Commits

Marcin Kuzminski committed 2e7f214

tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id
never have raise an exception so i will consider it safe.

Comments (0)

Files changed (1)

rhodecode/model/user.py

 from rhodecode.model import BaseModel
 from rhodecode.model.caching_query import FromCache
 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
-    UserToPerm, UsersGroupToPerm, UsersGroupMember
-from rhodecode.lib.exceptions import DefaultUserException, UserOwnsReposException
+    UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember
+from rhodecode.lib.exceptions import DefaultUserException, \
+    UserOwnsReposException
 
 from sqlalchemy.exc import DatabaseError
 from rhodecode.lib import generate_api_key
+from sqlalchemy.orm import joinedload
 
 log = logging.getLogger(__name__)
 
-
-PERM_ = ''
-
-PERM_WEIGHTS = {'repository.none':0,
-                'repository.read':1,
-                'repository.write':3,
-                'repository.admin':3}
+PERM_WEIGHTS = {'repository.none': 0,
+                'repository.read': 1,
+                'repository.write': 3,
+                'repository.admin': 3}
 
 
 class UserModel(BaseModel):
                                           "get_user_%s" % user_id))
         return user.get(user_id)
 
-
     def get_by_username(self, username, cache=False, case_insensitive=False):
 
         if case_insensitive:
                                           "get_user_%s" % username))
         return user.scalar()
 
-
     def get_by_api_key(self, api_key, cache=False):
 
         user = self.sa.query(User)\
         if self.get_by_username(username, case_insensitive=True) is None:
             try:
                 new_user = User()
-                new_user.username = username.lower() # add ldap account always lowercase
+                # add ldap account always lowercase
+                new_user.username = username.lower()
                 new_user.password = get_crypt_password(password)
                 new_user.api_key = generate_api_key(username)
                 new_user.email = attrs['email']
                 new_user.name = attrs['name']
                 new_user.lastname = attrs['lastname']
 
-
                 self.sa.add(new_user)
                 self.sa.commit()
                 return True
         from rhodecode.lib.celerylib import tasks, run_task
         run_task(tasks.reset_user_password, data['email'])
 
-
     def fill_data(self, auth_user, user_id=None, api_key=None):
         """
         Fetches auth_user by user_id,or api_key if present.
 
         return auth_user
 
-
     def fill_perms(self, user):
-        """Fills user permission attribute with permissions taken from database
+        """
+        Fills user permission attribute with permissions taken from database
         works for permissions given for repositories, and for permissions that
-        as part of beeing group member
+        are granted to groups
 
         :param user: user instance to fill his perms
         """
         default_user = self.get_by_username('default', cache=True)
 
         default_perms = self.sa.query(RepoToPerm, Repository, Permission)\
-            .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
-            .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
+            .join((Repository, RepoToPerm.repository_id ==
+                   Repository.repo_id))\
+            .join((Permission, RepoToPerm.permission_id ==
+                   Permission.permission_id))\
             .filter(RepoToPerm.user == default_user).all()
 
         if user.is_admin:
 
             for perm in default_perms:
                 p = 'repository.admin'
-                user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
+                user.permissions['repositories'][perm.RepoToPerm.
+                                                 repository.repo_name] = p
 
         else:
             #==================================================================
             # set default permissions
             #==================================================================
+            uid = user.user_id
 
             #default global
             default_global_perms = self.sa.query(UserToPerm)\
 
             #default for repositories
             for perm in default_perms:
-                if perm.Repository.private and not perm.Repository.user_id == user.user_id:
+                if perm.Repository.private and not (perm.Repository.user_id ==
+                                                    uid):
                     #diself.sable defaults for private repos,
                     p = 'repository.none'
-                elif perm.Repository.user_id == user.user_id:
+                elif perm.Repository.user_id == uid:
                     #set admin if owner
                     p = 'repository.admin'
                 else:
                     p = perm.Permission.permission_name
 
-                user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
+                user.permissions['repositories'][perm.RepoToPerm.
+                                                 repository.repo_name] = p
 
             #==================================================================
             # overwrite default with user permissions if any
             #==================================================================
 
+            #user global
             user_perms = self.sa.query(UserToPerm)\
-                        .filter(UserToPerm.user ==
-                                User.get(user.user_id)).all()
+                    .options(joinedload(UserToPerm.permission))\
+                    .filter(UserToPerm.user_id == uid).all()
 
             for perm in user_perms:
-                user.permissions['global'].add(perm.permission.permission_name)
+                user.permissions['global'].add(perm.permission.
+                                               permission_name)
 
-            user_repo_perms = self.sa.query(RepoToPerm, Permission, Repository)\
-                .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
-                .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
-                .filter(RepoToPerm.user_id == user.user_id).all()
+            #user repositories
+            user_repo_perms = self.sa.query(RepoToPerm, Permission,
+                                            Repository)\
+                .join((Repository, RepoToPerm.repository_id ==
+                       Repository.repo_id))\
+                .join((Permission, RepoToPerm.permission_id ==
+                       Permission.permission_id))\
+                .filter(RepoToPerm.user_id == uid).all()
 
             for perm in user_repo_perms:
-                if perm.Repository.user_id == user.user_id:#set admin if owner
+                # set admin if owner
+                if perm.Repository.user_id == uid:
                     p = 'repository.admin'
                 else:
                     p = perm.Permission.permission_name
-                user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
+                user.permissions['repositories'][perm.RepoToPerm.
+                                                 repository.repo_name] = p
 
-
-            #=======================================================================
+            #==================================================================
             # check if user is part of groups for this repository and fill in
             # (or replace with higher) permissions
-            #=======================================================================
-            user_perms_from_users_groups = self.sa.query(UsersGroupToPerm, Permission, Repository,)\
-                .join((Repository, UsersGroupToPerm.repository_id == Repository.repo_id))\
-                .join((Permission, UsersGroupToPerm.permission_id == Permission.permission_id))\
-                .join((UsersGroupMember, UsersGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\
-                .filter(UsersGroupMember.user_id == user.user_id).all()
+            #==================================================================
+
+            #users group global
+            user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\
+                .options(joinedload(UsersGroupToPerm.permission))\
+                .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==
+                       UsersGroupMember.users_group_id))\
+                .filter(UsersGroupMember.user_id == uid).all()
 
             for perm in user_perms_from_users_groups:
+                user.permissions['global'].add(perm.permission.permission_name)
+
+            #users group repositories
+            user_repo_perms_from_users_groups = self.sa.query(
+                                                UsersGroupRepoToPerm,
+                                                Permission, Repository,)\
+                .join((Repository, UsersGroupRepoToPerm.repository_id ==
+                       Repository.repo_id))\
+                .join((Permission, UsersGroupRepoToPerm.permission_id ==
+                       Permission.permission_id))\
+                .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==
+                       UsersGroupMember.users_group_id))\
+                .filter(UsersGroupMember.user_id == uid).all()
+
+            for perm in user_repo_perms_from_users_groups:
                 p = perm.Permission.permission_name
-                cur_perm = user.permissions['repositories'][perm.UsersGroupToPerm.repository.repo_name]
-                #overwrite permission only if it's greater than permission given from other sources
+                cur_perm = user.permissions['repositories'][perm.
+                                                    UsersGroupRepoToPerm.
+                                                    repository.repo_name]
+                #overwrite permission only if it's greater than permission
+                # given from other sources
                 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
-                    user.permissions['repositories'][perm.UsersGroupToPerm.repository.repo_name] = p
+                    user.permissions['repositories'][perm.UsersGroupRepoToPerm.
+                                                     repository.repo_name] = p
 
         return user