Commits

Marcin Kuzminski committed 097327a

more detailed logging on auth system
- docs updates for debugging
- code garden

Comments (0)

Files changed (3)

docs/usage/debugging.rst

 .. _debugging:
 
 ===================
-DEBUGGING RHODECODE
+Debugging RhodeCode
 ===================
 
 If you encountered problems with RhodeCode here are some instructions how to
 RhodeCode uses standard python logging modules to log it's output.
 By default only loggers with INFO level are displayed. To enable full output
 change `level = DEBUG` for all logging handlers in currently used .ini file. 
-After this you can check much more detailed output of actions happening on 
-RhodeCode system.
+This change will allow to see much more detailed output in the logfile or
+console. This generally helps a lot to track issues.
 
 
 enable interactive debug mode
 -----------------------------
 
-To enable interactive debug mode simply 
+To enable interactive debug mode simply comment out `set debug = false` in
+.ini file, this will trigger and interactive debugger each time there an
+error in browser, or send a http link if error occured in the backend. This
+is a great tool for fast debugging as you get a handy python console right
+in the web view. ** NEVER ENABLE THIS ON PRODUCTION ** the interactive console
+can be a serious security threat to you system.

rhodecode/lib/auth.py

         self.user = cls.rhodecode_user
         self.user_perms = self.user.permissions
         log.debug('checking %s permissions %s for %s %s',
-           self.__class__.__name__, self.required_perms, cls,
-               self.user)
+           self.__class__.__name__, self.required_perms, cls, self.user)
 
         if self.check_permissions():
             log.debug('Permission granted for %s %s' % (cls, self.user))
             user_perms = set([self.user_perms['repositories'][repo_name]])
         except KeyError:
             return False
+
         if self.required_perms.intersection(user_perms):
             return True
         return False
                 raise Exception("'%s' permission is not defined" % perm)
         self.required_perms = set(perms)
         self.user_perms = None
-        self.granted_for = ''
         self.repo_name = None
+        self.group_name = None
 
     def __call__(self, check_Location=''):
         user = request.user
-        log.debug('checking %s %s %s', self.__class__.__name__,
-                  self.required_perms, user)
+        cls_name = self.__class__.__name__
+        check_scope = {
+            'HasPermissionAll': '',
+            'HasPermissionAny': '',
+            'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
+            'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
+            'HasReposGroupPermissionAll': 'group:%s' % self.group_name,
+            'HasReposGroupPermissionAny': 'group:%s' % self.group_name,
+        }.get(cls_name, '?')
+        log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
+                  self.required_perms, user, check_scope,
+                  check_Location or 'unspecified location')
         if not user:
             log.debug('Empty request user')
             return False
         self.user_perms = user.permissions
-        self.granted_for = user
-
         if self.check_permissions():
-            log.debug('Permission granted %s @ %s', self.granted_for,
+            log.debug('Permission granted for user: %s @ %s', user,
                       check_Location or 'unspecified location')
             return True
 
         else:
-            log.debug('Permission denied for %s @ %s', self.granted_for,
+            log.debug('Permission denied for user: %s @ %s', user,
                         check_Location or 'unspecified location')
             return False
 
 
 
 class HasRepoPermissionAll(PermsFunction):
-
     def __call__(self, repo_name=None, check_Location=''):
         self.repo_name = repo_name
         return super(HasRepoPermissionAll, self).__call__(check_Location)
             self.repo_name = get_repo_slug(request)
 
         try:
-            self.user_perms = set(
+            self._user_perms = set(
                 [self.user_perms['repositories'][self.repo_name]]
             )
         except KeyError:
             return False
-        self.granted_for = self.repo_name
-        if self.required_perms.issubset(self.user_perms):
+        if self.required_perms.issubset(self._user_perms):
             return True
         return False
 
 
 class HasRepoPermissionAny(PermsFunction):
-
     def __call__(self, repo_name=None, check_Location=''):
         self.repo_name = repo_name
         return super(HasRepoPermissionAny, self).__call__(check_Location)
             self.repo_name = get_repo_slug(request)
 
         try:
-            self.user_perms = set(
+            self._user_perms = set(
                 [self.user_perms['repositories'][self.repo_name]]
             )
         except KeyError:
             return False
-        self.granted_for = self.repo_name
-        if self.required_perms.intersection(self.user_perms):
+        if self.required_perms.intersection(self._user_perms):
             return True
         return False
 
 
     def check_permissions(self):
         try:
-            self.user_perms = set(
+            self._user_perms = set(
                 [self.user_perms['repositories_groups'][self.group_name]]
             )
         except KeyError:
             return False
-        self.granted_for = self.repo_name
-        if self.required_perms.intersection(self.user_perms):
+        if self.required_perms.intersection(self._user_perms):
             return True
         return False
 
 
     def check_permissions(self):
         try:
-            self.user_perms = set(
+            self._user_perms = set(
                 [self.user_perms['repositories_groups'][self.group_name]]
             )
         except KeyError:
             return False
-        self.granted_for = self.repo_name
-        if self.required_perms.issubset(self.user_perms):
+        if self.required_perms.issubset(self._user_perms):
             return True
         return False
 
             log.error('Exception while accessing permissions %s' %
                       traceback.format_exc())
             self.user_perms = set()
-        self.granted_for = ''
         self.username = user.username
         self.repo_name = repo_name
         return self.check_permissions()
                   'permissions %s for user:%s repository:%s', self.user_perms,
                                                 self.username, self.repo_name)
         if self.required_perms.intersection(self.user_perms):
-            log.debug('permission granted')
+            log.debug('permission granted for user:%s on repo:%s' % (
+                          self.username, self.repo_name
+                     )
+            )
             return True
-        log.debug('permission denied')
+        log.debug('permission denied for user:%s on repo:%s' % (
+                      self.username, self.repo_name
+                 )
+        )
         return False

rhodecode/lib/helpers.py

 def urlify_changesets(text_, repository):
     """
     Extract revision ids from changeset and make link from them
-    
+
     :param text_:
     :param repository:
     """
     """
     import re
     import traceback
-    
+
     def escaper(string):
         return string.replace('<', '&lt;').replace('>', '&gt;')
-    
+
     def linkify_others(t, l):
         urls = re.compile(r'(\<a.*?\<\/a\>)',)
         links = []
                 links.append(e)
 
         return ''.join(links)
-    
-    
+
+
     # urlify changesets - extrac revisions and make link out of them
     text_ = urlify_changesets(escaper(text_), repository)