2013-09-20 15:55:44 +00:00
|
|
|
import bcrypt
|
2013-09-20 22:38:17 +00:00
|
|
|
import logging
|
2013-09-26 19:58:11 +00:00
|
|
|
import dateutil.parser
|
2013-09-28 03:25:57 +00:00
|
|
|
import operator
|
2013-09-20 15:55:44 +00:00
|
|
|
|
2013-09-25 20:46:28 +00:00
|
|
|
from database import *
|
2013-10-10 17:44:34 +00:00
|
|
|
from util.validation import *
|
2013-09-20 22:38:17 +00:00
|
|
|
|
|
|
|
|
|
|
|
logger = logging.getLogger(__name__)
|
2013-09-20 15:55:44 +00:00
|
|
|
|
|
|
|
|
2013-09-27 19:53:39 +00:00
|
|
|
class DataModelException(Exception):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
2013-10-10 16:55:03 +00:00
|
|
|
class InvalidEmailAddressException(DataModelException):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
class InvalidUsernameException(DataModelException):
|
|
|
|
pass
|
|
|
|
|
2013-09-27 22:38:41 +00:00
|
|
|
|
2013-11-01 23:34:17 +00:00
|
|
|
class InvalidOrganizationException(DataModelException):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
class InvalidTeamException(DataModelException):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
2013-10-10 16:55:03 +00:00
|
|
|
class InvalidPasswordException(DataModelException):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
2013-10-16 18:24:10 +00:00
|
|
|
class InvalidTokenException(DataModelException):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
2013-10-24 20:37:03 +00:00
|
|
|
class InvalidRepositoryBuildException(DataModelException):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
2013-10-10 16:55:03 +00:00
|
|
|
def create_user(username, password, email):
|
2013-09-27 22:38:41 +00:00
|
|
|
if not validate_email(email):
|
2013-10-10 16:55:03 +00:00
|
|
|
raise InvalidEmailAddressException('Invalid email address: %s' % email)
|
2013-09-27 22:38:41 +00:00
|
|
|
if not validate_username(username):
|
2013-10-10 16:55:03 +00:00
|
|
|
raise InvalidUsernameException('Invalid username: %s' % username)
|
|
|
|
|
|
|
|
# We allow password none for the federated login case.
|
|
|
|
if password is not None and not validate_password(password):
|
2013-10-10 17:44:34 +00:00
|
|
|
raise InvalidPasswordException(INVALID_PASSWORD_MESSAGE)
|
2013-10-10 16:55:03 +00:00
|
|
|
|
|
|
|
try:
|
|
|
|
existing = User.get((User.username == username) | (User.email == email))
|
|
|
|
|
|
|
|
logger.debug('Existing user with same username or email.')
|
|
|
|
|
|
|
|
# A user already exists with either the same username or email
|
|
|
|
if existing.username == username:
|
|
|
|
raise InvalidUsernameException('Username has already been taken: %s' %
|
|
|
|
username)
|
|
|
|
raise InvalidEmailAddressException('Email has already been used: %s' %
|
|
|
|
email)
|
|
|
|
|
|
|
|
except User.DoesNotExist:
|
|
|
|
# This is actually the happy path
|
|
|
|
logger.debug('Email and username are unique!')
|
|
|
|
pass
|
2013-09-27 22:38:41 +00:00
|
|
|
|
2013-09-27 22:16:26 +00:00
|
|
|
try:
|
2013-10-10 16:55:03 +00:00
|
|
|
pw_hash = None
|
|
|
|
if password is not None:
|
|
|
|
pw_hash = bcrypt.hashpw(password, bcrypt.gensalt())
|
|
|
|
|
2013-09-27 22:16:26 +00:00
|
|
|
new_user = User.create(username=username, password_hash=pw_hash,
|
|
|
|
email=email)
|
2013-09-27 23:29:01 +00:00
|
|
|
return new_user
|
2013-09-27 22:16:26 +00:00
|
|
|
except Exception as ex:
|
|
|
|
raise DataModelException(ex.message)
|
2013-09-27 23:29:01 +00:00
|
|
|
|
|
|
|
|
2013-11-01 23:34:17 +00:00
|
|
|
def create_organization(name, email, creating_user):
|
|
|
|
try:
|
|
|
|
# Create the org
|
|
|
|
new_org = create_user(name, None, email)
|
|
|
|
new_org.organization = True
|
|
|
|
new_org.save()
|
|
|
|
|
|
|
|
# Create a team for the owners
|
2013-11-04 21:57:20 +00:00
|
|
|
owners_team = create_team('owners', new_org, 'admin')
|
2013-11-01 23:34:17 +00:00
|
|
|
|
2013-11-04 20:42:08 +00:00
|
|
|
# Add the user who created the org to the owners team
|
2013-11-01 23:34:17 +00:00
|
|
|
add_user_to_team(creating_user, owners_team)
|
|
|
|
|
|
|
|
return new_org
|
|
|
|
except InvalidUsernameException:
|
|
|
|
raise InvalidOrganizationException('Invalid organization name: %s' % name)
|
|
|
|
|
|
|
|
|
2013-11-07 21:33:56 +00:00
|
|
|
def convert_user_to_organization(user, admin_user):
|
|
|
|
# Change the user to an organization.
|
|
|
|
user.organization = True
|
|
|
|
|
2013-11-07 23:08:38 +00:00
|
|
|
# disable this account for login.
|
|
|
|
user.password_hash = None
|
2013-11-07 21:33:56 +00:00
|
|
|
user.save()
|
|
|
|
|
2013-11-07 23:08:38 +00:00
|
|
|
# Clear any federated auth pointing to this user
|
|
|
|
FederatedLogin.delete().where(FederatedLogin.user == user).execute()
|
|
|
|
|
2013-11-07 21:33:56 +00:00
|
|
|
# Create a team for the owners
|
|
|
|
owners_team = create_team('owners', user, 'admin')
|
|
|
|
|
|
|
|
# Add the user who will admin the org to the owners team
|
|
|
|
add_user_to_team(admin_user, owners_team)
|
|
|
|
|
|
|
|
return user
|
|
|
|
|
2013-11-04 21:57:20 +00:00
|
|
|
def create_team(name, org, team_role_name, description=''):
|
2013-11-01 23:34:17 +00:00
|
|
|
if not validate_username(name):
|
|
|
|
raise InvalidTeamException('Invalid team name: %s' % name)
|
|
|
|
|
|
|
|
if not org.organization:
|
|
|
|
raise InvalidOrganizationException('User with name %s is not an org.' %
|
|
|
|
org.username)
|
|
|
|
|
2013-11-04 20:42:08 +00:00
|
|
|
team_role = TeamRole.get(TeamRole.name == team_role_name)
|
2013-11-04 21:57:20 +00:00
|
|
|
return Team.create(name=name, organization=org, role=team_role,
|
|
|
|
description=description)
|
2013-11-01 23:34:17 +00:00
|
|
|
|
|
|
|
|
2013-11-05 23:37:28 +00:00
|
|
|
def __get_user_admin_teams(org_name, team_name, username):
|
|
|
|
Org = User.alias()
|
|
|
|
user_teams = Team.select().join(TeamMember).join(User)
|
|
|
|
with_org = user_teams.switch(Team).join(Org,
|
|
|
|
on=(Org.id == Team.organization))
|
|
|
|
with_role = with_org.switch(Team).join(TeamRole)
|
|
|
|
admin_teams = with_role.where(User.username == username,
|
|
|
|
Org.username == org_name,
|
|
|
|
TeamRole.name == 'admin')
|
|
|
|
return admin_teams
|
|
|
|
|
|
|
|
|
|
|
|
def remove_team(org_name, team_name, removed_by_username):
|
|
|
|
joined = Team.select(Team, TeamRole).join(User).switch(Team).join(TeamRole)
|
|
|
|
|
|
|
|
found = list(joined.where(User.organization == True,
|
|
|
|
User.username == org_name,
|
|
|
|
Team.name == team_name))
|
2013-11-05 20:50:56 +00:00
|
|
|
if not found:
|
2013-11-05 23:37:28 +00:00
|
|
|
raise InvalidTeamException('Team \'%s\' is not a team in org \'%s\'' %
|
2013-11-05 20:50:56 +00:00
|
|
|
(team_name, org_name))
|
|
|
|
|
|
|
|
team = found[0]
|
2013-11-05 23:37:28 +00:00
|
|
|
if team.role.name == 'admin':
|
|
|
|
admin_teams = list(__get_user_admin_teams(org_name, team_name,
|
|
|
|
removed_by_username))
|
|
|
|
|
|
|
|
if len(admin_teams) <= 1:
|
|
|
|
# The team we are trying to remove is the only admin team for this user
|
|
|
|
msg = ('Deleting team \'%s\' would remove all admin from user \'%s\'' %
|
|
|
|
(team_name, removed_by_username))
|
|
|
|
raise DataModelException(msg)
|
|
|
|
|
2013-11-05 20:50:56 +00:00
|
|
|
team.delete_instance(recursive=True, delete_nullable=True)
|
|
|
|
|
2013-11-05 03:58:21 +00:00
|
|
|
|
2013-11-01 23:34:17 +00:00
|
|
|
def add_user_to_team(user, team):
|
2013-11-07 17:54:21 +00:00
|
|
|
try:
|
|
|
|
return TeamMember.create(user=user, team=team)
|
|
|
|
except Exception:
|
|
|
|
raise DataModelException('Unable to add user \'%s\' to team: \'%s\'' %
|
|
|
|
(user.username, team.name))
|
2013-11-01 23:34:17 +00:00
|
|
|
|
|
|
|
|
2013-11-05 23:37:28 +00:00
|
|
|
def remove_user_from_team(org_name, team_name, username, removed_by_username):
|
|
|
|
Org = User.alias()
|
|
|
|
joined = TeamMember.select().join(User).switch(TeamMember).join(Team)
|
|
|
|
with_role = joined.join(TeamRole)
|
|
|
|
with_org = with_role.switch(Team).join(Org,
|
|
|
|
on=(Org.id == Team.organization))
|
|
|
|
found = list(with_org.where(User.username == username,
|
|
|
|
Org.username == org_name,
|
|
|
|
Team.name == team_name))
|
|
|
|
|
|
|
|
if not found:
|
|
|
|
raise DataModelException('User %s does not belong to team %s' %
|
2013-11-07 17:54:21 +00:00
|
|
|
(username, team_name))
|
2013-11-05 23:37:28 +00:00
|
|
|
|
|
|
|
if username == removed_by_username:
|
|
|
|
admin_team_query = __get_user_admin_teams(org_name, team_name, username)
|
|
|
|
admin_team_names = {team.name for team in admin_team_query}
|
|
|
|
if team_name in admin_team_names and len(admin_team_names) <= 1:
|
|
|
|
msg = 'User cannot remove themselves from their only admin team.'
|
|
|
|
raise DataModelException(msg)
|
|
|
|
|
|
|
|
user_in_team = found[0]
|
|
|
|
user_in_team.delete_instance()
|
2013-11-04 20:47:27 +00:00
|
|
|
|
|
|
|
|
2013-11-05 03:58:21 +00:00
|
|
|
def get_team_org_role(team):
|
|
|
|
return TeamRole.get(TeamRole.id == team.role.id)
|
|
|
|
|
2013-11-05 23:37:28 +00:00
|
|
|
|
|
|
|
def set_team_org_permission(team, team_role_name, set_by_username):
|
|
|
|
if team.role.name == 'admin' and team_role_name != 'admin':
|
|
|
|
# We need to make sure we're not removing the users only admin role
|
|
|
|
user_admin_teams = __get_user_admin_teams(team.organization.username,
|
|
|
|
team.name, set_by_username)
|
|
|
|
admin_team_set = {admin_team.name for admin_team in user_admin_teams}
|
|
|
|
if team.name in admin_team_set and len(admin_team_set) <= 1:
|
|
|
|
msg = (('Cannot remove admin from team \'%s\' because calling user ' +
|
|
|
|
'would no longer have admin on org \'%s\'') %
|
|
|
|
(team.name, team.organization.username))
|
|
|
|
raise DataModelException(msg)
|
|
|
|
|
2013-11-05 03:58:21 +00:00
|
|
|
new_role = TeamRole.get(TeamRole.name == team_role_name)
|
2013-11-04 20:42:08 +00:00
|
|
|
team.role = new_role
|
|
|
|
team.save()
|
|
|
|
return team
|
2013-11-01 23:34:17 +00:00
|
|
|
|
|
|
|
|
2013-10-10 03:00:34 +00:00
|
|
|
def create_federated_user(username, email, service_name, service_id):
|
2013-10-10 16:55:03 +00:00
|
|
|
new_user = create_user(username, None, email)
|
|
|
|
new_user.verified = True
|
|
|
|
new_user.save()
|
|
|
|
|
2013-10-10 03:00:34 +00:00
|
|
|
service = LoginService.get(LoginService.name == service_name)
|
|
|
|
federated_user = FederatedLogin.create(user=new_user, service=service,
|
|
|
|
service_ident=service_id)
|
|
|
|
|
|
|
|
return new_user
|
|
|
|
|
|
|
|
def verify_federated_login(service_name, service_id):
|
|
|
|
selected = FederatedLogin.select(FederatedLogin, User)
|
|
|
|
with_service = selected.join(LoginService)
|
|
|
|
with_user = with_service.switch(FederatedLogin).join(User)
|
|
|
|
found = with_user.where(FederatedLogin.service_ident == service_id,
|
|
|
|
LoginService.name == service_name)
|
|
|
|
|
|
|
|
found_list = list(found)
|
|
|
|
|
|
|
|
if found_list:
|
|
|
|
return found_list[0].user
|
|
|
|
|
|
|
|
return None
|
|
|
|
|
|
|
|
|
2013-09-27 23:29:01 +00:00
|
|
|
def create_confirm_email_code(user):
|
2013-09-27 23:55:04 +00:00
|
|
|
code = EmailConfirmation.create(user=user, email_confirm=True)
|
2013-09-27 23:29:01 +00:00
|
|
|
return code
|
2013-09-20 15:55:44 +00:00
|
|
|
|
|
|
|
|
2013-09-27 23:55:04 +00:00
|
|
|
def confirm_user_email(code):
|
|
|
|
code = EmailConfirmation.get(EmailConfirmation.code == code,
|
2013-10-08 21:07:36 +00:00
|
|
|
EmailConfirmation.email_confirm == True)
|
2013-09-27 23:55:04 +00:00
|
|
|
|
|
|
|
user = code.user
|
|
|
|
user.verified = True
|
|
|
|
user.save()
|
|
|
|
|
|
|
|
code.delete_instance()
|
|
|
|
|
|
|
|
return user
|
2013-09-20 15:55:44 +00:00
|
|
|
|
|
|
|
|
2013-10-14 21:50:07 +00:00
|
|
|
def create_reset_password_email_code(email):
|
|
|
|
try:
|
|
|
|
user = User.get(User.email == email)
|
|
|
|
except User.DoesNotExist:
|
|
|
|
raise InvalidEmailAddressException('Email address was not found.');
|
|
|
|
|
|
|
|
code = EmailConfirmation.create(user=user, pw_reset=True)
|
|
|
|
return code
|
|
|
|
|
|
|
|
|
|
|
|
def validate_reset_code(code):
|
|
|
|
try:
|
|
|
|
code = EmailConfirmation.get(EmailConfirmation.code == code,
|
|
|
|
EmailConfirmation.pw_reset == True)
|
|
|
|
except EmailConfirmation.DoesNotExist:
|
|
|
|
return None
|
|
|
|
|
|
|
|
user = code.user
|
|
|
|
code.delete_instance()
|
|
|
|
|
|
|
|
return user
|
|
|
|
|
|
|
|
|
2013-09-23 16:37:40 +00:00
|
|
|
def get_user(username):
|
|
|
|
try:
|
2013-11-05 20:50:56 +00:00
|
|
|
return User.get(User.username == username, User.organization == False)
|
2013-09-23 16:37:40 +00:00
|
|
|
except User.DoesNotExist:
|
|
|
|
return None
|
|
|
|
|
|
|
|
|
2013-11-02 01:48:10 +00:00
|
|
|
def get_matching_teams(team_prefix, organization):
|
2013-11-04 23:52:38 +00:00
|
|
|
query = Team.select().where(Team.name ** (team_prefix + '%'),
|
|
|
|
Team.organization == organization)
|
2013-11-02 01:48:10 +00:00
|
|
|
return list(query.limit(10))
|
|
|
|
|
|
|
|
|
2013-11-04 23:52:38 +00:00
|
|
|
def get_matching_users(username_prefix, organization=None):
|
|
|
|
Org = User.alias()
|
|
|
|
users_no_orgs = (User.username ** (username_prefix + '%') &
|
|
|
|
(User.organization == False))
|
|
|
|
query = User.select(User.username, Org.username).where(users_no_orgs)
|
|
|
|
|
|
|
|
if organization:
|
|
|
|
with_team = query.join(TeamMember, JOIN_LEFT_OUTER).join(Team,
|
|
|
|
JOIN_LEFT_OUTER)
|
|
|
|
with_org = with_team.join(Org, JOIN_LEFT_OUTER,
|
|
|
|
on=(Org.id == Team.organization))
|
|
|
|
query = with_org.where((Org.id == organization) | (Org.id >> None))
|
|
|
|
|
|
|
|
|
|
|
|
class MatchingUserResult(object):
|
|
|
|
def __init__(self, *args):
|
|
|
|
self.username = args[0]
|
|
|
|
if organization:
|
|
|
|
self.is_org_member = (args[1] == organization.username)
|
|
|
|
else:
|
2013-11-05 22:10:14 +00:00
|
|
|
self.is_org_member = None
|
2013-11-04 23:52:38 +00:00
|
|
|
|
|
|
|
|
|
|
|
return (MatchingUserResult(*args) for args in query.tuples().limit(10))
|
2013-09-28 00:03:07 +00:00
|
|
|
|
2013-09-27 23:21:54 +00:00
|
|
|
|
2013-09-20 15:55:44 +00:00
|
|
|
def verify_user(username, password):
|
|
|
|
try:
|
|
|
|
fetched = User.get(User.username == username)
|
|
|
|
except User.DoesNotExist:
|
|
|
|
return None
|
|
|
|
|
2013-10-10 16:55:03 +00:00
|
|
|
if (fetched.password_hash and
|
|
|
|
bcrypt.hashpw(password, fetched.password_hash) ==
|
|
|
|
fetched.password_hash):
|
2013-09-20 15:55:44 +00:00
|
|
|
return fetched
|
|
|
|
|
|
|
|
# We weren't able to authorize the user
|
|
|
|
return None
|
|
|
|
|
2013-10-31 22:17:26 +00:00
|
|
|
|
|
|
|
def get_user_organizations(username):
|
2013-11-01 23:34:17 +00:00
|
|
|
UserAlias = User.alias()
|
2013-11-07 05:49:13 +00:00
|
|
|
all_teams = User.select().distinct().join(Team).join(TeamMember)
|
2013-11-01 23:34:17 +00:00
|
|
|
with_user = all_teams.join(UserAlias, on=(UserAlias.id == TeamMember.user))
|
|
|
|
return with_user.where(User.organization == True,
|
|
|
|
UserAlias.username == username)
|
2013-10-31 22:17:26 +00:00
|
|
|
|
|
|
|
|
2013-11-01 23:34:17 +00:00
|
|
|
def get_organization(name):
|
|
|
|
try:
|
2013-11-05 19:55:05 +00:00
|
|
|
return User.get(username=name, organization=True)
|
2013-11-01 23:34:17 +00:00
|
|
|
except User.DoesNotExist:
|
|
|
|
raise InvalidOrganizationException('Organization does not exist: %s' %
|
|
|
|
name)
|
2013-11-04 19:56:54 +00:00
|
|
|
|
|
|
|
|
|
|
|
def get_organization_team(orgname, teamname):
|
|
|
|
joined = Team.select().join(User)
|
2013-11-04 23:52:38 +00:00
|
|
|
query = joined.where(Team.name == teamname, User.organization == True,
|
|
|
|
User.username == orgname).limit(1)
|
2013-11-04 19:56:54 +00:00
|
|
|
result = list(query)
|
|
|
|
if not result:
|
2013-11-04 23:52:38 +00:00
|
|
|
raise InvalidTeamException('Team does not exist: %s/%s', orgname,
|
|
|
|
teamname)
|
2013-11-04 19:56:54 +00:00
|
|
|
|
|
|
|
return result[0]
|
|
|
|
|
|
|
|
|
2013-11-07 00:06:59 +00:00
|
|
|
def get_organization_members_with_teams(organization):
|
|
|
|
joined = TeamMember.select().annotate(Team).annotate(User)
|
|
|
|
query = joined.where(Team.organization == organization)
|
|
|
|
return query
|
|
|
|
|
|
|
|
|
2013-11-04 19:56:54 +00:00
|
|
|
def get_organization_team_members(teamid):
|
|
|
|
joined = User.select().join(TeamMember).join(Team)
|
|
|
|
query = joined.where(Team.id == teamid)
|
|
|
|
return query
|
2013-10-31 22:17:26 +00:00
|
|
|
|
2013-11-04 21:39:29 +00:00
|
|
|
|
2013-11-04 23:52:38 +00:00
|
|
|
def get_organization_member_set(orgname):
|
|
|
|
Org = User.alias()
|
|
|
|
user_teams = User.select(User.username).join(TeamMember).join(Team)
|
|
|
|
with_org = user_teams.join(Org, on=(Org.username == orgname))
|
|
|
|
return {user.username for user in with_org}
|
|
|
|
|
2013-11-04 21:39:29 +00:00
|
|
|
|
|
|
|
def get_teams_within_org(organization):
|
2013-11-04 21:51:25 +00:00
|
|
|
return Team.select().where(Team.organization == organization)
|
2013-11-04 21:39:29 +00:00
|
|
|
|
|
|
|
|
2013-11-01 23:34:17 +00:00
|
|
|
def get_user_teams_within_org(username, organization):
|
|
|
|
joined = Team.select().join(TeamMember).join(User)
|
|
|
|
return joined.where(Team.organization == organization,
|
|
|
|
User.username == username)
|
2013-10-31 22:17:26 +00:00
|
|
|
|
2013-09-20 15:55:44 +00:00
|
|
|
|
2013-10-08 15:29:42 +00:00
|
|
|
def get_visible_repositories(username=None, include_public=True, limit=None,
|
2013-10-31 22:17:26 +00:00
|
|
|
sort=False, namespace=None):
|
2013-10-02 17:29:18 +00:00
|
|
|
if not username and not include_public:
|
|
|
|
return []
|
|
|
|
|
2013-11-08 03:44:18 +00:00
|
|
|
query = (Repository
|
|
|
|
.select(Repository, Visibility)
|
|
|
|
.distinct()
|
|
|
|
.join(Visibility)
|
|
|
|
.switch(Repository)
|
|
|
|
.join(RepositoryPermission, JOIN_LEFT_OUTER))
|
|
|
|
|
|
|
|
where_clause = None
|
|
|
|
admin_query = None
|
2013-09-28 03:25:57 +00:00
|
|
|
if username:
|
2013-11-08 03:44:18 +00:00
|
|
|
UserThroughTeam = User.alias()
|
|
|
|
Org = User.alias()
|
|
|
|
AdminTeam = Team.alias()
|
|
|
|
AdminTeamMember = TeamMember.alias()
|
|
|
|
AdminUser = User.alias()
|
|
|
|
|
|
|
|
query = (query
|
|
|
|
.join(User, JOIN_LEFT_OUTER)
|
|
|
|
.switch(RepositoryPermission)
|
|
|
|
.join(Team, JOIN_LEFT_OUTER)
|
|
|
|
.join(TeamMember, JOIN_LEFT_OUTER)
|
|
|
|
.join(UserThroughTeam, JOIN_LEFT_OUTER, on=(UserThroughTeam.id ==
|
|
|
|
TeamMember.user))
|
|
|
|
.switch(Repository)
|
|
|
|
.join(Org, JOIN_LEFT_OUTER, on=(Org.username == Repository.namespace))
|
|
|
|
.join(AdminTeam, JOIN_LEFT_OUTER, on=(Org.id ==
|
|
|
|
AdminTeam.organization))
|
|
|
|
.join(TeamRole, JOIN_LEFT_OUTER)
|
|
|
|
.switch(AdminTeam)
|
|
|
|
.join(AdminTeamMember, JOIN_LEFT_OUTER, on=(AdminTeam.id ==
|
|
|
|
AdminTeamMember.team))
|
|
|
|
.join(AdminUser, JOIN_LEFT_OUTER, on=(AdminTeamMember.user ==
|
|
|
|
AdminUser.id)))
|
|
|
|
|
|
|
|
where_clause = ((User.username == username) |
|
|
|
|
(UserThroughTeam.username == username) |
|
|
|
|
((AdminUser.username == username) &
|
|
|
|
(TeamRole.name == 'admin')))
|
|
|
|
|
|
|
|
if namespace:
|
|
|
|
where_clause = where_clause & (Repository.namespace == namespace)
|
2013-09-28 04:05:32 +00:00
|
|
|
|
2013-11-08 03:44:18 +00:00
|
|
|
if include_public:
|
|
|
|
new_clause = (Visibility.name == 'public')
|
|
|
|
if where_clause:
|
|
|
|
where_clause = where_clause | new_clause
|
|
|
|
else:
|
|
|
|
where_clause = new_clause
|
2013-10-02 17:29:18 +00:00
|
|
|
|
2013-10-02 04:28:24 +00:00
|
|
|
if limit:
|
2013-11-08 03:44:18 +00:00
|
|
|
query.limit(limit)
|
2013-10-02 04:28:24 +00:00
|
|
|
|
2013-11-08 03:44:18 +00:00
|
|
|
return query.where(where_clause)
|
2013-09-28 04:05:32 +00:00
|
|
|
|
2013-10-08 15:29:42 +00:00
|
|
|
|
2013-09-28 04:05:32 +00:00
|
|
|
def get_matching_repositories(repo_term, username=None):
|
2013-10-01 21:02:49 +00:00
|
|
|
namespace_term = repo_term
|
|
|
|
name_term = repo_term
|
|
|
|
|
2013-09-28 04:05:32 +00:00
|
|
|
visible = get_visible_repositories(username)
|
2013-10-01 21:02:49 +00:00
|
|
|
|
|
|
|
search_clauses = (Repository.name ** ('%' + name_term + '%') |
|
|
|
|
Repository.namespace ** ('%' + namespace_term + '%'))
|
|
|
|
|
|
|
|
# Handle the case where the user has already entered a namespace path.
|
|
|
|
if repo_term.find('/') > 0:
|
|
|
|
parts = repo_term.split('/', 1)
|
|
|
|
namespace_term = '/'.join(parts[:-1])
|
|
|
|
name_term = parts[-1]
|
|
|
|
|
|
|
|
search_clauses = (Repository.name ** ('%' + name_term + '%') &
|
|
|
|
Repository.namespace ** ('%' + namespace_term + '%'))
|
2013-09-28 03:25:57 +00:00
|
|
|
|
2013-09-28 04:05:32 +00:00
|
|
|
final = visible.where(search_clauses).limit(10)
|
2013-09-28 03:25:57 +00:00
|
|
|
return list(final)
|
2013-09-27 23:21:54 +00:00
|
|
|
|
|
|
|
|
2013-09-20 15:55:44 +00:00
|
|
|
def change_password(user, new_password):
|
2013-10-10 17:44:34 +00:00
|
|
|
if not validate_password(new_password):
|
|
|
|
raise InvalidPasswordException(INVALID_PASSWORD_MESSAGE)
|
|
|
|
|
2013-09-20 15:55:44 +00:00
|
|
|
pw_hash = bcrypt.hashpw(new_password, bcrypt.gensalt())
|
|
|
|
user.password_hash = pw_hash
|
|
|
|
user.save()
|
|
|
|
|
|
|
|
|
|
|
|
def update_email(user, new_email):
|
|
|
|
user.email = new_email
|
|
|
|
user.verified = False
|
|
|
|
user.save()
|
|
|
|
|
|
|
|
|
2013-09-27 17:24:07 +00:00
|
|
|
def get_all_user_permissions(user):
|
2013-11-04 20:42:08 +00:00
|
|
|
select = RepositoryPermission.select(RepositoryPermission, Role, Repository)
|
|
|
|
with_role = select.join(Role)
|
|
|
|
with_repo = with_role.switch(RepositoryPermission).join(Repository)
|
|
|
|
through_user = with_repo.switch(RepositoryPermission).join(User,
|
|
|
|
JOIN_LEFT_OUTER)
|
|
|
|
as_perm = through_user.switch(RepositoryPermission)
|
|
|
|
through_team = as_perm.join(Team, JOIN_LEFT_OUTER).join(TeamMember,
|
|
|
|
JOIN_LEFT_OUTER)
|
|
|
|
|
|
|
|
UserThroughTeam = User.alias()
|
|
|
|
with_team_member = through_team.join(UserThroughTeam, JOIN_LEFT_OUTER,
|
|
|
|
on=(UserThroughTeam.id ==
|
|
|
|
TeamMember.user))
|
|
|
|
|
|
|
|
return with_team_member.where((User.id == user) |
|
|
|
|
(UserThroughTeam.id == user))
|
|
|
|
|
|
|
|
|
|
|
|
def get_org_wide_permissions(user):
|
|
|
|
Org = User.alias()
|
|
|
|
team_with_role = Team.select(Team, Org, TeamRole).join(TeamRole)
|
|
|
|
with_org = team_with_role.switch(Team).join(Org, on=(Team.organization ==
|
|
|
|
Org.id))
|
|
|
|
with_user = with_org.switch(Team).join(TeamMember).join(User)
|
|
|
|
return with_user.where(User.id == user, Org.organization == True)
|
2013-09-27 17:24:07 +00:00
|
|
|
|
|
|
|
|
2013-11-02 01:48:10 +00:00
|
|
|
def get_all_repo_teams(namespace_name, repository_name):
|
2013-11-04 23:52:38 +00:00
|
|
|
select = RepositoryPermission.select(Team.name.alias('team_name'),
|
|
|
|
Role.name, RepositoryPermission)
|
2013-11-02 01:48:10 +00:00
|
|
|
with_team = select.join(Team)
|
|
|
|
with_role = with_team.switch(RepositoryPermission).join(Role)
|
|
|
|
with_repo = with_role.switch(RepositoryPermission).join(Repository)
|
|
|
|
return with_repo.where(Repository.namespace == namespace_name,
|
|
|
|
Repository.name == repository_name)
|
|
|
|
|
2013-11-04 23:52:38 +00:00
|
|
|
|
2013-09-27 17:24:07 +00:00
|
|
|
def get_all_repo_users(namespace_name, repository_name):
|
|
|
|
select = RepositoryPermission.select(User.username, Role.name,
|
|
|
|
RepositoryPermission)
|
|
|
|
with_user = select.join(User)
|
|
|
|
with_role = with_user.switch(RepositoryPermission).join(Role)
|
|
|
|
with_repo = with_role.switch(RepositoryPermission).join(Repository)
|
|
|
|
return with_repo.where(Repository.namespace == namespace_name,
|
|
|
|
Repository.name == repository_name)
|
2013-09-20 22:38:17 +00:00
|
|
|
|
|
|
|
|
2013-09-28 04:05:32 +00:00
|
|
|
def get_repository(namespace_name, repository_name):
|
2013-09-20 15:55:44 +00:00
|
|
|
try:
|
2013-09-28 04:05:32 +00:00
|
|
|
return Repository.get(Repository.name == repository_name,
|
|
|
|
Repository.namespace == namespace_name)
|
2013-09-20 15:55:44 +00:00
|
|
|
except Repository.DoesNotExist:
|
2013-09-20 22:38:17 +00:00
|
|
|
return None
|
|
|
|
|
|
|
|
|
2013-10-19 02:28:46 +00:00
|
|
|
def get_repo_image(namespace_name, repository_name, image_id):
|
|
|
|
joined = Image.select().join(Repository)
|
|
|
|
query = joined.where(Repository.name == repository_name,
|
|
|
|
Repository.namespace == namespace_name,
|
|
|
|
Image.docker_image_id == image_id).limit(1)
|
|
|
|
result = list(query)
|
|
|
|
if not result:
|
|
|
|
return None
|
|
|
|
|
|
|
|
return result[0]
|
|
|
|
|
|
|
|
|
2013-09-28 04:05:32 +00:00
|
|
|
def repository_is_public(namespace_name, repository_name):
|
|
|
|
joined = Repository.select().join(Visibility)
|
|
|
|
query = joined.where(Repository.namespace == namespace_name,
|
|
|
|
Repository.name == repository_name,
|
|
|
|
Visibility.name == 'public')
|
|
|
|
return len(list(query)) > 0
|
2013-09-23 16:37:40 +00:00
|
|
|
|
|
|
|
|
2013-09-28 21:11:10 +00:00
|
|
|
def set_repository_visibility(repo, visibility):
|
|
|
|
visibility_obj = Visibility.get(name=visibility)
|
|
|
|
if not visibility_obj:
|
|
|
|
return
|
|
|
|
|
|
|
|
repo.visibility = visibility_obj
|
|
|
|
repo.save()
|
2013-10-08 15:29:42 +00:00
|
|
|
|
2013-09-28 21:11:10 +00:00
|
|
|
|
2013-10-25 05:14:38 +00:00
|
|
|
def create_repository(namespace, name, owner, visibility='private'):
|
|
|
|
private = Visibility.get(name=visibility)
|
2013-09-20 22:38:17 +00:00
|
|
|
repo = Repository.create(namespace=namespace, name=name,
|
|
|
|
visibility=private)
|
|
|
|
admin = Role.get(name='admin')
|
2013-11-01 23:34:17 +00:00
|
|
|
|
|
|
|
if owner and not owner.organization:
|
|
|
|
permission = RepositoryPermission.create(user=owner, repository=repo,
|
|
|
|
role=admin)
|
2013-09-20 15:55:44 +00:00
|
|
|
return repo
|
|
|
|
|
|
|
|
|
2013-10-01 18:14:39 +00:00
|
|
|
def create_image(docker_image_id, repository):
|
|
|
|
new_image = Image.create(docker_image_id=docker_image_id,
|
|
|
|
repository=repository)
|
2013-09-20 15:55:44 +00:00
|
|
|
return new_image
|
|
|
|
|
|
|
|
|
2013-10-01 18:14:39 +00:00
|
|
|
def set_image_checksum(docker_image_id, repository, checksum):
|
|
|
|
fetched = Image.get(Image.docker_image_id == docker_image_id,
|
2013-09-26 19:58:11 +00:00
|
|
|
Image.repository == repository)
|
2013-09-20 15:55:44 +00:00
|
|
|
fetched.checksum = checksum
|
|
|
|
fetched.save()
|
|
|
|
return fetched
|
|
|
|
|
|
|
|
|
2013-10-01 18:14:39 +00:00
|
|
|
def set_image_metadata(docker_image_id, namespace_name, repository_name,
|
2013-09-30 19:30:00 +00:00
|
|
|
created_date_str, comment, parent=None):
|
2013-09-26 19:58:11 +00:00
|
|
|
joined = Image.select().join(Repository)
|
|
|
|
image_list = list(joined.where(Repository.name == repository_name,
|
2013-09-28 03:25:57 +00:00
|
|
|
Repository.namespace == namespace_name,
|
2013-10-01 18:14:39 +00:00
|
|
|
Image.docker_image_id == docker_image_id))
|
2013-09-26 19:58:11 +00:00
|
|
|
|
|
|
|
if not image_list:
|
2013-09-27 19:53:39 +00:00
|
|
|
raise DataModelException('No image with specified id and repository')
|
2013-09-26 19:58:11 +00:00
|
|
|
|
|
|
|
fetched = image_list[0]
|
|
|
|
fetched.created = dateutil.parser.parse(created_date_str)
|
|
|
|
fetched.comment = comment
|
2013-09-30 19:30:00 +00:00
|
|
|
|
|
|
|
if parent:
|
|
|
|
fetched.ancestors = '%s%s/' % (parent.ancestors, parent.id)
|
|
|
|
|
2013-09-26 19:58:11 +00:00
|
|
|
fetched.save()
|
|
|
|
return fetched
|
2013-09-20 15:55:44 +00:00
|
|
|
|
|
|
|
|
|
|
|
def get_repository_images(namespace_name, repository_name):
|
2013-09-26 19:58:11 +00:00
|
|
|
joined = Image.select().join(Repository)
|
|
|
|
return joined.where(Repository.name == repository_name,
|
2013-09-20 15:55:44 +00:00
|
|
|
Repository.namespace == namespace_name)
|
|
|
|
|
2013-11-06 22:09:22 +00:00
|
|
|
|
2013-09-25 20:46:28 +00:00
|
|
|
def list_repository_tags(namespace_name, repository_name):
|
|
|
|
select = RepositoryTag.select(RepositoryTag, Image)
|
|
|
|
with_repo = select.join(Repository)
|
|
|
|
with_image = with_repo.switch(RepositoryTag).join(Image)
|
2013-09-26 19:58:11 +00:00
|
|
|
return with_image.where(Repository.name == repository_name,
|
2013-09-25 21:46:42 +00:00
|
|
|
Repository.namespace == namespace_name)
|
2013-09-25 20:46:28 +00:00
|
|
|
|
|
|
|
|
|
|
|
def get_tag_image(namespace_name, repository_name, tag_name):
|
2013-09-30 19:30:00 +00:00
|
|
|
joined = Image.select().join(RepositoryTag).join(Repository)
|
2013-10-01 18:14:39 +00:00
|
|
|
fetched = list(joined.where(Repository.name == repository_name,
|
|
|
|
Repository.namespace == namespace_name,
|
|
|
|
RepositoryTag.name == tag_name))
|
2013-09-30 19:30:00 +00:00
|
|
|
|
2013-09-26 21:58:41 +00:00
|
|
|
if not fetched:
|
2013-09-27 19:53:39 +00:00
|
|
|
raise DataModelException('Unable to find image for tag.')
|
2013-09-26 21:58:41 +00:00
|
|
|
|
|
|
|
return fetched[0]
|
2013-09-25 20:46:28 +00:00
|
|
|
|
|
|
|
|
2013-10-01 18:14:39 +00:00
|
|
|
def get_image_by_id(namespace_name, repository_name, docker_image_id):
|
|
|
|
joined = Image.select().join(Repository)
|
|
|
|
fetched = list(joined.where(Repository.name == repository_name,
|
|
|
|
Repository.namespace == namespace_name,
|
|
|
|
Image.docker_image_id == docker_image_id))
|
|
|
|
|
|
|
|
if not fetched:
|
|
|
|
raise DataModelException('Unable to find image for tag with repo.')
|
|
|
|
|
|
|
|
return fetched[0]
|
2013-09-30 19:30:00 +00:00
|
|
|
|
|
|
|
|
|
|
|
def get_parent_images(image_obj):
|
|
|
|
""" Returns a list of parent Image objects in chronilogical order. """
|
|
|
|
parents = image_obj.ancestors
|
|
|
|
parent_db_ids = parents.strip('/').split('/')
|
|
|
|
|
2013-10-02 21:29:45 +00:00
|
|
|
if parent_db_ids == ['']:
|
|
|
|
return []
|
|
|
|
|
2013-09-30 19:30:00 +00:00
|
|
|
or_clauses = [(Image.id == db_id) for db_id in parent_db_ids]
|
|
|
|
parent_images = Image.select().where(reduce(operator.or_, or_clauses))
|
|
|
|
id_to_image = {unicode(image.id): image for image in parent_images}
|
|
|
|
|
|
|
|
return [id_to_image[parent_id] for parent_id in parent_db_ids]
|
|
|
|
|
|
|
|
|
2013-09-25 20:46:28 +00:00
|
|
|
def create_or_update_tag(namespace_name, repository_name, tag_name,
|
2013-10-01 18:14:39 +00:00
|
|
|
tag_docker_image_id):
|
2013-11-07 22:09:15 +00:00
|
|
|
try:
|
|
|
|
repo = Repository.get(Repository.name == repository_name,
|
|
|
|
Repository.namespace == namespace_name)
|
|
|
|
except Repository.DoesNotExist:
|
|
|
|
raise DataModelException('Invalid repository %s/%s' %
|
|
|
|
(namespace_name, repository_name))
|
|
|
|
|
|
|
|
try:
|
|
|
|
image = Image.get(Image.docker_image_id == tag_docker_image_id)
|
|
|
|
except Image.DoesNotExist:
|
|
|
|
raise DataModelException('Invalid image with id: %s' %
|
|
|
|
tag_docker_image_id)
|
2013-09-25 20:46:28 +00:00
|
|
|
|
|
|
|
try:
|
2013-09-26 19:58:11 +00:00
|
|
|
tag = RepositoryTag.get(RepositoryTag.repository == repo,
|
2013-09-25 21:46:42 +00:00
|
|
|
RepositoryTag.name == tag_name)
|
2013-09-25 20:46:28 +00:00
|
|
|
tag.image = image
|
|
|
|
tag.save()
|
|
|
|
except RepositoryTag.DoesNotExist:
|
|
|
|
tag = RepositoryTag.create(repository=repo, image=image, name=tag_name)
|
|
|
|
|
|
|
|
return tag
|
|
|
|
|
|
|
|
|
|
|
|
def delete_tag(namespace_name, repository_name, tag_name):
|
2013-11-07 22:09:15 +00:00
|
|
|
joined = RepositoryTag.select().join(Repository)
|
|
|
|
found = list(joined.where(Repository.name == repository_name,
|
|
|
|
Repository.namespace == namespace_name,
|
|
|
|
RepositoryTag.name == tag_name))
|
|
|
|
|
|
|
|
if not found:
|
|
|
|
msg = ('Invalid repository tag \'%s\' on repository \'%s/%s\'' %
|
|
|
|
(tag_name, namespace_name, repository_name))
|
|
|
|
raise DataModelException(msg)
|
|
|
|
|
|
|
|
found[0].delete_instance()
|
2013-09-25 20:46:28 +00:00
|
|
|
|
|
|
|
|
|
|
|
def delete_all_repository_tags(namespace_name, repository_name):
|
2013-11-07 23:08:38 +00:00
|
|
|
try:
|
|
|
|
repo = Repository.get(Repository.name == repository_name,
|
|
|
|
Repository.namespace == namespace_name)
|
|
|
|
except Repository.DoesNotExist:
|
|
|
|
raise DataModelException('Invalid repository \'%s/%s\'' %
|
|
|
|
(namespace_name, repository_name))
|
|
|
|
RepositoryTag.delete().where(RepositoryTag.repository == repo).execute()
|
2013-09-25 20:46:28 +00:00
|
|
|
|
|
|
|
|
2013-11-01 23:34:17 +00:00
|
|
|
def __entity_permission_repo_query(entity_id, entity_table,
|
|
|
|
entity_id_property, namespace_name,
|
|
|
|
repository_name):
|
|
|
|
""" This method works for both users and teams. """
|
|
|
|
selected = RepositoryPermission.select(entity_table, Repository, Role,
|
2013-09-27 19:53:39 +00:00
|
|
|
RepositoryPermission)
|
2013-11-01 23:34:17 +00:00
|
|
|
with_user = selected.join(entity_table)
|
2013-09-27 19:53:39 +00:00
|
|
|
with_role = with_user.switch(RepositoryPermission).join(Role)
|
|
|
|
with_repo = with_role.switch(RepositoryPermission).join(Repository)
|
|
|
|
return with_repo.where(Repository.name == repository_name,
|
|
|
|
Repository.namespace == namespace_name,
|
2013-11-01 23:34:17 +00:00
|
|
|
entity_id_property == entity_id)
|
2013-09-27 19:53:39 +00:00
|
|
|
|
2013-09-27 18:56:14 +00:00
|
|
|
|
2013-09-27 19:53:39 +00:00
|
|
|
def get_user_reponame_permission(username, namespace_name, repository_name):
|
2013-11-01 23:34:17 +00:00
|
|
|
fetched = list(__entity_permission_repo_query(username, User, User.username,
|
|
|
|
namespace_name,
|
|
|
|
repository_name))
|
2013-09-27 19:53:39 +00:00
|
|
|
if not fetched:
|
|
|
|
raise DataModelException('User does not have permission for repo.')
|
2013-09-27 18:56:14 +00:00
|
|
|
|
2013-09-27 19:53:39 +00:00
|
|
|
return fetched[0]
|
|
|
|
|
|
|
|
|
2013-11-01 23:34:17 +00:00
|
|
|
def get_team_reponame_permission(team_name, namespace_name, repository_name):
|
|
|
|
fetched = list(__entity_permission_repo_query(team_name, Team, Team.name,
|
|
|
|
namespace_name,
|
|
|
|
repository_name))
|
|
|
|
if not fetched:
|
|
|
|
raise DataModelException('Team does not have permission for repo.')
|
|
|
|
|
|
|
|
return fetched[0]
|
|
|
|
|
|
|
|
|
|
|
|
def delete_user_permission(username, namespace_name, repository_name):
|
2013-09-27 19:53:39 +00:00
|
|
|
if username == namespace_name:
|
|
|
|
raise DataModelException('Namespace owner must always be admin.')
|
|
|
|
|
2013-11-01 23:34:17 +00:00
|
|
|
fetched = list(__entity_permission_repo_query(username, User, User.username,
|
|
|
|
namespace_name,
|
|
|
|
repository_name))
|
|
|
|
if not fetched:
|
|
|
|
raise DataModelException('User does not have permission for repo.')
|
|
|
|
|
|
|
|
fetched[0].delete_instance()
|
|
|
|
|
|
|
|
|
|
|
|
def delete_team_permission(team_name, namespace_name, repository_name):
|
|
|
|
fetched = list(__entity_permission_repo_query(team_name, Team, Team.name,
|
|
|
|
namespace_name,
|
|
|
|
repository_name))
|
|
|
|
if not fetched:
|
|
|
|
raise DataModelException('Team does not have permission for repo.')
|
|
|
|
|
|
|
|
fetched[0].delete_instance()
|
|
|
|
|
|
|
|
|
2013-11-07 17:54:21 +00:00
|
|
|
def __set_entity_repo_permission(entity, permission_entity_property,
|
|
|
|
namespace_name, repository_name, role_name):
|
2013-09-27 18:56:14 +00:00
|
|
|
repo = Repository.get(Repository.name == repository_name,
|
|
|
|
Repository.namespace == namespace_name)
|
|
|
|
new_role = Role.get(Role.name == role_name)
|
|
|
|
|
2013-11-07 17:54:21 +00:00
|
|
|
# Fetch any existing permission for this entity on the repo
|
2013-09-27 18:56:14 +00:00
|
|
|
try:
|
2013-11-01 23:34:17 +00:00
|
|
|
entity_attr = getattr(RepositoryPermission, permission_entity_property)
|
|
|
|
perm = RepositoryPermission.get(entity_attr == entity,
|
2013-09-27 18:56:14 +00:00
|
|
|
RepositoryPermission.repository == repo)
|
|
|
|
perm.role = new_role
|
|
|
|
perm.save()
|
|
|
|
return perm
|
|
|
|
except RepositoryPermission.DoesNotExist:
|
2013-11-01 23:34:17 +00:00
|
|
|
set_entity_kwargs = {permission_entity_property: entity}
|
|
|
|
new_perm = RepositoryPermission.create(repository=repo, role=new_role,
|
|
|
|
**set_entity_kwargs)
|
2013-09-27 18:56:14 +00:00
|
|
|
return new_perm
|
|
|
|
|
2013-09-28 00:03:07 +00:00
|
|
|
|
2013-11-01 23:34:17 +00:00
|
|
|
def set_user_repo_permission(username, namespace_name, repository_name,
|
|
|
|
role_name):
|
2013-09-27 19:53:39 +00:00
|
|
|
if username == namespace_name:
|
|
|
|
raise DataModelException('Namespace owner must always be admin.')
|
|
|
|
|
2013-11-07 17:54:21 +00:00
|
|
|
user = User.get(User.username == username)
|
|
|
|
return __set_entity_repo_permission(user, 'user', namespace_name,
|
|
|
|
repository_name, role_name)
|
2013-09-27 19:53:39 +00:00
|
|
|
|
2013-11-01 23:34:17 +00:00
|
|
|
|
|
|
|
def set_team_repo_permission(team_name, namespace_name, repository_name,
|
|
|
|
role_name):
|
2013-11-07 17:54:21 +00:00
|
|
|
team = list(Team.select().join(User).where(Team.name == team_name,
|
|
|
|
User.username == namespace_name))
|
|
|
|
if not team:
|
|
|
|
raise DataModelException('No team \'%s\' in organization \'%s\'.' %
|
|
|
|
(team_name, namespace_name))
|
|
|
|
|
|
|
|
return __set_entity_repo_permission(team[0], 'team', namespace_name,
|
|
|
|
repository_name, role_name)
|
2013-10-01 16:13:25 +00:00
|
|
|
|
2013-10-02 05:40:11 +00:00
|
|
|
|
2013-10-01 16:13:25 +00:00
|
|
|
def purge_repository(namespace_name, repository_name):
|
|
|
|
fetched = Repository.get(Repository.name == repository_name,
|
|
|
|
Repository.namespace == namespace_name)
|
|
|
|
fetched.delete_instance(recursive=True, delete_nullable=True)
|
2013-10-02 05:40:11 +00:00
|
|
|
|
|
|
|
|
|
|
|
def get_private_repo_count(username):
|
|
|
|
joined = Repository.select().join(Visibility)
|
|
|
|
return joined.where(Repository.namespace == username,
|
|
|
|
Visibility.name == 'private').count()
|
2013-10-16 18:24:10 +00:00
|
|
|
|
|
|
|
|
|
|
|
def create_access_token(repository, role):
|
|
|
|
role = Role.get(Role.name == role)
|
|
|
|
new_token = AccessToken.create(repository=repository, temporary=True,
|
|
|
|
role=role)
|
|
|
|
return new_token
|
|
|
|
|
|
|
|
|
|
|
|
def create_delegate_token(namespace_name, repository_name, friendly_name):
|
|
|
|
read_only = Role.get(name='read')
|
|
|
|
repo = Repository.get(Repository.name == repository_name,
|
|
|
|
Repository.namespace == namespace_name)
|
|
|
|
new_token = AccessToken.create(repository=repo, role=read_only,
|
|
|
|
friendly_name=friendly_name, temporary=False)
|
|
|
|
return new_token
|
|
|
|
|
|
|
|
|
|
|
|
def get_repository_delegate_tokens(namespace_name, repository_name):
|
|
|
|
selected = AccessToken.select(AccessToken, Role)
|
|
|
|
with_repo = selected.join(Repository)
|
|
|
|
with_role = with_repo.switch(AccessToken).join(Role)
|
|
|
|
return with_role.where(Repository.name == repository_name,
|
|
|
|
Repository.namespace == namespace_name,
|
|
|
|
AccessToken.temporary == False)
|
|
|
|
|
|
|
|
|
|
|
|
def get_repo_delegate_token(namespace_name, repository_name, code):
|
|
|
|
repo_query = get_repository_delegate_tokens(namespace_name, repository_name)
|
|
|
|
found = list(repo_query.where(AccessToken.code == code))
|
|
|
|
|
|
|
|
if found:
|
|
|
|
return found[0]
|
|
|
|
else:
|
|
|
|
raise InvalidTokenException('Unable to find token with code: %s' % code)
|
|
|
|
|
|
|
|
|
|
|
|
def set_repo_delegate_token_role(namespace_name, repository_name, code, role):
|
|
|
|
token = get_repo_delegate_token(namespace_name, repository_name, code)
|
|
|
|
|
|
|
|
if role != 'read' and role != 'write':
|
|
|
|
raise DataModelException('Invalid role for delegate token: %s' % role)
|
|
|
|
|
|
|
|
new_role = Role.get(Role.name == role)
|
|
|
|
token.role = new_role
|
|
|
|
token.save()
|
|
|
|
|
|
|
|
return token
|
|
|
|
|
|
|
|
|
|
|
|
def delete_delegate_token(namespace_name, repository_name, code):
|
|
|
|
token = get_repo_delegate_token(namespace_name, repository_name, code)
|
|
|
|
token.delete_instance()
|
|
|
|
|
|
|
|
|
|
|
|
def load_token_data(code):
|
|
|
|
""" Load the permissions for any token by code. """
|
|
|
|
selected = AccessToken.select(AccessToken, Repository, Role)
|
|
|
|
with_role = selected.join(Role)
|
|
|
|
with_repo = with_role.switch(AccessToken).join(Repository)
|
|
|
|
fetched = list(with_repo.where(AccessToken.code == code))
|
|
|
|
|
|
|
|
if fetched:
|
|
|
|
return fetched[0]
|
|
|
|
else:
|
|
|
|
raise InvalidTokenException('Invalid delegate token code: %s' % code)
|
2013-10-24 20:37:03 +00:00
|
|
|
|
|
|
|
|
2013-10-27 20:00:44 +00:00
|
|
|
def list_repository_builds(namespace_name, repository_name,
|
|
|
|
include_inactive=True):
|
2013-10-25 19:13:11 +00:00
|
|
|
joined = RepositoryBuild.select().join(Repository)
|
2013-10-27 20:00:44 +00:00
|
|
|
filtered = joined
|
|
|
|
if not include_inactive:
|
|
|
|
filtered = filtered.where(RepositoryBuild.phase != 'error',
|
|
|
|
RepositoryBuild.phase != 'complete')
|
|
|
|
fetched = list(filtered.where(Repository.name == repository_name,
|
|
|
|
Repository.namespace == namespace_name))
|
2013-10-25 19:13:11 +00:00
|
|
|
return fetched
|
|
|
|
|
|
|
|
|
2013-10-25 22:17:43 +00:00
|
|
|
def create_repository_build(repo, access_token, resource_key, tag):
|
|
|
|
return RepositoryBuild.create(repository=repo, access_token=access_token,
|
|
|
|
resource_key=resource_key, tag=tag)
|