@@ -851,48 +851,60 @@ class Permission(Base, BaseModel):
@classmethod
def get_default_perms(cls, default_user_id, cache=True):
q = Session().query(UserRepoToPerm, Repository, cls)\
.join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
.join((cls, UserRepoToPerm.permission_id == cls.permission_id))\
.filter(UserRepoToPerm.user_id == default_user_id)
if cache:
q = q.options(FromCache("sql_cache_short", "get_default_perms"))
return q.all()
class UserRepoToPerm(Base, BaseModel):
__tablename__ = 'repo_to_perm'
__table_args__ = (UniqueConstraint('user_id', 'repository_id'), {'extend_existing':True})
repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
user = relationship('User')
permission = relationship('Permission')
repository = relationship('Repository')
def create(cls, user, repository, permission):
n = cls()
n.user = user
n.repository = repository
n.permission = permission
Session().add(n)
return n
def __repr__(self):
return '<user:%s => %s >' % (self.user, self.repository)
class UserToPerm(Base, BaseModel):
__tablename__ = 'user_to_perm'
__table_args__ = (UniqueConstraint('user_id', 'permission_id'), {'extend_existing':True})
user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
permission = relationship('Permission', lazy='joined')
def has_perm(cls, user_id, perm):
if not isinstance(perm, Permission):
raise Exception('perm needs to be an instance of Permission class')
return cls.query().filter(cls.user_id == user_id)\
.filter(cls.permission == perm).scalar() is not None
def grant_perm(cls, user_id, perm):
new = cls()
@@ -909,48 +921,57 @@ class UserToPerm(Base, BaseModel):
def revoke_perm(cls, user_id, perm):
try:
obj = cls.query().filter(cls.user_id == user_id)\
.filter(cls.permission == perm).one()
Session().delete(obj)
Session().commit()
except:
Session().rollback()
class UsersGroupRepoToPerm(Base, BaseModel):
__tablename__ = 'users_group_repo_to_perm'
__table_args__ = (UniqueConstraint('repository_id', 'users_group_id', 'permission_id'), {'extend_existing':True})
users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
users_group = relationship('UsersGroup')
def create(cls, users_group, repository, permission):
n.users_group = users_group
return '<userGroup:%s => %s >' % (self.users_group, self.repository)
class UsersGroupToPerm(Base, BaseModel):
__tablename__ = 'users_group_to_perm'
def has_perm(cls, users_group_id, perm):
return cls.query().filter(cls.users_group_id ==
users_group_id)\
.filter(cls.permission == perm)\
.scalar() is not None
@@ -223,66 +223,88 @@ class RepoModel(BaseModel):
# with name and path of group
repo_name = form_data['repo_name']
repo_name_full = form_data['repo_name_full']
new_repo = Repository()
new_repo.enable_statistics = False
for k, v in form_data.items():
if k == 'repo_name':
v = repo_name_full
if k == 'repo_group':
k = 'group_id'
if k == 'description':
v = v or repo_name
setattr(new_repo, k, v)
if fork:
parent_repo = Repository.get(fork_parent_id)
new_repo.fork = parent_repo
new_repo.user_id = cur_user.user_id
self.sa.add(new_repo)
#create default permission
repo_to_perm = UserRepoToPerm()
default = 'repository.read'
for p in User.get_by_username('default').user_perms:
if p.permission.permission_name.startswith('repository.'):
default = p.permission.permission_name
break
def _create_default_perms():
# create default permission
default_perm = 'repository.none' if form_data['private'] else default
repo_to_perm.permission_id = self.sa.query(Permission)\
.filter(Permission.permission_name == default_perm)\
.one().permission_id
repo_to_perm.repository = new_repo
repo_to_perm.user_id = User.get_by_username('default').user_id
self.sa.add(repo_to_perm)
if form_data.get('copy_permissions'):
repo = Repository.get(fork_parent_id)
user_perms = UserRepoToPerm.query()\
.filter(UserRepoToPerm.repository == repo).all()
group_perms = UsersGroupRepoToPerm.query()\
.filter(UsersGroupRepoToPerm.repository == repo).all()
for perm in user_perms:
UserRepoToPerm.create(perm.user, new_repo,
perm.permission)
for perm in group_perms:
UsersGroupRepoToPerm.create(perm.users_group, new_repo,
else:
_create_default_perms()
if not just_db:
self.__create_repo(repo_name, form_data['repo_type'],
form_data['repo_group'],
form_data['clone_uri'])
# now automatically start following this repository as owner
ScmModel(self.sa).toggle_following_repo(new_repo.repo_id,
cur_user.user_id)
return new_repo
log.error(traceback.format_exc())
raise
def create_fork(self, form_data, cur_user):
"""
Simple wrapper into executing celery task for fork creation
:param form_data:
:param cur_user:
from rhodecode.lib.celerylib import tasks, run_task
run_task(tasks.create_repo_fork, form_data, cur_user)
@@ -355,84 +355,83 @@ class UserModel(BaseModel):
# fetch default permissions
#======================================================================
default_user = User.get_by_username('default', cache=True)
default_user_id = default_user.user_id
default_perms = Permission.get_default_perms(default_user_id)
if user.is_admin:
#==================================================================
# #admin have all default rights set to admin
user.permissions['global'].add('hg.admin')
for perm in default_perms:
p = 'repository.admin'
user.permissions['repositories'][perm.UserRepoToPerm.
repository.repo_name] = p
# set default permissions
uid = user.user_id
#default global
# default global
default_global_perms = self.sa.query(UserToPerm)\
.filter(UserToPerm.user_id == default_user_id)
for perm in default_global_perms:
user.permissions['global'].add(perm.permission.permission_name)
#default for repositories
# default for repositories
if perm.Repository.private and not (perm.Repository.user_id ==
uid):
#disable defaults for private repos,
# disable defaults for private repos,
p = 'repository.none'
elif perm.Repository.user_id == uid:
#set admin if owner
# set admin if owner
p = perm.Permission.permission_name
# overwrite default with user permissions if any
#user global
# user global
user_perms = self.sa.query(UserToPerm)\
.options(joinedload(UserToPerm.permission))\
.filter(UserToPerm.user_id == uid).all()
user.permissions['global'].add(perm.permission.
permission_name)
#user repositories
# user repositories
user_repo_perms = self.sa.query(UserRepoToPerm, Permission,
Repository)\
.join((Repository, UserRepoToPerm.repository_id ==
Repository.repo_id))\
.join((Permission, UserRepoToPerm.permission_id ==
Permission.permission_id))\
.filter(UserRepoToPerm.user_id == uid).all()
for perm in user_repo_perms:
if perm.Repository.user_id == uid:
# check if user is part of groups for this repository and fill in
# (or replace with higher) permissions
# users group global
user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\
@@ -63,47 +63,47 @@
<td></td>
</tr>
%endif
%for cnt,node in enumerate(c.files_list):
<tr class="parity${cnt%2}">
<td>
${h.link_to(node.name,h.url('files_home',repo_name=c.repo_name,revision=c.changeset.raw_id,f_path=h.safe_unicode(node.path)),class_=file_class(node)+" ypjax-link")}
</td>
%if node.is_file():
${h.format_byte_size(node.size,binary=True)}
${node.mimetype}
<span class="tooltip" title="${node.last_changeset.raw_id}">
<span class="tooltip" title="${node.last_changeset.message}">
${'r%s:%s' % (node.last_changeset.revision,node.last_changeset.short_id)}</span>
<span class="tooltip" title="${node.last_changeset.date}">
${h.age(node.last_changeset.date)}</span>
${node.last_changeset.author}
%endfor
</tbody>
<tbody id="tbody_filtered" style="display:none">
</table>
</div>
\ No newline at end of file
Status change: