Mercurial > public > src > rhodecode

comparison pylons_app/lib/auth.py @ 453:3ed2d46a2ca7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
permission refactoring, Implemented views for default permissions, fixes #23 user registration is controlled by permission system. Implemented manual registration option websetup fills default permissions
author Marcin Kuzminski <marcin@python-works.com>
date Sat, 21 Aug 2010 16:34:37 +0200
parents 04e8b31fb245
children 63c697d1a631
comparison
equal deleted inserted replaced
452:25ab66a26975 453:3ed2d46a2ca7
25 from beaker.cache import cache_region 25 from beaker.cache import cache_region
26 from pylons import config, session, url, request 26 from pylons import config, session, url, request
27 from pylons.controllers.util import abort, redirect 27 from pylons.controllers.util import abort, redirect
28 from pylons_app.lib.utils import get_repo_slug 28 from pylons_app.lib.utils import get_repo_slug
29 from pylons_app.model import meta 29 from pylons_app.model import meta
30 from pylons_app.model.db import User, RepoToPerm, Repository, Permission 30 from pylons_app.model.db import User, RepoToPerm, Repository, Permission, \
31 UserToPerm
31 from sqlalchemy.exc import OperationalError 32 from sqlalchemy.exc import OperationalError
32 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound 33 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound
33 import bcrypt 34 import bcrypt
34 from decorator import decorator 35 from decorator import decorator
35 import logging 36 import logging
133 134
134 sa = meta.Session 135 sa = meta.Session
135 user.permissions['repositories'] = {} 136 user.permissions['repositories'] = {}
136 user.permissions['global'] = set() 137 user.permissions['global'] = set()
137 138
138 #first fetch default permissions 139 #===========================================================================
139 default_perms = sa.query(RepoToPerm, Repository, Permission)\ 140 # fetch default permissions
141 #===========================================================================
142 default_perms = sa.query(RepoToPerm, UserToPerm, Repository, Permission)\
143 .outerjoin((UserToPerm, RepoToPerm.user_id == UserToPerm.user_id))\
140 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ 144 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
141 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ 145 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
142 .filter(RepoToPerm.user_id == sa.query(User).filter(User.username == 146 .filter(RepoToPerm.user_id == sa.query(User).filter(User.username ==
143 'default').one().user_id).all() 147 'default').one().user_id).all()
144 148
145 if user.is_admin: 149 if user.is_admin:
150 #=======================================================================
151 # #admin have all rights set to admin
152 #=======================================================================
146 user.permissions['global'].add('hg.admin') 153 user.permissions['global'].add('hg.admin')
147 #admin have all rights set to admin 154
148 for perm in default_perms: 155 for perm in default_perms:
149 p = 'repository.admin' 156 p = 'repository.admin'
150 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p 157 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
151 158
152 else: 159 else:
153 user.permissions['global'].add('repository.create') 160 #=======================================================================
154 user.permissions['global'].add('hg.register') 161 # set default permissions
155 162 #=======================================================================
163
164 #default global
165 for perm in default_perms:
166 user.permissions['global'].add(perm.UserToPerm.permission.permission_name)
167
168 # user.permissions['global'].add('hg.create.repository')
169 # user.permissions['global'].add('hg.register')
170
171 #default repositories
156 for perm in default_perms: 172 for perm in default_perms:
157 if perm.Repository.private and not perm.Repository.user_id == user.user_id: 173 if perm.Repository.private and not perm.Repository.user_id == user.user_id:
158 #disable defaults for private repos, 174 #disable defaults for private repos,
159 p = 'repository.none' 175 p = 'repository.none'
160 elif perm.Repository.user_id == user.user_id: 176 elif perm.Repository.user_id == user.user_id:
163 else: 179 else:
164 p = perm.Permission.permission_name 180 p = perm.Permission.permission_name
165 181
166 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p 182 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
167 183
168 184 #=======================================================================
169 user_perms = sa.query(RepoToPerm, Permission, Repository)\ 185 # #overwrite default with user permissions if any
186 #=======================================================================
187 user_perms = sa.query(RepoToPerm, UserToPerm, Permission, Repository)\
188 .outerjoin((UserToPerm, RepoToPerm.user_id == UserToPerm.user_id))\
170 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ 189 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
171 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ 190 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
172 .filter(RepoToPerm.user_id == user.user_id).all() 191 .filter(RepoToPerm.user_id == user.user_id).all()
173 #overwrite userpermissions with defaults 192
174 for perm in user_perms: 193 for perm in user_perms:
175 #set write if owner 194 if perm.Repository.user_id == user.user_id:#set admin if owner
176 if perm.Repository.user_id == user.user_id: 195 p = 'repository.admin'
177 p = 'repository.write'
178 else: 196 else:
179 p = perm.Permission.permission_name 197 p = perm.Permission.permission_name
180 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p 198 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
181 meta.Session.remove() 199 meta.Session.remove()
182 return user 200 return user