From 192f02c128395a251c014f5613b2c73d68f833d4 Mon Sep 17 00:00:00 2001 From: Milo Casagrande Date: Fri, 17 May 2013 19:20:40 +0200 Subject: Fixed file system permissions setting. --- rhodecode/model/repo.py | 36 ++++++++++++++++++++++++++++++------ rhodecode/model/repos_group.py | 32 +++++++++++++++++++++++++++----- 2 files changed, 57 insertions(+), 11 deletions(-) diff --git a/rhodecode/model/repo.py b/rhodecode/model/repo.py index 7aa1514f..4ee07cb9 100644 --- a/rhodecode/model/repo.py +++ b/rhodecode/model/repo.py @@ -528,17 +528,28 @@ class RepoModel(BaseModel): repo_path = os.path.join(self.repos_path, repo.repo_name) if permission.permission_name in ["repository.none", "repository.read"]: - if user.username=="default": - os.chmod(repo_path, 0775) + if user.username == "default": + # Linaro changes: + # Old value here was 0775. We need directory to be sgid, in + # order to correctly work with git-shell. + os.chmod(repo_path, 02775) else: SystemCommand.remove_user_from_group(system_group_name, user.username) else: - if user.username=="default": - os.chmod(repo_path, 0777) + if user.username == "default": + # Linaro changes: + # Old value here was 0777. We need directory to be sgid, in + # order to correctly work with git-shell. + os.chmod(repo_path, 02777) else: SystemCommand.add_user_to_group(system_group_name, user.username) + # Linaro changes: + # At the end, fix permissions on the repo directories. This is needed + # to make sure other users, part of the same group, can write to the + # repository. + SystemCommand.fix_permissions(repo_path) def revoke_user_permission(self, repo, user): """ @@ -697,11 +708,20 @@ class RepoModel(BaseModel): system_group_name = "%s-%s" % (repo_name, repo_id) SystemCommand.add_group(system_group_name) - os.chmod(repo_path, 0775) + # Linaro changes: + # Old value here was 0775. We need directory to be sgid, in order to + # correctly work with git-shell. Value is calculated with values from + # the python stat library. + os.chmod(repo_path, 02775) SystemCommand.change_ownership("%s%s%s" % (new_parent_path, self.URL_SEPARATOR, repo_name), - system_group_name) + system_group_name) + # Linaro changes: + # At the end, fix permissions on the repo directories. This is needed + # to make sure other users, part of the same group, can write to the + # repository. + SystemCommand.fix_permissions(repo_path) def __rename_repo(self, old, new): """ @@ -719,6 +739,10 @@ class RepoModel(BaseModel): 'Was trying to rename to already existing dir %s' % new_path ) shutil.move(old_path, new_path) + # Linaro changes: + # After moving a repository fix its permission as we need them. + # shutil.move() does not honor all the file system permissions. + SystemCommand.fix_permissions(new_path) def __delete_repo(self, repo): """ diff --git a/rhodecode/model/repos_group.py b/rhodecode/model/repos_group.py index c3df1c1f..0c719275 100644 --- a/rhodecode/model/repos_group.py +++ b/rhodecode/model/repos_group.py @@ -171,9 +171,18 @@ class ReposGroupModel(BaseModel): SystemCommand.add_group(system_group_name) create_path = os.path.join(self.repos_path, new_repos_group.group_name) - os.chmod(create_path, 0775) + # Linaro changes: + # Old value here was 0775. We need directory to be sgid, in + # order to correctly work with git-shell. Value is calculated + # with values from the python stat library. + os.chmod(create_path, 02775) SystemCommand.change_ownership(new_repos_group.group_name, system_group_name) + # Linaro changes: + # At the end, fix permissions on the repo directories. This is needed + # to make sure other users, part of the same group, can write to the + # repository. + SystemCommand.fix_permissions(create_path) return new_repos_group except: @@ -397,17 +406,30 @@ class ReposGroupModel(BaseModel): group_path = os.path.join(self.repos_path, repos_group.group_name) if permission.permission_name in ["group.none", "group.read"]: - if user.username=="default": - os.chmod(group_path, 0775) + if user.username == "default": + # Linaro changes: + # Old value here was 0775. We need directory to be sgid, in + # order to correctly work with git-shell. Value is calculated + # with values from the python stat library. + os.chmod(group_path, 02775) else: SystemCommand.remove_user_from_group(system_group_name, user.username) else: - if user.username=="default": - os.chmod(group_path, 0777) + if user.username == "default": + # Linaro changes: + # Old value here was 0777. We need directory to be sgid, in + # order to correctly work with git-shell. Value is calculated + # with values from the python stat library. + os.chmod(group_path, 02777) else: SystemCommand.add_user_to_group(system_group_name, user.username) + # Linaro changes: + # At the end, fix permissions on the repo directories. This is needed + # to make sure other users, part of the same group, can write to the + # repository. + SystemCommand.fix_permissions(group_path) def revoke_user_permission(self, repos_group, user): """ -- cgit v1.2.3