From cc643ce932b2abdc56c4d1933c02806ca57ddefa Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Sat, 13 Sep 2008 16:31:11 +0000 Subject: [PATCH] Merged nbc branch @ r1812 (commit access permission and reposman improvements). git-svn-id: http://redmine.rubyforge.org/svn/trunk@1814 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/apis/sys_api.rb | 14 +- app/controllers/sys_controller.rb | 9 +- app/models/project.rb | 2 + app/models/role.rb | 27 +++- .../096_add_commit_access_permission.rb | 14 ++ extra/svn/Redmine.pm | 15 +- extra/svn/reposman.pl | 142 ------------------ extra/svn/reposman.rb | 109 ++++++++------ lib/redmine.rb | 1 + lib/redmine/default_data/loader.rb | 3 +- test/functional/sys_api_test.rb | 31 +++- test/unit/role_test.rb | 20 +++ 12 files changed, 178 insertions(+), 209 deletions(-) create mode 100644 db/migrate/096_add_commit_access_permission.rb delete mode 100755 extra/svn/reposman.pl diff --git a/app/apis/sys_api.rb b/app/apis/sys_api.rb index f52f9e7ef..fcee616b5 100644 --- a/app/apis/sys_api.rb +++ b/app/apis/sys_api.rb @@ -15,11 +15,19 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +class AWSProjectWithRepository < ActionWebService::Struct + member :id, :int + member :identifier, :string + member :name, :string + member :is_public, :bool + member :repository, Repository +end + class SysApi < ActionWebService::API::Base - api_method :projects, + api_method :projects_with_repository_enabled, :expects => [], - :returns => [[Project]] + :returns => [[AWSProjectWithRepository]] api_method :repository_created, - :expects => [:string, :string], + :expects => [:string, :string, :string], :returns => [:int] end diff --git a/app/controllers/sys_controller.rb b/app/controllers/sys_controller.rb index 6065c2833..8aff3bd15 100644 --- a/app/controllers/sys_controller.rb +++ b/app/controllers/sys_controller.rb @@ -23,18 +23,17 @@ class SysController < ActionController::Base before_invocation :check_enabled # Returns the projects list, with their repositories - def projects - Project.find(:all, :include => :repository) + def projects_with_repository_enabled + Project.has_module(:repository).find(:all, :include => :repository, :order => 'identifier') end # Registers a repository for the given project identifier - # (Subversion specific) - def repository_created(identifier, url) + def repository_created(identifier, vendor, url) project = Project.find_by_identifier(identifier) # Do not create the repository if the project has already one return 0 unless project && project.repository.nil? logger.debug "Repository for #{project.name} was created" - repository = Repository.factory('Subversion', :project => project, :url => url) + repository = Repository.factory(vendor, :project => project, :url => url) repository.save repository.id || 0 end diff --git a/app/models/project.rb b/app/models/project.rb index adc70c644..e40af9967 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -62,6 +62,8 @@ class Project < ActiveRecord::Base validates_format_of :identifier, :with => /^[a-z0-9\-]*$/ before_destroy :delete_all_members + + named_scope :has_module, lambda { |mod| { :conditions => ["#{Project.table_name}.id IN (SELECT em.project_id FROM #{EnabledModule.table_name} em WHERE em.name=?)", mod.to_s] } } def identifier=(identifier) super unless identifier_frozen? diff --git a/app/models/role.rb b/app/models/role.rb index 6f1fb4768..5ff9470f9 100644 --- a/app/models/role.rb +++ b/app/models/role.rb @@ -19,6 +19,11 @@ class Role < ActiveRecord::Base # Built-in roles BUILTIN_NON_MEMBER = 1 BUILTIN_ANONYMOUS = 2 + + named_scope :builtin, lambda { |*args| + compare = 'not' if args.first == true + { :conditions => "#{compare} builtin = 0" } + } before_destroy :check_deletable has_many :workflows, :dependent => :delete_all do @@ -36,7 +41,7 @@ class Role < ActiveRecord::Base has_many :members acts_as_list - serialize :permissions + serialize :permissions, Array attr_protected :builtin validates_presence_of :name @@ -49,9 +54,27 @@ class Role < ActiveRecord::Base end def permissions=(perms) - perms = perms.collect {|p| p.to_sym unless p.blank? }.compact if perms + perms = perms.collect {|p| p.to_sym unless p.blank? }.compact.uniq if perms write_attribute(:permissions, perms) end + + def add_permission!(*perms) + self.permissions = [] unless permissions.is_a?(Array) + + permissions_will_change! + perms.each do |p| + p = p.to_sym + permissions << p unless permissions.include?(p) + end + save! + end + + def remove_permission!(*perms) + return unless permissions.is_a?(Array) + permissions_will_change! + perms.each { |p| permissions.delete(p.to_sym) } + save! + end def <=>(role) position <=> role.position diff --git a/db/migrate/096_add_commit_access_permission.rb b/db/migrate/096_add_commit_access_permission.rb new file mode 100644 index 000000000..f73af2c0c --- /dev/null +++ b/db/migrate/096_add_commit_access_permission.rb @@ -0,0 +1,14 @@ +class AddCommitAccessPermission < ActiveRecord::Migration + + def self.up + Role.find(:all).select { |r| not r.builtin? }.each do |r| + r.add_permission!(:commit_access) + end + end + + def self.down + Role.find(:all).select { |r| not r.builtin? }.each do |r| + r.remove_permission!(:commit_access) + end + end +end diff --git a/extra/svn/Redmine.pm b/extra/svn/Redmine.pm index 2619196c7..a15b482e8 100644 --- a/extra/svn/Redmine.pm +++ b/extra/svn/Redmine.pm @@ -148,11 +148,12 @@ sub RedmineDSN { my ($self, $parms, $arg) = @_; $self->{RedmineDSN} = $arg; my $query = "SELECT - hashed_password, auth_source_id - FROM members, projects, users + hashed_password, auth_source_id, permissions + FROM members, projects, users, roles WHERE projects.id=members.project_id AND users.id=members.user_id + AND roles.id=members.role_id AND users.status=1 AND login=? AND identifier=? "; @@ -277,9 +278,11 @@ sub is_member { $sth->execute($redmine_user, $project_id); my $ret; - while (my @row = $sth->fetchrow_array) { - unless ($row[1]) { - if ($row[0] eq $pass_digest) { + while (my ($hashed_password, $auth_source_id, $permissions) = $sth->fetchrow_array) { + + unless ($auth_source_id) { + my $method = $r->method; + if ($hashed_password eq $pass_digest && (defined $read_only_methods{$method} || $permissions =~ /:commit_access/) ) { $ret = 1; last; } @@ -287,7 +290,7 @@ sub is_member { my $sthldap = $dbh->prepare( "SELECT host,port,tls,account,account_password,base_dn,attr_login from auth_sources WHERE id = ?;" ); - $sthldap->execute($row[1]); + $sthldap->execute($auth_source_id); while (my @rowldap = $sthldap->fetchrow_array) { my $ldap = Authen::Simple::LDAP->new( host => ($rowldap[2] == 1 || $rowldap[2] eq "t") ? "ldaps://$rowldap[0]" : $rowldap[0], diff --git a/extra/svn/reposman.pl b/extra/svn/reposman.pl deleted file mode 100755 index b8ce8f8af..000000000 --- a/extra/svn/reposman.pl +++ /dev/null @@ -1,142 +0,0 @@ -#!/usr/bin/perl -# -# redMine is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -use strict; -use SOAP::Lite; -use Getopt::Long; -Getopt::Long::Configure ("bundling", "no_auto_abbrev", "no_ignore_case"); -use Pod::Usage; -use vars qw/$VERSION/; - -$VERSION = "1.0"; - -my $warning = "This program is now deprecated. Use the reposman.rb for new features"; -print STDERR "*" x length($warning), "\n", - $warning, "\n", - "*" x length($warning), "\n\n"; - -my %opts = (verbose => 0); -GetOptions(\%opts, 'verbose|v+', 'version|V', 'help|h', 'man|m', 'quiet|q', 'svn-dir|s=s', 'redmine-host|r=s') or pod2usage(2); - -die "$VERSION\n" if $opts{version}; -pod2usage(1) if $opts{help}; -pod2usage( -verbose => 2 ) if $opts{man}; - -my $repos_base = $opts{'svn-dir'}; -my $redmine_host = $opts{'redmine-host'}; - -pod2usage(2) unless $repos_base and $redmine_host; - -unless (-d $repos_base) { - Log(text => "$repos_base doesn't exist", exit => 1); -} - -Log(level => 1, text => "querying redMine for projects..."); -my $wdsl = "http://$redmine_host/sys/service.wsdl"; -my $service = SOAP::Lite->service($wdsl); - -my $projects = $service->Projects(''); -my $project_count = @{$projects}; -Log(level => 1, text => "retrieved $project_count projects"); - -foreach my $project (@{$projects}) { - Log(level => 1, text => "treating project $project->{name}"); - my $repos_name = $project->{identifier}; - - if ($repos_name eq "") { - Log(text => "\tno identifier for project $project->{name}"); - next; - } - - unless ($repos_name =~ /^[a-z0-9\-]+$/) { - Log(text => "\tinvalid identifier for project $project->{name}"); - next; - } - - my $repos_path = "$repos_base/$repos_name"; - - if (-e $repos_path) { - # check unix right and change them if needed - my $other_read = (stat($repos_path))[2] & 00007; - my $right; - - if ($project->{is_public} and not $other_read) { - $right = "0775"; - } elsif (not $project->{is_public} and $other_read) { - $right = "0770"; - } else { - next; - } - - # change mode - system('chmod', '-R', $right, $repos_path) == 0 or - warn("\tunable to change mode on $repos_path : $?\n"), next; - - Log(text => "\tmode change on $repos_path"); - - } else { - # change umask to suit the repository's privacy - $project->{is_public} ? umask 0002 : umask 0007; - - # create the repository - system('svnadmin', 'create', $repos_path) == 0 or - warn("\tsystem svnadmin failed unable to create $repos_path\n"), next; - - # set the group owner - system('chown', '-R', "root:$repos_name", $repos_path) == 0 or - warn("\tunable to create $repos_path : $?\n"), next; - - Log(text => "\trepository $repos_path created"); - } -} - - -sub Log { - my %args = (level => 0, text => '', @_); - - my $level = delete $args{level}; - my $text = delete $args{text}; - return unless $level <= $opts{verbose}; - return if $opts{quiet}; - print "$text\n"; - - exit $args{exit} - if defined $args{exit}; -} - - -__END__ - -=head1 NAME - - reposman - manages your svn repositories with redMine - -=head1 SYNOPSIS - - reposman [options] arguments - example: reposman --svn-dir=/var/svn --redmine-host=redmine.mydomain.foo - reposman -s /var/svn -r redmine.mydomain.foo - -=head1 ARGUMENTS - - -s, --svn-dir=DIR use DIR as base directory for svn repositories - -r, --redmine-host=HOST assume redMine is hosted on HOST - -=head1 OPTIONS - - -v verbose - -V print version and exit - diff --git a/extra/svn/reposman.rb b/extra/svn/reposman.rb index 0b476cdc4..76804d650 100755 --- a/extra/svn/reposman.rb +++ b/extra/svn/reposman.rb @@ -6,52 +6,49 @@ # # == Usage # -# reposman [ -h | --help ] [ -v | --verbose ] [ -V | --version ] [ -q | --quiet ] -s /var/svn -r redmine.host.org -# example: reposman --svn-dir=/var/svn --redmine-host=redmine.mydomain.foo -# reposman -s /var/svn -r redmine.mydomain.foo +# reposman [OPTIONS...] -s [DIR] -r [HOST] +# +# Examples: +# reposman --svn-dir=/var/svn --redmine-host=redmine.example.net +# reposman -s /var/svn -r redmine.example.net -u http://svn.example.net # # == Arguments (mandatory) -# -# -s, --svn-dir=DIR -# use DIR as base directory for svn repositories # -# -r, --redmine-host=HOST -# assume Redmine is hosted on HOST. -# you can use : -# * -r redmine.mydomain.foo (will add http://) -# * -r http://redmine.mydomain.foo -# * -r https://mydomain.foo/redmine +# -s, --svn-dir=DIR use DIR as base directory for svn repositories +# -r, --redmine-host=HOST assume Redmine is hosted on HOST. Examples: +# -r redmine.example.net +# -r http://redmine.example.net +# -r https://example.net/redmine # # == Options # -# -o, --owner=OWNER -# owner of the repository. using the rails login allow user to browse -# the repository in Redmine even for private project -# -# -u, --url=URL -# the base url Redmine will use to access your repositories. This -# will be used to register the repository in Redmine so that user -# doesn't need to do anything. reposman will add the identifier to this url : -# -# -u https://my.svn.server/my/reposity/root # if the repository can be access by http -# -u file:///var/svn/ # if the repository is local -# if this option isn't set, reposman won't register the repository -# -# -t, --test -# only show what should be done -# -# -h, --help: -# show help and exit -# -# -v, --verbose -# verbose -# -# -V, --version -# print version and exit -# -# -q, --quiet -# no log -# +# -o, --owner=OWNER owner of the repository. using the rails login +# allow user to browse the repository within +# Redmine even for private project +# -u, --url=URL the base url Redmine will use to access your +# repositories. This option is used to automatically +# register the repositories in Redmine. The project +# identifier will be appended to this url. Examples: +# -u https://example.net/svn +# -u file:///var/svn/ +# if this option isn't set, reposman won't register +# the repositories in Redmine +# -c, --command=COMMAND use this command instead of "svnadmin create" to +# create a repository. This option can be used to +# create non-subversion repositories +# --scm SCM vendor used to register the repository in +# Redmine (default: Subversion). Can be one of the +# other supported SCM: Bazaar, Darcs, Filesystem, +# Git, Mercurial (case sensitive). +# This option should be used when both options --url +# and --command are used. +# -f, --force force repository creation even if the project +# repository is already declared in Redmine +# -t, --test only show what should be done +# -h, --help show help and exit +# -v, --verbose verbose +# -V, --version print version and exit +# -q, --quiet no log require 'getoptlong' require 'rdoc/usage' @@ -59,14 +56,18 @@ require 'soap/wsdlDriver' require 'find' require 'etc' -Version = "1.0" +Version = "1.1" +SUPPORTED_SCM = %w( Subversion Darcs Mercurial Bazaar Git Filesystem ) opts = GetoptLong.new( ['--svn-dir', '-s', GetoptLong::REQUIRED_ARGUMENT], ['--redmine-host', '-r', GetoptLong::REQUIRED_ARGUMENT], ['--owner', '-o', GetoptLong::REQUIRED_ARGUMENT], ['--url', '-u', GetoptLong::REQUIRED_ARGUMENT], + ['--command' , '-c', GetoptLong::REQUIRED_ARGUMENT], + ['--scm', GetoptLong::REQUIRED_ARGUMENT], ['--test', '-t', GetoptLong::NO_ARGUMENT], + ['--force', '-f', GetoptLong::NO_ARGUMENT], ['--verbose', '-v', GetoptLong::NO_ARGUMENT], ['--version', '-V', GetoptLong::NO_ARGUMENT], ['--help' , '-h', GetoptLong::NO_ARGUMENT], @@ -81,6 +82,9 @@ $svn_owner = 'root' $use_groupid = true $svn_url = false $test = false +$command = "svnadmin create" +$force = false +$scm = 'Subversion' def log(text,level=0, exit=false) return if $quiet or level > $verbose @@ -95,8 +99,11 @@ begin when '--redmine-host'; $redmine_host = arg.dup when '--owner'; $svn_owner = arg.dup; $use_groupid = false; when '--url'; $svn_url = arg.dup + when '--scm'; $scm = arg.dup; log("Invalid SCM: #{$scm}", 0, true) unless SUPPORTED_SCM.include?($scm) + when '--command'; $command = arg.dup when '--verbose'; $verbose += 1 when '--test'; $test = true + when '--force'; $force = true when '--version'; puts Version; exit when '--help'; RDoc::usage when '--quiet'; $quiet = true @@ -110,6 +117,12 @@ if $test log("running in test mode") end +# Make sure command is overridden if SCM vendor is not Subversion +if $scm != 'Subversion' && $command == 'svnadmin create' + log("Please use --command option to specify how to create a #{$scm} repository.", 0, true) +end + + $svn_url += "/" if $svn_url and not $svn_url.match(/\/$/) if ($redmine_host.empty? or $repos_base.empty?) @@ -133,7 +146,7 @@ rescue => e log("Unable to connect to #{wsdl_url} : #{e}", 0, true) end -projects = soap.Projects +projects = soap.ProjectsWithRepositoryEnabled if projects.nil? log('no project found, perhaps you forgot to "Enable WS for repository management"', 0, true) @@ -201,6 +214,13 @@ projects.each do |project| log("\tmode change on #{repos_path}"); else + # if repository is already declared in redmine, we don't create + # unless user use -f with reposman + if $force == false and not project.repository.nil? + log("\trepository for project #{project.identifier} already exists in Redmine", 1) + next + end + project.is_public ? File.umask(0002) : File.umask(0007) if $test @@ -211,7 +231,8 @@ projects.each do |project| begin set_owner_and_rights(project, repos_path) do - raise "svnadmin create #{repos_path} failed" unless system("svnadmin", "create", repos_path) + command = "#{$command} #{repos_path}" + raise "#{command} failed" unless system( command ) end rescue => e log("\tunable to create #{repos_path} : #{e}\n") @@ -219,7 +240,7 @@ projects.each do |project| end if $svn_url - ret = soap.RepositoryCreated project.identifier, "#{$svn_url}#{project.identifier}" + ret = soap.RepositoryCreated project.identifier, $scm, "#{$svn_url}#{project.identifier}" if ret > 0 log("\trepository #{repos_path} registered in Redmine with url #{$svn_url}#{project.identifier}"); else diff --git a/lib/redmine.rb b/lib/redmine.rb index 8045f30f1..fdacb23b9 100644 --- a/lib/redmine.rb +++ b/lib/redmine.rb @@ -88,6 +88,7 @@ Redmine::AccessControl.map do |map| map.permission :manage_repository, {:repositories => [:edit, :destroy]}, :require => :member map.permission :browse_repository, :repositories => [:show, :browse, :entry, :annotate, :changes, :diff, :stats, :graph] map.permission :view_changesets, :repositories => [:show, :revisions, :revision] + map.permission :commit_access, {} end map.project_module :boards do |map| diff --git a/lib/redmine/default_data/loader.rb b/lib/redmine/default_data/loader.rb index 11bd2a0b4..dd3b9e7ec 100644 --- a/lib/redmine/default_data/loader.rb +++ b/lib/redmine/default_data/loader.rb @@ -67,7 +67,8 @@ module Redmine :view_files, :manage_files, :browse_repository, - :view_changesets] + :view_changesets, + :commit_access] reporter = Role.create! :name => l(:default_role_reporter), :position => 3, diff --git a/test/functional/sys_api_test.rb b/test/functional/sys_api_test.rb index ec8d0964e..48ed780d0 100644 --- a/test/functional/sys_api_test.rb +++ b/test/functional/sys_api_test.rb @@ -5,7 +5,7 @@ require 'sys_controller' class SysController; def rescue_action(e) raise e end; end class SysControllerTest < Test::Unit::TestCase - fixtures :projects, :repositories + fixtures :projects, :enabled_modules, :repositories def setup @controller = SysController.new @@ -15,17 +15,36 @@ class SysControllerTest < Test::Unit::TestCase Setting.sys_api_enabled = 1 end - def test_projects - result = invoke :projects - assert_equal Project.count, result.size - assert result.first.is_a?(Project) + def test_projects_with_repository_enabled + result = invoke :projects_with_repository_enabled + assert_equal EnabledModule.count(:all, :conditions => {:name => 'repository'}), result.size + + project = result.first + assert project.is_a?(AWSProjectWithRepository) + + assert project.respond_to?(:id) + assert_equal 1, project.id + + assert project.respond_to?(:identifier) + assert_equal 'ecookbook', project.identifier + + assert project.respond_to?(:name) + assert_equal 'eCookbook', project.name + + assert project.respond_to?(:is_public) + assert project.is_public + + assert project.respond_to?(:repository) + assert project.repository.is_a?(Repository) end def test_repository_created project = Project.find(3) assert_nil project.repository - assert invoke(:repository_created, project.identifier, 'http://localhost/svn') + assert invoke(:repository_created, project.identifier, 'Subversion', 'http://localhost/svn') project.reload assert_not_nil project.repository + assert project.repository.is_a?(Repository::Subversion) + assert_equal 'http://localhost/svn', project.repository.url end end diff --git a/test/unit/role_test.rb b/test/unit/role_test.rb index b98af2e36..cab668c50 100644 --- a/test/unit/role_test.rb +++ b/test/unit/role_test.rb @@ -30,4 +30,24 @@ class RoleTest < Test::Unit::TestCase target.reload assert_equal 90, target.workflows.size end + + def test_add_permission + role = Role.find(1) + size = role.permissions.size + role.add_permission!("apermission", "anotherpermission") + role.reload + assert role.permissions.include?(:anotherpermission) + assert_equal size + 2, role.permissions.size + end + + def test_remove_permission + role = Role.find(1) + size = role.permissions.size + perm = role.permissions[0..1] + role.remove_permission!(*perm) + role.reload + assert ! role.permissions.include?(perm[0]) + assert_equal size - 2, role.permissions.size + end + end -- 2.39.5