.. _api:
===
API
Starting from RhodeCode version 1.2 a simple API was implemented.
There's a single schema for calling all api methods. API is implemented
with JSON protocol both ways. An url to send API request to RhodeCode is
<your_server>/_admin/api
API ACCESS FOR WEB VIEWS
++++++++++++++++++++++++
API access can also be turned on for each web view in RhodeCode that is
decorated with `@LoginRequired` decorator. To enable API access simple change
the standard login decorator to `@LoginRequired(api_access=True)`.
After this change, a rhodecode view can be accessed without login by adding a
GET parameter `?api_key=<api_key>` to url. By default this is only
enabled on RSS/ATOM feed views.
API ACCESS
++++++++++
All clients are required to send JSON-RPC spec JSON data::
{
"id:"<id>",
"api_key":"<api_key>",
"method":"<method_name>",
"args":{"<arg_key>":"<arg_val>"}
}
Example call for autopulling remotes repos using curl::
curl https://server.com/_admin/api -X POST -H 'content-type:text/plain' --data-binary '{"id":1,"api_key":"xe7cdb2v278e4evbdf5vs04v832v0efvcbcve4a3","method":"pull","args":{"repo":"CPython"}}'
Simply provide
- *id* A value of any type, which is used to match the response with the request that it is replying to.
- *api_key* for access and permission validation.
- *method* is name of method to call
- *args* is an key:value list of arguments to pass to method
.. note::
api_key can be found in your user account page
RhodeCode API will return always a JSON-RPC response::
"id":<id>, # matching id sent by request
"result": "<result>"|null, # JSON formatted result, null if any errors
"error": "null"|<error_message> # JSON formatted error (if any)
All responses from API will be `HTTP/1.0 200 OK`, if there's an error while
calling api *error* key from response will contain failure description
and result will be null.
API CLIENT
From version 1.4 RhodeCode adds a script that allows to easily
communicate with API. After installing RhodeCode a `rhodecode-api` script
will be available.
To get started quickly simply run::
rhodecode-api _create_config --apikey=<youapikey> --apihost=<rhodecode host>
This will create a file named .config in the directory you executed it storing
json config file with credentials. You can skip this step and always provide
both of the arguments to be able to communicate with server
after that simply run any api command for example get_repo::
rhodecode-api get_repo
calling {"api_key": "<apikey>", "id": 75, "args": {}, "method": "get_repo"} to http://127.0.0.1:5000
rhodecode said:
{'error': 'Missing non optional `repoid` arg in JSON DATA',
'id': 75,
'result': None}
Ups looks like we forgot to add an argument
Let's try again now giving the repoid as parameters::
rhodecode-api get_repo repoid:rhodecode
calling {"api_key": "<apikey>", "id": 39, "args": {"repoid": "rhodecode"}, "method": "get_repo"} to http://127.0.0.1:5000
{'error': None,
'id': 39,
'result': <json data...>}
API METHODS
+++++++++++
pull
----
Pulls given repo from remote location. Can be used to automatically keep
remote repos up to date. This command can be executed only using api_key
belonging to user with admin rights
INPUT::
id : <id_for_response>
api_key : "<api_key>"
method : "pull"
args : {
"repoid" : "<reponame or repo_id>"
OUTPUT::
id : <id_given_in_input>
result : "Pulled from `<reponame>`"
error : null
rescan_repos
------------
Dispatch rescan repositories action. If remove_obsolete is set
RhodeCode will delete repos that are in database but not in the filesystem.
This command can be executed only using api_key belonging to user with admin
rights.
method : "rescan_repos"
"remove_obsolete" : "<boolean = Optional(False)>"
result : "{'added': [<list of names of added repos>],
'removed': [<list of names of removed repos>]}"
lock
Set locking state on given repository by given user. If userid param is skipped
, then it is set to id of user whos calling this method.
rights or regular user that have admin or write access to repository.
method : "lock"
"userid" : "<user_id or username = Optional(=apiuser)>",
"locked" : "<bool true|false>"
result : "User `<username>` set lock state for repo `<reponame>` to `true|false`"
show_ip
-------
Shows IP address as seen from RhodeCode server, together with all
defined IP addresses for given user.
method : "show_ip"
"userid" : "<user_id or username>",
result : {
"ip_addr_server": <ip_from_clien>",
"user_ips": [
"ip_addr": "<ip_with_mask>",
"ip_range": ["<start_ip>", "<end_ip>"],
},
...
]
get_user
--------
Get's an user by username or user_id, Returns empty result if user is not found.
If userid param is skipped it is set to id of user who is calling this method.
rights, or regular users which cannot specify userid parameter.
method : "get_user"
"userid" : "<username or user_id>"
"userid" : "<username or user_id Optional(=apiuser)>"
result: None if user does not exist or
"user_id" : "<user_id>",
"username" : "<username>",
"firstname": "<firstname>",
"lastname" : "<lastname>",
"email" : "<email>",
"emails": "<list_of_all_additional_emails>",
"ip_addresses": "<list_of_ip_addresses_for_user>",
"active" : "<bool>",
"admin" :Â "<bool>",
"ldap_dn" : "<ldap_dn>",
"last_login": "<last_login>",
"permissions": {
"global": ["hg.create.repository",
"repository.read",
"hg.register.manual_activate"],
"repositories": {"repo1": "repository.none"},
"repositories_groups": {"Group1": "group.read"}
error: null
get_users
---------
Lists all existing users. This command can be executed only using api_key
belonging to user with admin rights.
method : "get_users"
args : { }
result: [
…
create_user
-----------
Creates new user. This command can
be executed only using api_key belonging to user with admin rights.
method : "create_user"
"email" : "<useremail>",
"password" : "<password>",
"firstname" : "<firstname> = Optional(None)",
"lastname" : "<lastname> = Optional(None)",
"active" : "<bool> = Optional(True)",
"admin" : "<bool> = Optional(False)",
"ldap_dn" : "<ldap_dn> = Optional(None)"
result: {
"msg" : "created new user `<username>`",
"user": {
update_user
updates given user if such user exists. This command can
method : "update_user"
"username" : "<username> = Optional",
"email" : "<useremail> = Optional",
"password" : "<password> = Optional",
"firstname" : "<firstname> = Optional",
"lastname" : "<lastname> = Optional",
"active" : "<bool> = Optional",
"admin" : "<bool> = Optional",
"ldap_dn" : "<ldap_dn> = Optional"
"username" : "<username> = Optional(None)",
"email" : "<useremail> = Optional(None)",
"password" : "<password> = Optional(None)",
"active" : "<bool> = Optional(None)",
"admin" : "<bool> = Optional(None)",
"msg" : "updated user ID:<userid> <username>",
delete_user
deletes givenuser if such user exists. This command can
method : "delete_user"
"msg" : "deleted user ID:<userid> <username>",
"user": null
get_users_group
---------------
Gets an existing users group. This command can be executed only using api_key
method : "get_users_group"
"usersgroupid" : "<users group id or name>"
result : None if group not exist
"users_group_id" : "<id>",
"group_name" : "<groupname>",
"active": "<bool>",
"members" : [
get_users_groups
----------------
Lists all existing users groups. This command can be executed only using
api_key belonging to user with admin rights.
method : "get_users_groups"
result : [
create_users_group
------------------
Creates new users group. This command can be executed only using api_key
method : "create_users_group"
args: {
"group_name": "<groupname>",
"active":"<bool> = Optional(True)"
"msg": "created new users group `<groupname>`",
"users_group": {
add_user_to_users_group
-----------------------
Adds a user to a users group. If user exists in that group success will be
`false`. This command can be executed only using api_key
method : "add_user_users_group"
"usersgroupid" : "<users group id or name>",
"success": True|False # depends on if member is in group
"msg": "added member `<username>` to users group `<groupname>` |
User is already in that group"
remove_user_from_users_group
----------------------------
Removes a user from a users group. If user is not in given group success will
be `false`. This command can be executed only
using api_key belonging to user with admin rights
method : "remove_user_from_users_group"
"success": True|False, # depends on if member is in group
"msg": "removed member <username> from users group <groupname> |
User wasn't in group"
get_repo
Gets an existing repository by it's name or repository_id. Members will return
either users_group or user associated to that repository. This command can
method : "get_repo"
result: None if repository does not exist or
"repo_id" : "<repo_id>",
"repo_name" : "<reponame>"
"repo_type" : "<repo_type>",
"clone_uri" : "<clone_uri>",
"enable_downloads": "<bool>",
"enable_locking": "<bool>",
"enable_statistics": "<bool>",
"private": "<bool>",
"created_on" : "<datetimecreated>",
"description" : "<description>",
"landing_rev": "<landing_rev>",
"owner": "<repo_owner>",
"fork_of": "<name_of_fork_parent>",
"type": "user",
"permission" : "repository.(read|write|admin)"
"type": "users_group",
"id" : "<usersgroupid>",
"name" : "<usersgroupname>",
get_repos
Lists all existing repositories. This command can be executed only using api_key
method : "get_repos"
args: { }
"private": : "<bool>",
get_repo_nodes
--------------
returns a list of nodes and it's children in a flat list for a given path
at given revision. It's possible to specify ret_type to show only `files` or
`dirs`. This command can be executed only using api_key belonging to user
with admin rights
method : "get_repo_nodes"
"revision" : "<revision>",
"root_path" : "<root_path>",
"ret_type" : "<ret_type> = Optional('all')"
"name" : "<name>"
"type" : "<type>",
create_repo
Creates a repository. This command can be executed only using api_key
If repository name contains "/", all needed repository groups will be created.
For example "foo/bar/baz" will create groups "foo", "bar" (with "foo" as parent),
and create "baz" repository with "bar" as group.
method : "create_repo"
"repo_name" : "<reponame>",
"owner" : "<onwer_name_or_id>",
"repo_type" : "<repo_type> = Optional('hg')",
"description" : "<description> = Optional('')",
"private" : "<bool> = Optional(False)",
"clone_uri" : "<clone_uri> = Optional(None)",
"landing_rev" : "<landing_rev> = Optional('tip')",
"enable_downloads": "<bool> = Optional(False)",
"enable_locking": "<bool> = Optional(False)",
"enable_statistics": "<bool> = Optional(False)",
"msg": "Created new repository `<reponame>`",
"repo": {
# -*- coding: utf-8 -*-
"""
rhodecode.controllers.api
~~~~~~~~~~~~~~~~~~~~~~~~~
API controller for RhodeCode
:created_on: Aug 20, 2011
:author: marcink
:copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com>
:license: GPLv3, see COPYING for more details.
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2
# of the License or (at your opinion) any later version of the license.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301, USA.
import traceback
import logging
from pylons.controllers.util import abort
from rhodecode.controllers.api import JSONRPCController, JSONRPCError
from rhodecode.lib.auth import PasswordGenerator, AuthUser, \
HasPermissionAllDecorator, HasPermissionAnyDecorator, \
HasPermissionAnyApi, HasRepoPermissionAnyApi
from rhodecode.lib.utils import map_groups, repo2db_mapper
from rhodecode.model.meta import Session
from rhodecode.model.scm import ScmModel
from rhodecode.model.repo import RepoModel
from rhodecode.model.user import UserModel
from rhodecode.model.users_group import UsersGroupModel
from rhodecode.model.permission import PermissionModel
from rhodecode.model.db import Repository, RhodeCodeSetting, UserIpMap
log = logging.getLogger(__name__)
class OptionalAttr(object):
Special Optional Option that defines other attribute
def __init__(self, attr_name):
self.attr_name = attr_name
def __repr__(self):
return '<OptionalAttr:%s>' % self.attr_name
def __call__(self):
return self
#alias
OAttr = OptionalAttr
class Optional(object):
Defines an optional parameter::
param = param.getval() if isinstance(param, Optional) else param
param = param() if isinstance(param, Optional) else param
is equivalent of::
param = Optional.extract(param)
def __init__(self, type_):
self.type_ = type_
return '<Optional:%s>' % self.type_.__repr__()
return self.getval()
def getval(self):
returns value from this Optional instance
return self.type_
@classmethod
def extract(cls, val):
if isinstance(val, cls):
return val.getval()
return val
def get_user_or_error(userid):
Get user by id or name or return JsonRPCError if not found
:param userid:
user = UserModel().get_user(userid)
if user is None:
raise JSONRPCError("user `%s` does not exist" % userid)
return user
def get_repo_or_error(repoid):
Get repo by id or name or return JsonRPCError if not found
repo = RepoModel().get_repo(repoid)
if repo is None:
raise JSONRPCError('repository `%s` does not exist' % (repoid))
return repo
def get_users_group_or_error(usersgroupid):
Get users group by id or name or return JsonRPCError if not found
users_group = UsersGroupModel().get_group(usersgroupid)
if users_group is None:
raise JSONRPCError('users group `%s` does not exist' % usersgroupid)
return users_group
def get_perm_or_error(permid):
Get permission by id or name or return JsonRPCError if not found
perm = PermissionModel().get_permission_by_name(permid)
if perm is None:
raise JSONRPCError('permission `%s` does not exist' % (permid))
return perm
class ApiController(JSONRPCController):
API Controller
Each method needs to have USER as argument this is then based on given
API_KEY propagated as instance of user object
Preferably this should be first argument also
Each function should also **raise** JSONRPCError for any
errors that happens
@HasPermissionAllDecorator('hg.admin')
def pull(self, apiuser, repoid):
Dispatch pull action on given repo
:param apiuser:
:param repoid:
repo = get_repo_or_error(repoid)
try:
ScmModel().pull_changes(repo.repo_name,
self.rhodecode_user.username)
return 'Pulled from `%s`' % repo.repo_name
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError(
'Unable to pull changes from `%s`' % repo.repo_name
)
def rescan_repos(self, apiuser, remove_obsolete=Optional(False)):
than also delete repos that are in database but not in the filesystem.
aka "clean zombies"
:param remove_obsolete:
rm_obsolete = Optional.extract(remove_obsolete)
added, removed = repo2db_mapper(ScmModel().repo_scan(),
remove_obsolete=rm_obsolete)
return {'added': added, 'removed': removed}
'Error occurred during rescan repositories action'
def lock(self, apiuser, repoid, locked, userid=Optional(OAttr('apiuser'))):
Set locking state on particular repository by given user, if
this command is runned by non-admin account userid is set to user
who is calling this method
:param locked:
if HasPermissionAnyApi('hg.admin')(user=apiuser):
pass
elif HasRepoPermissionAnyApi('repository.admin',
'repository.write')(user=apiuser,
repo_name=repo.repo_name):
#make sure normal user does not pass userid, he is not allowed to do that
if not isinstance(userid, Optional):
'Only RhodeCode admin can specify `userid` params'
'Only RhodeCode admin can specify `userid` param'
else:
return abort(403)
if isinstance(userid, Optional):
userid = apiuser.user_id
user = get_user_or_error(userid)
locked = bool(locked)
if locked:
Repository.lock(repo, user.user_id)
Repository.unlock(repo)
return ('User `%s` set lock state for repo `%s` to `%s`'
% (user.username, repo.repo_name, locked))
'Error occurred locking repository `%s`' % repo.repo_name
def show_ip(self, apiuser, userid):
defined IP addresses for given user
ips = UserIpMap.query().filter(UserIpMap.user == user).all()
return dict(
ip_addr_server=self.ip_addr,
user_ips=ips
def get_user(self, apiuser, userid):
def get_user(self, apiuser, userid=Optional(OAttr('apiuser'))):
""""
Get a user by username
Get a user by username, or userid, if userid is given
data = user.get_api_data()
data['permissions'] = AuthUser(user_id=user.user_id).permissions
return data
def get_users(self, apiuser):
Get all users
result = []
for user in UserModel().get_all():
result.append(user.get_api_data())
return result
def create_user(self, apiuser, username, email, password,
firstname=Optional(None), lastname=Optional(None),
active=Optional(True), admin=Optional(False),
ldap_dn=Optional(None)):
Create new user
:param username:
:param email:
:param password:
:param firstname:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
if UserModel().get_by_username(username):
raise JSONRPCError("user `%s` already exist" % username)
if UserModel().get_by_email(email, case_insensitive=True):
raise JSONRPCError("email `%s` already exist" % email)
if Optional.extract(ldap_dn):
# generate temporary password if ldap_dn
password = PasswordGenerator().gen_password(length=8)
user = UserModel().create_or_update(
username=Optional.extract(username),
password=Optional.extract(password),
email=Optional.extract(email),
firstname=Optional.extract(firstname),
lastname=Optional.extract(lastname),
active=Optional.extract(active),
admin=Optional.extract(admin),
ldap_dn=Optional.extract(ldap_dn)
Session().commit()
msg='created new user `%s`' % username,
user=user.get_api_data()
raise JSONRPCError('failed to create user `%s`' % username)
def update_user(self, apiuser, userid, username=Optional(None),
email=Optional(None), firstname=Optional(None),
lastname=Optional(None), active=Optional(None),
admin=Optional(None), ldap_dn=Optional(None),
password=Optional(None)):
Updates given user
# call function and store only updated arguments
updates = {}
def store_update(attr, name):
if not isinstance(attr, Optional):
updates[name] = attr
store_update(username, 'username')
store_update(password, 'password')
store_update(email, 'email')
store_update(firstname, 'name')
store_update(lastname, 'lastname')
store_update(active, 'active')
store_update(admin, 'admin')
store_update(ldap_dn, 'ldap_dn')
user = UserModel().update_user(user, **updates)
msg='updated user ID:%s %s' % (user.user_id, user.username),
raise JSONRPCError('failed to update user `%s`' % userid)
def delete_user(self, apiuser, userid):
Deletes an user
UserModel().delete(userid)
msg='deleted user ID:%s %s' % (user.user_id, user.username),
user=None
raise JSONRPCError('failed to delete ID:%s %s' % (user.user_id,
user.username))
def get_users_group(self, apiuser, usersgroupid):
Get users group by name or id
:param usersgroupid:
users_group = get_users_group_or_error(usersgroupid)
data = users_group.get_api_data()
members = []
for user in users_group.members:
user = user.user
members.append(user.get_api_data())
data['members'] = members
def get_users_groups(self, apiuser):
Get all users groups
for users_group in UsersGroupModel().get_all():
result.append(users_group.get_api_data())
def create_users_group(self, apiuser, group_name, active=Optional(True)):
Creates an new usergroup
:param group_name:
if UsersGroupModel().get_by_name(group_name):
raise JSONRPCError("users group `%s` already exist" % group_name)
active = Optional.extract(active)
ug = UsersGroupModel().create(name=group_name, active=active)
msg='created new users group `%s`' % group_name,
users_group=ug.get_api_data()
raise JSONRPCError('failed to create group `%s`' % group_name)
def add_user_to_users_group(self, apiuser, usersgroupid, userid):
Add a user to a users group
ugm = UsersGroupModel().add_user_to_group(users_group, user)
success = True if ugm != True else False
msg = 'added member `%s` to users group `%s`' % (
user.username, users_group.users_group_name
msg = msg if success else 'User is already in that group'
success=success,
msg=msg
'failed to add member to users group `%s`' % (
users_group.users_group_name
def remove_user_from_users_group(self, apiuser, usersgroupid, userid):
Remove user from a group
success = UsersGroupModel().remove_user_from_group(users_group,
user)
msg = 'removed member `%s` from users group `%s`' % (
msg = msg if success else "User wasn't in group"
return dict(success=success, msg=msg)
'failed to remove member from users group `%s`' % (
def get_repo(self, apiuser, repoid):
Get repository by name
for user in repo.repo_to_perm:
perm = user.permission.permission_name
user_data = user.get_api_data()
user_data['type'] = "user"
user_data['permission'] = perm
members.append(user_data)
for users_group in repo.users_group_to_perm:
perm = users_group.permission.permission_name
users_group = users_group.users_group
users_group_data = users_group.get_api_data()
users_group_data['type'] = "users_group"
users_group_data['permission'] = perm
members.append(users_group_data)
data = repo.get_api_data()
def get_repos(self, apiuser):
Get all repositories
for repo in RepoModel().get_all():
result.append(repo.get_api_data())
def get_repo_nodes(self, apiuser, repoid, revision, root_path,
ret_type='all'):
returns a list of nodes and it's children
for a given path at given revision. It's possible to specify ret_type
to show only files or dirs
:param repoid: name or id of repository
:param revision: revision for which listing should be done
:param root_path: path from which start displaying
:param ret_type: return type 'all|files|dirs' nodes
_d, _f = ScmModel().get_nodes(repo, revision, root_path,
flat=False)
_map = {
'all': _d + _f,
'files': _f,
'dirs': _d,
return _map[ret_type]
except KeyError:
raise JSONRPCError('ret_type must be one of %s' % _map.keys())
'failed to get repo: `%s` nodes' % repo.repo_name
@HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
def create_repo(self, apiuser, repo_name, owner, repo_type=Optional('hg'),
description=Optional(''), private=Optional(False),
clone_uri=Optional(None), landing_rev=Optional('tip'),
enable_statistics=Optional(False),
enable_locking=Optional(False),
enable_downloads=Optional(False)):
Create repository, if clone_url is given it makes a remote clone
if repo_name is withina group name the groups will be created
automatically if they aren't present
:param repo_name:
:param onwer:
:param repo_type:
:param description:
:param private:
:param clone_uri:
:param landing_rev:
owner = get_user_or_error(owner)
if RepoModel().get_by_repo_name(repo_name):
raise JSONRPCError("repo `%s` already exist" % repo_name)
defs = RhodeCodeSetting.get_default_repo_settings(strip_prefix=True)
if isinstance(private, Optional):
private = defs.get('repo_private') or Optional.extract(private)
if isinstance(repo_type, Optional):
repo_type = defs.get('repo_type')
if isinstance(enable_statistics, Optional):
enable_statistics = defs.get('repo_enable_statistics')
if isinstance(enable_locking, Optional):
enable_locking = defs.get('repo_enable_locking')
if isinstance(enable_downloads, Optional):
enable_downloads = defs.get('repo_enable_downloads')
clone_uri = Optional.extract(clone_uri)
description = Optional.extract(description)
landing_rev = Optional.extract(landing_rev)
# create structure of groups and return the last group
group = map_groups(repo_name)
repo = RepoModel().create_repo(
repo_name=repo_name,
Status change: