aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStevan Radaković <stevan.radakovic@linaro.org>2013-04-03 12:08:49 +0200
committerStevan Radaković <stevan.radakovic@linaro.org>2013-04-03 12:08:49 +0200
commit6a1d0b93a23f7a43335957fc880eee32f3566567 (patch)
tree5b709afc9e5b85c7f07efac73d54dbc42351b421
parent7b7f978c6208ea95cad15c5ad6beafa54768de01 (diff)
parent7dd81d912e5ae857ee26225878426e2907a6eed0 (diff)
Merge branch 'ldap' into linaro
-rw-r--r--rhodecode/lib/system_command.py77
-rw-r--r--rhodecode/model/repo.py70
-rw-r--r--rhodecode/model/repos_group.py69
3 files changed, 214 insertions, 2 deletions
diff --git a/rhodecode/lib/system_command.py b/rhodecode/lib/system_command.py
new file mode 100644
index 00000000..14d25289
--- /dev/null
+++ b/rhodecode/lib/system_command.py
@@ -0,0 +1,77 @@
+import logging
+import os
+import subprocess
+
+
+log = logging.getLogger(__name__)
+
+
+class SystemCommand():
+
+ @classmethod
+ def execute(cls, cmd_args, with_sudo=True):
+ """Runs the command passed."""
+ if not isinstance(cmd_args, list):
+ cmd_args = list(cmd_args)
+ if with_sudo:
+ cmd_args.insert(0, "sudo")
+
+ with open(os.devnull, 'w') as tempf:
+ process = subprocess.Popen(cmd_args, stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE)
+ (stdout, stderr) = process.communicate()
+
+ if process.returncode != 0:
+ log.warn("Error executing command: '%s'. Reason: %s." %
+ (" ".join(cmd_args), stderr))
+ else:
+ log.debug("Sucess executing command %s. Output: %s" % (cmd_args,
+ stdout))
+
+ return stdout
+
+ @classmethod
+ def add_group(cls, groupname):
+ cmd_args = ["groupadd", groupname]
+ cls.execute(cmd_args)
+
+ @classmethod
+ def rename_group(cls, groupname, newgroupname):
+ cmd_args = ["groupmod", "-n", newgroupname, groupname]
+ cls.execute(cmd_args)
+
+ @classmethod
+ def delete_group(cls, groupname):
+ cmd_args = ["groupdel", groupname]
+ cls.execute(cmd_args)
+
+ @classmethod
+ def add_user(cls, username):
+ cmd_args = ["adduser", "--disabled-password", "--force-badname",
+ "--quiet", "--gecos", "''", username]
+ cls.execute(cmd_args)
+
+ @classmethod
+ def add_user_to_group(cls, groupname, username):
+ cmd_args = ["gpasswd", "-a", username, groupname]
+ cls.execute(cmd_args)
+
+ @classmethod
+ def remove_user_from_group(cls, groupname, username):
+ cmd_args = ["gpasswd", "-d", username, groupname]
+ cls.execute(cmd_args)
+
+ @classmethod
+ def get_group_members(cls, groupname):
+ cmd_args = ["members", "--all", groupname]
+ try:
+ output = cls.execute(cmd_args)
+ users = set(output.split())
+ return users
+ except:
+ return {}
+
+ @classmethod
+ def change_ownership(cls, path, group):
+ cmd_args = ["change-repo-ownership", path, group]
+ cls.execute(cmd_args)
diff --git a/rhodecode/model/repo.py b/rhodecode/model/repo.py
index edbbd180..b228a5ac 100644
--- a/rhodecode/model/repo.py
+++ b/rhodecode/model/repo.py
@@ -28,6 +28,7 @@ import shutil
import logging
import traceback
from datetime import datetime
+from grp import getgrnam
from rhodecode.lib.vcs.backends import get_backend
from rhodecode.lib.compat import json
@@ -35,6 +36,7 @@ from rhodecode.lib.utils2 import LazyProperty, safe_str, safe_unicode,\
remove_prefix, obfuscate_url_pw
from rhodecode.lib.caching_query import FromCache
from rhodecode.lib.hooks import log_create_repository, log_delete_repository
+from rhodecode.lib.system_command import SystemCommand
from rhodecode.model import BaseModel
from rhodecode.model.db import Repository, UserRepoToPerm, User, Permission, \
@@ -314,6 +316,14 @@ class RepoModel(BaseModel):
self.sa.add(cur_repo)
+ old_system_name = "%s-%s" % (
+ org_repo_name.split(self.URL_SEPARATOR)[-1],
+ cur_repo.repo_id)
+ new_system_name = "%s-%s" % (
+ new_name.split(self.URL_SEPARATOR)[-1],
+ cur_repo.repo_id)
+ SystemCommand.rename_group(old_system_name, new_system_name)
+
if org_repo_name != new_name:
# rename repository
self.__rename_repo(old=org_repo_name, new=new_name)
@@ -410,7 +420,7 @@ class RepoModel(BaseModel):
_create_default_perms()
if not just_db:
- self.__create_repo(repo_name, repo_type,
+ self.__create_repo(repo_name, new_repo.repo_id, repo_type,
repos_group,
clone_uri)
log_create_repository(new_repo.get_dict(),
@@ -507,6 +517,24 @@ class RepoModel(BaseModel):
self.sa.add(obj)
log.debug('Granted perm %s to %s on %s' % (perm, user, repo))
+ system_group_name = "%s-%s" % (
+ repo.repo_name.split(self.URL_SEPARATOR)[-1],
+ repo.repo_id)
+ repo_path = os.path.join(self.repos_path, repo.repo_name)
+ if permission.permission_name in ["repository.none",
+ "repository.read"]:
+ if user.username=="default":
+ os.chmod(repo_path, 0775)
+ else:
+ SystemCommand.remove_user_from_group(system_group_name,
+ user.username)
+ else:
+ if user.username=="default":
+ os.chmod(repo_path, 0777)
+ else:
+ SystemCommand.add_user_to_group(system_group_name,
+ user.username)
+
def revoke_user_permission(self, repo, user):
"""
Revoke permission for user on given repository
@@ -526,6 +554,11 @@ class RepoModel(BaseModel):
self.sa.delete(obj)
log.debug('Revoked perm on %s on %s' % (repo, user))
+ system_group_name = "%s-%s" % (
+ repo.repo_name.split(self.URL_SEPARATOR)[-1],
+ repo.repo_id)
+ SystemCommand.remove_user_from_group(system_group_name, user.username)
+
def grant_users_group_permission(self, repo, group_name, perm):
"""
Grant permission for users group on given repository, or update
@@ -556,6 +589,18 @@ class RepoModel(BaseModel):
self.sa.add(obj)
log.debug('Granted perm %s to %s on %s' % (perm, group_name, repo))
+ system_group_name = "%s-%s" % (
+ repo.repo_name.split(self.URL_SEPARATOR)[-1],
+ repo.repo_id)
+ for member in group_name.members:
+ if permission.permission_name in ["repository.none",
+ "repository.read"]:
+ SystemCommand.remove_user_from_group(system_group_name,
+ member.user.username)
+ else:
+ SystemCommand.add_user_to_group(system_group_name,
+ member.user.username)
+
def revoke_users_group_permission(self, repo, group_name):
"""
Revoke permission for users group on given repository
@@ -575,6 +620,13 @@ class RepoModel(BaseModel):
self.sa.delete(obj)
log.debug('Revoked perm to %s on %s' % (repo, group_name))
+ system_group_name = "%s-%s" % (
+ repo.repo_name.split(self.URL_SEPARATOR)[-1],
+ repo.repo_id)
+ for member in group_name.members:
+ SystemCommand.remove_user_from_group(system_group_name,
+ member.user.username)
+
def delete_stats(self, repo_name):
"""
removes stats for given repo
@@ -591,7 +643,8 @@ class RepoModel(BaseModel):
log.error(traceback.format_exc())
raise
- def __create_repo(self, repo_name, alias, parent, clone_uri=False):
+ def __create_repo(self, repo_name, repo_id, alias, parent,
+ clone_uri=False):
"""
makes repository on filesystem. It's group aware means it'll create
a repository within a group, and alter the paths accordingly of
@@ -637,6 +690,14 @@ class RepoModel(BaseModel):
else:
raise Exception('Undefined alias %s' % alias)
+ system_group_name = "%s-%s" % (repo_name, repo_id)
+ SystemCommand.add_group(system_group_name)
+ os.chmod(repo_path, 0775)
+ SystemCommand.change_ownership("%s%s%s" % (new_parent_path,
+ self.URL_SEPARATOR,
+ repo_name),
+ system_group_name)
+
def __rename_repo(self, old, new):
"""
renames repository on filesystem
@@ -683,3 +744,8 @@ class RepoModel(BaseModel):
args = repo.group.full_path_splitted + [_d]
_d = os.path.join(*args)
shutil.move(rm_path, os.path.join(self.repos_path, _d))
+
+ system_group_name = "%s-%s" % (
+ repo.repo_name.split(self.URL_SEPARATOR)[-1],
+ repo.repo_id)
+ SystemCommand.delete_group(system_group_name)
diff --git a/rhodecode/model/repos_group.py b/rhodecode/model/repos_group.py
index 2ec9d1d6..625762f2 100644
--- a/rhodecode/model/repos_group.py
+++ b/rhodecode/model/repos_group.py
@@ -28,8 +28,10 @@ import logging
import traceback
import shutil
import datetime
+from grp import getgrnam
from rhodecode.lib.utils2 import LazyProperty
+from rhodecode.lib.system_command import SystemCommand
from rhodecode.model import BaseModel
from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \
@@ -41,6 +43,7 @@ log = logging.getLogger(__name__)
class ReposGroupModel(BaseModel):
cls = RepoGroup
+ URL_SEPARATOR = RepoGroup.url_sep()
def __get_users_group(self, users_group):
return self._get_instance(UsersGroup, users_group,
@@ -140,6 +143,11 @@ class ReposGroupModel(BaseModel):
group.name)
shutil.move(rm_path, os.path.join(self.repos_path, _d))
+ system_group_name = "%s-%s" % (
+ group.group_name.split(self.URL_SEPARATOR)[-1],
+ group.group_id)
+ SystemCommand.delete_group(system_group_name)
+
def create(self, group_name, group_description, parent=None, just_db=False):
try:
new_repos_group = RepoGroup()
@@ -156,6 +164,17 @@ class ReposGroupModel(BaseModel):
self.sa.flush()
self.__create_group(new_repos_group.group_name)
+ # Create corresponding system group.
+ system_group_name = "%s-%s" % (
+ group_name.split(self.URL_SEPARATOR)[-1],
+ new_repos_group.group_id)
+ SystemCommand.add_group(system_group_name)
+ create_path = os.path.join(self.repos_path,
+ new_repos_group.group_name)
+ os.chmod(create_path, 0775)
+ SystemCommand.change_ownership(new_repos_group.group_name,
+ system_group_name)
+
return new_repos_group
except:
log.error(traceback.format_exc())
@@ -277,6 +296,14 @@ class ReposGroupModel(BaseModel):
self.__rename_group(old_path, new_path)
+ old_system_name = "%s-%s" % (
+ old_path.split(self.URL_SEPARATOR)[-1],
+ repos_group.group_id)
+ new_system_name = "%s-%s" % (
+ new_path.split(self.URL_SEPARATOR)[-1],
+ repos_group.group_id)
+ SystemCommand.rename_group(old_system_name, new_system_name)
+
return repos_group
except:
log.error(traceback.format_exc())
@@ -359,6 +386,24 @@ class ReposGroupModel(BaseModel):
self.sa.add(obj)
log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group))
+ system_group_name = "%s-%s" % (
+ repos_group.group_name.split(self.URL_SEPARATOR)[-1],
+ repos_group.group_id)
+ group_path = os.path.join(self.repos_path, repos_group.group_name)
+
+ if permission.permission_name in ["group.none", "group.read"]:
+ if user.username=="default":
+ os.chmod(group_path, 0775)
+ else:
+ SystemCommand.remove_user_from_group(system_group_name,
+ user.username)
+ else:
+ if user.username=="default":
+ os.chmod(group_path, 0777)
+ else:
+ SystemCommand.add_user_to_group(system_group_name,
+ user.username)
+
def revoke_user_permission(self, repos_group, user):
"""
Revoke permission for user on given repositories group
@@ -379,6 +424,11 @@ class ReposGroupModel(BaseModel):
self.sa.delete(obj)
log.debug('Revoked perm on %s on %s' % (repos_group, user))
+ system_group_name = "%s-%s" % (
+ repos_group.group_name.split(self.URL_SEPARATOR)[-1],
+ repos_group.group_id)
+ SystemCommand.remove_user_from_group(system_group_name, user.username)
+
def grant_users_group_permission(self, repos_group, group_name, perm):
"""
Grant permission for users group on given repositories group, or update
@@ -410,6 +460,18 @@ class ReposGroupModel(BaseModel):
self.sa.add(obj)
log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group))
+ system_group_name = "%s-%s" % (
+ repos_group.group_name.split(self.URL_SEPARATOR)[-1],
+ repos_group.group_id)
+
+ for member in group_name.members:
+ if permission.permission_name in ["group.none", "group.read"]:
+ SystemCommand.remove_user_from_group(system_group_name,
+ member.user.username)
+ else:
+ SystemCommand.add_user_to_group(system_group_name,
+ member.user.username)
+
def revoke_users_group_permission(self, repos_group, group_name):
"""
Revoke permission for users group on given repositories group
@@ -429,3 +491,10 @@ class ReposGroupModel(BaseModel):
if obj:
self.sa.delete(obj)
log.debug('Revoked perm to %s on %s' % (repos_group, group_name))
+
+ system_group_name = "%s-%s" % (
+ repos_group.group_name.split(self.URL_SEPARATOR)[-1],
+ repos_group.group_id)
+ for member in group_name.members:
+ SystemCommand.remove_user_from_group(system_group_name,
+ member.user.username)