summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJean-Philippe Lang <jp_lang@yahoo.fr>2008-09-13 16:31:11 +0000
committerJean-Philippe Lang <jp_lang@yahoo.fr>2008-09-13 16:31:11 +0000
commitcc643ce932b2abdc56c4d1933c02806ca57ddefa (patch)
treeeeaaba02f0eee8ce2d06a10609ccffebdfb1ee4d
parent6ef6459630cfd8fd5af31d527c0043243ef2cb09 (diff)
downloadredmine-cc643ce932b2abdc56c4d1933c02806ca57ddefa.tar.gz
redmine-cc643ce932b2abdc56c4d1933c02806ca57ddefa.zip
Merged nbc branch @ r1812 (commit access permission and reposman improvements).
git-svn-id: http://redmine.rubyforge.org/svn/trunk@1814 e93f8b46-1217-0410-a6f0-8f06a7374b81
-rw-r--r--app/apis/sys_api.rb14
-rw-r--r--app/controllers/sys_controller.rb9
-rw-r--r--app/models/project.rb2
-rw-r--r--app/models/role.rb27
-rw-r--r--db/migrate/096_add_commit_access_permission.rb14
-rw-r--r--extra/svn/Redmine.pm15
-rwxr-xr-xextra/svn/reposman.pl142
-rwxr-xr-xextra/svn/reposman.rb109
-rw-r--r--lib/redmine.rb1
-rw-r--r--lib/redmine/default_data/loader.rb3
-rw-r--r--test/functional/sys_api_test.rb31
-rw-r--r--test/unit/role_test.rb20
12 files changed, 178 insertions, 209 deletions
diff --git a/app/apis/sys_api.rb b/app/apis/sys_api.rb
index f52f9e7ef..fcee616b5 100644
--- a/app/apis/sys_api.rb
+++ b/app/apis/sys_api.rb
@@ -15,11 +15,19 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+class AWSProjectWithRepository < ActionWebService::Struct
+ member :id, :int
+ member :identifier, :string
+ member :name, :string
+ member :is_public, :bool
+ member :repository, Repository
+end
+
class SysApi < ActionWebService::API::Base
- api_method :projects,
+ api_method :projects_with_repository_enabled,
:expects => [],
- :returns => [[Project]]
+ :returns => [[AWSProjectWithRepository]]
api_method :repository_created,
- :expects => [:string, :string],
+ :expects => [:string, :string, :string],
:returns => [:int]
end
diff --git a/app/controllers/sys_controller.rb b/app/controllers/sys_controller.rb
index 6065c2833..8aff3bd15 100644
--- a/app/controllers/sys_controller.rb
+++ b/app/controllers/sys_controller.rb
@@ -23,18 +23,17 @@ class SysController < ActionController::Base
before_invocation :check_enabled
# Returns the projects list, with their repositories
- def projects
- Project.find(:all, :include => :repository)
+ def projects_with_repository_enabled
+ Project.has_module(:repository).find(:all, :include => :repository, :order => 'identifier')
end
# Registers a repository for the given project identifier
- # (Subversion specific)
- def repository_created(identifier, url)
+ def repository_created(identifier, vendor, url)
project = Project.find_by_identifier(identifier)
# Do not create the repository if the project has already one
return 0 unless project && project.repository.nil?
logger.debug "Repository for #{project.name} was created"
- repository = Repository.factory('Subversion', :project => project, :url => url)
+ repository = Repository.factory(vendor, :project => project, :url => url)
repository.save
repository.id || 0
end
diff --git a/app/models/project.rb b/app/models/project.rb
index adc70c644..e40af9967 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -62,6 +62,8 @@ class Project < ActiveRecord::Base
validates_format_of :identifier, :with => /^[a-z0-9\-]*$/
before_destroy :delete_all_members
+
+ named_scope :has_module, lambda { |mod| { :conditions => ["#{Project.table_name}.id IN (SELECT em.project_id FROM #{EnabledModule.table_name} em WHERE em.name=?)", mod.to_s] } }
def identifier=(identifier)
super unless identifier_frozen?
diff --git a/app/models/role.rb b/app/models/role.rb
index 6f1fb4768..5ff9470f9 100644
--- a/app/models/role.rb
+++ b/app/models/role.rb
@@ -19,6 +19,11 @@ class Role < ActiveRecord::Base
# Built-in roles
BUILTIN_NON_MEMBER = 1
BUILTIN_ANONYMOUS = 2
+
+ named_scope :builtin, lambda { |*args|
+ compare = 'not' if args.first == true
+ { :conditions => "#{compare} builtin = 0" }
+ }
before_destroy :check_deletable
has_many :workflows, :dependent => :delete_all do
@@ -36,7 +41,7 @@ class Role < ActiveRecord::Base
has_many :members
acts_as_list
- serialize :permissions
+ serialize :permissions, Array
attr_protected :builtin
validates_presence_of :name
@@ -49,9 +54,27 @@ class Role < ActiveRecord::Base
end
def permissions=(perms)
- perms = perms.collect {|p| p.to_sym unless p.blank? }.compact if perms
+ perms = perms.collect {|p| p.to_sym unless p.blank? }.compact.uniq if perms
write_attribute(:permissions, perms)
end
+
+ def add_permission!(*perms)
+ self.permissions = [] unless permissions.is_a?(Array)
+
+ permissions_will_change!
+ perms.each do |p|
+ p = p.to_sym
+ permissions << p unless permissions.include?(p)
+ end
+ save!
+ end
+
+ def remove_permission!(*perms)
+ return unless permissions.is_a?(Array)
+ permissions_will_change!
+ perms.each { |p| permissions.delete(p.to_sym) }
+ save!
+ end
def <=>(role)
position <=> role.position
diff --git a/db/migrate/096_add_commit_access_permission.rb b/db/migrate/096_add_commit_access_permission.rb
new file mode 100644
index 000000000..f73af2c0c
--- /dev/null
+++ b/db/migrate/096_add_commit_access_permission.rb
@@ -0,0 +1,14 @@
+class AddCommitAccessPermission < ActiveRecord::Migration
+
+ def self.up
+ Role.find(:all).select { |r| not r.builtin? }.each do |r|
+ r.add_permission!(:commit_access)
+ end
+ end
+
+ def self.down
+ Role.find(:all).select { |r| not r.builtin? }.each do |r|
+ r.remove_permission!(:commit_access)
+ end
+ end
+end
diff --git a/extra/svn/Redmine.pm b/extra/svn/Redmine.pm
index 2619196c7..a15b482e8 100644
--- a/extra/svn/Redmine.pm
+++ b/extra/svn/Redmine.pm
@@ -148,11 +148,12 @@ sub RedmineDSN {
my ($self, $parms, $arg) = @_;
$self->{RedmineDSN} = $arg;
my $query = "SELECT
- hashed_password, auth_source_id
- FROM members, projects, users
+ hashed_password, auth_source_id, permissions
+ FROM members, projects, users, roles
WHERE
projects.id=members.project_id
AND users.id=members.user_id
+ AND roles.id=members.role_id
AND users.status=1
AND login=?
AND identifier=? ";
@@ -277,9 +278,11 @@ sub is_member {
$sth->execute($redmine_user, $project_id);
my $ret;
- while (my @row = $sth->fetchrow_array) {
- unless ($row[1]) {
- if ($row[0] eq $pass_digest) {
+ while (my ($hashed_password, $auth_source_id, $permissions) = $sth->fetchrow_array) {
+
+ unless ($auth_source_id) {
+ my $method = $r->method;
+ if ($hashed_password eq $pass_digest && (defined $read_only_methods{$method} || $permissions =~ /:commit_access/) ) {
$ret = 1;
last;
}
@@ -287,7 +290,7 @@ sub is_member {
my $sthldap = $dbh->prepare(
"SELECT host,port,tls,account,account_password,base_dn,attr_login from auth_sources WHERE id = ?;"
);
- $sthldap->execute($row[1]);
+ $sthldap->execute($auth_source_id);
while (my @rowldap = $sthldap->fetchrow_array) {
my $ldap = Authen::Simple::LDAP->new(
host => ($rowldap[2] == 1 || $rowldap[2] eq "t") ? "ldaps://$rowldap[0]" : $rowldap[0],
diff --git a/extra/svn/reposman.pl b/extra/svn/reposman.pl
deleted file mode 100755
index b8ce8f8af..000000000
--- a/extra/svn/reposman.pl
+++ /dev/null
@@ -1,142 +0,0 @@
-#!/usr/bin/perl
-#
-# redMine is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
-use strict;
-use SOAP::Lite;
-use Getopt::Long;
-Getopt::Long::Configure ("bundling", "no_auto_abbrev", "no_ignore_case");
-use Pod::Usage;
-use vars qw/$VERSION/;
-
-$VERSION = "1.0";
-
-my $warning = "This program is now deprecated. Use the reposman.rb for new features";
-print STDERR "*" x length($warning), "\n",
- $warning, "\n",
- "*" x length($warning), "\n\n";
-
-my %opts = (verbose => 0);
-GetOptions(\%opts, 'verbose|v+', 'version|V', 'help|h', 'man|m', 'quiet|q', 'svn-dir|s=s', 'redmine-host|r=s') or pod2usage(2);
-
-die "$VERSION\n" if $opts{version};
-pod2usage(1) if $opts{help};
-pod2usage( -verbose => 2 ) if $opts{man};
-
-my $repos_base = $opts{'svn-dir'};
-my $redmine_host = $opts{'redmine-host'};
-
-pod2usage(2) unless $repos_base and $redmine_host;
-
-unless (-d $repos_base) {
- Log(text => "$repos_base doesn't exist", exit => 1);
-}
-
-Log(level => 1, text => "querying redMine for projects...");
-my $wdsl = "http://$redmine_host/sys/service.wsdl";
-my $service = SOAP::Lite->service($wdsl);
-
-my $projects = $service->Projects('');
-my $project_count = @{$projects};
-Log(level => 1, text => "retrieved $project_count projects");
-
-foreach my $project (@{$projects}) {
- Log(level => 1, text => "treating project $project->{name}");
- my $repos_name = $project->{identifier};
-
- if ($repos_name eq "") {
- Log(text => "\tno identifier for project $project->{name}");
- next;
- }
-
- unless ($repos_name =~ /^[a-z0-9\-]+$/) {
- Log(text => "\tinvalid identifier for project $project->{name}");
- next;
- }
-
- my $repos_path = "$repos_base/$repos_name";
-
- if (-e $repos_path) {
- # check unix right and change them if needed
- my $other_read = (stat($repos_path))[2] & 00007;
- my $right;
-
- if ($project->{is_public} and not $other_read) {
- $right = "0775";
- } elsif (not $project->{is_public} and $other_read) {
- $right = "0770";
- } else {
- next;
- }
-
- # change mode
- system('chmod', '-R', $right, $repos_path) == 0 or
- warn("\tunable to change mode on $repos_path : $?\n"), next;
-
- Log(text => "\tmode change on $repos_path");
-
- } else {
- # change umask to suit the repository's privacy
- $project->{is_public} ? umask 0002 : umask 0007;
-
- # create the repository
- system('svnadmin', 'create', $repos_path) == 0 or
- warn("\tsystem svnadmin failed unable to create $repos_path\n"), next;
-
- # set the group owner
- system('chown', '-R', "root:$repos_name", $repos_path) == 0 or
- warn("\tunable to create $repos_path : $?\n"), next;
-
- Log(text => "\trepository $repos_path created");
- }
-}
-
-
-sub Log {
- my %args = (level => 0, text => '', @_);
-
- my $level = delete $args{level};
- my $text = delete $args{text};
- return unless $level <= $opts{verbose};
- return if $opts{quiet};
- print "$text\n";
-
- exit $args{exit}
- if defined $args{exit};
-}
-
-
-__END__
-
-=head1 NAME
-
- reposman - manages your svn repositories with redMine
-
-=head1 SYNOPSIS
-
- reposman [options] arguments
- example: reposman --svn-dir=/var/svn --redmine-host=redmine.mydomain.foo
- reposman -s /var/svn -r redmine.mydomain.foo
-
-=head1 ARGUMENTS
-
- -s, --svn-dir=DIR use DIR as base directory for svn repositories
- -r, --redmine-host=HOST assume redMine is hosted on HOST
-
-=head1 OPTIONS
-
- -v verbose
- -V print version and exit
-
diff --git a/extra/svn/reposman.rb b/extra/svn/reposman.rb
index 0b476cdc4..76804d650 100755
--- a/extra/svn/reposman.rb
+++ b/extra/svn/reposman.rb
@@ -6,52 +6,49 @@
#
# == Usage
#
-# reposman [ -h | --help ] [ -v | --verbose ] [ -V | --version ] [ -q | --quiet ] -s /var/svn -r redmine.host.org
-# example: reposman --svn-dir=/var/svn --redmine-host=redmine.mydomain.foo
-# reposman -s /var/svn -r redmine.mydomain.foo
+# reposman [OPTIONS...] -s [DIR] -r [HOST]
+#
+# Examples:
+# reposman --svn-dir=/var/svn --redmine-host=redmine.example.net
+# reposman -s /var/svn -r redmine.example.net -u http://svn.example.net
#
# == Arguments (mandatory)
-#
-# -s, --svn-dir=DIR
-# use DIR as base directory for svn repositories
#
-# -r, --redmine-host=HOST
-# assume Redmine is hosted on HOST.
-# you can use :
-# * -r redmine.mydomain.foo (will add http://)
-# * -r http://redmine.mydomain.foo
-# * -r https://mydomain.foo/redmine
+# -s, --svn-dir=DIR use DIR as base directory for svn repositories
+# -r, --redmine-host=HOST assume Redmine is hosted on HOST. Examples:
+# -r redmine.example.net
+# -r http://redmine.example.net
+# -r https://example.net/redmine
#
# == Options
#
-# -o, --owner=OWNER
-# owner of the repository. using the rails login allow user to browse
-# the repository in Redmine even for private project
-#
-# -u, --url=URL
-# the base url Redmine will use to access your repositories. This
-# will be used to register the repository in Redmine so that user
-# doesn't need to do anything. reposman will add the identifier to this url :
-#
-# -u https://my.svn.server/my/reposity/root # if the repository can be access by http
-# -u file:///var/svn/ # if the repository is local
-# if this option isn't set, reposman won't register the repository
-#
-# -t, --test
-# only show what should be done
-#
-# -h, --help:
-# show help and exit
-#
-# -v, --verbose
-# verbose
-#
-# -V, --version
-# print version and exit
-#
-# -q, --quiet
-# no log
-#
+# -o, --owner=OWNER owner of the repository. using the rails login
+# allow user to browse the repository within
+# Redmine even for private project
+# -u, --url=URL the base url Redmine will use to access your
+# repositories. This option is used to automatically
+# register the repositories in Redmine. The project
+# identifier will be appended to this url. Examples:
+# -u https://example.net/svn
+# -u file:///var/svn/
+# if this option isn't set, reposman won't register
+# the repositories in Redmine
+# -c, --command=COMMAND use this command instead of "svnadmin create" to
+# create a repository. This option can be used to
+# create non-subversion repositories
+# --scm SCM vendor used to register the repository in
+# Redmine (default: Subversion). Can be one of the
+# other supported SCM: Bazaar, Darcs, Filesystem,
+# Git, Mercurial (case sensitive).
+# This option should be used when both options --url
+# and --command are used.
+# -f, --force force repository creation even if the project
+# repository is already declared in Redmine
+# -t, --test only show what should be done
+# -h, --help show help and exit
+# -v, --verbose verbose
+# -V, --version print version and exit
+# -q, --quiet no log
require 'getoptlong'
require 'rdoc/usage'
@@ -59,14 +56,18 @@ require 'soap/wsdlDriver'
require 'find'
require 'etc'
-Version = "1.0"
+Version = "1.1"
+SUPPORTED_SCM = %w( Subversion Darcs Mercurial Bazaar Git Filesystem )
opts = GetoptLong.new(
['--svn-dir', '-s', GetoptLong::REQUIRED_ARGUMENT],
['--redmine-host', '-r', GetoptLong::REQUIRED_ARGUMENT],
['--owner', '-o', GetoptLong::REQUIRED_ARGUMENT],
['--url', '-u', GetoptLong::REQUIRED_ARGUMENT],
+ ['--command' , '-c', GetoptLong::REQUIRED_ARGUMENT],
+ ['--scm', GetoptLong::REQUIRED_ARGUMENT],
['--test', '-t', GetoptLong::NO_ARGUMENT],
+ ['--force', '-f', GetoptLong::NO_ARGUMENT],
['--verbose', '-v', GetoptLong::NO_ARGUMENT],
['--version', '-V', GetoptLong::NO_ARGUMENT],
['--help' , '-h', GetoptLong::NO_ARGUMENT],
@@ -81,6 +82,9 @@ $svn_owner = 'root'
$use_groupid = true
$svn_url = false
$test = false
+$command = "svnadmin create"
+$force = false
+$scm = 'Subversion'
def log(text,level=0, exit=false)
return if $quiet or level > $verbose
@@ -95,8 +99,11 @@ begin
when '--redmine-host'; $redmine_host = arg.dup
when '--owner'; $svn_owner = arg.dup; $use_groupid = false;
when '--url'; $svn_url = arg.dup
+ when '--scm'; $scm = arg.dup; log("Invalid SCM: #{$scm}", 0, true) unless SUPPORTED_SCM.include?($scm)
+ when '--command'; $command = arg.dup
when '--verbose'; $verbose += 1
when '--test'; $test = true
+ when '--force'; $force = true
when '--version'; puts Version; exit
when '--help'; RDoc::usage
when '--quiet'; $quiet = true
@@ -110,6 +117,12 @@ if $test
log("running in test mode")
end
+# Make sure command is overridden if SCM vendor is not Subversion
+if $scm != 'Subversion' && $command == 'svnadmin create'
+ log("Please use --command option to specify how to create a #{$scm} repository.", 0, true)
+end
+
+
$svn_url += "/" if $svn_url and not $svn_url.match(/\/$/)
if ($redmine_host.empty? or $repos_base.empty?)
@@ -133,7 +146,7 @@ rescue => e
log("Unable to connect to #{wsdl_url} : #{e}", 0, true)
end
-projects = soap.Projects
+projects = soap.ProjectsWithRepositoryEnabled
if projects.nil?
log('no project found, perhaps you forgot to "Enable WS for repository management"', 0, true)
@@ -201,6 +214,13 @@ projects.each do |project|
log("\tmode change on #{repos_path}");
else
+ # if repository is already declared in redmine, we don't create
+ # unless user use -f with reposman
+ if $force == false and not project.repository.nil?
+ log("\trepository for project #{project.identifier} already exists in Redmine", 1)
+ next
+ end
+
project.is_public ? File.umask(0002) : File.umask(0007)
if $test
@@ -211,7 +231,8 @@ projects.each do |project|
begin
set_owner_and_rights(project, repos_path) do
- raise "svnadmin create #{repos_path} failed" unless system("svnadmin", "create", repos_path)
+ command = "#{$command} #{repos_path}"
+ raise "#{command} failed" unless system( command )
end
rescue => e
log("\tunable to create #{repos_path} : #{e}\n")
@@ -219,7 +240,7 @@ projects.each do |project|
end
if $svn_url
- ret = soap.RepositoryCreated project.identifier, "#{$svn_url}#{project.identifier}"
+ ret = soap.RepositoryCreated project.identifier, $scm, "#{$svn_url}#{project.identifier}"
if ret > 0
log("\trepository #{repos_path} registered in Redmine with url #{$svn_url}#{project.identifier}");
else
diff --git a/lib/redmine.rb b/lib/redmine.rb
index 8045f30f1..fdacb23b9 100644
--- a/lib/redmine.rb
+++ b/lib/redmine.rb
@@ -88,6 +88,7 @@ Redmine::AccessControl.map do |map|
map.permission :manage_repository, {:repositories => [:edit, :destroy]}, :require => :member
map.permission :browse_repository, :repositories => [:show, :browse, :entry, :annotate, :changes, :diff, :stats, :graph]
map.permission :view_changesets, :repositories => [:show, :revisions, :revision]
+ map.permission :commit_access, {}
end
map.project_module :boards do |map|
diff --git a/lib/redmine/default_data/loader.rb b/lib/redmine/default_data/loader.rb
index 11bd2a0b4..dd3b9e7ec 100644
--- a/lib/redmine/default_data/loader.rb
+++ b/lib/redmine/default_data/loader.rb
@@ -67,7 +67,8 @@ module Redmine
:view_files,
:manage_files,
:browse_repository,
- :view_changesets]
+ :view_changesets,
+ :commit_access]
reporter = Role.create! :name => l(:default_role_reporter),
:position => 3,
diff --git a/test/functional/sys_api_test.rb b/test/functional/sys_api_test.rb
index ec8d0964e..48ed780d0 100644
--- a/test/functional/sys_api_test.rb
+++ b/test/functional/sys_api_test.rb
@@ -5,7 +5,7 @@ require 'sys_controller'
class SysController; def rescue_action(e) raise e end; end
class SysControllerTest < Test::Unit::TestCase
- fixtures :projects, :repositories
+ fixtures :projects, :enabled_modules, :repositories
def setup
@controller = SysController.new
@@ -15,17 +15,36 @@ class SysControllerTest < Test::Unit::TestCase
Setting.sys_api_enabled = 1
end
- def test_projects
- result = invoke :projects
- assert_equal Project.count, result.size
- assert result.first.is_a?(Project)
+ def test_projects_with_repository_enabled
+ result = invoke :projects_with_repository_enabled
+ assert_equal EnabledModule.count(:all, :conditions => {:name => 'repository'}), result.size
+
+ project = result.first
+ assert project.is_a?(AWSProjectWithRepository)
+
+ assert project.respond_to?(:id)
+ assert_equal 1, project.id
+
+ assert project.respond_to?(:identifier)
+ assert_equal 'ecookbook', project.identifier
+
+ assert project.respond_to?(:name)
+ assert_equal 'eCookbook', project.name
+
+ assert project.respond_to?(:is_public)
+ assert project.is_public
+
+ assert project.respond_to?(:repository)
+ assert project.repository.is_a?(Repository)
end
def test_repository_created
project = Project.find(3)
assert_nil project.repository
- assert invoke(:repository_created, project.identifier, 'http://localhost/svn')
+ assert invoke(:repository_created, project.identifier, 'Subversion', 'http://localhost/svn')
project.reload
assert_not_nil project.repository
+ assert project.repository.is_a?(Repository::Subversion)
+ assert_equal 'http://localhost/svn', project.repository.url
end
end
diff --git a/test/unit/role_test.rb b/test/unit/role_test.rb
index b98af2e36..cab668c50 100644
--- a/test/unit/role_test.rb
+++ b/test/unit/role_test.rb
@@ -30,4 +30,24 @@ class RoleTest < Test::Unit::TestCase
target.reload
assert_equal 90, target.workflows.size
end
+
+ def test_add_permission
+ role = Role.find(1)
+ size = role.permissions.size
+ role.add_permission!("apermission", "anotherpermission")
+ role.reload
+ assert role.permissions.include?(:anotherpermission)
+ assert_equal size + 2, role.permissions.size
+ end
+
+ def test_remove_permission
+ role = Role.find(1)
+ size = role.permissions.size
+ perm = role.permissions[0..1]
+ role.remove_permission!(*perm)
+ role.reload
+ assert ! role.permissions.include?(perm[0])
+ assert_equal size - 2, role.permissions.size
+ end
+
end