Mercurial > public > src > rhodecode
comparison pylons_app/lib/auth.py @ 432:f5c1eec9f376
rename repo2perm into repo_to_perm
added UserToPerm models for user global permissions
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Sun, 08 Aug 2010 01:27:14 +0200 |
| parents | e0ef325cbdea |
| children | a10bdd0b05a7 |
comparison
equal
deleted
inserted
replaced
| 431:8c50b164fb58 | 432:f5c1eec9f376 |
|---|---|
| 25 from beaker.cache import cache_region | 25 from beaker.cache import cache_region |
| 26 from pylons import config, session, url, request | 26 from pylons import config, session, url, request |
| 27 from pylons.controllers.util import abort, redirect | 27 from pylons.controllers.util import abort, redirect |
| 28 from pylons_app.lib.utils import get_repo_slug | 28 from pylons_app.lib.utils import get_repo_slug |
| 29 from pylons_app.model import meta | 29 from pylons_app.model import meta |
| 30 from pylons_app.model.db import User, Repo2Perm, Repository, Permission | 30 from pylons_app.model.db import User, RepoToPerm, Repository, Permission |
| 31 from sqlalchemy.exc import OperationalError | 31 from sqlalchemy.exc import OperationalError |
| 32 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound | 32 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound |
| 33 import crypt | 33 import crypt |
| 34 from decorator import decorator | 34 from decorator import decorator |
| 35 import logging | 35 import logging |
| 132 sa = meta.Session | 132 sa = meta.Session |
| 133 user.permissions['repositories'] = {} | 133 user.permissions['repositories'] = {} |
| 134 user.permissions['global'] = set() | 134 user.permissions['global'] = set() |
| 135 | 135 |
| 136 #first fetch default permissions | 136 #first fetch default permissions |
| 137 default_perms = sa.query(Repo2Perm, Repository, Permission)\ | 137 default_perms = sa.query(RepoToPerm, Repository, Permission)\ |
| 138 .join((Repository, Repo2Perm.repository_id == Repository.repo_id))\ | 138 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ |
| 139 .join((Permission, Repo2Perm.permission_id == Permission.permission_id))\ | 139 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ |
| 140 .filter(Repo2Perm.user_id == sa.query(User).filter(User.username == | 140 .filter(RepoToPerm.user_id == sa.query(User).filter(User.username == |
| 141 'default').one().user_id).all() | 141 'default').one().user_id).all() |
| 142 | 142 |
| 143 if user.is_admin: | 143 if user.is_admin: |
| 144 user.permissions['global'].add('hg.admin') | 144 user.permissions['global'].add('hg.admin') |
| 145 #admin have all rights set to admin | 145 #admin have all rights set to admin |
| 146 for perm in default_perms: | 146 for perm in default_perms: |
| 147 p = 'repository.admin' | 147 p = 'repository.admin' |
| 148 user.permissions['repositories'][perm.Repo2Perm.repository.repo_name] = p | 148 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p |
| 149 | 149 |
| 150 else: | 150 else: |
| 151 user.permissions['global'].add('repository.create') | 151 user.permissions['global'].add('repository.create') |
| 152 for perm in default_perms: | 152 for perm in default_perms: |
| 153 if perm.Repository.private and not perm.Repository.user_id == user.user_id: | 153 if perm.Repository.private and not perm.Repository.user_id == user.user_id: |
| 157 #set admin if owner | 157 #set admin if owner |
| 158 p = 'repository.admin' | 158 p = 'repository.admin' |
| 159 else: | 159 else: |
| 160 p = perm.Permission.permission_name | 160 p = perm.Permission.permission_name |
| 161 | 161 |
| 162 user.permissions['repositories'][perm.Repo2Perm.repository.repo_name] = p | 162 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p |
| 163 | 163 |
| 164 | 164 |
| 165 user_perms = sa.query(Repo2Perm, Permission, Repository)\ | 165 user_perms = sa.query(RepoToPerm, Permission, Repository)\ |
| 166 .join((Repository, Repo2Perm.repository_id == Repository.repo_id))\ | 166 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ |
| 167 .join((Permission, Repo2Perm.permission_id == Permission.permission_id))\ | 167 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ |
| 168 .filter(Repo2Perm.user_id == user.user_id).all() | 168 .filter(RepoToPerm.user_id == user.user_id).all() |
| 169 #overwrite userpermissions with defaults | 169 #overwrite userpermissions with defaults |
| 170 for perm in user_perms: | 170 for perm in user_perms: |
| 171 #set write if owner | 171 #set write if owner |
| 172 if perm.Repository.user_id == user.user_id: | 172 if perm.Repository.user_id == user.user_id: |
| 173 p = 'repository.write' | 173 p = 'repository.write' |
| 174 else: | 174 else: |
| 175 p = perm.Permission.permission_name | 175 p = perm.Permission.permission_name |
| 176 user.permissions['repositories'][perm.Repo2Perm.repository.repo_name] = p | 176 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p |
| 177 meta.Session.remove() | 177 meta.Session.remove() |
| 178 return user | 178 return user |
| 179 | 179 |
| 180 def get_user(session): | 180 def get_user(session): |
| 181 """ | 181 """ |