos_group = self._get_repo_group(repos_group) - try: - self.sa.delete(repos_group) - self.__delete_group(repos_group, force_delete) - except Exception: - log.error('Error removing repos_group %s' % repos_group) - raise - - def delete_permission(self, repos_group, obj, obj_type, recursive): - """ - Revokes permission for repos_group for given obj(user or users_group), - obj_type can be user or user group - - :param repos_group: - :param obj: user or user group id - :param obj_type: user or user group type - :param recursive: recurse to all children of group - """ - from rhodecode.model.repo import RepoModel - repos_group = self._get_repo_group(repos_group) - - for el in repos_group.recursive_groups_and_repos(): - if not recursive: - # if we don't recurse set the permission on only the top level - # object - el = repos_group - - if isinstance(el, RepoGroup): - if obj_type == 'user': - ReposGroupModel().revoke_user_permission(el, user=obj) - elif obj_type == 'users_group': - ReposGroupModel().revoke_users_group_permission(el, group_name=obj) - else: - raise Exception('undefined object type %s' % obj_type) - elif isinstance(el, Repository): - if obj_type == 'user': - RepoModel().revoke_user_permission(el, user=obj) - elif obj_type == 'users_group': - RepoModel().revoke_users_group_permission(el, group_name=obj) - else: - raise Exception('undefined object type %s' % obj_type) - - #if it's not recursive call - # break the loop and don't proceed with other changes - if not recursive: - break - - def grant_user_permission(self, repos_group, user, perm): - """ - Grant permission for user on given repository group, or update - existing one if found - - :param repos_group: Instance of ReposGroup, repositories_group_id, - or repositories_group name - :param user: Instance of User, user_id or username - :param perm: Instance of Permission, or permission_name - """ - - repos_group = self._get_repo_group(repos_group) - user = self._get_user(user) - permission = self._get_perm(perm) - - # check if we have that permission already - obj = self.sa.query(UserRepoGroupToPerm)\ - .filter(UserRepoGroupToPerm.user == user)\ - .filter(UserRepoGroupToPerm.group == repos_group)\ - .scalar() - if obj is None: - # create new ! - obj = UserRepoGroupToPerm() - obj.group = repos_group - obj.user = user - obj.permission = permission - self.sa.add(obj) - log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group)) - - def revoke_user_permission(self, repos_group, user): - """ - Revoke permission for user on given repository group - - :param repos_group: Instance of ReposGroup, repositories_group_id, - or repositories_group name - :param user: Instance of User, user_id or username - """ - - repos_group = self._get_repo_group(repos_group) - user = self._get_user(user) - - obj = self.sa.query(UserRepoGroupToPerm)\ - .filter(UserRepoGroupToPerm.user == user)\ - .filter(UserRepoGroupToPerm.group == repos_group)\ - .scalar() - if obj: - self.sa.delete(obj) - log.debug('Revoked perm on %s on %s' % (repos_group, user)) - - def grant_users_group_permission(self, repos_group, group_name, perm): - """ - Grant permission for user group on given repository group, or update - existing one if found - - :param repos_group: Instance of ReposGroup, repositories_group_id, - or repositories_group name - :param group_name: Instance of UserGroup, users_group_id, - or user group name - :param perm: Instance of Permission, or permission_name - """ - repos_group = self._get_repo_group(repos_group) - group_name = self._get_user_group(group_name) - permission = self._get_perm(perm) - - # check if we have that permission already - obj = self.sa.query(UserGroupRepoGroupToPerm)\ - .filter(UserGroupRepoGroupToPerm.group == repos_group)\ - .filter(UserGroupRepoGroupToPerm.users_group == group_name)\ - .scalar() - - if obj is None: - # create new - obj = UserGroupRepoGroupToPerm() - - obj.group = repos_group - obj.users_group = group_name - obj.permission = permission - self.sa.add(obj) - log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group)) - - def revoke_users_group_permission(self, repos_group, group_name): - """ - Revoke permission for user group on given repository group - - :param repos_group: Instance of ReposGroup, repositories_group_id, - or repositories_group name - :param group_name: Instance of UserGroup, users_group_id, - or user group name - """ - repos_group = self._get_repo_group(repos_group) - group_name = self._get_user_group(group_name) - - obj = self.sa.query(UserGroupRepoGroupToPerm)\ - .filter(UserGroupRepoGroupToPerm.group == repos_group)\ - .filter(UserGroupRepoGroupToPerm.users_group == group_name)\ - .scalar() - if obj: - self.sa.delete(obj) - log.debug('Revoked perm to %s on %s' % (repos_group, group_name))