diff options
author | Stevan Radaković <stevan.radakovic@linaro.org> | 2013-04-03 12:08:49 +0200 |
---|---|---|
committer | Stevan Radaković <stevan.radakovic@linaro.org> | 2013-04-03 12:08:49 +0200 |
commit | 6a1d0b93a23f7a43335957fc880eee32f3566567 (patch) | |
tree | 5b709afc9e5b85c7f07efac73d54dbc42351b421 | |
parent | 7b7f978c6208ea95cad15c5ad6beafa54768de01 (diff) | |
parent | 7dd81d912e5ae857ee26225878426e2907a6eed0 (diff) |
Merge branch 'ldap' into linaro
-rw-r--r-- | rhodecode/lib/system_command.py | 77 | ||||
-rw-r--r-- | rhodecode/model/repo.py | 70 | ||||
-rw-r--r-- | rhodecode/model/repos_group.py | 69 |
3 files changed, 214 insertions, 2 deletions
diff --git a/rhodecode/lib/system_command.py b/rhodecode/lib/system_command.py new file mode 100644 index 00000000..14d25289 --- /dev/null +++ b/rhodecode/lib/system_command.py @@ -0,0 +1,77 @@ +import logging +import os +import subprocess + + +log = logging.getLogger(__name__) + + +class SystemCommand(): + + @classmethod + def execute(cls, cmd_args, with_sudo=True): + """Runs the command passed.""" + if not isinstance(cmd_args, list): + cmd_args = list(cmd_args) + if with_sudo: + cmd_args.insert(0, "sudo") + + with open(os.devnull, 'w') as tempf: + process = subprocess.Popen(cmd_args, stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + (stdout, stderr) = process.communicate() + + if process.returncode != 0: + log.warn("Error executing command: '%s'. Reason: %s." % + (" ".join(cmd_args), stderr)) + else: + log.debug("Sucess executing command %s. Output: %s" % (cmd_args, + stdout)) + + return stdout + + @classmethod + def add_group(cls, groupname): + cmd_args = ["groupadd", groupname] + cls.execute(cmd_args) + + @classmethod + def rename_group(cls, groupname, newgroupname): + cmd_args = ["groupmod", "-n", newgroupname, groupname] + cls.execute(cmd_args) + + @classmethod + def delete_group(cls, groupname): + cmd_args = ["groupdel", groupname] + cls.execute(cmd_args) + + @classmethod + def add_user(cls, username): + cmd_args = ["adduser", "--disabled-password", "--force-badname", + "--quiet", "--gecos", "''", username] + cls.execute(cmd_args) + + @classmethod + def add_user_to_group(cls, groupname, username): + cmd_args = ["gpasswd", "-a", username, groupname] + cls.execute(cmd_args) + + @classmethod + def remove_user_from_group(cls, groupname, username): + cmd_args = ["gpasswd", "-d", username, groupname] + cls.execute(cmd_args) + + @classmethod + def get_group_members(cls, groupname): + cmd_args = ["members", "--all", groupname] + try: + output = cls.execute(cmd_args) + users = set(output.split()) + return users + except: + return {} + + @classmethod + def change_ownership(cls, path, group): + cmd_args = ["change-repo-ownership", path, group] + cls.execute(cmd_args) diff --git a/rhodecode/model/repo.py b/rhodecode/model/repo.py index edbbd180..b228a5ac 100644 --- a/rhodecode/model/repo.py +++ b/rhodecode/model/repo.py @@ -28,6 +28,7 @@ import shutil import logging import traceback from datetime import datetime +from grp import getgrnam from rhodecode.lib.vcs.backends import get_backend from rhodecode.lib.compat import json @@ -35,6 +36,7 @@ from rhodecode.lib.utils2 import LazyProperty, safe_str, safe_unicode,\ remove_prefix, obfuscate_url_pw from rhodecode.lib.caching_query import FromCache from rhodecode.lib.hooks import log_create_repository, log_delete_repository +from rhodecode.lib.system_command import SystemCommand from rhodecode.model import BaseModel from rhodecode.model.db import Repository, UserRepoToPerm, User, Permission, \ @@ -314,6 +316,14 @@ class RepoModel(BaseModel): self.sa.add(cur_repo) + old_system_name = "%s-%s" % ( + org_repo_name.split(self.URL_SEPARATOR)[-1], + cur_repo.repo_id) + new_system_name = "%s-%s" % ( + new_name.split(self.URL_SEPARATOR)[-1], + cur_repo.repo_id) + SystemCommand.rename_group(old_system_name, new_system_name) + if org_repo_name != new_name: # rename repository self.__rename_repo(old=org_repo_name, new=new_name) @@ -410,7 +420,7 @@ class RepoModel(BaseModel): _create_default_perms() if not just_db: - self.__create_repo(repo_name, repo_type, + self.__create_repo(repo_name, new_repo.repo_id, repo_type, repos_group, clone_uri) log_create_repository(new_repo.get_dict(), @@ -507,6 +517,24 @@ class RepoModel(BaseModel): self.sa.add(obj) log.debug('Granted perm %s to %s on %s' % (perm, user, repo)) + system_group_name = "%s-%s" % ( + repo.repo_name.split(self.URL_SEPARATOR)[-1], + repo.repo_id) + repo_path = os.path.join(self.repos_path, repo.repo_name) + if permission.permission_name in ["repository.none", + "repository.read"]: + if user.username=="default": + os.chmod(repo_path, 0775) + else: + SystemCommand.remove_user_from_group(system_group_name, + user.username) + else: + if user.username=="default": + os.chmod(repo_path, 0777) + else: + SystemCommand.add_user_to_group(system_group_name, + user.username) + def revoke_user_permission(self, repo, user): """ Revoke permission for user on given repository @@ -526,6 +554,11 @@ class RepoModel(BaseModel): self.sa.delete(obj) log.debug('Revoked perm on %s on %s' % (repo, user)) + system_group_name = "%s-%s" % ( + repo.repo_name.split(self.URL_SEPARATOR)[-1], + repo.repo_id) + SystemCommand.remove_user_from_group(system_group_name, user.username) + def grant_users_group_permission(self, repo, group_name, perm): """ Grant permission for users group on given repository, or update @@ -556,6 +589,18 @@ class RepoModel(BaseModel): self.sa.add(obj) log.debug('Granted perm %s to %s on %s' % (perm, group_name, repo)) + system_group_name = "%s-%s" % ( + repo.repo_name.split(self.URL_SEPARATOR)[-1], + repo.repo_id) + for member in group_name.members: + if permission.permission_name in ["repository.none", + "repository.read"]: + SystemCommand.remove_user_from_group(system_group_name, + member.user.username) + else: + SystemCommand.add_user_to_group(system_group_name, + member.user.username) + def revoke_users_group_permission(self, repo, group_name): """ Revoke permission for users group on given repository @@ -575,6 +620,13 @@ class RepoModel(BaseModel): self.sa.delete(obj) log.debug('Revoked perm to %s on %s' % (repo, group_name)) + system_group_name = "%s-%s" % ( + repo.repo_name.split(self.URL_SEPARATOR)[-1], + repo.repo_id) + for member in group_name.members: + SystemCommand.remove_user_from_group(system_group_name, + member.user.username) + def delete_stats(self, repo_name): """ removes stats for given repo @@ -591,7 +643,8 @@ class RepoModel(BaseModel): log.error(traceback.format_exc()) raise - def __create_repo(self, repo_name, alias, parent, clone_uri=False): + def __create_repo(self, repo_name, repo_id, alias, parent, + clone_uri=False): """ makes repository on filesystem. It's group aware means it'll create a repository within a group, and alter the paths accordingly of @@ -637,6 +690,14 @@ class RepoModel(BaseModel): else: raise Exception('Undefined alias %s' % alias) + system_group_name = "%s-%s" % (repo_name, repo_id) + SystemCommand.add_group(system_group_name) + os.chmod(repo_path, 0775) + SystemCommand.change_ownership("%s%s%s" % (new_parent_path, + self.URL_SEPARATOR, + repo_name), + system_group_name) + def __rename_repo(self, old, new): """ renames repository on filesystem @@ -683,3 +744,8 @@ class RepoModel(BaseModel): args = repo.group.full_path_splitted + [_d] _d = os.path.join(*args) shutil.move(rm_path, os.path.join(self.repos_path, _d)) + + system_group_name = "%s-%s" % ( + repo.repo_name.split(self.URL_SEPARATOR)[-1], + repo.repo_id) + SystemCommand.delete_group(system_group_name) diff --git a/rhodecode/model/repos_group.py b/rhodecode/model/repos_group.py index 2ec9d1d6..625762f2 100644 --- a/rhodecode/model/repos_group.py +++ b/rhodecode/model/repos_group.py @@ -28,8 +28,10 @@ import logging import traceback import shutil import datetime +from grp import getgrnam from rhodecode.lib.utils2 import LazyProperty +from rhodecode.lib.system_command import SystemCommand from rhodecode.model import BaseModel from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \ @@ -41,6 +43,7 @@ log = logging.getLogger(__name__) class ReposGroupModel(BaseModel): cls = RepoGroup + URL_SEPARATOR = RepoGroup.url_sep() def __get_users_group(self, users_group): return self._get_instance(UsersGroup, users_group, @@ -140,6 +143,11 @@ class ReposGroupModel(BaseModel): group.name) shutil.move(rm_path, os.path.join(self.repos_path, _d)) + system_group_name = "%s-%s" % ( + group.group_name.split(self.URL_SEPARATOR)[-1], + group.group_id) + SystemCommand.delete_group(system_group_name) + def create(self, group_name, group_description, parent=None, just_db=False): try: new_repos_group = RepoGroup() @@ -156,6 +164,17 @@ class ReposGroupModel(BaseModel): self.sa.flush() self.__create_group(new_repos_group.group_name) + # Create corresponding system group. + system_group_name = "%s-%s" % ( + group_name.split(self.URL_SEPARATOR)[-1], + new_repos_group.group_id) + SystemCommand.add_group(system_group_name) + create_path = os.path.join(self.repos_path, + new_repos_group.group_name) + os.chmod(create_path, 0775) + SystemCommand.change_ownership(new_repos_group.group_name, + system_group_name) + return new_repos_group except: log.error(traceback.format_exc()) @@ -277,6 +296,14 @@ class ReposGroupModel(BaseModel): self.__rename_group(old_path, new_path) + old_system_name = "%s-%s" % ( + old_path.split(self.URL_SEPARATOR)[-1], + repos_group.group_id) + new_system_name = "%s-%s" % ( + new_path.split(self.URL_SEPARATOR)[-1], + repos_group.group_id) + SystemCommand.rename_group(old_system_name, new_system_name) + return repos_group except: log.error(traceback.format_exc()) @@ -359,6 +386,24 @@ class ReposGroupModel(BaseModel): self.sa.add(obj) log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group)) + system_group_name = "%s-%s" % ( + repos_group.group_name.split(self.URL_SEPARATOR)[-1], + repos_group.group_id) + group_path = os.path.join(self.repos_path, repos_group.group_name) + + if permission.permission_name in ["group.none", "group.read"]: + if user.username=="default": + os.chmod(group_path, 0775) + else: + SystemCommand.remove_user_from_group(system_group_name, + user.username) + else: + if user.username=="default": + os.chmod(group_path, 0777) + else: + SystemCommand.add_user_to_group(system_group_name, + user.username) + def revoke_user_permission(self, repos_group, user): """ Revoke permission for user on given repositories group @@ -379,6 +424,11 @@ class ReposGroupModel(BaseModel): self.sa.delete(obj) log.debug('Revoked perm on %s on %s' % (repos_group, user)) + system_group_name = "%s-%s" % ( + repos_group.group_name.split(self.URL_SEPARATOR)[-1], + repos_group.group_id) + SystemCommand.remove_user_from_group(system_group_name, user.username) + def grant_users_group_permission(self, repos_group, group_name, perm): """ Grant permission for users group on given repositories group, or update @@ -410,6 +460,18 @@ class ReposGroupModel(BaseModel): self.sa.add(obj) log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group)) + system_group_name = "%s-%s" % ( + repos_group.group_name.split(self.URL_SEPARATOR)[-1], + repos_group.group_id) + + for member in group_name.members: + if permission.permission_name in ["group.none", "group.read"]: + SystemCommand.remove_user_from_group(system_group_name, + member.user.username) + else: + SystemCommand.add_user_to_group(system_group_name, + member.user.username) + def revoke_users_group_permission(self, repos_group, group_name): """ Revoke permission for users group on given repositories group @@ -429,3 +491,10 @@ class ReposGroupModel(BaseModel): if obj: self.sa.delete(obj) log.debug('Revoked perm to %s on %s' % (repos_group, group_name)) + + system_group_name = "%s-%s" % ( + repos_group.group_name.split(self.URL_SEPARATOR)[-1], + repos_group.group_id) + for member in group_name.members: + SystemCommand.remove_user_from_group(system_group_name, + member.user.username) |