diff --git a/rhodecode/model/users_group.py b/rhodecode/model/users_group.py --- a/rhodecode/model/users_group.py +++ b/rhodecode/model/users_group.py @@ -8,6 +8,7 @@ :created_on: Oct 1, 2011 :author: nvinot :copyright: (C) 2011-2011 Nicolas Vinot + :copyright: (C) 2010-2012 Marcin Kuzminski :license: GPLv3, see COPYING for more details. """ # This program is free software: you can redistribute it and/or modify @@ -27,50 +28,99 @@ import logging import traceback from rhodecode.model import BaseModel -from rhodecode.model.caching_query import FromCache -from rhodecode.model.db import UsersGroupMember, UsersGroup +from rhodecode.model.db import UsersGroupMember, UsersGroup,\ + UsersGroupRepoToPerm, Permission, UsersGroupToPerm, User +from rhodecode.lib.exceptions import UsersGroupsAssignedException log = logging.getLogger(__name__) + class UsersGroupModel(BaseModel): - def get(self, users_group_id, cache = False): - users_group = UsersGroup.query() - if cache: - users_group = users_group.options(FromCache("sql_cache_short", - "get_users_group_%s" % users_group_id)) - return users_group.get(users_group_id) + def __get_user(self, user): + return self._get_instance(User, user, callback=User.get_by_username) + + def __get_users_group(self, users_group): + return self._get_instance(UsersGroup, users_group, + callback=UsersGroup.get_by_group_name) + + def __get_perm(self, permission): + return self._get_instance(Permission, permission, + callback=Permission.get_by_key) - def get_by_name(self, name, cache = False, case_insensitive = False): - users_group = UsersGroup.query() - if case_insensitive: - users_group = users_group.filter(UsersGroup.users_group_name.ilike(name)) - else: - users_group = users_group.filter(UsersGroup.users_group_name == name) - if cache: - users_group = users_group.options(FromCache("sql_cache_short", - "get_users_group_%s" % name)) - return users_group.scalar() + def get(self, users_group_id, cache=False): + return UsersGroup.get(users_group_id) + + def get_by_name(self, name, cache=False, case_insensitive=False): + return UsersGroup.get_by_group_name(name, cache, case_insensitive) - def create(self, form_data): + def create(self, name, active=True): try: - new_users_group = UsersGroup() - for k, v in form_data.items(): - setattr(new_users_group, k, v) - - self.sa.add(new_users_group) - self.sa.commit() - return new_users_group + new = UsersGroup() + new.users_group_name = name + new.users_group_active = active + self.sa.add(new) + return new except: log.error(traceback.format_exc()) - self.sa.rollback() + raise + + def update(self, users_group, form_data): + + try: + users_group = self.__get_users_group(users_group) + + for k, v in form_data.items(): + if k == 'users_group_members': + users_group.members = [] + self.sa.flush() + members_list = [] + if v: + v = [v] if isinstance(v, basestring) else v + for u_id in set(v): + member = UsersGroupMember(users_group.users_group_id, u_id) + members_list.append(member) + setattr(users_group, 'members', members_list) + setattr(users_group, k, v) + + self.sa.add(users_group) + except: + log.error(traceback.format_exc()) + raise + + def delete(self, users_group, force=False): + """ + Deletes repos group, unless force flag is used + raises exception if there are members in that group, else deletes + group and users + + :param users_group: + :param force: + """ + try: + users_group = self.__get_users_group(users_group) + + # check if this group is not assigned to repo + assigned_groups = UsersGroupRepoToPerm.query()\ + .filter(UsersGroupRepoToPerm.users_group == users_group).all() + + if assigned_groups and force is False: + raise UsersGroupsAssignedException('RepoGroup assigned to %s' % + assigned_groups) + + self.sa.delete(users_group) + except: + log.error(traceback.format_exc()) raise def add_user_to_group(self, users_group, user): + users_group = self.__get_users_group(users_group) + user = self.__get_user(user) + for m in users_group.members: u = m.user if u.user_id == user.user_id: - return m + return True try: users_group_member = UsersGroupMember() @@ -81,9 +131,58 @@ class UsersGroupModel(BaseModel): user.group_member.append(users_group_member) self.sa.add(users_group_member) - self.sa.commit() return users_group_member except: log.error(traceback.format_exc()) - self.sa.rollback() raise + + def remove_user_from_group(self, users_group, user): + users_group = self.__get_users_group(users_group) + user = self.__get_user(user) + + users_group_member = None + for m in users_group.members: + if m.user.user_id == user.user_id: + # Found this user's membership row + users_group_member = m + break + + if users_group_member: + try: + self.sa.delete(users_group_member) + return True + except: + log.error(traceback.format_exc()) + raise + else: + # User isn't in that group + return False + + def has_perm(self, users_group, perm): + users_group = self.__get_users_group(users_group) + perm = self.__get_perm(perm) + + return UsersGroupToPerm.query()\ + .filter(UsersGroupToPerm.users_group == users_group)\ + .filter(UsersGroupToPerm.permission == perm).scalar() is not None + + def grant_perm(self, users_group, perm): + if not isinstance(perm, Permission): + raise Exception('perm needs to be an instance of Permission class') + + users_group = self.__get_users_group(users_group) + + new = UsersGroupToPerm() + new.users_group = users_group + new.permission = perm + self.sa.add(new) + + def revoke_perm(self, users_group, perm): + users_group = self.__get_users_group(users_group) + perm = self.__get_perm(perm) + + obj = UsersGroupToPerm.query()\ + .filter(UsersGroupToPerm.users_group == users_group)\ + .filter(UsersGroupToPerm.permission == perm).scalar() + if obj: + self.sa.delete(obj)