@@ -54,13 +54,14 @@ class PermissionsController(BaseControll
self.perms_choices = [('repository.none', _('None'),),
('repository.read', _('Read'),),
('repository.write', _('Write'),),
('repository.admin', _('Admin'),)]
self.register_choices = [
('hg.register.none', 'disabled'),
('hg.register.none',
_('disabled')),
('hg.register.manual_activate',
_('allowed with manual account activation')),
('hg.register.auto_activate',
_('allowed with automatic account activation')), ]
self.create_choices = [('hg.create.none', _('Disabled')),
@@ -139,14 +140,16 @@ class PermissionsController(BaseControll
#url('edit_permission', id=ID)
c.perms_choices = self.perms_choices
c.register_choices = self.register_choices
c.create_choices = self.create_choices
if id == 'default':
defaults = {'_method':'put'}
for p in UserModel().get_by_username('default').user_perms:
default_user = UserModel().get_by_username('default')
defaults = {'_method':'put',
'anonymous':default_user.active}
for p in default_user.user_perms:
if p.permission.permission_name.startswith('repository.'):
defaults['default_perm'] = p.permission.permission_name
if p.permission.permission_name.startswith('hg.register.'):
defaults['default_register'] = p.permission.permission_name
@@ -118,17 +118,21 @@ class SettingsController(BaseController)
application_form = ApplicationSettingsForm()()
try:
form_result = application_form.to_python(dict(request.POST))
hgsettings1 = self.sa.query(RhodeCodeSettings)\
.filter(RhodeCodeSettings.app_settings_name == 'title').one()
.filter(RhodeCodeSettings.app_settings_name \
== 'title').one()
hgsettings1.app_settings_value = form_result['rhodecode_title']
hgsettings2 = self.sa.query(RhodeCodeSettings)\
.filter(RhodeCodeSettings.app_settings_name == 'realm').one()
== 'realm').one()
hgsettings2.app_settings_value = form_result['rhodecode_realm']
self.sa.add(hgsettings1)
self.sa.add(hgsettings2)
self.sa.commit()
@@ -152,14 +152,13 @@ class UsersController(BaseController):
"""GET /users/id/edit: Form to edit an existing item"""
# url('edit_user', id=ID)
c.user = self.sa.query(User).get(id)
if not c.user:
return redirect(url('users'))
if c.user.username == 'default':
h.flash(_("You can't edit this user since it's"
" crucial for entire application"), category='warning')
h.flash(_("You can't edit this user"), category='warning')
defaults = c.user.__dict__
return htmlfill.render(
render('admin/users/user_edit.html'),
defaults=defaults,
@@ -43,13 +43,15 @@ class LoginController(BaseController):
super(LoginController, self).__before__()
def index(self):
#redirect if already logged in
c.came_from = request.GET.get('came_from', None)
if c.rhodecode_user.is_authenticated:
if c.rhodecode_user.is_authenticated \
and c.rhodecode_user.username != 'default':
return redirect(url('home'))
if request.POST:
#import Login Form validator class
login_form = LoginForm()
@@ -23,12 +23,13 @@ Created on April 4, 2010
@author: marcink
"""
from pylons import config, session, url, request
from pylons.controllers.util import abort, redirect
from rhodecode.lib.utils import get_repo_slug
from rhodecode.model import meta
from rhodecode.model.user import UserModel
from rhodecode.model.caching_query import FromCache
from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
UserToPerm
import bcrypt
from decorator import decorator
import logging
@@ -69,13 +70,12 @@ def get_crypt_password(password):
return bcrypt.hashpw(password, bcrypt.gensalt(10))
def check_password(password, hashed):
return bcrypt.hashpw(password, hashed) == hashed
def authfunc(environ, username, password):
user = UserModel().get_by_username(username, cache=False)
if user:
if user.active:
if user.username == username and check_password(password, user.password):
log.info('user %s authenticated correctly', username)
@@ -96,12 +96,14 @@ class AuthUser(object):
self.email = ''
self.user_id = None
self.is_authenticated = False
self.is_admin = False
self.permissions = {}
def __repr__(self):
return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username)
def set_available_permissions(config):
This function will propagate pylons globals with all available defined
permission given in db. We don't wannt to check each time from db for new
permissions since adding a new permission also requires application restart
@@ -119,39 +121,12 @@ def set_available_permissions(config):
config['available_permissions'] = [x.permission_name for x in all_perms]
def set_base_path(config):
config['base_path'] = config['pylons.app_globals'].base_path
def fill_data(user):
Fills user data with those from database and log out user if not present
in database
:param user:
sa = meta.Session()
dbuser = sa.query(User)\
.options(FromCache('sql_cache_short', 'getuser_%s' % user.user_id))\
.get(user.user_id)
except:
pass
finally:
meta.Session.remove()
if dbuser:
user.username = dbuser.username
user.is_admin = dbuser.admin
user.name = dbuser.name
user.lastname = dbuser.lastname
user.email = dbuser.email
else:
user.is_authenticated = False
return user
def fill_perms(user):
Fills user permission attribute with permissions taken from database
@@ -160,15 +135,13 @@ def fill_perms(user):
user.permissions['repositories'] = {}
user.permissions['global'] = set()
#===========================================================================
# fetch default permissions
default_user = sa.query(User)\
.options(FromCache('sql_cache_short', 'getuser_%s' % 'default'))\
.filter(User.username == 'default').scalar()
default_user = UserModel(sa).get_by_username('default', cache=True)
default_perms = sa.query(RepoToPerm, Repository, Permission)\
.join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
.join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
.filter(RepoToPerm.user == default_user).all()
@@ -228,14 +201,28 @@ def fill_perms(user):
def get_user(session):
Gets user from session, and wraps permissions into user
:param session:
user = session.get('rhodecode_user', AuthUser())
#if the user is not logged in we check for anonymous access
#if user is logged and it's a default user check if we still have anonymous
#access enabled
if user.user_id is None or user.username == 'default':
anonymous_user = UserModel().get_by_username('default', cache=True)
if anonymous_user.active is True:
#then we set this user is logged in
user.is_authenticated = True
if user.is_authenticated:
user = fill_data(user)
user = UserModel().fill_data(user)
user = fill_perms(user)
session['rhodecode_user'] = user
session.save()
#===============================================================================
@@ -283,24 +270,25 @@ class PermsDecorator(object):
def __wrapper(self, func, *fargs, **fkwargs):
# _wrapper.__name__ = func.__name__
# _wrapper.__dict__.update(func.__dict__)
# _wrapper.__doc__ = func.__doc__
self.user_perms = session.get('rhodecode_user', AuthUser()).permissions
log.debug('checking %s permissions %s for %s',
self.__class__.__name__, self.required_perms, func.__name__)
self.user = session.get('rhodecode_user', AuthUser())
self.user_perms = self.user.permissions
log.debug('checking %s permissions %s for %s %s',
self.__class__.__name__, self.required_perms, func.__name__,
self.user)
if self.check_permissions():
log.debug('Permission granted for %s', func.__name__)
log.debug('Permission granted for %s %s', func.__name__, self.user)
return func(*fargs, **fkwargs)
log.warning('Permission denied for %s', func.__name__)
log.warning('Permission denied for %s %s', func.__name__, self.user)
#redirect with forbidden ret code
return abort(403)
def check_permissions(self):
@@ -380,22 +368,23 @@ class PermsFunction(object):
def __call__(self, check_Location=''):
user = session.get('rhodecode_user', False)
if not user:
return False
self.user_perms = user.permissions
self.granted_for = user.username
log.debug('checking %s %s', self.__class__.__name__, self.required_perms)
log.debug('checking %s %s %s', self.__class__.__name__,
self.required_perms, user)
log.debug('Permission granted for %s @%s', self.granted_for,
check_Location)
log.debug('Permission granted for %s @ %s %s', self.granted_for,
check_Location, user)
return True
log.warning('Permission denied for %s @%s', self.granted_for,
log.warning('Permission denied for %s @ %s %s', self.granted_for,
"""Dummy function for overriding"""
raise Exception('You have to write this function in child class')
@@ -224,15 +224,15 @@ class DbManage(object):
def create_default_user(self):
log.info('creating default user')
#create default user for handling default permissions.
def_user = User()
def_user.username = 'default'
def_user.password = get_crypt_password(str(uuid.uuid1())[:8])
def_user.name = 'default'
def_user.lastname = 'default'
def_user.email = 'default@default.com'
def_user.name = 'Anonymous'
def_user.lastname = 'User'
def_user.email = 'anonymous@rhodecode.org'
def_user.admin = False
def_user.active = False
self.sa.add(def_user)
@@ -355,11 +355,12 @@ def ApplicationUiSettingsForm():
def DefaultPermissionsForm(perms_choices, register_choices, create_choices):
class _DefaultPermissionsForm(formencode.Schema):
allow_extra_fields = True
filter_extra_fields = True
overwrite_default = OneOf(['true', 'false'], if_missing='false')
anonymous = OneOf(['True', 'False'], if_missing=False)
default_perm = OneOf(perms_choices)
default_register = OneOf(register_choices)
default_create = OneOf(create_choices)
return _DefaultPermissionsForm
@@ -56,36 +56,47 @@ class PermissionModel(object):
def update(self, form_result):
perm_user = self.sa.query(User)\
.filter(User.username == form_result['perm_user_name']).scalar()
u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all()
if len(u2p) != 3:
raise Exception('There is more than 3 defined'
' permissions for default user. This should not happen please verify'
' your database')
raise Exception('Defined: %s should be 3 permissions for default'
' user. This should not happen please verify'
' your database' % len(u2p))
#stage 1 change defaults
for p in u2p:
p.permission = self.get_permission_by_name(form_result['default_perm'])
p.permission = self.get_permission_by_name(
form_result['default_perm'])
self.sa.add(p)
p.permission = self.get_permission_by_name(form_result['default_register'])
form_result['default_register'])
if p.permission.permission_name.startswith('hg.create.'):
p.permission = self.get_permission_by_name(form_result['default_create'])
form_result['default_create'])
#stage 2 update all default permissions for repos if checked
if form_result['overwrite_default'] == 'true':
for r2p in self.sa.query(RepoToPerm).filter(RepoToPerm.user == perm_user).all():
r2p.permission = self.get_permission_by_name(form_result['default_perm'])
for r2p in self.sa.query(RepoToPerm)\
.filter(RepoToPerm.user == perm_user).all():
r2p.permission = self.get_permission_by_name(
self.sa.add(r2p)
#stage 3 set anonymous access
if perm_user.username == 'default':
perm_user.active = bool(form_result['anonymous'])
self.sa.add(perm_user)
log.error(traceback.format_exc())
self.sa.rollback()
raise
@@ -140,6 +140,27 @@ class UserModel(object):
def reset_password(self, data):
from rhodecode.lib.celerylib import tasks, run_task
run_task(tasks.reset_user_password, data['email'])
def fill_data(self, user):
Fills user data with those from database and log out user if not
present in database
log.debug('filling auth user data')
dbuser = self.get(user.user_id)
@@ -2093,13 +2093,13 @@ border:1px solid #666;
}
#content div.box div.form div.fields div.field div.checkboxes div.checkbox,#content div.box div.form div.fields div.field div.radios div.radio {
clear:both;
overflow:hidden;
margin:0;
padding:2px 0;
padding:2px 2px;
#content div.box div.form div.fields div.field div.checkboxes div.checkbox input,#content div.box div.form div.fields div.field div.radios div.radio input {
float:left;
@@ -23,13 +23,22 @@
</div>
<h3>${_('Default permissions')}</h3>
${h.form(url('permission', id='default'),method='put')}
<div class="form">
<!-- fields -->
<div class="fields">
<div class="field">
<div class="label label-checkbox">
<label for="anonymous">${_('Anonymous access')}:</label>
<div class="checkboxes">
<div class="checkbox">
${h.checkbox('anonymous',True)}
<div class="label">
<label for="default_perm">${_('Repository permission')}:</label>
<div class="select">
${h.select('default_perm','',c.perms_choices)}
@@ -17,18 +17,28 @@
<!-- user -->
<ul id="logged-user">
<li class="first">
<div class="gravatar">
<img alt="gravatar" src="${h.gravatar_url(c.rhodecode_user.email,24)}" />
%if c.rhodecode_user.username == 'default':
<div class="account">
${h.link_to('%s %s'%(c.rhodecode_user.name,c.rhodecode_user.lastname),h.url('#'))}<br/>
${h.link_to(c.rhodecode_user.username,h.url('#'))}
</li>
<li class="last highlight">${h.link_to(u'Login',h.url('login_home'))}</li>
%else:
${h.link_to('%s %s'%(c.rhodecode_user.name,c.rhodecode_user.lastname),h.url('admin_settings_my_account'))}<br/>
${h.link_to(c.rhodecode_user.username,h.url('admin_settings_my_account'))}
<li class="last highlight">${h.link_to(u'Logout',h.url('logout_home'))}</li>
%endif
</ul>
<!-- end user -->
<div id="header-inner" class="title top-left-rounded-corner top-right-rounded-corner">
<!-- logo -->
<div id="logo">
<h1><a href="${h.url('home')}">${c.rhodecode_name}</a></h1>
Status change: