aboutsummaryrefslogtreecommitdiff
path: root/rhodecode/model/repos_group.py
diff options
context:
space:
mode:
authorMarcin Kuzminski <marcin@python-works.com>2012-01-28 01:06:29 +0200
committerMarcin Kuzminski <marcin@python-works.com>2012-01-28 01:06:29 +0200
commitd4e540f70af3cf79b8a13cbcdb6a74b6c6d75af9 (patch)
treed7d612464c0748a61654cfb0574de87c27808e27 /rhodecode/model/repos_group.py
parentc6b3ec29e04bc5494ffdcb58840fc532080d697f (diff)
#227 Initial version of repository groups permissions system
- implemented none/read/write/admin permissions for groups - wrote more tests for permissions, and new permissions groups - a lot of code garden, splitted logic into proper models - permissions on groups doesn't propagate yet to repositories - deprecated some methods on api for managing permissions on repositories for users, and users groups --HG-- branch : beta
Diffstat (limited to 'rhodecode/model/repos_group.py')
-rw-r--r--rhodecode/model/repos_group.py174
1 files changed, 164 insertions, 10 deletions
diff --git a/rhodecode/model/repos_group.py b/rhodecode/model/repos_group.py
index e0de7076..94590ccb 100644
--- a/rhodecode/model/repos_group.py
+++ b/rhodecode/model/repos_group.py
@@ -28,18 +28,32 @@ import logging
import traceback
import shutil
-from pylons.i18n.translation import _
-
-from vcs.utils.lazy import LazyProperty
+from rhodecode.lib import LazyProperty
from rhodecode.model import BaseModel
-from rhodecode.model.db import RepoGroup, RhodeCodeUi
+from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \
+ User, Permission, UsersGroupRepoGroupToPerm, UsersGroup
log = logging.getLogger(__name__)
class ReposGroupModel(BaseModel):
+ def __get_user(self, user):
+ return self._get_instance(User, user, callback=User.get_by_username)
+
+ def __get_users_group(self, users_group):
+ return self._get_instance(UsersGroup, users_group,
+ callback=UsersGroup.get_by_group_name)
+
+ def __get_repos_group(self, repos_group):
+ return self._get_instance(RepoGroup, repos_group,
+ callback=RepoGroup.get_by_group_name)
+
+ def __get_perm(self, permission):
+ return self._get_instance(Permission, permission,
+ callback=Permission.get_by_key)
+
@LazyProperty
def repos_path(self):
"""
@@ -49,6 +63,24 @@ class ReposGroupModel(BaseModel):
q = RhodeCodeUi.get_by_key('/').one()
return q.ui_value
+ def _create_default_perms(self, new_group):
+ # create default permission
+ repo_group_to_perm = UserRepoGroupToPerm()
+ default_perm = 'group.read'
+ for p in User.get_by_username('default').user_perms:
+ if p.permission.permission_name.startswith('group.'):
+ default_perm = p.permission.permission_name
+ break
+
+ repo_group_to_perm.permission_id = self.sa.query(Permission)\
+ .filter(Permission.permission_name == default_perm)\
+ .one().permission_id
+
+ repo_group_to_perm.group = new_group
+ repo_group_to_perm.user_id = User.get_by_username('default').user_id
+
+ self.sa.add(repo_group_to_perm)
+
def __create_group(self, group_name):
"""
makes repositories group on filesystem
@@ -102,16 +134,21 @@ class ReposGroupModel(BaseModel):
# delete only if that path really exists
os.rmdir(rm_path)
- def create(self, form_data):
+ def create(self, group_name, group_description, parent, just_db=False):
try:
new_repos_group = RepoGroup()
- new_repos_group.group_description = form_data['group_description']
- new_repos_group.parent_group = RepoGroup.get(form_data['group_parent_id'])
- new_repos_group.group_name = new_repos_group.get_new_name(form_data['group_name'])
+ new_repos_group.group_description = group_description
+ new_repos_group.parent_group = self.__get_repos_group(parent)
+ new_repos_group.group_name = new_repos_group.get_new_name(group_name)
self.sa.add(new_repos_group)
- self.sa.flush()
- self.__create_group(new_repos_group.group_name)
+ self._create_default_perms(new_repos_group)
+
+ if not just_db:
+ # we need to flush here, in order to check if database won't
+ # throw any exceptions, create filesystem dirs at the very end
+ self.sa.flush()
+ self.__create_group(new_repos_group.group_name)
return new_repos_group
except:
@@ -122,6 +159,29 @@ class ReposGroupModel(BaseModel):
try:
repos_group = RepoGroup.get(repos_group_id)
+
+ # update permissions
+ for member, perm, member_type in form_data['perms_updates']:
+ if member_type == 'user':
+ # this updates also current one if found
+ ReposGroupModel().grant_user_permission(
+ repos_group=repos_group, user=member, perm=perm
+ )
+ else:
+ ReposGroupModel().grant_users_group_permission(
+ repos_group=repos_group, group_name=member, perm=perm
+ )
+ # set new permissions
+ for member, perm, member_type in form_data['perms_new']:
+ if member_type == 'user':
+ ReposGroupModel().grant_user_permission(
+ repos_group=repos_group, user=member, perm=perm
+ )
+ else:
+ ReposGroupModel().grant_users_group_permission(
+ repos_group=repos_group, group_name=member, perm=perm
+ )
+
old_path = repos_group.full_path
# change properties
@@ -154,3 +214,97 @@ class ReposGroupModel(BaseModel):
except:
log.error(traceback.format_exc())
raise
+
+ def grant_user_permission(self, repos_group, user, perm):
+ """
+ Grant permission for user on given repositories group, or update
+ existing one if found
+
+ :param repos_group: Instance of ReposGroup, repositories_group_id,
+ or repositories_group name
+ :param user: Instance of User, user_id or username
+ :param perm: Instance of Permission, or permission_name
+ """
+
+ repos_group = self.__get_repos_group(repos_group)
+ user = self.__get_user(user)
+ permission = self.__get_perm(perm)
+
+ # check if we have that permission already
+ obj = self.sa.query(UserRepoGroupToPerm)\
+ .filter(UserRepoGroupToPerm.user == user)\
+ .filter(UserRepoGroupToPerm.group == repos_group)\
+ .scalar()
+ if obj is None:
+ # create new !
+ obj = UserRepoGroupToPerm()
+ obj.group = repos_group
+ obj.user = user
+ obj.permission = permission
+ self.sa.add(obj)
+
+ def revoke_user_permission(self, repos_group, user):
+ """
+ Revoke permission for user on given repositories group
+
+ :param repos_group: Instance of ReposGroup, repositories_group_id,
+ or repositories_group name
+ :param user: Instance of User, user_id or username
+ """
+
+ repos_group = self.__get_repos_group(repos_group)
+ user = self.__get_user(user)
+
+ obj = self.sa.query(UserRepoGroupToPerm)\
+ .filter(UserRepoGroupToPerm.user == user)\
+ .filter(UserRepoGroupToPerm.group == repos_group)\
+ .one()
+ self.sa.delete(obj)
+
+ def grant_users_group_permission(self, repos_group, group_name, perm):
+ """
+ Grant permission for users group on given repositories group, or update
+ existing one if found
+
+ :param repos_group: Instance of ReposGroup, repositories_group_id,
+ or repositories_group name
+ :param group_name: Instance of UserGroup, users_group_id,
+ or users group name
+ :param perm: Instance of Permission, or permission_name
+ """
+ repos_group = self.__get_repos_group(repos_group)
+ group_name = self.__get_users_group(group_name)
+ permission = self.__get_perm(perm)
+
+ # check if we have that permission already
+ obj = self.sa.query(UsersGroupRepoGroupToPerm)\
+ .filter(UsersGroupRepoGroupToPerm.group == repos_group)\
+ .filter(UsersGroupRepoGroupToPerm.users_group == group_name)\
+ .scalar()
+
+ if obj is None:
+ # create new
+ obj = UsersGroupRepoGroupToPerm()
+
+ obj.group = repos_group
+ obj.users_group = group_name
+ obj.permission = permission
+ self.sa.add(obj)
+
+ def revoke_users_group_permission(self, repos_group, group_name):
+ """
+ Revoke permission for users group on given repositories group
+
+ :param repos_group: Instance of ReposGroup, repositories_group_id,
+ or repositories_group name
+ :param group_name: Instance of UserGroup, users_group_id,
+ or users group name
+ """
+ repos_group = self.__get_repos_group(repos_group)
+ group_name = self.__get_users_group(group_name)
+
+ obj = self.sa.query(UsersGroupRepoGroupToPerm)\
+ .filter(UsersGroupRepoGroupToPerm.group == repos_group)\
+ .filter(UsersGroupRepoGroupToPerm.users_group == group_name)\
+ .one()
+ self.sa.delete(obj)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 04:59:07 +0000