Changeset - f14fd4cbb488
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Mads Kiilerich (mads) - 6 years ago 2020-08-23 14:46:06
mads@kiilerich.com
auth: compute AuthUser.repository_group_permissions lazily
1 file changed with 48 insertions and 50 deletions:
kallithea/lib/auth.py
48
50
0 comments (0 inline, 0 general)
kallithea/lib/auth.py
Show inline comments
 
@@ -128,91 +128,44 @@ def bump_permission(permissions, key, ne
 
    new_perm_val = PERM_WEIGHTS[new_perm]
 
    cur_perm_val = PERM_WEIGHTS[cur_perm]
 
    if new_perm_val > cur_perm_val:
 
        permissions[key] = new_perm
 

			




	
	
	
		
 
def get_user_permissions(user_id, user_is_admin):

			




	
	
	
		
 
    repository_group_permissions = {}

			




	
	
	
		
 
    user_group_permissions = {}

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    # fetch default permissions

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    default_repo_groups_perms = Permission.get_default_group_perms(kallithea.DEFAULT_USER_ID)

			




	
	
	
		
 
    default_user_group_perms = Permission.get_default_user_group_perms(kallithea.DEFAULT_USER_ID)

			




	
	
	
		
 

			




	
	
	
		
 
    if user_is_admin:

			




	
	
	
		
 
        #==================================================================

			




	
	
	
		
 
        # admin users have all rights;

			




	
	
	
		
 
        # based on default permissions, just set everything to admin

			




	
	
	
		
 
        #==================================================================

			




	
	
	
		
 

			




	
	
	
		
 
        # repository groups

			




	
	
	
		
 
        for perm in default_repo_groups_perms:

			




	
	
	
		
 
            rg_k = perm.group.group_name

			




	
	
	
		
 
            p = 'group.admin'

			




	
	
	
		
 
            repository_group_permissions[rg_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
        # user groups

			




	
	
	
		
 
        for perm in default_user_group_perms:

			




	
	
	
		
 
            u_k = perm.user_group.users_group_name

			




	
	
	
		
 
            p = 'usergroup.admin'

			




	
	
	
		
 
            user_group_permissions[u_k] = p

			




	
	
	
		
 
        return (repository_group_permissions, user_group_permissions)

			




	
	
	
		
 
        return (user_group_permissions)

			




	
	
	
		
 

			




	
	
	
		
 
    #==================================================================

			




	
	
	
		
 
    # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS

			




	
	
	
		
 
    #==================================================================

			




	
	
	
		
 

			




	
	
	
		
 
    # defaults for repository groups taken from default user permission

			




	
	
	
		
 
    # on given group

			




	
	
	
		
 
    for perm in default_repo_groups_perms:

			




	
	
	
		
 
        rg_k = perm.group.group_name

			




	
	
	
		
 
        p = perm.permission.permission_name

			




	
	
	
		
 
        repository_group_permissions[rg_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
    # defaults for user groups taken from default user permission

			




	
	
	
		
 
    # on given user group

			




	
	
	
		
 
    for perm in default_user_group_perms:

			




	
	
	
		
 
        u_k = perm.user_group.users_group_name

			




	
	
	
		
 
        p = perm.permission.permission_name

			




	
	
	
		
 
        user_group_permissions[u_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    # !! PERMISSIONS FOR REPOSITORY GROUPS !!

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    # check if user is part of user groups for this repository groups and

			




	
	
	
		
 
    # fill in his permission from it.

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    # user group for repo groups permissions

			




	
	
	
		
 
    user_repo_group_perms_from_users_groups = \

			




	
	
	
		
 
     Session().query(UserGroupRepoGroupToPerm) \

			




	
	
	
		
 
     .join((UserGroup, UserGroupRepoGroupToPerm.users_group_id ==

			




	
	
	
		
 
            UserGroup.users_group_id)) \

			




	
	
	
		
 
     .filter(UserGroup.users_group_active == True) \

			




	
	
	
		
 
     .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id

			




	
	
	
		
 
            == UserGroupMember.users_group_id)) \

			




	
	
	
		
 
     .filter(UserGroupMember.user_id == user_id) \

			




	
	
	
		
 
     .options(joinedload(UserGroupRepoGroupToPerm.permission)) \

			




	
	
	
		
 
     .all()

			




	
	
	
		
 

			




	
	
	
		
 
    for perm in user_repo_group_perms_from_users_groups:

			




	
	
	
		
 
        bump_permission(repository_group_permissions,

			




	
	
	
		
 
            perm.group.group_name,

			




	
	
	
		
 
            perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
    # user explicit permissions for repository groups

			




	
	
	
		
 
    user_repo_groups_perms = Permission.get_default_group_perms(user_id)

			




	
	
	
		
 
    for perm in user_repo_groups_perms:

			




	
	
	
		
 
        bump_permission(repository_group_permissions,

			




	
	
	
		
 
            perm.group.group_name,

			




	
	
	
		
 
            perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    # !! PERMISSIONS FOR USER GROUPS !!

			




	
	
	
		
 
    #======================================================================

			




	
	
	
		
 
    # user group for user group permissions

			




	
	
	
		
 
    user_group_user_groups_perms = \

			




	
	
	
		
 
     Session().query(UserGroupUserGroupToPerm) \

			




	
	
	
		
 
     .join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id

			




	
	
		
 
@@ -235,13 +188,13 @@ def get_user_permissions(user_id, user_i

			




	
	
	
		
 
    user_user_groups_perms = Permission.get_default_user_group_perms(user_id)

			




	
	
	
		
 
    for perm in user_user_groups_perms:

			




	
	
	
		
 
        bump_permission(user_group_permissions,

			




	
	
	
		
 
            perm.user_group.users_group_name,

			




	
	
	
		
 
            perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
    return (repository_group_permissions, user_group_permissions)

			




	
	
	
		
 
    return (user_group_permissions)

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
class AuthUser(object):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Represents a Kallithea user, including various authentication and

			




	
	
	
		
 
    authorization information. Typically used to store the current user,

			




	
	
		
 
@@ -324,13 +277,13 @@ class AuthUser(object):

			




	
	
	
		
 
                assert k not in ['api_keys', 'permissions']

			




	
	
	
		
 
                setattr(self, k, v)

			




	
	
	
		
 
            self.is_default_user = dbuser.is_default_user

			




	
	
	
		
 
        log.debug('Auth User is now %s', self)

			




	
	
	
		
 

			




	
	
	
		
 
        log.debug('Getting PERMISSION tree for %s', self)

			




	
	
	
		
 
        (self.repository_group_permissions, self.user_group_permissions,

			




	
	
	
		
 
        (self.user_group_permissions,

			




	
	
	
		
 
        )= get_user_permissions(self.user_id, self.is_admin)

			




	
	
	
		
 

			




	
	
	
		
 
    @LazyProperty

			




	
	
	
		
 
    def global_permissions(self):

			




	
	
	
		
 
        log.debug('Getting global permissions for %s', self)

			




	
	
	
		
 

			




	
	
		
 
@@ -428,12 +381,57 @@ class AuthUser(object):

			




	
	
	
		
 
                    perm.repository.repo_name,

			




	
	
	
		
 
                    perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
        return repository_permissions

			




	
	
	
		
 

			




	
	
	
		
 
    @LazyProperty

			




	
	
	
		
 
    def repository_group_permissions(self):

			




	
	
	
		
 
        log.debug('Getting repository group permissions for %s', self)

			




	
	
	
		
 
        repository_group_permissions = {}

			




	
	
	
		
 
        default_repo_groups_perms = Permission.get_default_group_perms(kallithea.DEFAULT_USER_ID)

			




	
	
	
		
 

			




	
	
	
		
 
        if self.is_admin:

			




	
	
	
		
 
            for perm in default_repo_groups_perms:

			




	
	
	
		
 
                rg_k = perm.group.group_name

			




	
	
	
		
 
                p = 'group.admin'

			




	
	
	
		
 
                repository_group_permissions[rg_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            # defaults for repository groups taken from default user permission

			




	
	
	
		
 
            # on given group

			




	
	
	
		
 
            for perm in default_repo_groups_perms:

			




	
	
	
		
 
                rg_k = perm.group.group_name

			




	
	
	
		
 
                p = perm.permission.permission_name

			




	
	
	
		
 
                repository_group_permissions[rg_k] = p

			




	
	
	
		
 

			




	
	
	
		
 
            # user group for repo groups permissions

			




	
	
	
		
 
            user_repo_group_perms_from_users_groups = \

			




	
	
	
		
 
                Session().query(UserGroupRepoGroupToPerm) \

			




	
	
	
		
 
                .join((UserGroup, UserGroupRepoGroupToPerm.users_group_id ==

			




	
	
	
		
 
                       UserGroup.users_group_id)) \

			




	
	
	
		
 
                .filter(UserGroup.users_group_active == True) \

			




	
	
	
		
 
                .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id

			




	
	
	
		
 
                       == UserGroupMember.users_group_id)) \

			




	
	
	
		
 
                .filter(UserGroupMember.user_id == self.user_id) \

			




	
	
	
		
 
                .options(joinedload(UserGroupRepoGroupToPerm.permission)) \

			




	
	
	
		
 
                .all()

			




	
	
	
		
 
            for perm in user_repo_group_perms_from_users_groups:

			




	
	
	
		
 
                bump_permission(repository_group_permissions,

			




	
	
	
		
 
                    perm.group.group_name,

			




	
	
	
		
 
                    perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
            # user explicit permissions for repository groups

			




	
	
	
		
 
            user_repo_groups_perms = Permission.get_default_group_perms(self.user_id)

			




	
	
	
		
 
            for perm in user_repo_groups_perms:

			




	
	
	
		
 
                bump_permission(repository_group_permissions,

			




	
	
	
		
 
                    perm.group.group_name,

			




	
	
	
		
 
                    perm.permission.permission_name)

			




	
	
	
		
 

			




	
	
	
		
 
        return repository_group_permissions

			




	
	
	
		
 

			




	
	
	
		
 
    @LazyProperty

			




	
	
	
		
 
    def permissions(self):

			




	
	
	
		
 
        """dict with all 4 kind of permissions - mainly for backwards compatibility"""

			




	
	
	
		
 
        return {

			




	
	
	
		
 
            'global': self.global_permissions,

			




	
	
	
		
 
            'repositories': self.repository_permissions,

			




	
	
	
		
 
            'repositories_groups': self.repository_group_permissions,

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: clio-25756
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.
            – Support