git-svn-id: http://redmine.rubyforge.org/svn/trunk@1814 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/0.8.0-RC1
@@ -15,11 +15,19 @@ | |||
# along with this program; if not, write to the Free Software | |||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
class AWSProjectWithRepository < ActionWebService::Struct | |||
member :id, :int | |||
member :identifier, :string | |||
member :name, :string | |||
member :is_public, :bool | |||
member :repository, Repository | |||
end | |||
class SysApi < ActionWebService::API::Base | |||
api_method :projects, | |||
api_method :projects_with_repository_enabled, | |||
:expects => [], | |||
:returns => [[Project]] | |||
:returns => [[AWSProjectWithRepository]] | |||
api_method :repository_created, | |||
:expects => [:string, :string], | |||
:expects => [:string, :string, :string], | |||
:returns => [:int] | |||
end |
@@ -23,18 +23,17 @@ class SysController < ActionController::Base | |||
before_invocation :check_enabled | |||
# Returns the projects list, with their repositories | |||
def projects | |||
Project.find(:all, :include => :repository) | |||
def projects_with_repository_enabled | |||
Project.has_module(:repository).find(:all, :include => :repository, :order => 'identifier') | |||
end | |||
# Registers a repository for the given project identifier | |||
# (Subversion specific) | |||
def repository_created(identifier, url) | |||
def repository_created(identifier, vendor, url) | |||
project = Project.find_by_identifier(identifier) | |||
# Do not create the repository if the project has already one | |||
return 0 unless project && project.repository.nil? | |||
logger.debug "Repository for #{project.name} was created" | |||
repository = Repository.factory('Subversion', :project => project, :url => url) | |||
repository = Repository.factory(vendor, :project => project, :url => url) | |||
repository.save | |||
repository.id || 0 | |||
end |
@@ -62,6 +62,8 @@ class Project < ActiveRecord::Base | |||
validates_format_of :identifier, :with => /^[a-z0-9\-]*$/ | |||
before_destroy :delete_all_members | |||
named_scope :has_module, lambda { |mod| { :conditions => ["#{Project.table_name}.id IN (SELECT em.project_id FROM #{EnabledModule.table_name} em WHERE em.name=?)", mod.to_s] } } | |||
def identifier=(identifier) | |||
super unless identifier_frozen? |
@@ -19,6 +19,11 @@ class Role < ActiveRecord::Base | |||
# Built-in roles | |||
BUILTIN_NON_MEMBER = 1 | |||
BUILTIN_ANONYMOUS = 2 | |||
named_scope :builtin, lambda { |*args| | |||
compare = 'not' if args.first == true | |||
{ :conditions => "#{compare} builtin = 0" } | |||
} | |||
before_destroy :check_deletable | |||
has_many :workflows, :dependent => :delete_all do | |||
@@ -36,7 +41,7 @@ class Role < ActiveRecord::Base | |||
has_many :members | |||
acts_as_list | |||
serialize :permissions | |||
serialize :permissions, Array | |||
attr_protected :builtin | |||
validates_presence_of :name | |||
@@ -49,9 +54,27 @@ class Role < ActiveRecord::Base | |||
end | |||
def permissions=(perms) | |||
perms = perms.collect {|p| p.to_sym unless p.blank? }.compact if perms | |||
perms = perms.collect {|p| p.to_sym unless p.blank? }.compact.uniq if perms | |||
write_attribute(:permissions, perms) | |||
end | |||
def add_permission!(*perms) | |||
self.permissions = [] unless permissions.is_a?(Array) | |||
permissions_will_change! | |||
perms.each do |p| | |||
p = p.to_sym | |||
permissions << p unless permissions.include?(p) | |||
end | |||
save! | |||
end | |||
def remove_permission!(*perms) | |||
return unless permissions.is_a?(Array) | |||
permissions_will_change! | |||
perms.each { |p| permissions.delete(p.to_sym) } | |||
save! | |||
end | |||
def <=>(role) | |||
position <=> role.position |
@@ -0,0 +1,14 @@ | |||
class AddCommitAccessPermission < ActiveRecord::Migration | |||
def self.up | |||
Role.find(:all).select { |r| not r.builtin? }.each do |r| | |||
r.add_permission!(:commit_access) | |||
end | |||
end | |||
def self.down | |||
Role.find(:all).select { |r| not r.builtin? }.each do |r| | |||
r.remove_permission!(:commit_access) | |||
end | |||
end | |||
end |
@@ -148,11 +148,12 @@ sub RedmineDSN { | |||
my ($self, $parms, $arg) = @_; | |||
$self->{RedmineDSN} = $arg; | |||
my $query = "SELECT | |||
hashed_password, auth_source_id | |||
FROM members, projects, users | |||
hashed_password, auth_source_id, permissions | |||
FROM members, projects, users, roles | |||
WHERE | |||
projects.id=members.project_id | |||
AND users.id=members.user_id | |||
AND roles.id=members.role_id | |||
AND users.status=1 | |||
AND login=? | |||
AND identifier=? "; | |||
@@ -277,9 +278,11 @@ sub is_member { | |||
$sth->execute($redmine_user, $project_id); | |||
my $ret; | |||
while (my @row = $sth->fetchrow_array) { | |||
unless ($row[1]) { | |||
if ($row[0] eq $pass_digest) { | |||
while (my ($hashed_password, $auth_source_id, $permissions) = $sth->fetchrow_array) { | |||
unless ($auth_source_id) { | |||
my $method = $r->method; | |||
if ($hashed_password eq $pass_digest && (defined $read_only_methods{$method} || $permissions =~ /:commit_access/) ) { | |||
$ret = 1; | |||
last; | |||
} | |||
@@ -287,7 +290,7 @@ sub is_member { | |||
my $sthldap = $dbh->prepare( | |||
"SELECT host,port,tls,account,account_password,base_dn,attr_login from auth_sources WHERE id = ?;" | |||
); | |||
$sthldap->execute($row[1]); | |||
$sthldap->execute($auth_source_id); | |||
while (my @rowldap = $sthldap->fetchrow_array) { | |||
my $ldap = Authen::Simple::LDAP->new( | |||
host => ($rowldap[2] == 1 || $rowldap[2] eq "t") ? "ldaps://$rowldap[0]" : $rowldap[0], |
@@ -1,142 +0,0 @@ | |||
#!/usr/bin/perl | |||
# | |||
# redMine is free software; you can redistribute it and/or | |||
# modify it under the terms of the GNU General Public License | |||
# as published by the Free Software Foundation; either version 2 | |||
# of the License, or (at your option) any later version. | |||
# | |||
# This program is distributed in the hope that it will be useful, | |||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
# GNU General Public License for more details. | |||
# | |||
# You should have received a copy of the GNU General Public License | |||
# along with this program; if not, write to the Free Software | |||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
use strict; | |||
use SOAP::Lite; | |||
use Getopt::Long; | |||
Getopt::Long::Configure ("bundling", "no_auto_abbrev", "no_ignore_case"); | |||
use Pod::Usage; | |||
use vars qw/$VERSION/; | |||
$VERSION = "1.0"; | |||
my $warning = "This program is now deprecated. Use the reposman.rb for new features"; | |||
print STDERR "*" x length($warning), "\n", | |||
$warning, "\n", | |||
"*" x length($warning), "\n\n"; | |||
my %opts = (verbose => 0); | |||
GetOptions(\%opts, 'verbose|v+', 'version|V', 'help|h', 'man|m', 'quiet|q', 'svn-dir|s=s', 'redmine-host|r=s') or pod2usage(2); | |||
die "$VERSION\n" if $opts{version}; | |||
pod2usage(1) if $opts{help}; | |||
pod2usage( -verbose => 2 ) if $opts{man}; | |||
my $repos_base = $opts{'svn-dir'}; | |||
my $redmine_host = $opts{'redmine-host'}; | |||
pod2usage(2) unless $repos_base and $redmine_host; | |||
unless (-d $repos_base) { | |||
Log(text => "$repos_base doesn't exist", exit => 1); | |||
} | |||
Log(level => 1, text => "querying redMine for projects..."); | |||
my $wdsl = "http://$redmine_host/sys/service.wsdl"; | |||
my $service = SOAP::Lite->service($wdsl); | |||
my $projects = $service->Projects(''); | |||
my $project_count = @{$projects}; | |||
Log(level => 1, text => "retrieved $project_count projects"); | |||
foreach my $project (@{$projects}) { | |||
Log(level => 1, text => "treating project $project->{name}"); | |||
my $repos_name = $project->{identifier}; | |||
if ($repos_name eq "") { | |||
Log(text => "\tno identifier for project $project->{name}"); | |||
next; | |||
} | |||
unless ($repos_name =~ /^[a-z0-9\-]+$/) { | |||
Log(text => "\tinvalid identifier for project $project->{name}"); | |||
next; | |||
} | |||
my $repos_path = "$repos_base/$repos_name"; | |||
if (-e $repos_path) { | |||
# check unix right and change them if needed | |||
my $other_read = (stat($repos_path))[2] & 00007; | |||
my $right; | |||
if ($project->{is_public} and not $other_read) { | |||
$right = "0775"; | |||
} elsif (not $project->{is_public} and $other_read) { | |||
$right = "0770"; | |||
} else { | |||
next; | |||
} | |||
# change mode | |||
system('chmod', '-R', $right, $repos_path) == 0 or | |||
warn("\tunable to change mode on $repos_path : $?\n"), next; | |||
Log(text => "\tmode change on $repos_path"); | |||
} else { | |||
# change umask to suit the repository's privacy | |||
$project->{is_public} ? umask 0002 : umask 0007; | |||
# create the repository | |||
system('svnadmin', 'create', $repos_path) == 0 or | |||
warn("\tsystem svnadmin failed unable to create $repos_path\n"), next; | |||
# set the group owner | |||
system('chown', '-R', "root:$repos_name", $repos_path) == 0 or | |||
warn("\tunable to create $repos_path : $?\n"), next; | |||
Log(text => "\trepository $repos_path created"); | |||
} | |||
} | |||
sub Log { | |||
my %args = (level => 0, text => '', @_); | |||
my $level = delete $args{level}; | |||
my $text = delete $args{text}; | |||
return unless $level <= $opts{verbose}; | |||
return if $opts{quiet}; | |||
print "$text\n"; | |||
exit $args{exit} | |||
if defined $args{exit}; | |||
} | |||
__END__ | |||
=head1 NAME | |||
reposman - manages your svn repositories with redMine | |||
=head1 SYNOPSIS | |||
reposman [options] arguments | |||
example: reposman --svn-dir=/var/svn --redmine-host=redmine.mydomain.foo | |||
reposman -s /var/svn -r redmine.mydomain.foo | |||
=head1 ARGUMENTS | |||
-s, --svn-dir=DIR use DIR as base directory for svn repositories | |||
-r, --redmine-host=HOST assume redMine is hosted on HOST | |||
=head1 OPTIONS | |||
-v verbose | |||
-V print version and exit | |||
@@ -6,52 +6,49 @@ | |||
# | |||
# == Usage | |||
# | |||
# reposman [ -h | --help ] [ -v | --verbose ] [ -V | --version ] [ -q | --quiet ] -s /var/svn -r redmine.host.org | |||
# example: reposman --svn-dir=/var/svn --redmine-host=redmine.mydomain.foo | |||
# reposman -s /var/svn -r redmine.mydomain.foo | |||
# reposman [OPTIONS...] -s [DIR] -r [HOST] | |||
# | |||
# Examples: | |||
# reposman --svn-dir=/var/svn --redmine-host=redmine.example.net | |||
# reposman -s /var/svn -r redmine.example.net -u http://svn.example.net | |||
# | |||
# == Arguments (mandatory) | |||
# | |||
# -s, --svn-dir=DIR | |||
# use DIR as base directory for svn repositories | |||
# | |||
# -r, --redmine-host=HOST | |||
# assume Redmine is hosted on HOST. | |||
# you can use : | |||
# * -r redmine.mydomain.foo (will add http://) | |||
# * -r http://redmine.mydomain.foo | |||
# * -r https://mydomain.foo/redmine | |||
# -s, --svn-dir=DIR use DIR as base directory for svn repositories | |||
# -r, --redmine-host=HOST assume Redmine is hosted on HOST. Examples: | |||
# -r redmine.example.net | |||
# -r http://redmine.example.net | |||
# -r https://example.net/redmine | |||
# | |||
# == Options | |||
# | |||
# -o, --owner=OWNER | |||
# owner of the repository. using the rails login allow user to browse | |||
# the repository in Redmine even for private project | |||
# | |||
# -u, --url=URL | |||
# the base url Redmine will use to access your repositories. This | |||
# will be used to register the repository in Redmine so that user | |||
# doesn't need to do anything. reposman will add the identifier to this url : | |||
# | |||
# -u https://my.svn.server/my/reposity/root # if the repository can be access by http | |||
# -u file:///var/svn/ # if the repository is local | |||
# if this option isn't set, reposman won't register the repository | |||
# | |||
# -t, --test | |||
# only show what should be done | |||
# | |||
# -h, --help: | |||
# show help and exit | |||
# | |||
# -v, --verbose | |||
# verbose | |||
# | |||
# -V, --version | |||
# print version and exit | |||
# | |||
# -q, --quiet | |||
# no log | |||
# | |||
# -o, --owner=OWNER owner of the repository. using the rails login | |||
# allow user to browse the repository within | |||
# Redmine even for private project | |||
# -u, --url=URL the base url Redmine will use to access your | |||
# repositories. This option is used to automatically | |||
# register the repositories in Redmine. The project | |||
# identifier will be appended to this url. Examples: | |||
# -u https://example.net/svn | |||
# -u file:///var/svn/ | |||
# if this option isn't set, reposman won't register | |||
# the repositories in Redmine | |||
# -c, --command=COMMAND use this command instead of "svnadmin create" to | |||
# create a repository. This option can be used to | |||
# create non-subversion repositories | |||
# --scm SCM vendor used to register the repository in | |||
# Redmine (default: Subversion). Can be one of the | |||
# other supported SCM: Bazaar, Darcs, Filesystem, | |||
# Git, Mercurial (case sensitive). | |||
# This option should be used when both options --url | |||
# and --command are used. | |||
# -f, --force force repository creation even if the project | |||
# repository is already declared in Redmine | |||
# -t, --test only show what should be done | |||
# -h, --help show help and exit | |||
# -v, --verbose verbose | |||
# -V, --version print version and exit | |||
# -q, --quiet no log | |||
require 'getoptlong' | |||
require 'rdoc/usage' | |||
@@ -59,14 +56,18 @@ require 'soap/wsdlDriver' | |||
require 'find' | |||
require 'etc' | |||
Version = "1.0" | |||
Version = "1.1" | |||
SUPPORTED_SCM = %w( Subversion Darcs Mercurial Bazaar Git Filesystem ) | |||
opts = GetoptLong.new( | |||
['--svn-dir', '-s', GetoptLong::REQUIRED_ARGUMENT], | |||
['--redmine-host', '-r', GetoptLong::REQUIRED_ARGUMENT], | |||
['--owner', '-o', GetoptLong::REQUIRED_ARGUMENT], | |||
['--url', '-u', GetoptLong::REQUIRED_ARGUMENT], | |||
['--command' , '-c', GetoptLong::REQUIRED_ARGUMENT], | |||
['--scm', GetoptLong::REQUIRED_ARGUMENT], | |||
['--test', '-t', GetoptLong::NO_ARGUMENT], | |||
['--force', '-f', GetoptLong::NO_ARGUMENT], | |||
['--verbose', '-v', GetoptLong::NO_ARGUMENT], | |||
['--version', '-V', GetoptLong::NO_ARGUMENT], | |||
['--help' , '-h', GetoptLong::NO_ARGUMENT], | |||
@@ -81,6 +82,9 @@ $svn_owner = 'root' | |||
$use_groupid = true | |||
$svn_url = false | |||
$test = false | |||
$command = "svnadmin create" | |||
$force = false | |||
$scm = 'Subversion' | |||
def log(text,level=0, exit=false) | |||
return if $quiet or level > $verbose | |||
@@ -95,8 +99,11 @@ begin | |||
when '--redmine-host'; $redmine_host = arg.dup | |||
when '--owner'; $svn_owner = arg.dup; $use_groupid = false; | |||
when '--url'; $svn_url = arg.dup | |||
when '--scm'; $scm = arg.dup; log("Invalid SCM: #{$scm}", 0, true) unless SUPPORTED_SCM.include?($scm) | |||
when '--command'; $command = arg.dup | |||
when '--verbose'; $verbose += 1 | |||
when '--test'; $test = true | |||
when '--force'; $force = true | |||
when '--version'; puts Version; exit | |||
when '--help'; RDoc::usage | |||
when '--quiet'; $quiet = true | |||
@@ -110,6 +117,12 @@ if $test | |||
log("running in test mode") | |||
end | |||
# Make sure command is overridden if SCM vendor is not Subversion | |||
if $scm != 'Subversion' && $command == 'svnadmin create' | |||
log("Please use --command option to specify how to create a #{$scm} repository.", 0, true) | |||
end | |||
$svn_url += "/" if $svn_url and not $svn_url.match(/\/$/) | |||
if ($redmine_host.empty? or $repos_base.empty?) | |||
@@ -133,7 +146,7 @@ rescue => e | |||
log("Unable to connect to #{wsdl_url} : #{e}", 0, true) | |||
end | |||
projects = soap.Projects | |||
projects = soap.ProjectsWithRepositoryEnabled | |||
if projects.nil? | |||
log('no project found, perhaps you forgot to "Enable WS for repository management"', 0, true) | |||
@@ -201,6 +214,13 @@ projects.each do |project| | |||
log("\tmode change on #{repos_path}"); | |||
else | |||
# if repository is already declared in redmine, we don't create | |||
# unless user use -f with reposman | |||
if $force == false and not project.repository.nil? | |||
log("\trepository for project #{project.identifier} already exists in Redmine", 1) | |||
next | |||
end | |||
project.is_public ? File.umask(0002) : File.umask(0007) | |||
if $test | |||
@@ -211,7 +231,8 @@ projects.each do |project| | |||
begin | |||
set_owner_and_rights(project, repos_path) do | |||
raise "svnadmin create #{repos_path} failed" unless system("svnadmin", "create", repos_path) | |||
command = "#{$command} #{repos_path}" | |||
raise "#{command} failed" unless system( command ) | |||
end | |||
rescue => e | |||
log("\tunable to create #{repos_path} : #{e}\n") | |||
@@ -219,7 +240,7 @@ projects.each do |project| | |||
end | |||
if $svn_url | |||
ret = soap.RepositoryCreated project.identifier, "#{$svn_url}#{project.identifier}" | |||
ret = soap.RepositoryCreated project.identifier, $scm, "#{$svn_url}#{project.identifier}" | |||
if ret > 0 | |||
log("\trepository #{repos_path} registered in Redmine with url #{$svn_url}#{project.identifier}"); | |||
else |
@@ -88,6 +88,7 @@ Redmine::AccessControl.map do |map| | |||
map.permission :manage_repository, {:repositories => [:edit, :destroy]}, :require => :member | |||
map.permission :browse_repository, :repositories => [:show, :browse, :entry, :annotate, :changes, :diff, :stats, :graph] | |||
map.permission :view_changesets, :repositories => [:show, :revisions, :revision] | |||
map.permission :commit_access, {} | |||
end | |||
map.project_module :boards do |map| |
@@ -67,7 +67,8 @@ module Redmine | |||
:view_files, | |||
:manage_files, | |||
:browse_repository, | |||
:view_changesets] | |||
:view_changesets, | |||
:commit_access] | |||
reporter = Role.create! :name => l(:default_role_reporter), | |||
:position => 3, |
@@ -5,7 +5,7 @@ require 'sys_controller' | |||
class SysController; def rescue_action(e) raise e end; end | |||
class SysControllerTest < Test::Unit::TestCase | |||
fixtures :projects, :repositories | |||
fixtures :projects, :enabled_modules, :repositories | |||
def setup | |||
@controller = SysController.new | |||
@@ -15,17 +15,36 @@ class SysControllerTest < Test::Unit::TestCase | |||
Setting.sys_api_enabled = 1 | |||
end | |||
def test_projects | |||
result = invoke :projects | |||
assert_equal Project.count, result.size | |||
assert result.first.is_a?(Project) | |||
def test_projects_with_repository_enabled | |||
result = invoke :projects_with_repository_enabled | |||
assert_equal EnabledModule.count(:all, :conditions => {:name => 'repository'}), result.size | |||
project = result.first | |||
assert project.is_a?(AWSProjectWithRepository) | |||
assert project.respond_to?(:id) | |||
assert_equal 1, project.id | |||
assert project.respond_to?(:identifier) | |||
assert_equal 'ecookbook', project.identifier | |||
assert project.respond_to?(:name) | |||
assert_equal 'eCookbook', project.name | |||
assert project.respond_to?(:is_public) | |||
assert project.is_public | |||
assert project.respond_to?(:repository) | |||
assert project.repository.is_a?(Repository) | |||
end | |||
def test_repository_created | |||
project = Project.find(3) | |||
assert_nil project.repository | |||
assert invoke(:repository_created, project.identifier, 'http://localhost/svn') | |||
assert invoke(:repository_created, project.identifier, 'Subversion', 'http://localhost/svn') | |||
project.reload | |||
assert_not_nil project.repository | |||
assert project.repository.is_a?(Repository::Subversion) | |||
assert_equal 'http://localhost/svn', project.repository.url | |||
end | |||
end |
@@ -30,4 +30,24 @@ class RoleTest < Test::Unit::TestCase | |||
target.reload | |||
assert_equal 90, target.workflows.size | |||
end | |||
def test_add_permission | |||
role = Role.find(1) | |||
size = role.permissions.size | |||
role.add_permission!("apermission", "anotherpermission") | |||
role.reload | |||
assert role.permissions.include?(:anotherpermission) | |||
assert_equal size + 2, role.permissions.size | |||
end | |||
def test_remove_permission | |||
role = Role.find(1) | |||
size = role.permissions.size | |||
perm = role.permissions[0..1] | |||
role.remove_permission!(*perm) | |||
role.reload | |||
assert ! role.permissions.include?(perm[0]) | |||
assert_equal size - 2, role.permissions.size | |||
end | |||
end |