Merged nbc branch @ r1812 (commit access permission and reposman improvements).

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1814 e93f8b46-1217-0410-a6f0-8f06a7374b81
2008-09-13 16:31:11 +00:00 · 2008-09-13 16:31:11 +00:00 · cc643ce932
parent 6ef6459630
commit cc643ce932
12 changed files with 178 additions and 209 deletions
--- a/app/apis/sys_api.rb
+++ b/app/apis/sys_api.rb
@ -15,11 +15,19 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

+class AWSProjectWithRepository < ActionWebService::Struct
+  member :id,              :int
+  member :identifier,      :string
+  member :name,            :string
+  member :is_public,       :bool
+  member :repository,      Repository
+end
+
 class SysApi < ActionWebService::API::Base
-  api_method :projects,
+  api_method :projects_with_repository_enabled,
             :expects => [],
-             :returns => [[Project]]
+             :returns => [[AWSProjectWithRepository]]
  api_method :repository_created,
-             :expects => [:string, :string],
+             :expects => [:string, :string, :string],
             :returns => [:int]
 end
--- a/app/controllers/sys_controller.rb
+++ b/app/controllers/sys_controller.rb
@ -23,18 +23,17 @@ class SysController < ActionController::Base
  before_invocation :check_enabled
  
  # Returns the projects list, with their repositories
-  def projects
-    Project.find(:all, :include => :repository)
+  def projects_with_repository_enabled
+    Project.has_module(:repository).find(:all, :include => :repository, :order => 'identifier')
  end

  # Registers a repository for the given project identifier
-  # (Subversion specific)
-  def repository_created(identifier, url)
+  def repository_created(identifier, vendor, url)
    project = Project.find_by_identifier(identifier)
    # Do not create the repository if the project has already one
    return 0 unless project && project.repository.nil?
    logger.debug "Repository for #{project.name} was created"
-    repository = Repository.factory('Subversion', :project => project, :url => url)
+    repository = Repository.factory(vendor, :project => project, :url => url)
    repository.save
    repository.id || 0
  end
--- a/app/models/project.rb
+++ b/app/models/project.rb
@ -63,6 +63,8 @@ class Project < ActiveRecord::Base
  
  before_destroy :delete_all_members

+  named_scope :has_module, lambda { |mod| { :conditions => ["#{Project.table_name}.id IN (SELECT em.project_id FROM #{EnabledModule.table_name} em WHERE em.name=?)", mod.to_s] } }
+  
  def identifier=(identifier)
    super unless identifier_frozen?
  end
--- a/app/models/role.rb
+++ b/app/models/role.rb
@ -20,6 +20,11 @@ class Role < ActiveRecord::Base
  BUILTIN_NON_MEMBER = 1
  BUILTIN_ANONYMOUS  = 2

+  named_scope :builtin, lambda { |*args|
+    compare = 'not' if args.first == true
+    { :conditions => "#{compare} builtin = 0" }
+  }
+  
  before_destroy :check_deletable
  has_many :workflows, :dependent => :delete_all do
    def copy(role)
@ -36,7 +41,7 @@ class Role < ActiveRecord::Base
  has_many :members
  acts_as_list
  
-  serialize :permissions
+  serialize :permissions, Array
  attr_protected :builtin

  validates_presence_of :name
@ -49,10 +54,28 @@ class Role < ActiveRecord::Base
  end
  
  def permissions=(perms)
-    perms = perms.collect {|p| p.to_sym unless p.blank? }.compact if perms
+    perms = perms.collect {|p| p.to_sym unless p.blank? }.compact.uniq if perms
    write_attribute(:permissions, perms)
  end

+  def add_permission!(*perms)
+    self.permissions = [] unless permissions.is_a?(Array)
+
+    permissions_will_change!
+    perms.each do |p|
+      p = p.to_sym
+      permissions << p unless permissions.include?(p)
+    end
+    save!
+  end
+
+  def remove_permission!(*perms)
+    return unless permissions.is_a?(Array)
+    permissions_will_change!
+    perms.each { |p| permissions.delete(p.to_sym) }
+    save!
+  end
+  
  def <=>(role)
    position <=> role.position
  end
--- a/db/migrate/096_add_commit_access_permission.rb
+++ b/db/migrate/096_add_commit_access_permission.rb
@ -0,0 +1,14 @@
+class AddCommitAccessPermission < ActiveRecord::Migration
+
+  def self.up
+	Role.find(:all).select { |r| not r.builtin? }.each do |r|
+	     r.add_permission!(:commit_access)
+  	end
+  end
+
+  def self.down
+	Role.find(:all).select { |r| not r.builtin? }.each do |r|
+	     r.remove_permission!(:commit_access)
+  	end
+  end
+end
--- a/extra/svn/Redmine.pm
+++ b/extra/svn/Redmine.pm
@ -148,11 +148,12 @@ sub RedmineDSN {
  my ($self, $parms, $arg) = @_;
  $self->{RedmineDSN} = $arg;
  my $query = "SELECT 
-                 hashed_password, auth_source_id 
-              FROM members, projects, users 
+                 hashed_password, auth_source_id, permissions
+              FROM members, projects, users, roles
              WHERE 
                projects.id=members.project_id 
                AND users.id=members.user_id 
+                AND roles.id=members.role_id
                AND users.status=1 
                AND login=? 
                AND identifier=? ";
@ -277,9 +278,11 @@ sub is_member {
  $sth->execute($redmine_user, $project_id);

  my $ret;
-  while (my @row = $sth->fetchrow_array) {
-      unless ($row[1]) {
-          if ($row[0] eq $pass_digest) {
+  while (my ($hashed_password, $auth_source_id, $permissions) = $sth->fetchrow_array) {
+
+      unless ($auth_source_id) {
+	  my $method = $r->method;
+          if ($hashed_password eq $pass_digest && (defined $read_only_methods{$method} || $permissions =~ /:commit_access/) ) {
              $ret = 1;
              last;
          }
@ -287,7 +290,7 @@ sub is_member {
          my $sthldap = $dbh->prepare(
              "SELECT host,port,tls,account,account_password,base_dn,attr_login from auth_sources WHERE id = ?;"
          );
-          $sthldap->execute($row[1]);
+          $sthldap->execute($auth_source_id);
          while (my @rowldap = $sthldap->fetchrow_array) {
            my $ldap = Authen::Simple::LDAP->new(
                host    =>      ($rowldap[2] == 1 || $rowldap[2] eq "t") ? "ldaps://$rowldap[0]" : $rowldap[0],
--- a/extra/svn/reposman.pl
+++ b/extra/svn/reposman.pl
@ -1,142 +0,0 @@
-#!/usr/bin/perl
-#
-# redMine is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-# 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
-use strict;
-use SOAP::Lite;
-use Getopt::Long;
-Getopt::Long::Configure ("bundling", "no_auto_abbrev", "no_ignore_case");
-use Pod::Usage;
-use vars qw/$VERSION/;
-
-$VERSION = "1.0";
-
-my $warning = "This program is now deprecated. Use the reposman.rb for new features";
-print STDERR "*" x length($warning), "\n",
-    $warning, "\n",
-    "*" x length($warning), "\n\n";
-
-my %opts = (verbose => 0);
-GetOptions(\%opts, 'verbose|v+', 'version|V', 'help|h', 'man|m', 'quiet|q', 'svn-dir|s=s', 'redmine-host|r=s') or pod2usage(2);
-
-die "$VERSION\n"           if $opts{version};
-pod2usage(1)               if $opts{help};
-pod2usage( -verbose => 2 ) if $opts{man};
-
-my $repos_base = $opts{'svn-dir'};
-my $redmine_host = $opts{'redmine-host'};
-
-pod2usage(2) unless $repos_base and $redmine_host;
-
-unless (-d $repos_base) {
-    Log(text => "$repos_base doesn't exist", exit => 1);
-}
-
-Log(level => 1, text => "querying redMine for projects...");
-my $wdsl = "http://$redmine_host/sys/service.wsdl";
-my $service = SOAP::Lite->service($wdsl);
-
-my $projects = $service->Projects('');
-my $project_count = @{$projects};
-Log(level => 1, text => "retrieved $project_count projects");
-
-foreach my $project (@{$projects}) {
-    Log(level => 1, text => "treating project $project->{name}");
-    my $repos_name = $project->{identifier};
-
-    if ($repos_name eq "") {
-        Log(text => "\tno identifier for project $project->{name}");
-        next;
-    }
-
-    unless ($repos_name =~ /^[a-z0-9\-]+$/) {
-        Log(text => "\tinvalid identifier for project $project->{name}");
-        next;
-    }
-
-    my $repos_path = "$repos_base/$repos_name";
-
-    if (-e $repos_path) {
-    	# check unix right and change them if needed
-    	my $other_read = (stat($repos_path))[2] & 00007;
-	    my $right;
-
-	    if ($project->{is_public} and not $other_read) {
-	        $right = "0775";
-	    } elsif (not $project->{is_public} and $other_read) {
-	        $right = "0770";
-	    } else {
-	        next;
-	    }
-		
-		# change mode	
-	    system('chmod', '-R', $right, $repos_path) == 0 or
-	        warn("\tunable to change mode on $repos_path : $?\n"), next;
-	
-	    Log(text => "\tmode change on $repos_path");
-    	    
-    } else {    
-	    # change umask to suit the repository's privacy
-	    $project->{is_public} ? umask 0002 : umask 0007;
-	    
-		# create the repository
-	    system('svnadmin', 'create', $repos_path) == 0 or
-	        warn("\tsystem svnadmin failed unable to create $repos_path\n"), next;
-	        
-		# set the group owner
-	    system('chown', '-R', "root:$repos_name", $repos_path) == 0 or
-	        warn("\tunable to create $repos_path : $?\n"), next;
-
-	    Log(text => "\trepository $repos_path created");
-	}
-}
-
-
-sub Log {
-    my %args = (level => 0, text => '', @_);
-
-    my $level = delete $args{level};
-    my $text  = delete $args{text};
-    return unless $level <= $opts{verbose};
-    return if $opts{quiet};
-    print "$text\n";
-
-    exit $args{exit}
-        if defined $args{exit};
-}
-
-
-__END__
-
-=head1 NAME
-
- reposman - manages your svn repositories with redMine
-
-=head1 SYNOPSIS
-
- reposman [options] arguments
- example: reposman --svn-dir=/var/svn --redmine-host=redmine.mydomain.foo
-          reposman -s /var/svn -r redmine.mydomain.foo
-
-=head1 ARGUMENTS
-
- -s, --svn-dir=DIR        use DIR as base directory for svn repositories
- -r, --redmine-host=HOST  assume redMine is hosted on HOST
-
-=head1 OPTIONS
-
- -v                       verbose
- -V                       print version and exit
-
--- a/extra/svn/reposman.rb
+++ b/extra/svn/reposman.rb
@ -6,52 +6,49 @@
 #
 # == Usage
 #
-#     reposman [ -h | --help ] [ -v | --verbose ] [ -V | --version ] [ -q | --quiet ] -s /var/svn -r redmine.host.org
-#     example: reposman --svn-dir=/var/svn --redmine-host=redmine.mydomain.foo
-#              reposman -s /var/svn -r redmine.mydomain.foo
+#    reposman [OPTIONS...] -s [DIR] -r [HOST]
+#     
+#  Examples:
+#    reposman --svn-dir=/var/svn --redmine-host=redmine.example.net
+#    reposman -s /var/svn -r redmine.example.net -u http://svn.example.net
 #
 # == Arguments (mandatory)
 #
-# -s, --svn-dir=DIR
-#    use DIR as base directory for svn repositories
-#
-# -r, --redmine-host=HOST
-#    assume Redmine is hosted on HOST.
-#    you can use :
-#    * -r redmine.mydomain.foo        (will add http://)
-#    * -r http://redmine.mydomain.foo
-#    * -r https://mydomain.foo/redmine
+#   -s, --svn-dir=DIR         use DIR as base directory for svn repositories
+#   -r, --redmine-host=HOST   assume Redmine is hosted on HOST. Examples:
+#                             -r redmine.example.net
+#                             -r http://redmine.example.net
+#                             -r https://example.net/redmine
 #
 # == Options
 #
-# -o, --owner=OWNER
-#    owner of the repository. using the rails login allow user to browse
-#    the repository in Redmine even for private project
-#
-# -u, --url=URL
-#    the base url Redmine will use to access your repositories. This
-#    will be used to register the repository in Redmine so that user
-#    doesn't need to do anything. reposman will add the identifier to this url :
-#
-#    -u https://my.svn.server/my/reposity/root # if the repository can be access by http
-#    -u file:///var/svn/                       # if the repository is local
-#    if this option isn't set, reposman won't register the repository
-#
-# -t, --test
-#    only show what should be done
-#
-# -h, --help:
-#    show help and exit
-#
-# -v, --verbose
-#    verbose
-#
-# -V, --version
-#    print version and exit
-#
-# -q, --quiet
-#    no log
-#
+#   -o, --owner=OWNER         owner of the repository. using the rails login
+#                             allow user to browse the repository within
+#                             Redmine even for private project
+#   -u, --url=URL             the base url Redmine will use to access your
+#                             repositories. This option is used to automatically
+#                             register the repositories in Redmine. The project
+#                             identifier will be appended to this url. Examples:
+#                             -u https://example.net/svn
+#                             -u file:///var/svn/
+#                             if this option isn't set, reposman won't register
+#                             the repositories in Redmine
+#   -c, --command=COMMAND     use this command instead of "svnadmin create" to
+#                             create a repository. This option can be used to
+#                             create non-subversion repositories
+#       --scm                 SCM vendor used to register the repository in
+#                             Redmine (default: Subversion). Can be one of the
+#                             other supported SCM: Bazaar, Darcs, Filesystem,
+#                             Git, Mercurial (case sensitive).
+#                             This option should be used when both options --url
+#                             and --command are used.
+#   -f, --force               force repository creation even if the project
+#                             repository is already declared in Redmine
+#   -t, --test                only show what should be done
+#   -h, --help                show help and exit
+#   -v, --verbose             verbose
+#   -V, --version             print version and exit
+#   -q, --quiet               no log

 require 'getoptlong'
 require 'rdoc/usage'
@ -59,14 +56,18 @@ require 'soap/wsdlDriver'
 require 'find'
 require 'etc'

-Version = "1.0"
+Version = "1.1"
+SUPPORTED_SCM = %w( Subversion Darcs Mercurial Bazaar Git Filesystem )

 opts = GetoptLong.new(
                      ['--svn-dir',      '-s', GetoptLong::REQUIRED_ARGUMENT],
                      ['--redmine-host', '-r', GetoptLong::REQUIRED_ARGUMENT],
                      ['--owner',        '-o', GetoptLong::REQUIRED_ARGUMENT],
                      ['--url',          '-u', GetoptLong::REQUIRED_ARGUMENT],
+                      ['--command' ,     '-c', GetoptLong::REQUIRED_ARGUMENT],
+                      ['--scm',                GetoptLong::REQUIRED_ARGUMENT],
                      ['--test',         '-t', GetoptLong::NO_ARGUMENT],
+                      ['--force',        '-f', GetoptLong::NO_ARGUMENT],
                      ['--verbose',      '-v', GetoptLong::NO_ARGUMENT],
                      ['--version',      '-V', GetoptLong::NO_ARGUMENT],
                      ['--help'   ,      '-h', GetoptLong::NO_ARGUMENT],
@ -81,6 +82,9 @@ $svn_owner    = 'root'
 $use_groupid  = true
 $svn_url      = false
 $test         = false
+$command      = "svnadmin create"
+$force        = false
+$scm          = 'Subversion'

 def log(text,level=0, exit=false)
  return if $quiet or level > $verbose
@ -95,8 +99,11 @@ begin
    when '--redmine-host';   $redmine_host = arg.dup
    when '--owner';          $svn_owner    = arg.dup; $use_groupid = false;
    when '--url';            $svn_url      = arg.dup
+    when '--scm';            $scm          = arg.dup; log("Invalid SCM: #{$scm}", 0, true) unless SUPPORTED_SCM.include?($scm)
+    when '--command';        $command =      arg.dup
    when '--verbose';        $verbose += 1
    when '--test';           $test = true
+    when '--force';          $force = true
    when '--version';        puts Version; exit
    when '--help';           RDoc::usage
    when '--quiet';          $quiet = true
@ -110,6 +117,12 @@ if $test
  log("running in test mode")
 end

+# Make sure command is overridden if SCM vendor is not Subversion
+if $scm != 'Subversion' && $command == 'svnadmin create'
+  log("Please use --command option to specify how to create a #{$scm} repository.", 0, true)
+end
+
+
 $svn_url += "/" if $svn_url and not $svn_url.match(/\/$/)

 if ($redmine_host.empty? or $repos_base.empty?)
@ -133,7 +146,7 @@ rescue => e
  log("Unable to connect to #{wsdl_url} : #{e}", 0, true)
 end

-projects = soap.Projects
+projects = soap.ProjectsWithRepositoryEnabled

 if projects.nil?
  log('no project found, perhaps you forgot to "Enable WS for repository management"', 0, true)
@ -201,6 +214,13 @@ projects.each do |project|
    log("\tmode change on #{repos_path}");

  else
+    # if repository is already declared in redmine, we don't create
+    # unless user use -f with reposman
+    if $force == false and not project.repository.nil?
+      log("\trepository for project #{project.identifier} already exists in Redmine", 1)
+      next
+    end
+
    project.is_public ? File.umask(0002) : File.umask(0007)

    if $test
@ -211,7 +231,8 @@ projects.each do |project|

    begin
      set_owner_and_rights(project, repos_path) do
-        raise "svnadmin create #{repos_path} failed" unless system("svnadmin", "create", repos_path)
+        command = "#{$command} #{repos_path}"
+        raise "#{command} failed" unless system( command  )
      end
    rescue => e
      log("\tunable to create #{repos_path} : #{e}\n")
@ -219,7 +240,7 @@ projects.each do |project|
    end

    if $svn_url
-      ret = soap.RepositoryCreated project.identifier, "#{$svn_url}#{project.identifier}"
+      ret = soap.RepositoryCreated project.identifier, $scm, "#{$svn_url}#{project.identifier}"
      if ret > 0
        log("\trepository #{repos_path} registered in Redmine with url #{$svn_url}#{project.identifier}");
      else
--- a/lib/redmine.rb
+++ b/lib/redmine.rb
@ -88,6 +88,7 @@ Redmine::AccessControl.map do |map|
    map.permission :manage_repository, {:repositories => [:edit, :destroy]}, :require => :member
    map.permission :browse_repository, :repositories => [:show, :browse, :entry, :annotate, :changes, :diff, :stats, :graph]
    map.permission :view_changesets, :repositories => [:show, :revisions, :revision]
+    map.permission :commit_access, {}
  end

  map.project_module :boards do |map|
--- a/lib/redmine/default_data/loader.rb
+++ b/lib/redmine/default_data/loader.rb
@ -67,7 +67,8 @@ module Redmine
                                                      :view_files,
                                                      :manage_files,
                                                      :browse_repository,
-                                                      :view_changesets]
+                                                      :view_changesets,
+                                                      :commit_access]
            
            reporter = Role.create! :name => l(:default_role_reporter),
                                    :position => 3,
--- a/test/functional/sys_api_test.rb
+++ b/test/functional/sys_api_test.rb
@ -5,7 +5,7 @@ require 'sys_controller'
 class SysController; def rescue_action(e) raise e end; end

 class SysControllerTest < Test::Unit::TestCase
-  fixtures :projects, :repositories
+  fixtures :projects, :enabled_modules, :repositories
  
  def setup
    @controller = SysController.new
@ -15,17 +15,36 @@ class SysControllerTest < Test::Unit::TestCase
    Setting.sys_api_enabled = 1
  end
  
-  def test_projects
-    result = invoke :projects
-    assert_equal Project.count, result.size 
-    assert result.first.is_a?(Project)
+  def test_projects_with_repository_enabled
+    result = invoke :projects_with_repository_enabled
+    assert_equal EnabledModule.count(:all, :conditions => {:name => 'repository'}), result.size
+    
+    project = result.first
+    assert project.is_a?(AWSProjectWithRepository)
+    
+    assert project.respond_to?(:id)
+    assert_equal 1, project.id
+    
+    assert project.respond_to?(:identifier)
+    assert_equal 'ecookbook', project.identifier
+    
+    assert project.respond_to?(:name)
+    assert_equal 'eCookbook', project.name
+    
+    assert project.respond_to?(:is_public)
+    assert project.is_public
+    
+    assert project.respond_to?(:repository)
+    assert project.repository.is_a?(Repository)
  end

  def test_repository_created
    project = Project.find(3)
    assert_nil project.repository
-    assert invoke(:repository_created, project.identifier, 'http://localhost/svn')
+    assert invoke(:repository_created, project.identifier, 'Subversion', 'http://localhost/svn')
    project.reload
    assert_not_nil project.repository
+    assert project.repository.is_a?(Repository::Subversion)
+    assert_equal 'http://localhost/svn', project.repository.url
  end
 end
--- a/test/unit/role_test.rb
+++ b/test/unit/role_test.rb
@ -30,4 +30,24 @@ class RoleTest < Test::Unit::TestCase
    target.reload
    assert_equal 90, target.workflows.size
  end
+
+  def test_add_permission
+    role = Role.find(1)
+    size = role.permissions.size
+    role.add_permission!("apermission", "anotherpermission")
+    role.reload
+    assert role.permissions.include?(:anotherpermission)
+    assert_equal size + 2, role.permissions.size
+  end
+
+  def test_remove_permission
+    role = Role.find(1)
+    size = role.permissions.size
+    perm = role.permissions[0..1]
+    role.remove_permission!(*perm)
+    role.reload
+    assert ! role.permissions.include?(perm[0])
+    assert_equal size - 2, role.permissions.size
+  end
+
 end