diff --git a/rhodecode/controllers/admin/permissions.py b/rhodecode/controllers/admin/permissions.py --- a/rhodecode/controllers/admin/permissions.py +++ b/rhodecode/controllers/admin/permissions.py @@ -38,7 +38,7 @@ from rhodecode.lib.auth import LoginRequ from rhodecode.lib.base import BaseController, render from rhodecode.model.forms import DefaultPermissionsForm from rhodecode.model.permission import PermissionModel -from rhodecode.model.db import User, UserIpMap +from rhodecode.model.db import User, UserIpMap, Permission from rhodecode.model.meta import Session log = logging.getLogger(__name__) @@ -53,19 +53,21 @@ class PermissionsController(BaseControll @LoginRequired() @HasPermissionAllDecorator('hg.admin') def __before__(self): - c.admin_user = session.get('admin_user') - c.admin_username = session.get('admin_username') super(PermissionsController, self).__before__() - self.repo_perms_choices = [('repository.none', _('None'),), + c.repo_perms_choices = [('repository.none', _('None'),), ('repository.read', _('Read'),), ('repository.write', _('Write'),), ('repository.admin', _('Admin'),)] - self.group_perms_choices = [('group.none', _('None'),), - ('group.read', _('Read'),), - ('group.write', _('Write'),), - ('group.admin', _('Admin'),)] - self.register_choices = [ + c.group_perms_choices = [('group.none', _('None'),), + ('group.read', _('Read'),), + ('group.write', _('Write'),), + ('group.admin', _('Admin'),)] + c.user_group_perms_choices = [('usergroup.none', _('None'),), + ('usergroup.read', _('Read'),), + ('usergroup.write', _('Write'),), + ('usergroup.admin', _('Admin'),)] + c.register_choices = [ ('hg.register.none', _('Disabled')), ('hg.register.manual_activate', @@ -73,18 +75,22 @@ class PermissionsController(BaseControll ('hg.register.auto_activate', _('Allowed with automatic account activation')), ] - self.create_choices = [('hg.create.none', _('Disabled')), - ('hg.create.repository', _('Enabled'))] + c.extern_activate_choices = [ + ('hg.extern_activate.manual', _('Manual activation of external account')), + ('hg.extern_activate.auto', _('Automatic activation of external account')), + ] - self.fork_choices = [('hg.fork.none', _('Disabled')), - ('hg.fork.repository', _('Enabled'))] + c.repo_create_choices = [('hg.create.none', _('Disabled')), + ('hg.create.repository', _('Enabled'))] - # set the global template variables - c.repo_perms_choices = self.repo_perms_choices - c.group_perms_choices = self.group_perms_choices - c.register_choices = self.register_choices - c.create_choices = self.create_choices - c.fork_choices = self.fork_choices + c.user_group_create_choices = [('hg.usergroup.create.false', _('Disabled')), + ('hg.usergroup.create.true', _('Enabled'))] + + c.repo_group_create_choices = [('hg.repogroup.create.false', _('Disabled')), + ('hg.repogroup.create.true', _('Enabled'))] + + c.fork_choices = [('hg.fork.none', _('Disabled')), + ('hg.fork.repository', _('Enabled'))] def index(self, format='html'): """GET /permissions: All items in the collection""" @@ -107,23 +113,27 @@ class PermissionsController(BaseControll # method='put') # url('permission', id=ID) if id == 'default': - c.user = default_user = User.get_by_username('default') + c.user = default_user = User.get_default_user() c.perm_user = AuthUser(user_id=default_user.user_id) c.user_ip_map = UserIpMap.query()\ .filter(UserIpMap.user == default_user).all() - permission_model = PermissionModel() _form = DefaultPermissionsForm( - [x[0] for x in self.repo_perms_choices], - [x[0] for x in self.group_perms_choices], - [x[0] for x in self.register_choices], - [x[0] for x in self.create_choices], - [x[0] for x in self.fork_choices])() + [x[0] for x in c.repo_perms_choices], + [x[0] for x in c.group_perms_choices], + [x[0] for x in c.user_group_perms_choices], + [x[0] for x in c.repo_create_choices], + [x[0] for x in c.repo_group_create_choices], + [x[0] for x in c.user_group_create_choices], + [x[0] for x in c.fork_choices], + [x[0] for x in c.register_choices], + [x[0] for x in c.extern_activate_choices], + )() try: form_result = _form.to_python(dict(request.POST)) form_result.update({'perm_user_name': id}) - permission_model.update(form_result) + PermissionModel().update(form_result) Session().commit() h.flash(_('Default permissions updated successfully'), category='success') @@ -156,6 +166,7 @@ class PermissionsController(BaseControll def show(self, id, format='html'): """GET /permissions/id: Show a specific item""" # url('permission', id=ID) + Permission.get_or_404(-1) def edit(self, id, format='html'): """GET /permissions/id/edit: Form to edit an existing item""" @@ -163,23 +174,35 @@ class PermissionsController(BaseControll #this form can only edit default user permissions if id == 'default': - c.user = default_user = User.get_by_username('default') - defaults = {'anonymous': default_user.active} - c.perm_user = AuthUser(user_id=default_user.user_id) + c.user = User.get_default_user() + defaults = {'anonymous': c.user.active} + c.perm_user = c.user.AuthUser c.user_ip_map = UserIpMap.query()\ - .filter(UserIpMap.user == default_user).all() - for p in default_user.user_perms: + .filter(UserIpMap.user == c.user).all() + for p in c.user.user_perms: if p.permission.permission_name.startswith('repository.'): defaults['default_repo_perm'] = p.permission.permission_name if p.permission.permission_name.startswith('group.'): defaults['default_group_perm'] = p.permission.permission_name + if p.permission.permission_name.startswith('usergroup.'): + defaults['default_user_group_perm'] = p.permission.permission_name + + if p.permission.permission_name.startswith('hg.create.'): + defaults['default_repo_create'] = p.permission.permission_name + + if p.permission.permission_name.startswith('hg.repogroup.'): + defaults['default_repo_group_create'] = p.permission.permission_name + + if p.permission.permission_name.startswith('hg.usergroup.'): + defaults['default_user_group_create'] = p.permission.permission_name + if p.permission.permission_name.startswith('hg.register.'): defaults['default_register'] = p.permission.permission_name - if p.permission.permission_name.startswith('hg.create.'): - defaults['default_create'] = p.permission.permission_name + if p.permission.permission_name.startswith('hg.extern_activate.'): + defaults['default_extern_activate'] = p.permission.permission_name if p.permission.permission_name.startswith('hg.fork.'): defaults['default_fork'] = p.permission.permission_name