Mercurial > p > roundup > code

view scripts/copy-user.py @ 5257:928512faf565

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- issue2550864: Potential information leakage via journal/history Original code didn't fully implement the security checks. Users with only Edit access on a property were not able to view the journal entry for the property. This patch fixes that. Also had additional info leakage: the target object of a link or multilink must be viewable or editable in order for the journal entry to be shown. Otherwise the existance of the target is exposed via the journal while it is blocked from searches, direct access etc.
author John Rouillard <rouilj@ieee.org>
date Sun, 27 Aug 2017 00:19:48 -0400
parents 198b6e810c67
children 64b05e24dbd8
line wrap: on
line source

#!/usr/bin/env python
# Copyright (C) 2003 by Intevation GmbH
# Author:
# Thomas Arendsen Hein <thomas@intevation.de>
#
# This program is free software dual licensed under the GPL (>=v2)
# and the Roundup Licensing (see COPYING.txt in the roundup distribution).

"""
copy-user <instance-home> <instance-home> <userid> [<userid>...]

Copy one or more Roundup users from one tracker instance to another.
Example:
    copy-user /roundup/tracker1 /roundup/tracker2 `seq 3 10` 14 16
    (copies users 3, 4, 5, 6, 7, 8, 9, 10, 14 and 16)
"""

import sys
import roundup.instance


def copy_user(home1, home2, *userids):
    """Copy users which are listed by userids from home1 to home2"""

    copyattribs = ['username', 'password', 'address', 'realname', 'phone',
                   'organisation', 'alternate_addresses', 'roles', 'timezone']

    try:
        instance1 = roundup.instance.open(home1)
        print "Opened source instance: %s" % home1
    except:
        print "Can't open source instance: %s" % home1
        sys.exit(1)

    try:
        instance2 = roundup.instance.open(home2)
        print "Opened target instance: %s" % home2
    except:
        print "Can't open target instance: %s" % home2
        sys.exit(1)

    db1 = instance1.open('admin')
    db2 = instance2.open('admin')

    db1.tx_Source = "cli"
    db2.tx_Source = "cli"

    userlist = db1.user.list()
    for userid in userids:
        try:
            userid = str(int(userid))
        except ValueError as why:
            print "Not a numeric user id: %s  Skipping ..." % (userid,)
            continue
        if userid not in userlist:
            print "User %s not in source instance. Skipping ..." % userid
            continue

        user = {}
        for attrib in copyattribs:
            value = db1.user.get(userid, attrib)
            if value:
                user[attrib] = value
        try:
            db2.user.lookup(user['username'])
            print "User %s: Username '%s' exists in target instance. Skipping ..." % (userid, user['username'])
            continue
        except KeyError as why:
            pass
        print "Copying user %s (%s) ..." % (userid, user['username'])
        db2.user.create(**user)

    db2.commit()
    db2.close()
    print "Closed target instance."
    db1.close()
    print "Closed source instance."


if __name__ == "__main__":
    if len(sys.argv) < 4:
        print __doc__
        sys.exit(1)
    else:
        copy_user(*sys.argv[1:])
Roundup Issue Tracker: http://roundup-tracker.org/