From 4ff8386e3dfee800591e7f856a26ccc700149b02 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Sun, 1 Apr 2007 19:43:59 +0000 Subject: [PATCH] Initial commit for svn repository management and access control: * Identifier attribute added on Project model. Used as the unix group name for the project * Web services (disabled by default) and scripts for repository management on a remote svn host git-svn-id: http://redmine.rubyforge.org/svn/trunk@396 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/apis/sys_api.rb | 25 +++++++++++ app/controllers/sys_controller.rb | 44 ++++++++++++++++++ app/models/project.rb | 18 ++++++-- app/views/projects/_form.rhtml | 1 + app/views/settings/edit.rhtml | 3 ++ config/settings.yml | 2 + extra/svn/create_views.sql | 24 ++++++++++ extra/svn/manage_repos.pl | 75 +++++++++++++++++++++++++++++++ extra/svn/svnserve.wrapper | 25 +++++++++++ lang/de.yml | 3 ++ lang/en.yml | 3 ++ lang/es.yml | 3 ++ lang/fr.yml | 3 ++ lang/it.yml | 3 ++ lang/ja.yml | 3 ++ lang/zh.yml | 3 ++ test/fixtures/projects.yml | 4 ++ test/integration/admin_test.rb | 2 +- 18 files changed, 239 insertions(+), 5 deletions(-) create mode 100644 app/apis/sys_api.rb create mode 100644 app/controllers/sys_controller.rb create mode 100644 extra/svn/create_views.sql create mode 100644 extra/svn/manage_repos.pl create mode 100644 extra/svn/svnserve.wrapper diff --git a/app/apis/sys_api.rb b/app/apis/sys_api.rb new file mode 100644 index 00000000..3a10c040 --- /dev/null +++ b/app/apis/sys_api.rb @@ -0,0 +1,25 @@ +# redMine - project management software +# Copyright (C) 2006-2007 Jean-Philippe Lang +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +class SysApi < ActionWebService::API::Base + api_method :projects, + :expects => [], + :returns => [[Project]] + api_method :repository_created, + :expects => [:int, :string], + :returns => [:int] +end diff --git a/app/controllers/sys_controller.rb b/app/controllers/sys_controller.rb new file mode 100644 index 00000000..4900a845 --- /dev/null +++ b/app/controllers/sys_controller.rb @@ -0,0 +1,44 @@ +# redMine - project management software +# Copyright (C) 2006-2007 Jean-Philippe Lang +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +class SysController < ActionController::Base + wsdl_service_name 'Sys' + web_service_api SysApi + web_service_scaffold :invoke + + before_invocation :check_enabled + + def projects + Project.find(:all, :include => :repository) + end + + def repository_created(project_id, url) + project = Project.find_by_id(project_id) + return 0 unless project && project.repository.nil? + logger.debug "Repository for #{project.name} created" + repository = Repository.new(:project => project, :url => url) + repository.root_url = url + repository.save + repository.id + end + +protected + + def check_enabled(name, args) + Setting.sys_api_enabled? + end +end diff --git a/app/models/project.rb b/app/models/project.rb index 10730ed1..fe02cd82 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -30,13 +30,23 @@ class Project < ActiveRecord::Base has_one :wiki, :dependent => :destroy has_and_belongs_to_many :custom_fields, :class_name => 'IssueCustomField', :join_table => "#{table_name_prefix}custom_fields_projects#{table_name_suffix}", :association_foreign_key => 'custom_field_id' acts_as_tree :order => "name", :counter_cache => true - - validates_presence_of :name, :description - validates_uniqueness_of :name + + validates_presence_of :name, :description, :identifier + validates_uniqueness_of :name, :identifier validates_associated :custom_values, :on => :update validates_associated :repository, :wiki validates_format_of :name, :with => /^[\w\s\'\-]*$/i - + validates_length_of :identifier, :maximum => 12 + validates_format_of :identifier, :with => /^[a-z0-9\-]*$/ + + def identifier=(identifier) + super unless identifier_frozen? + end + + def identifier_frozen? + errors[:identifier].nil? && !(new_record? || identifier.blank?) + end + # returns latest created projects # non public projects will be returned only if user is a member of those def self.latest(user=nil, count=5) diff --git a/app/views/projects/_form.rhtml b/app/views/projects/_form.rhtml index ded22719..184370b9 100644 --- a/app/views/projects/_form.rhtml +++ b/app/views/projects/_form.rhtml @@ -9,6 +9,7 @@ <% end %>

<%= f.text_area :description, :required => true, :cols => 60, :rows => 3 %>

+

<%= f.text_field :identifier, :required => true, :size => 15, :disabled => @project.identifier_frozen? %>
<%= l(:text_project_identifier_info) unless @project.identifier_frozen? %>

<%= f.text_field :homepage, :size => 40 %>

<%= f.check_box :is_public %>

diff --git a/app/views/settings/edit.rhtml b/app/views/settings/edit.rhtml index 223df7a9..7a678c53 100644 --- a/app/views/settings/edit.rhtml +++ b/app/views/settings/edit.rhtml @@ -48,6 +48,9 @@

<%= check_box_tag 'settings[autofetch_changesets]', 1, Setting.autofetch_changesets? %><%= hidden_field_tag 'settings[autofetch_changesets]', 0 %>

+

+<%= check_box_tag 'settings[sys_api_enabled]', 1, Setting.sys_api_enabled? %><%= hidden_field_tag 'settings[sys_api_enabled]', 0 %>

+ <%= submit_tag l(:button_save) %> diff --git a/config/settings.yml b/config/settings.yml index 5942f499..979e9e7f 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -52,3 +52,5 @@ feeds_limit: default: 15 autofetch_changesets: default: 1 +sys_api_enabled: + default: 0 diff --git a/extra/svn/create_views.sql b/extra/svn/create_views.sql new file mode 100644 index 00000000..ce02e081 --- /dev/null +++ b/extra/svn/create_views.sql @@ -0,0 +1,24 @@ +/* ssh views */ + +CREATE OR REPLACE VIEW ssh_users as +select login as username, hashed_password as password +from users +where status = 1; + + +/* nss views */ + +CREATE OR REPLACE VIEW nss_groups AS +select identifier AS name, (id + 5000) AS gid, 'x' AS password +from projects; + +CREATE OR REPLACE VIEW nss_users AS +select login AS username, CONCAT_WS(' ', firstname, lastname) as realname, (id + 5000) AS uid, 'x' AS password +from users +where status = 1; + +CREATE OR REPLACE VIEW nss_grouplist AS +select (members.project_id + 5000) AS gid, users.login AS username +from users, members +where users.id = members.user_id +and users.status = 1; diff --git a/extra/svn/manage_repos.pl b/extra/svn/manage_repos.pl new file mode 100644 index 00000000..aab666f4 --- /dev/null +++ b/extra/svn/manage_repos.pl @@ -0,0 +1,75 @@ +#!/usr/bin/perl +# +# redMine is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +use strict; +use SOAP::Lite; + +my $wdsl = 'http://192.168.0.10:3000/sys/service.wsdl'; +my $service = SOAP::Lite->service($wdsl); +my $repos_base = '/var/svn'; + +my $projects = $service->Projects(''); + +foreach my $project (@{$projects}) { + my $repos_name = $project->{identifier}; + + if ($repos_name eq "") { + print("\tno identifier for project $project->{name}\n"); + next; + } + + unless ($repos_name =~ /^[a-z0-9\-]+$/) { + print("\tinvalid identifier for project $project->{name}\n"); + next; + } + + my $repos_path = "$repos_base/$repos_name"; + + if (-e $repos_path) { + # check unix right and change them if needed + my $other_read = (stat($repos_path))[2] & 00007; + my $right; + + if ($project->{is_public} and not $other_read) { + $right = "0775"; + } elsif (not $project->{is_public} and $other_read) { + $right = "0770"; + } else { + next; + } + + # change mode + system('chmod', '-R', $right, $repos_path) == 0 or + warn("\tunable to change mode on $repos_path : $?\n"), next; + + print "\tmode change on $repos_path\n"; + + } else { + # change umask to suit the repository's privacy + $project->{is_public} ? umask 0002 : umask 0007; + + # create the repository + system('svnadmin', 'create', $repos_path) == 0 or + warn("\tsystem svnadmin failed unable to create $repos_path\n"), next; + + # set the group owner + system('chown', '-R', "root:$repos_name", $repos_path) == 0 or + warn("\tunable to create $repos_path : $?\n"), next; + + print "\trepository $repos_path created\n"; + my $call = $service->RepositoryCreated($project->{id}, "svn://host/$repos_name"); + } +} diff --git a/extra/svn/svnserve.wrapper b/extra/svn/svnserve.wrapper new file mode 100644 index 00000000..705a17e8 --- /dev/null +++ b/extra/svn/svnserve.wrapper @@ -0,0 +1,25 @@ +#!/usr/bin/perl +# +# redMine is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# modify to suit your repository base +my $repos_base = '/var/svn'; + +my $path = '/usr/bin/'; +my %kwown_commands = map { $_ => 1 } qw/svnserve/; + +umask 0002; + +exec ('/usr/bin/svnserve', '-r', $repos_base, '-t'); diff --git a/lang/de.yml b/lang/de.yml index 9c2c18a0..a98947d7 100644 --- a/lang/de.yml +++ b/lang/de.yml @@ -146,6 +146,7 @@ field_subproject: Subprojekt von field_hours: Stunden field_activity: Aktivität field_spent_on: Datum +field_identifier: Identifier setting_app_title: Applikation Titel setting_app_subtitle: Applikation Untertitel @@ -161,6 +162,7 @@ setting_text_formatting: Textformatierung setting_wiki_compression: Wiki-Historie komprimieren setting_feeds_limit: Limit Feed Inhalt setting_autofetch_changesets: Autofetch SVN commits +setting_sys_api_enabled: Enable WS for repository management label_user: Benutzer label_user_plural: Benutzer @@ -394,6 +396,7 @@ text_journal_deleted: gelöscht text_tip_task_begin_day: Aufgabe, die an diesem Tag beginnt text_tip_task_end_day: Aufgabe, die an diesem Tag beendet text_tip_task_begin_end_day: Aufgabe, die an diesem Tag beginnt und beendet +text_project_identifier_info: '12 characters maximum. Letters (a-z), numbers (0-9) and dashes allowed.
Once saved, the identifier can not be changed.' default_role_manager: Manager default_role_developper: Developer diff --git a/lang/en.yml b/lang/en.yml index ffc13928..d4c58929 100644 --- a/lang/en.yml +++ b/lang/en.yml @@ -146,6 +146,7 @@ field_subproject: Subproject field_hours: Hours field_activity: Activity field_spent_on: Date +field_identifier: Identifier setting_app_title: Application title setting_app_subtitle: Application subtitle @@ -161,6 +162,7 @@ setting_text_formatting: Text formatting setting_wiki_compression: Wiki history compression setting_feeds_limit: Feed content limit setting_autofetch_changesets: Autofetch SVN commits +setting_sys_api_enabled: Enable WS for repository management label_user: User label_user_plural: Users @@ -394,6 +396,7 @@ text_journal_deleted: deleted text_tip_task_begin_day: task beginning this day text_tip_task_end_day: task ending this day text_tip_task_begin_end_day: task beginning and ending this day +text_project_identifier_info: '12 characters maximum. Letters (a-z), numbers (0-9) and dashes allowed.
Once saved, the identifier can not be changed.' default_role_manager: Manager default_role_developper: Developer diff --git a/lang/es.yml b/lang/es.yml index acd03c53..aad0b95a 100644 --- a/lang/es.yml +++ b/lang/es.yml @@ -146,6 +146,7 @@ field_subproject: Proyecto secundario field_hours: Hours field_activity: Activity field_spent_on: Fecha +field_identifier: Identifier setting_app_title: Título del aplicación setting_app_subtitle: Subtítulo del aplicación @@ -161,6 +162,7 @@ setting_text_formatting: Formato de texto setting_wiki_compression: Compresión de la historia de Wiki setting_feeds_limit: Feed content limit setting_autofetch_changesets: Autofetch SVN commits +setting_sys_api_enabled: Enable WS for repository management label_user: Usuario label_user_plural: Usuarios @@ -394,6 +396,7 @@ text_journal_deleted: suprimido text_tip_task_begin_day: tarea que comienza este día text_tip_task_end_day: tarea que termina este día text_tip_task_begin_end_day: tarea que comienza y termina este día +text_project_identifier_info: '12 characters maximum. Letters (a-z), numbers (0-9) and dashes allowed.
Once saved, the identifier can not be changed.' default_role_manager: Manager default_role_developper: Desarrollador diff --git a/lang/fr.yml b/lang/fr.yml index 243557e6..4218ca4f 100644 --- a/lang/fr.yml +++ b/lang/fr.yml @@ -146,6 +146,7 @@ field_subproject: Sous-projet field_hours: Heures field_activity: Activité field_spent_on: Date +field_identifier: Identifiant setting_app_title: Titre de l'application setting_app_subtitle: Sous-titre de l'application @@ -161,6 +162,7 @@ setting_text_formatting: Formatage du texte setting_wiki_compression: Compression historique wiki setting_feeds_limit: Limite du contenu des flux RSS setting_autofetch_changesets: Récupération auto. des commits SVN +setting_sys_api_enabled: Activer les WS pour la gestion des dépôts label_user: Utilisateur label_user_plural: Utilisateurs @@ -394,6 +396,7 @@ text_journal_deleted: supprimé text_tip_task_begin_day: tâche commençant ce jour text_tip_task_end_day: tâche finissant ce jour text_tip_task_begin_end_day: tâche commençant et finissant ce jour +text_project_identifier_info: '12 caractères maximum. Lettres (a-z), chiffres (0-9) et tirets autorisés.
Un fois sauvegardé, l''identifiant ne pourra plus être modifié.' default_role_manager: Manager default_role_developper: Développeur diff --git a/lang/it.yml b/lang/it.yml index c024b5fc..d5c0f43d 100644 --- a/lang/it.yml +++ b/lang/it.yml @@ -146,6 +146,7 @@ field_subproject: Sottoprogetto field_hours: Hours field_activity: Activity field_spent_on: Data +field_identifier: Identifier setting_app_title: Titolo applicazione setting_app_subtitle: Sottotitolo applicazione @@ -161,6 +162,7 @@ setting_text_formatting: Formattazione testo setting_wiki_compression: Compressione di storia di Wiki setting_feeds_limit: Feed content limit setting_autofetch_changesets: Autofetch SVN commits +setting_sys_api_enabled: Enable WS for repository management label_user: Utente label_user_plural: Utenti @@ -394,6 +396,7 @@ text_journal_deleted: deleted text_tip_task_begin_day: task beginning this day text_tip_task_end_day: task ending this day text_tip_task_begin_end_day: task beginning and ending this day +text_project_identifier_info: '12 characters maximum. Letters (a-z), numbers (0-9) and dashes allowed.
Once saved, the identifier can not be changed.' default_role_manager: Manager default_role_developper: Sviluppatore diff --git a/lang/ja.yml b/lang/ja.yml index 90fdd9f7..127dbbe5 100644 --- a/lang/ja.yml +++ b/lang/ja.yml @@ -147,6 +147,7 @@ field_subproject: サブプロジェクト field_hours: 時間 field_activity: 活動 field_spent_on: 日付 +field_identifier: Identifier setting_app_title: アプリケーションのタイトル setting_app_subtitle: アプリケーションのサブタイトル @@ -162,6 +163,7 @@ setting_text_formatting: テキストの書式 setting_wiki_compression: Wiki履歴を圧縮する setting_feeds_limit: フィード内容の上限 setting_autofetch_changesets: SVNコミットを自動取得する +setting_sys_api_enabled: Enable WS for repository management label_user: ユーザ label_user_plural: ユーザ @@ -395,6 +397,7 @@ text_journal_deleted: 削除 text_tip_task_begin_day: この日に開始するタスク text_tip_task_end_day: この日に終了するタスク text_tip_task_begin_end_day: この日のうちに開始して終了するタスク +text_project_identifier_info: '12 characters maximum. Letters (a-z), numbers (0-9) and dashes allowed.
Once saved, the identifier can not be changed.' default_role_manager: 管理者 default_role_developper: 開発者 diff --git a/lang/zh.yml b/lang/zh.yml index b4b57f4a..1496583f 100644 --- a/lang/zh.yml +++ b/lang/zh.yml @@ -149,6 +149,7 @@ field_subproject: 子项目 field_hours: Hours field_activity: 活动 field_spent_on: 日期 +field_identifier: Identifier setting_app_title: 应用程序标题 setting_app_subtitle: 应用程序子标题 @@ -164,6 +165,7 @@ setting_text_formatting: 文本格式 setting_wiki_compression: Wiki history compression setting_feeds_limit: Feed content limit setting_autofetch_changesets: Autofetch SVN commits +setting_sys_api_enabled: Enable WS for repository management label_user: 用户 label_user_plural: 用户列表 @@ -397,6 +399,7 @@ text_journal_deleted: 已删除 text_tip_task_begin_day: 开始于此 text_tip_task_end_day: 在此结束 text_tip_task_begin_end_day: 开始并结束于此 +text_project_identifier_info: '12 characters maximum. Letters (a-z), numbers (0-9) and dashes allowed.
Once saved, the identifier can not be changed.' default_role_manager: 管理员 default_role_developper: 开发人员 diff --git a/test/fixtures/projects.yml b/test/fixtures/projects.yml index 9aa2f9ab..d3758c9e 100644 --- a/test/fixtures/projects.yml +++ b/test/fixtures/projects.yml @@ -8,6 +8,7 @@ projects_001: description: Recipes management application homepage: http://ecookbook.somenet.foo/ is_public: true + identifier: ecookbook parent_id: projects_002: created_on: 2006-07-19 19:14:19 +02:00 @@ -18,6 +19,7 @@ projects_002: description: E-commerce web site homepage: "" is_public: false + identifier: onlinestore parent_id: projects_003: created_on: 2006-07-19 19:15:21 +02:00 @@ -28,6 +30,7 @@ projects_003: description: eCookBook Subproject 1 homepage: "" is_public: true + identifier: subproject1 parent_id: 1 projects_004: created_on: 2006-07-19 19:15:51 +02:00 @@ -38,4 +41,5 @@ projects_004: description: eCookbook Subproject 2 homepage: "" is_public: true + identifier: subproject1 parent_id: 1 diff --git a/test/integration/admin_test.rb b/test/integration/admin_test.rb index 0241ae8d..c51dc1bf 100644 --- a/test/integration/admin_test.rb +++ b/test/integration/admin_test.rb @@ -45,7 +45,7 @@ class AdminTest < ActionController::IntegrationTest get "projects/add" assert_response :success assert_template "projects/add" - post "projects/add", :project => { :name => "blog", :description => "weblog", :is_public => 1} + post "projects/add", :project => { :name => "blog", :description => "weblog", :identifier => "blog", :is_public => 1} assert_redirected_to "admin/projects" assert_equal 'Successful creation.', flash[:notice]