.. _changelog:
=========
Changelog
1.4.3 (**2012-XX-XX**)
----------------------
:status: in-progress
:branch: beta
news
++++
- #558 Added config file to hooks extra data
- bumbped mercurial version to 2.3.1
fixes
+++++
- fixed #570 explicit users group permissions can overwrite owner permissions
1.4.2 (**2012-09-12**)
- added option to menu to quick lock/unlock repository for users that have
write access to
- Implemented permissions for writing to repo
groups. Now only write access to group allows to create a repostiory
within that group
- #565 Add support for {netloc} and {scheme} to alternative_gravatar_url
- updated translation for zh_CN
- fixed visual permissions check on repos groups inside groups
- fixed issues with non-ascii search terms in search, and indexers
- fixed parsing of page number in GET parameters
- fixed issues with generating pull-request overview for repos with
bookmarks and tags, also preview doesn't loose chosen revision from
select dropdown
@@ -503,50 +503,54 @@ class UserModel(BaseModel):
#======================================================================
# !! REPO PERMISSIONS !!
# check if user is part of user groups for this repository and
# fill in (or NOT replace with higher `or 1` permissions
# users group for repositories permissions
user_repo_perms_from_users_groups = \
self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\
.join((Repository, UsersGroupRepoToPerm.repository_id ==
Repository.repo_id))\
.join((Permission, UsersGroupRepoToPerm.permission_id ==
Permission.permission_id))\
.join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==
UsersGroupMember.users_group_id))\
.filter(UsersGroupMember.user_id == uid)\
.all()
for perm in user_repo_perms_from_users_groups:
r_k = perm.UsersGroupRepoToPerm.repository.repo_name
p = perm.Permission.permission_name
cur_perm = user.permissions[RK][r_k]
# overwrite permission only if it's greater than permission
# given from other sources
# given from other sources - disabled with `or 1` now
if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1: # disable check
if perm.Repository.user_id == uid:
# set admin if owner
p = 'repository.admin'
user.permissions[RK][r_k] = p
# user explicit permissions for repositories
user_repo_perms = \
self.sa.query(UserRepoToPerm, Permission, Repository)\
.join((Repository, UserRepoToPerm.repository_id ==
.join((Permission, UserRepoToPerm.permission_id ==
.filter(UserRepoToPerm.user_id == uid)\
for perm in user_repo_perms:
r_k = perm.UserRepoToPerm.repository.repo_name
else:
# REPO GROUP
#==================================================================
# get access for this user for repos group and override defaults
import os
import unittest
from rhodecode.tests import *
from rhodecode.tests.models.common import _make_group
from rhodecode.model.repos_group import ReposGroupModel
from rhodecode.model.repo import RepoModel
from rhodecode.model.db import RepoGroup, User, UsersGroupRepoGroupToPerm
from rhodecode.model.user import UserModel
from rhodecode.model.meta import Session
from rhodecode.model.users_group import UsersGroupModel
from rhodecode.lib.auth import AuthUser
from rhodecode.tests.api.api_base import create_repo
class TestPermissions(unittest.TestCase):
def __init__(self, methodName='runTest'):
super(TestPermissions, self).__init__(methodName=methodName)
def setUp(self):
self.u1 = UserModel().create_or_update(
username=u'u1', password=u'qweqwe',
email=u'u1@rhodecode.org', firstname=u'u1', lastname=u'u1'
)
self.u2 = UserModel().create_or_update(
username=u'u2', password=u'qweqwe',
email=u'u2@rhodecode.org', firstname=u'u2', lastname=u'u2'
self.u3 = UserModel().create_or_update(
username=u'u3', password=u'qweqwe',
email=u'u3@rhodecode.org', firstname=u'u3', lastname=u'u3'
self.anon = User.get_by_username('default')
self.a1 = UserModel().create_or_update(
username=u'a1', password=u'qweqwe',
email=u'a1@rhodecode.org', firstname=u'a1', lastname=u'a1', admin=True
Session().commit()
def tearDown(self):
if hasattr(self, 'test_repo'):
RepoModel().delete(repo=self.test_repo)
UserModel().delete(self.u1)
UserModel().delete(self.u2)
UserModel().delete(self.u3)
UserModel().delete(self.a1)
if hasattr(self, 'g1'):
ReposGroupModel().delete(self.g1.group_id)
if hasattr(self, 'g2'):
ReposGroupModel().delete(self.g2.group_id)
if hasattr(self, 'ug1'):
UsersGroupModel().delete(self.ug1, force=True)
def test_default_perms_set(self):
u1_auth = AuthUser(user_id=self.u1.user_id)
perms = {
'repositories_groups': {},
'global': set([u'hg.create.repository', u'repository.read',
u'hg.register.manual_activate']),
'repositories': {u'vcs_test_hg': u'repository.read'}
}
self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
perms['repositories'][HG_REPO])
@@ -404,24 +405,68 @@ class TestPermissions(unittest.TestCase)
user_model = UserModel()
# disable fork and create on default user
usr = 'default'
user_model.revoke_perm(usr, 'hg.create.repository')
user_model.grant_perm(usr, 'hg.create.none')
user_model.revoke_perm(usr, 'hg.fork.repository')
user_model.grant_perm(usr, 'hg.fork.none')
#enable global perms on specific user
user_model.revoke_perm(self.u1, 'hg.create.none')
user_model.grant_perm(self.u1, 'hg.create.repository')
user_model.revoke_perm(self.u1, 'hg.fork.none')
user_model.grant_perm(self.u1, 'hg.fork.repository')
# make sure inherit flag is turned off
self.u1.inherit_default_permissions = False
# this user will have non inherited permissions from he's
# explicitly set permissions
self.assertEqual(u1_auth.permissions['global'],
set(['hg.create.repository', 'hg.fork.repository',
'hg.register.manual_activate',
'repository.read']))
def test_owner_permissions_doesnot_get_overwritten_by_group(self):
#create repo as USER,
self.test_repo = repo = RepoModel().create_repo(repo_name='myownrepo',
repo_type='hg',
description='desc',
owner=self.u1)
#he has permissions of admin as owner
self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
'repository.admin')
#set his permission as users group, he should still be admin
self.ug1 = UsersGroupModel().create('G1')
# add user to group
UsersGroupModel().add_user_to_group(self.ug1, self.u1)
RepoModel().grant_users_group_permission(repo, group_name=self.ug1,
perm='repository.none')
def test_owner_permissions_doesnot_get_overwritten_by_others(self):
#set his permission as user, he should still be admin
RepoModel().grant_user_permission(repo, user=self.u1,
Status change: