# -*- coding: utf-8 -*-
"""
rhodecode.controllers.admin.users_groups
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Users Groups crud controller for pylons
:created_on: Jan 25, 2011
:author: marcink
:copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
:license: GPLv3, see COPYING for more details.
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import traceback
import formencode
from formencode import htmlfill
from pylons import request, session, tmpl_context as c, url, config
from pylons.controllers.util import abort, redirect
from pylons.i18n.translation import _
from rhodecode.lib.exceptions import UsersGroupsAssignedException
from rhodecode.lib import helpers as h
from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
from rhodecode.lib.base import BaseController, render
from rhodecode.model.db import User, UsersGroup, Permission, UsersGroupToPerm
from rhodecode.model.forms import UserForm, UsersGroupForm
from rhodecode.model.users_group import UsersGroupModel
log = logging.getLogger(__name__)
class UsersGroupsController(BaseController):
"""REST Controller styled on the Atom Publishing Protocol"""
# To properly map this controller, ensure your config/routing.py
# file has a resource setup:
# map.resource('users_group', 'users_groups')
@LoginRequired()
@HasPermissionAllDecorator('hg.admin')
def __before__(self):
c.admin_user = session.get('admin_user')
c.admin_username = session.get('admin_username')
super(UsersGroupsController, self).__before__()
c.available_permissions = config['available_permissions']
def index(self, format='html'):
"""GET /users_groups: All items in the collection"""
# url('users_groups')
c.users_groups_list = self.sa.query(UsersGroup).all()
return render('admin/users_groups/users_groups.html')
def create(self):
"""POST /users_groups: Create a new item"""
users_group_model = UsersGroupModel()
users_group_form = UsersGroupForm()()
try:
form_result = users_group_form.to_python(dict(request.POST))
users_group_model.create(form_result)
h.flash(_('created users group %s') \
% form_result['users_group_name'], category='success')
#action_logger(self.rhodecode_user, 'new_user', '', '', self.sa)
except formencode.Invalid, errors:
return htmlfill.render(
render('admin/users_groups/users_group_add.html'),
defaults=errors.value,
errors=errors.error_dict or {},
prefix_error=False,
@@ -108,96 +109,98 @@ class UsersGroupsController(BaseControll
c.users_group.members]
c.available_members = [(x.user_id, x.username) for x in
self.sa.query(User).all()]
users_group_form = UsersGroupForm(edit=True,
old_data=c.users_group.get_dict(),
available_members=[str(x[0]) for x
in c.available_members])()
form_result = users_group_form.to_python(request.POST)
users_group_model.update(id, form_result)
h.flash(_('updated users group %s') \
% form_result['users_group_name'],
category='success')
e = errors.error_dict or {}
perm = Permission.get_by_key('hg.create.repository')
e.update({'create_repo_perm':
UsersGroupToPerm.has_perm(id, perm)})
render('admin/users_groups/users_group_edit.html'),
errors=e,
encoding="UTF-8")
except Exception:
log.error(traceback.format_exc())
h.flash(_('error occurred during update of users group %s') \
% request.POST.get('users_group_name'), category='error')
return redirect(url('users_groups'))
def delete(self, id):
"""DELETE /users_groups/id: Delete an existing item"""
# Forms posted to this method should contain a hidden field:
# <input type="hidden" name="_method" value="DELETE" />
# Or using helpers:
# h.form(url('users_group', id=ID),
# method='delete')
# url('users_group', id=ID)
users_group_model.delete(id)
h.flash(_('successfully deleted users group'), category='success')
except UsersGroupsAssignedException, e:
h.flash(e, category='error')
h.flash(_('An error occurred during deletion of users group'),
category='error')
def show(self, id, format='html'):
"""GET /users_groups/id: Show a specific item"""
def edit(self, id, format='html'):
"""GET /users_groups/id/edit: Form to edit an existing item"""
# url('edit_users_group', id=ID)
c.users_group = self.sa.query(UsersGroup).get(id)
if not c.users_group:
c.users_group.permissions = {}
c.group_members = [(x.user_id, x.user.username) for x in
defaults = c.users_group.get_dict()
defaults.update({'create_repo_perm':
defaults=defaults,
encoding="UTF-8",
force_defaults=False
)
def update_perm(self, id):
"""PUT /users_perm/id: Update an existing item"""
# url('users_group_perm', id=ID, method='put')
grant_perm = request.POST.get('create_repo_perm', False)
if grant_perm:
perm = Permission.get_by_key('hg.create.none')
UsersGroupToPerm.revoke_perm(id, perm)
UsersGroupToPerm.grant_perm(id, perm)
h.flash(_("Granted 'repository create' permission to user"),
rhodecode.lib.exceptions
~~~~~~~~~~~~~~~~~~~~~~~~
Set of custom exceptions used in RhodeCode
:created_on: Nov 17, 2010
:copyright: (c) 2010 by marcink.
:license: LICENSE_NAME, see LICENSE_FILE for more details.
class LdapUsernameError(Exception):
pass
class LdapPasswordError(Exception):
class LdapConnectionError(Exception):
class LdapImportError(Exception):
class DefaultUserException(Exception):
class UserOwnsReposException(Exception):
class UsersGroupsAssignedException(Exception):
@@ -241,96 +241,98 @@ class User(Base, BaseModel):
if case_insensitive:
return Session.query(cls).filter(cls.username.like(username)).one()
else:
return Session.query(cls).filter(cls.username == username).one()
@classmethod
def get_by_api_key(cls, api_key):
return Session.query(cls).filter(cls.api_key == api_key).one()
def update_lastlogin(self):
"""Update user lastlogin"""
self.last_login = datetime.datetime.now()
Session.add(self)
Session.commit()
log.debug('updated user %s lastlogin', self.username)
class UserLog(Base, BaseModel):
__tablename__ = 'user_logs'
__table_args__ = {'extend_existing':True}
user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
repository_name = Column("repository_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
user_ip = Column("user_ip", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
action = Column("action", UnicodeText(length=1200000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
@property
def action_as_day(self):
return date(*self.action_date.timetuple()[:3])
user = relationship('User')
repository = relationship('Repository')
class UsersGroup(Base, BaseModel):
__tablename__ = 'users_groups'
users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
users_group_name = Column("users_group_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
members = relationship('UsersGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
def __repr__(self):
return '<userGroup(%s)>' % (self.users_group_name)
def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
gr = Session.query(cls)\
.filter(cls.users_group_name.ilike(group_name))
gr = Session.query(UsersGroup)\
.filter(UsersGroup.users_group_name == group_name)
if cache:
gr = gr.options(FromCache("sql_cache_short",
"get_user_%s" % group_name))
return gr.scalar()
class UsersGroupMember(Base, BaseModel):
__tablename__ = 'users_groups_members'
users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
user = relationship('User', lazy='joined')
users_group = relationship('UsersGroup')
def __init__(self, gr_id='', u_id=''):
self.users_group_id = gr_id
self.user_id = u_id
class Repository(Base, BaseModel):
__tablename__ = 'repositories'
__table_args__ = (UniqueConstraint('repo_name'), {'extend_existing':True},)
repo_id = Column("repo_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
repo_name = Column("repo_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
clone_uri = Column("clone_uri", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=False, default=None)
repo_type = Column("repo_type", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=False, default='hg')
user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
private = Column("private", Boolean(), nullable=True, unique=None, default=None)
enable_statistics = Column("statistics", Boolean(), nullable=True, unique=None, default=True)
enable_downloads = Column("downloads", Boolean(), nullable=True, unique=None, default=True)
description = Column("description", String(length=10000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
created_on = Column('created_on', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
fork_id = Column("fork_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=False, default=None)
group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=False, default=None)
@@ -632,96 +634,98 @@ class UserToPerm(Base, BaseModel):
def has_perm(cls, user_id, perm):
if not isinstance(perm, Permission):
raise Exception('perm needs to be an instance of Permission class')
return Session.query(cls).filter(cls.user_id == user_id)\
.filter(cls.permission == perm).scalar() is not None
def grant_perm(cls, user_id, perm):
new = cls()
new.user_id = user_id
new.permission = perm
Session.add(new)
except:
Session.rollback()
def revoke_perm(cls, user_id, perm):
Session.query(cls).filter(cls.user_id == user_id)\
.filter(cls.permission == perm).delete()
class UsersGroupRepoToPerm(Base, BaseModel):
__tablename__ = 'users_group_repo_to_perm'
__table_args__ = (UniqueConstraint('repository_id', 'users_group_id', 'permission_id'), {'extend_existing':True})
users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
permission = relationship('Permission')
return '<userGroup:%s => %s >' % (self.users_group, self.repository)
class UsersGroupToPerm(Base, BaseModel):
__tablename__ = 'users_group_to_perm'
def has_perm(cls, users_group_id, perm):
return Session.query(cls).filter(cls.users_group_id ==
users_group_id)\
.filter(cls.permission == perm)\
.scalar() is not None
def grant_perm(cls, users_group_id, perm):
new.users_group_id = users_group_id
def revoke_perm(cls, users_group_id, perm):
Session.query(cls).filter(cls.users_group_id == users_group_id)\
rhodecode.model.user_group
~~~~~~~~~~~~~~~~~~~~~~~~~~
users groups model for RhodeCode
from rhodecode.model import BaseModel
from rhodecode.model.caching_query import FromCache
from rhodecode.model.db import UsersGroup, UsersGroupMember
from rhodecode.model.db import UsersGroup, UsersGroupMember, \
UsersGroupRepoToPerm
class UsersGroupModel(BaseModel):
def get(self, users_group_id, cache=False):
users_group = self.sa.query(UsersGroup)
users_group = users_group.options(FromCache("sql_cache_short",
"get_users_group_%s" % users_group_id))
return users_group.get(users_group_id)
def create(self, form_data):
new_users_group = UsersGroup()
for k, v in form_data.items():
setattr(new_users_group, k, v)
self.sa.add(new_users_group)
self.sa.commit()
self.sa.rollback()
raise
def update(self, users_group_id, form_data):
users_group = self.get(users_group_id, cache=False)
if k == 'users_group_members':
users_group.members = []
self.sa.flush()
members_list = []
if v:
for u_id in set(v):
members_list.append(UsersGroupMember(
users_group_id,
u_id))
setattr(users_group, 'members', members_list)
setattr(users_group, k, v)
self.sa.add(users_group)
def delete(self, users_group_id):
# check if this group is not assigned to repo
assigned_groups = UsersGroupRepoToPerm.query()\
.filter(UsersGroupRepoToPerm.users_group_id ==
users_group_id).all()
if assigned_groups:
raise UsersGroupsAssignedException('Group assigned to %s' %
assigned_groups)
self.sa.delete(users_group)
Status change: