vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
This repository has been archived on 2020-03-24. You can view files and clone it, but cannot push or open issues or pull requests.
quay/endpoints/api/organization.py

535 lines
17 KiB
Python
Raw Normal View History

Migrate teams and orgs.
2014-03-14 18:20:51 +00:00
import logging
from flask import request
Fix the tests and implement a fake stripe.
2014-04-10 19:20:16 +00:00
from app import billing as stripe
Link the org api calls to their related user resources.
2014-03-14 21:35:52 +00:00
from endpoints.api import (resource, nickname, ApiResource, validate_json_request, request_error,
Add a user info scope and thread it through the code. Protect the org modification API.
2014-03-18 23:21:27 +00:00
related_user_resource, internal_only, Unauthorized, NotFound,
Add documentation for all path parameters
2014-08-19 23:05:28 +00:00
require_user_admin, log_action, show_if, path_param)
Migrate teams and orgs.
2014-03-14 18:20:51 +00:00
from endpoints.api.team import team_view
Link the org api calls to their related user resources.
2014-03-14 21:35:52 +00:00
from endpoints.api.user import User, PrivateRepositories
Migrate teams and orgs.
2014-03-14 18:20:51 +00:00
from auth.permissions import (AdministerOrganizationPermission, OrganizationMemberPermission,
CreateRepositoryPermission)
from auth.auth_context import get_authenticated_user
from data import model
Fix the tests and implement a fake stripe.
2014-04-10 19:20:16 +00:00
from data.billing import get_plan
Migrate teams and orgs.
2014-03-14 18:20:51 +00:00
from util.gravatar import compute_hash
Turn off all references and API calls to billing if the feature is disabled
2014-04-06 04:36:19 +00:00
import features
Migrate teams and orgs.
2014-03-14 18:20:51 +00:00
logger = logging.getLogger(__name__)
def org_view(o, teams):
admin_org = AdministerOrganizationPermission(o.username)
is_admin = admin_org.can()
view = {
'name': o.username,
'email': o.email if is_admin else '',
'gravatar': compute_hash(o.email),
'teams': {t.name : team_view(o.username, t) for t in teams},
'is_admin': is_admin
}
if is_admin:
view['invoice_email'] = o.invoice_email
return view
Link the org api calls to their related user resources.
2014-03-14 21:35:52 +00:00
@resource('/v1/organization/')
Add internal API filtering.
2014-03-14 22:07:03 +00:00
@internal_only
Migrate teams and orgs.
2014-03-14 18:20:51 +00:00
class OrganizationList(ApiResource):
""" Resource for creating organizations. """
schemas = {
'NewOrg': {
'id': 'NewOrg',
'type': 'object',
'description': 'Description of a new organization.',
Convert old style jsonschema required params to new style.
2014-03-17 16:25:41 +00:00
'required': [
'name',
'email',
],
Migrate teams and orgs.
2014-03-14 18:20:51 +00:00
'properties': {
'name': {
'type': 'string',
'description': 'Organization username',
},
'email': {
'type': 'string',
'description': 'Organization contact email',
},
},
},
}
Add a user info scope and thread it through the code. Protect the org modification API.
2014-03-18 23:21:27 +00:00
@require_user_admin
Migrate teams and orgs.
2014-03-14 18:20:51 +00:00
@nickname('createOrganization')
@validate_json_request('NewOrg')
def post(self):
""" Create a new organization. """
Eliminate all of the exceptions when running the tests.
2014-03-18 19:58:37 +00:00
user = get_authenticated_user()
Migrate teams and orgs.
2014-03-14 18:20:51 +00:00
org_data = request.get_json()
existing = None
try:
existing = model.get_organization(org_data['name'])
except model.InvalidOrganizationException:
pass
if not existing:
try:
existing = model.get_user(org_data['name'])
except model.InvalidUserException:
pass
if existing:
msg = 'A user or organization with this name already exists'
Feed error messages through a cors wrapper so that people on other domains can see what's happening.
2014-03-17 20:57:35 +00:00
raise request_error(message=msg)
Migrate teams and orgs.
2014-03-14 18:20:51 +00:00
try:
Eliminate all of the exceptions when running the tests.
2014-03-18 19:58:37 +00:00
model.create_organization(org_data['name'], org_data['email'], user)
Migrate teams and orgs.
2014-03-14 18:20:51 +00:00
return 'Created', 201
except model.DataModelException as ex:
Feed error messages through a cors wrapper so that people on other domains can see what's happening.
2014-03-17 20:57:35 +00:00
raise request_error(exception=ex)
Migrate teams and orgs.
2014-03-14 18:20:51 +00:00
Link the org api calls to their related user resources.
2014-03-14 21:35:52 +00:00
@resource('/v1/organization/<orgname>')
Add documentation for all path parameters
2014-08-19 23:05:28 +00:00
@path_param('orgname', 'The name of the organization')
Mark a whole slew of APIs as internal only.
2014-03-19 16:09:07 +00:00
@internal_only
Link the org api calls to their related user resources.
2014-03-14 21:35:52 +00:00
@related_user_resource(User)
Migrate teams and orgs.
2014-03-14 18:20:51 +00:00
class Organization(ApiResource):
""" Resource for managing organizations. """
schemas = {
'UpdateOrg': {
'id': 'UpdateOrg',
'type': 'object',
'description': 'Description of updates for an existing organization',
'properties': {
'email': {
'type': 'string',
'description': 'Organization contact email',
},
'invoice_email': {
'type': 'boolean',
'description': 'Whether the organization desires to receive emails for invoices',
},
},
},
}
@nickname('getOrganization')
def get(self, orgname):
""" Get the details for the specified organization """
permission = OrganizationMemberPermission(orgname)
if permission.can():
try:
org = model.get_organization(orgname)
except model.InvalidOrganizationException:
Feed error messages through a cors wrapper so that people on other domains can see what's happening.
2014-03-17 20:57:35 +00:00
raise NotFound()
Migrate teams and orgs.
2014-03-14 18:20:51 +00:00
teams = model.get_teams_within_org(org)
return org_view(org, teams)
Feed error messages through a cors wrapper so that people on other domains can see what's happening.
2014-03-17 20:57:35 +00:00
raise Unauthorized()
Migrate teams and orgs.
2014-03-14 18:20:51 +00:00
@nickname('changeOrganizationDetails')
@validate_json_request('UpdateOrg')
def put(self, orgname):
""" Change the details for the specified organization. """
Add a user info scope and thread it through the code. Protect the org modification API.
2014-03-18 23:21:27 +00:00
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
org_data = request.get_json()
if 'invoice_email' in org_data:
logger.debug('Changing invoice_email for organization: %s', org.username)
model.change_invoice_email(org, org_data['invoice_email'])
if 'email' in org_data and org_data['email'] != org.email:
new_email = org_data['email']
if model.find_user_by_email(new_email):
raise request_error(message='E-mail address already used')
logger.debug('Changing email address for organization: %s', org.username)
model.update_email(org, new_email)
teams = model.get_teams_within_org(org)
return org_view(org, teams)
raise Unauthorized()
Migrate teams and orgs.
2014-03-14 18:20:51 +00:00
@resource('/v1/organization/<orgname>/private')
Add documentation for all path parameters
2014-08-19 23:05:28 +00:00
@path_param('orgname', 'The name of the organization')
Mark a whole slew of APIs as internal only.
2014-03-19 16:09:07 +00:00
@internal_only
Link the org api calls to their related user resources.
2014-03-14 21:35:52 +00:00
@related_user_resource(PrivateRepositories)
Turn off all references and API calls to billing if the feature is disabled
2014-04-06 04:36:19 +00:00
@show_if(features.BILLING)
Migrate teams and orgs.
2014-03-14 18:20:51 +00:00
class OrgPrivateRepositories(ApiResource):
""" Custom verb to compute whether additional private repositories are available. """
@nickname('getOrganizationPrivateAllowed')
def get(self, orgname):
Port over the billing apis.
2014-03-14 19:35:20 +00:00
""" Return whether or not this org is allowed to create new private repositories. """
Migrate teams and orgs.
2014-03-14 18:20:51 +00:00
permission = CreateRepositoryPermission(orgname)
if permission.can():
organization = model.get_organization(orgname)
private_repos = model.get_private_repo_count(organization.username)
data = {
'privateAllowed': False
}
if organization.stripe_id:
cus = stripe.Customer.retrieve(organization.stripe_id)
if cus.subscription:
repos_allowed = 0
plan = get_plan(cus.subscription.plan.id)
if plan:
repos_allowed = plan['privateRepos']
data['privateAllowed'] = (private_repos < repos_allowed)
if AdministerOrganizationPermission(orgname).can():
data['privateCount'] = private_repos
return data
Feed error messages through a cors wrapper so that people on other domains can see what's happening.
2014-03-17 20:57:35 +00:00
raise Unauthorized()
Port permission prototypes and org members.
2014-03-14 18:51:18 +00:00
@resource('/v1/organization/<orgname>/members')
Add documentation for all path parameters
2014-08-19 23:05:28 +00:00
@path_param('orgname', 'The name of the organization')
Mark a whole slew of APIs as internal only.
2014-03-19 16:09:07 +00:00
@internal_only
Port permission prototypes and org members.
2014-03-14 18:51:18 +00:00
class OrgnaizationMemberList(ApiResource):
""" Resource for listing the members of an organization. """
@nickname('getOrganizationMembers')
def get(self, orgname):
""" List the members of the specified organization. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.get_organization(orgname)
except model.InvalidOrganizationException:
Feed error messages through a cors wrapper so that people on other domains can see what's happening.
2014-03-17 20:57:35 +00:00
raise NotFound()
Port permission prototypes and org members.
2014-03-14 18:51:18 +00:00
# Loop to create the members dictionary. Note that the members collection
# will return an entry for *every team* a member is on, so we will have
# duplicate keys (which is why we pre-build the dictionary).
members_dict = {}
members = model.get_organization_members_with_teams(org)
for member in members:
if not member.user.username in members_dict:
members_dict[member.user.username] = {'name': member.user.username,
'kind': 'user',
'is_robot': member.user.robot,
'teams': []}
members_dict[member.user.username]['teams'].append(member.team.name)
return {'members': members_dict}
Feed error messages through a cors wrapper so that people on other domains can see what's happening.
2014-03-17 20:57:35 +00:00
raise Unauthorized()
Port permission prototypes and org members.
2014-03-14 18:51:18 +00:00
@resource('/v1/organization/<orgname>/members/<membername>')
Add documentation for all path parameters
2014-08-19 23:05:28 +00:00
@path_param('orgname', 'The name of the organization')
@path_param('membername', 'The username of the organization member')
Mark a whole slew of APIs as internal only.
2014-03-19 16:09:07 +00:00
@internal_only
Port permission prototypes and org members.
2014-03-14 18:51:18 +00:00
class OrganizationMember(ApiResource):
""" Resource for managing individual organization members. """
@nickname('getOrganizationMember')
def get(self, orgname, membername):
""" Get information on the specific orgnaization member. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.get_organization(orgname)
except model.InvalidOrganizationException:
Feed error messages through a cors wrapper so that people on other domains can see what's happening.
2014-03-17 20:57:35 +00:00
raise NotFound()
Port permission prototypes and org members.
2014-03-14 18:51:18 +00:00
member_dict = None
member_teams = model.get_organization_members_with_teams(org, membername=membername)
for member in member_teams:
if not member_dict:
member_dict = {'name': member.user.username,
'kind': 'user',
'is_robot': member.user.robot,
'teams': []}
member_dict['teams'].append(member.team.name)
if not member_dict:
Feed error messages through a cors wrapper so that people on other domains can see what's happening.
2014-03-17 20:57:35 +00:00
raise NotFound()
Port permission prototypes and org members.
2014-03-14 18:51:18 +00:00
return {'member': member_dict}
Add OAuth usage information the API logs, have it be displayed in the logs UI and start on the code to display application information when clicked. Note that this does not (yet) do anything with the information returned as we need to wait for the mainline merge of Angular 1.2.9 (which is in master) before I can continue on the display
2014-03-18 20:45:18 +00:00
raise Unauthorized()
@resource('/v1/app/<client_id>')
Add documentation for all path parameters
2014-08-19 23:05:28 +00:00
@path_param('client_id', 'The OAuth client ID')
Add OAuth usage information the API logs, have it be displayed in the logs UI and start on the code to display application information when clicked. Note that this does not (yet) do anything with the information returned as we need to wait for the mainline merge of Angular 1.2.9 (which is in master) before I can continue on the display
2014-03-18 20:45:18 +00:00
class ApplicationInformation(ApiResource):
""" Resource that returns public information about a registered application. """
@nickname('getApplicationInformation')
def get(self, client_id):
""" Get information on the specified application. """
application = model.oauth.get_application_for_client_id(client_id)
if not application:
raise NotFound()
Add full application management API, UI and test cases
2014-03-20 19:46:13 +00:00
org_hash = compute_hash(application.organization.email)
gravatar = compute_hash(application.gravatar_email) if application.gravatar_email else org_hash
Add OAuth usage information the API logs, have it be displayed in the logs UI and start on the code to display application information when clicked. Note that this does not (yet) do anything with the information returned as we need to wait for the mainline merge of Angular 1.2.9 (which is in master) before I can continue on the display
2014-03-18 20:45:18 +00:00
return {
'name': application.name,
'description': application.description,
'uri': application.application_uri,
Add full application management API, UI and test cases
2014-03-20 19:46:13 +00:00
'gravatar': gravatar,
Add OAuth usage information the API logs, have it be displayed in the logs UI and start on the code to display application information when clicked. Note that this does not (yet) do anything with the information returned as we need to wait for the mainline merge of Angular 1.2.9 (which is in master) before I can continue on the display
2014-03-18 20:45:18 +00:00
'organization': org_view(application.organization, [])
}
Add full application management API, UI and test cases
2014-03-20 19:46:13 +00:00
def app_view(application):
is_admin = AdministerOrganizationPermission(application.organization.username).can()
return {
'name': application.name,
'description': application.description,
'application_uri': application.application_uri,
'client_id': application.client_id,
'client_secret': application.client_secret if is_admin else None,
'redirect_uri': application.redirect_uri if is_admin else None,
'gravatar_email': application.gravatar_email if is_admin else None,
}
@resource('/v1/organization/<orgname>/applications')
Add documentation for all path parameters
2014-08-19 23:05:28 +00:00
@path_param('orgname', 'The name of the organization')
Make the new app management APIs internal and fix the schemas to work with swagger.
2014-03-24 22:16:46 +00:00
@internal_only
Add full application management API, UI and test cases
2014-03-20 19:46:13 +00:00
class OrganizationApplications(ApiResource):
""" Resource for managing applications defined by an organizations. """
schemas = {
'NewApp': {
'id': 'NewApp',
'type': 'object',
'description': 'Description of a new organization application.',
'required': [
'name',
],
'properties': {
'name': {
'type': 'string',
'description': 'The name of the application',
},
'redirect_uri': {
'type': 'string',
'description': 'The URI for the application\'s OAuth redirect',
},
'application_uri': {
'type': 'string',
'description': 'The URI for the application\'s homepage',
},
'description': {
Make the new app management APIs internal and fix the schemas to work with swagger.
2014-03-24 22:16:46 +00:00
'type': 'string',
Add full application management API, UI and test cases
2014-03-20 19:46:13 +00:00
'description': 'The human-readable description for the application',
},
'gravatar_email': {
Make the new app management APIs internal and fix the schemas to work with swagger.
2014-03-24 22:16:46 +00:00
'type': 'string',
Add full application management API, UI and test cases
2014-03-20 19:46:13 +00:00
'description': 'The e-mail address of the gravatar to use for the application',
}
},
},
}
@nickname('getOrganizationApplications')
def get(self, orgname):
""" List the applications for the specified organization """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
applications = model.oauth.list_applications_for_org(org)
return {'applications': [app_view(application) for application in applications]}
raise Unauthorized()
@nickname('createOrganizationApplication')
@validate_json_request('NewApp')
def post(self, orgname):
""" Creates a new application under this organization. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
app_data = request.get_json()
application = model.oauth.create_application(
org, app_data['name'],
app_data.get('application_uri', ''),
app_data.get('redirect_uri', ''),
description = app_data.get('description', ''),
gravatar_email = app_data.get('gravatar_email', None),)
app_data.update({
'application_name': application.name,
'client_id': application.client_id
})
log_action('create_application', orgname, app_data)
return app_view(application)
raise Unauthorized()
@resource('/v1/organization/<orgname>/applications/<client_id>')
Add documentation for all path parameters
2014-08-19 23:05:28 +00:00
@path_param('orgname', 'The name of the organization')
@path_param('client_id', 'The OAuth client ID')
Make the new app management APIs internal and fix the schemas to work with swagger.
2014-03-24 22:16:46 +00:00
@internal_only
Add full application management API, UI and test cases
2014-03-20 19:46:13 +00:00
class OrganizationApplicationResource(ApiResource):
""" Resource for managing an application defined by an organizations. """
schemas = {
'UpdateApp': {
'id': 'UpdateApp',
'type': 'object',
'description': 'Description of an updated application.',
'required': [
'name',
'redirect_uri',
'application_uri'
],
'properties': {
'name': {
'type': 'string',
'description': 'The name of the application',
},
'redirect_uri': {
'type': 'string',
'description': 'The URI for the application\'s OAuth redirect',
},
'application_uri': {
'type': 'string',
'description': 'The URI for the application\'s homepage',
},
'description': {
Make the new app management APIs internal and fix the schemas to work with swagger.
2014-03-24 22:16:46 +00:00
'type': 'string',
Add full application management API, UI and test cases
2014-03-20 19:46:13 +00:00
'description': 'The human-readable description for the application',
},
'gravatar_email': {
Make the new app management APIs internal and fix the schemas to work with swagger.
2014-03-24 22:16:46 +00:00
'type': 'string',
Add full application management API, UI and test cases
2014-03-20 19:46:13 +00:00
'description': 'The e-mail address of the gravatar to use for the application',
}
},
},
}
@nickname('getOrganizationApplication')
def get(self, orgname, client_id):
""" Retrieves the application with the specified client_id under the specified organization """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
application = model.oauth.lookup_application(org, client_id)
if not application:
raise NotFound()
return app_view(application)
raise Unauthorized()
@nickname('updateOrganizationApplication')
@validate_json_request('UpdateApp')
def put(self, orgname, client_id):
""" Updates an application under this organization. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
application = model.oauth.lookup_application(org, client_id)
if not application:
raise NotFound()
app_data = request.get_json()
application.name = app_data['name']
application.application_uri = app_data['application_uri']
application.redirect_uri = app_data['redirect_uri']
application.description = app_data.get('description', '')
application.gravatar_email = app_data.get('gravatar_email', None)
application.save()
app_data.update({
'application_name': application.name,
'client_id': application.client_id
})
log_action('update_application', orgname, app_data)
return app_view(application)
raise Unauthorized()
@nickname('deleteOrganizationApplication')
def delete(self, orgname, client_id):
""" Deletes the application under this organization. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
application = model.oauth.delete_application(org, client_id)
if not application:
raise NotFound()
log_action('delete_application', orgname,
{'application_name': application.name, 'client_id': client_id})
return 'Deleted', 204
raise Unauthorized()
@resource('/v1/organization/<orgname>/applications/<client_id>/resetclientsecret')
Add documentation for all path parameters
2014-08-19 23:05:28 +00:00
@path_param('orgname', 'The name of the organization')
@path_param('client_id', 'The OAuth client ID')
Add full application management API, UI and test cases
2014-03-20 19:46:13 +00:00
@internal_only
class OrganizationApplicationResetClientSecret(ApiResource):
""" Custom verb for resetting the client secret of an application. """
@nickname('resetOrganizationApplicationClientSecret')
def post(self, orgname, client_id):
""" Resets the client secret of the application. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
application = model.oauth.lookup_application(org, client_id)
if not application:
raise NotFound()
application = model.oauth.reset_client_secret(application)
log_action('reset_application_client_secret', orgname,
{'application_name': application.name, 'client_id': client_id})
return app_view(application)
raise Unauthorized()
Reference in a new issue Copy permalink