quay/endpoints/api/robot.py

""" Manage user and organization robot accounts. """

from endpoints.api import (resource, nickname, ApiResource, log_action, related_user_resource,
                           Unauthorized, require_user_admin, require_scope, path_param, parse_args,
                           truthy_bool, query_param)
from auth.permissions import AdministerOrganizationPermission, OrganizationMemberPermission
from auth.auth_context import get_authenticated_user
from auth import scopes
from data import model
from data.database import User, Team, Repository, FederatedLogin
from util.names import format_robot_username
from flask import abort
from app import avatar

def robot_view(name, token):
  return {
    'name': name,
    'token': token
  }


def permission_view(permission):
  return {
    'repository': {
      'name': permission.repository.name,
      'is_public': permission.repository.visibility.name == 'public'
    },
    'role': permission.role.name
  }


def robots_list(prefix, include_permissions=False):
  tuples = model.user.list_entity_robot_permission_teams(prefix,
                                                         include_permissions=include_permissions)

  robots = {}
  robot_teams = set()

  for robot_tuple in tuples:
    robot_name = robot_tuple.get(User.username)
    if not robot_name in robots:
      robots[robot_name] = {
        'name': robot_name,
        'token': robot_tuple.get(FederatedLogin.service_ident)
      }

      if include_permissions:
        robots[robot_name].update({
          'teams': [],
          'repositories': []
        })

    if include_permissions:
      team_name = robot_tuple.get(Team.name)
      repository_name = robot_tuple.get(Repository.name)

      if team_name is not None:
        check_key = robot_name + ':' + team_name
        if not check_key in robot_teams:
          robot_teams.add(check_key)

          robots[robot_name]['teams'].append({
            'name': team_name,
            'avatar': avatar.get_data(team_name, team_name, 'team')
          })

      if repository_name is not None:
        if not repository_name in robots[robot_name]['repositories']:
          robots[robot_name]['repositories'].append(repository_name)

  return {'robots': robots.values()}

@resource('/v1/user/robots')
class UserRobotList(ApiResource):
  """ Resource for listing user robots. """
  @require_user_admin
  @nickname('getUserRobots')
  @parse_args
  @query_param('permissions',
               'Whether to include repostories and teams in which the robots have permission.',
               type=truthy_bool, default=False)
  def get(self, args):
    """ List the available robots for the user. """
    user = get_authenticated_user()
    return robots_list(user.username, include_permissions=args.get('permissions', False))


@resource('/v1/user/robots/<robot_shortname>')
@path_param('robot_shortname',
            'The short name for the robot, without any user or organization prefix')
class UserRobot(ApiResource):
  """ Resource for managing a user's robots. """
  @require_user_admin
  @nickname('getUserRobot')
  def get(self, robot_shortname):
    """ Returns the user's robot with the specified name. """
    parent = get_authenticated_user()
    robot, password = model.user.get_robot(robot_shortname, parent)
    return robot_view(robot.username, password)

  @require_user_admin
  @nickname('createUserRobot')
  def put(self, robot_shortname):
    """ Create a new user robot with the specified name. """
    parent = get_authenticated_user()
    robot, password = model.user.create_robot(robot_shortname, parent)
    log_action('create_robot', parent.username, {'robot': robot_shortname})
    return robot_view(robot.username, password), 201

  @require_user_admin
  @nickname('deleteUserRobot')
  def delete(self, robot_shortname):
    """ Delete an existing robot. """
    parent = get_authenticated_user()
    model.user.delete_robot(format_robot_username(parent.username, robot_shortname))
    log_action('delete_robot', parent.username, {'robot': robot_shortname})
    return 'Deleted', 204


@resource('/v1/organization/<orgname>/robots')
@path_param('orgname', 'The name of the organization')
@related_user_resource(UserRobotList)
class OrgRobotList(ApiResource):
  """ Resource for listing an organization's robots. """
  @require_scope(scopes.ORG_ADMIN)
  @nickname('getOrgRobots')
  @parse_args
  @query_param('permissions',
               'Whether to include repostories and teams in which the robots have permission.',
               type=truthy_bool, default=False)
  def get(self, args, orgname):
    """ List the organization's robots. """
    permission = OrganizationMemberPermission(orgname)
    if permission.can():
      return robots_list(orgname, include_permissions=args.get('permissions', False))

    raise Unauthorized()


@resource('/v1/organization/<orgname>/robots/<robot_shortname>')
@path_param('orgname', 'The name of the organization')
@path_param('robot_shortname',
            'The short name for the robot, without any user or organization prefix')
@related_user_resource(UserRobot)
class OrgRobot(ApiResource):
  """ Resource for managing an organization's robots. """
  @require_scope(scopes.ORG_ADMIN)
  @nickname('getOrgRobot')
  def get(self, orgname, robot_shortname):
    """ Returns the organization's robot with the specified name. """
    permission = AdministerOrganizationPermission(orgname)
    if permission.can():
      parent = model.organization.get_organization(orgname)
      robot, password = model.user.get_robot(robot_shortname, parent)
      return robot_view(robot.username, password)

    raise Unauthorized()

  @require_scope(scopes.ORG_ADMIN)
  @nickname('createOrgRobot')
  def put(self, orgname, robot_shortname):
    """ Create a new robot in the organization. """
    permission = AdministerOrganizationPermission(orgname)
    if permission.can():
      parent = model.organization.get_organization(orgname)
      robot, password = model.user.create_robot(robot_shortname, parent)
      log_action('create_robot', orgname, {'robot': robot_shortname})
      return robot_view(robot.username, password), 201

    raise Unauthorized()

  @require_scope(scopes.ORG_ADMIN)
  @nickname('deleteOrgRobot')
  def delete(self, orgname, robot_shortname):
    """ Delete an existing organization robot. """
    permission = AdministerOrganizationPermission(orgname)
    if permission.can():
      model.user.delete_robot(format_robot_username(orgname, robot_shortname))
      log_action('delete_robot', orgname, {'robot': robot_shortname})
      return 'Deleted', 204

    raise Unauthorized()


@resource('/v1/user/robots/<robot_shortname>/permissions')
@path_param('robot_shortname',
            'The short name for the robot, without any user or organization prefix')
class UserRobotPermissions(ApiResource):
  """ Resource for listing the permissions a user's robot has in the system. """
  @require_user_admin
  @nickname('getUserRobotPermissions')
  def get(self, robot_shortname):
    """ Returns the list of repository permissions for the user's robot. """
    parent = get_authenticated_user()
    robot, _ = model.user.get_robot(robot_shortname, parent)
    permissions = model.permission.list_robot_permissions(robot.username)

    return {
      'permissions': [permission_view(permission) for permission in permissions]
    }


@resource('/v1/organization/<orgname>/robots/<robot_shortname>/permissions')
@path_param('orgname', 'The name of the organization')
@path_param('robot_shortname',
            'The short name for the robot, without any user or organization prefix')
@related_user_resource(UserRobotPermissions)
class OrgRobotPermissions(ApiResource):
  """ Resource for listing the permissions an org's robot has in the system. """
  @require_user_admin
  @nickname('getOrgRobotPermissions')
  def get(self, orgname, robot_shortname):
    """ Returns the list of repository permissions for the org's robot. """
    permission = AdministerOrganizationPermission(orgname)
    if permission.can():
      parent = model.organization.get_organization(orgname)
      robot, _ = model.user.get_robot(robot_shortname, parent)
      permissions = model.permission.list_robot_permissions(robot.username)

      return {
        'permissions': [permission_view(permission) for permission in permissions]
      }

    abort(403)


@resource('/v1/user/robots/<robot_shortname>/regenerate')
@path_param('robot_shortname',
            'The short name for the robot, without any user or organization prefix')
class RegenerateUserRobot(ApiResource):
  """ Resource for regenerate an organization's robot's token. """
  @require_user_admin
  @nickname('regenerateUserRobotToken')
  def post(self, robot_shortname):
    """ Regenerates the token for a user's robot. """
    parent = get_authenticated_user()
    robot, password = model.user.regenerate_robot_token(robot_shortname, parent)
    log_action('regenerate_robot_token', parent.username, {'robot': robot_shortname})
    return robot_view(robot.username, password)


@resource('/v1/organization/<orgname>/robots/<robot_shortname>/regenerate')
@path_param('orgname', 'The name of the organization')
@path_param('robot_shortname',
            'The short name for the robot, without any user or organization prefix')
@related_user_resource(RegenerateUserRobot)
class RegenerateOrgRobot(ApiResource):
  """ Resource for regenerate an organization's robot's token. """
  @require_scope(scopes.ORG_ADMIN)
  @nickname('regenerateOrgRobotToken')
  def post(self, orgname, robot_shortname):
    """ Regenerates the token for an organization robot. """
    permission = AdministerOrganizationPermission(orgname)
    if permission.can():
      parent = model.organization.get_organization(orgname)
      robot, password = model.user.regenerate_robot_token(robot_shortname, parent)
      log_action('regenerate_robot_token', orgname, {'robot': robot_shortname})
      return robot_view(robot.username, password)

    raise Unauthorized()
Switch the Python side to Swagger v2 2015-05-14 20:47:38 +00:00			`""" Manage user and organization robot accounts. """`

Feed error messages through a cors wrapper so that people on other domains can see what's happening. 2014-03-17 20:57:35 +00:00			`from endpoints.api import (resource, nickname, ApiResource, log_action, related_user_resource,`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`Unauthorized, require_user_admin, require_scope, path_param, parse_args,`
			`truthy_bool, query_param)`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`from auth.permissions import AdministerOrganizationPermission, OrganizationMemberPermission`
			`from auth.auth_context import get_authenticated_user`
Begin the work to allow robots and teams to be managed via API. 2014-08-06 00:53:00 +00:00			`from auth import scopes`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`from data import model`
Add the team membership to the robots view 2015-04-01 17:56:30 +00:00			`from data.database import User, Team, Repository, FederatedLogin`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`from util.names import format_robot_username`
- Fix tests - Add new endpoints for retrieving the repo permissions for a robot account - Have the robots list return the number of repositories for which there are permissions - Other UI fixes 2015-03-31 22:50:43 +00:00			`from flask import abort`
Add the team membership to the robots view 2015-04-01 17:56:30 +00:00			`from app import avatar`
Port logs and robots. 2014-03-14 20:02:13 +00:00
Add the team membership to the robots view 2015-04-01 17:56:30 +00:00			`def robot_view(name, token):`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`return {`
			`'name': name,`
Add the team membership to the robots view 2015-04-01 17:56:30 +00:00			`'token': token`
- Fix tests - Add new endpoints for retrieving the repo permissions for a robot account - Have the robots list return the number of repositories for which there are permissions - Other UI fixes 2015-03-31 22:50:43 +00:00			`}`


			`def permission_view(permission):`
			`return {`
			`'repository': {`
			`'name': permission.repository.name,`
			`'is_public': permission.repository.visibility.name == 'public'`
			`},`
			`'role': permission.role.name`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`}`


Only return the team and repo permissions when listing robots when we absolutely need them. 2015-05-08 20:43:07 +00:00			`def robots_list(prefix, include_permissions=False):`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`tuples = model.user.list_entity_robot_permission_teams(prefix,`
			`include_permissions=include_permissions)`
Add the team membership to the robots view 2015-04-01 17:56:30 +00:00
			`robots = {}`
			`robot_teams = set()`

			`for robot_tuple in tuples:`
			`robot_name = robot_tuple.get(User.username)`
			`if not robot_name in robots:`
			`robots[robot_name] = {`
			`'name': robot_name,`
Only return the team and repo permissions when listing robots when we absolutely need them. 2015-05-08 20:43:07 +00:00			`'token': robot_tuple.get(FederatedLogin.service_ident)`
Add the team membership to the robots view 2015-04-01 17:56:30 +00:00			`}`

Only return the team and repo permissions when listing robots when we absolutely need them. 2015-05-08 20:43:07 +00:00			`if include_permissions:`
			`robots[robot_name].update({`
			`'teams': [],`
			`'repositories': []`
			`})`
Add the team membership to the robots view 2015-04-01 17:56:30 +00:00
Only return the team and repo permissions when listing robots when we absolutely need them. 2015-05-08 20:43:07 +00:00			`if include_permissions:`
			`team_name = robot_tuple.get(Team.name)`
			`repository_name = robot_tuple.get(Repository.name)`
Add the team membership to the robots view 2015-04-01 17:56:30 +00:00
Only return the team and repo permissions when listing robots when we absolutely need them. 2015-05-08 20:43:07 +00:00			`if team_name is not None:`
			`check_key = robot_name + ':' + team_name`
			`if not check_key in robot_teams:`
			`robot_teams.add(check_key)`

			`robots[robot_name]['teams'].append({`
			`'name': team_name,`
			`'avatar': avatar.get_data(team_name, team_name, 'team')`
			`})`
Add the team membership to the robots view 2015-04-01 17:56:30 +00:00
Only return the team and repo permissions when listing robots when we absolutely need them. 2015-05-08 20:43:07 +00:00			`if repository_name is not None:`
			`if not repository_name in robots[robot_name]['repositories']:`
			`robots[robot_name]['repositories'].append(repository_name)`
Add the team membership to the robots view 2015-04-01 17:56:30 +00:00
			`return {'robots': robots.values()}`

Port the remaining APIs and fix some locations. 2014-03-14 20:09:16 +00:00			`@resource('/v1/user/robots')`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`class UserRobotList(ApiResource):`
			`""" Resource for listing user robots. """`
Add a user info scope and thread it through the code. Protect the org modification API. 2014-03-18 23:21:27 +00:00			`@require_user_admin`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`@nickname('getUserRobots')`
Only return the team and repo permissions when listing robots when we absolutely need them. 2015-05-08 20:43:07 +00:00			`@parse_args`
			`@query_param('permissions',`
			`'Whether to include repostories and teams in which the robots have permission.',`
			`type=truthy_bool, default=False)`
			`def get(self, args):`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`""" List the available robots for the user. """`
			`user = get_authenticated_user()`
Only return the team and repo permissions when listing robots when we absolutely need them. 2015-05-08 20:43:07 +00:00			`return robots_list(user.username, include_permissions=args.get('permissions', False))`
Port logs and robots. 2014-03-14 20:02:13 +00:00

Port the remaining APIs and fix some locations. 2014-03-14 20:09:16 +00:00			`@resource('/v1/user/robots/<robot_shortname>')`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`@path_param('robot_shortname',`
			`'The short name for the robot, without any user or organization prefix')`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`class UserRobot(ApiResource):`
			`""" Resource for managing a user's robots. """`
Add ability to regenerate robot account credentials 2014-08-25 21:19:23 +00:00			`@require_user_admin`
			`@nickname('getUserRobot')`
			`def get(self, robot_shortname):`
			`""" Returns the user's robot with the specified name. """`
			`parent = get_authenticated_user()`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`robot, password = model.user.get_robot(robot_shortname, parent)`
Add ability to regenerate robot account credentials 2014-08-25 21:19:23 +00:00			`return robot_view(robot.username, password)`

Add a user info scope and thread it through the code. Protect the org modification API. 2014-03-18 23:21:27 +00:00			`@require_user_admin`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`@nickname('createUserRobot')`
			`def put(self, robot_shortname):`
			`""" Create a new user robot with the specified name. """`
			`parent = get_authenticated_user()`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`robot, password = model.user.create_robot(robot_shortname, parent)`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`log_action('create_robot', parent.username, {'robot': robot_shortname})`
Fix some errors. 2014-03-17 18:52:52 +00:00			`return robot_view(robot.username, password), 201`
Port logs and robots. 2014-03-14 20:02:13 +00:00
Add a user info scope and thread it through the code. Protect the org modification API. 2014-03-18 23:21:27 +00:00			`@require_user_admin`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`@nickname('deleteUserRobot')`
			`def delete(self, robot_shortname):`
			`""" Delete an existing robot. """`
			`parent = get_authenticated_user()`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`model.user.delete_robot(format_robot_username(parent.username, robot_shortname))`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`log_action('delete_robot', parent.username, {'robot': robot_shortname})`
			`return 'Deleted', 204`


Port the remaining APIs and fix some locations. 2014-03-14 20:09:16 +00:00			`@resource('/v1/organization/<orgname>/robots')`
Add path param description support 2014-08-06 21:47:32 +00:00			`@path_param('orgname', 'The name of the organization')`
Link the org api calls to their related user resources. 2014-03-14 21:35:52 +00:00			`@related_user_resource(UserRobotList)`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`class OrgRobotList(ApiResource):`
			`""" Resource for listing an organization's robots. """`
Begin the work to allow robots and teams to be managed via API. 2014-08-06 00:53:00 +00:00			`@require_scope(scopes.ORG_ADMIN)`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`@nickname('getOrgRobots')`
Only return the team and repo permissions when listing robots when we absolutely need them. 2015-05-08 20:43:07 +00:00			`@parse_args`
			`@query_param('permissions',`
			`'Whether to include repostories and teams in which the robots have permission.',`
			`type=truthy_bool, default=False)`
			`def get(self, args, orgname):`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`""" List the organization's robots. """`
			`permission = OrganizationMemberPermission(orgname)`
			`if permission.can():`
Only return the team and repo permissions when listing robots when we absolutely need them. 2015-05-08 20:43:07 +00:00			`return robots_list(orgname, include_permissions=args.get('permissions', False))`
Port logs and robots. 2014-03-14 20:02:13 +00:00
Feed error messages through a cors wrapper so that people on other domains can see what's happening. 2014-03-17 20:57:35 +00:00			`raise Unauthorized()`
Port logs and robots. 2014-03-14 20:02:13 +00:00

Port the remaining APIs and fix some locations. 2014-03-14 20:09:16 +00:00			`@resource('/v1/organization/<orgname>/robots/<robot_shortname>')`
Add path param description support 2014-08-06 21:47:32 +00:00			`@path_param('orgname', 'The name of the organization')`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`@path_param('robot_shortname',`
			`'The short name for the robot, without any user or organization prefix')`
Link the org api calls to their related user resources. 2014-03-14 21:35:52 +00:00			`@related_user_resource(UserRobot)`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`class OrgRobot(ApiResource):`
			`""" Resource for managing an organization's robots. """`
Add ability to regenerate robot account credentials 2014-08-25 21:19:23 +00:00			`@require_scope(scopes.ORG_ADMIN)`
			`@nickname('getOrgRobot')`
			`def get(self, orgname, robot_shortname):`
			`""" Returns the organization's robot with the specified name. """`
			`permission = AdministerOrganizationPermission(orgname)`
			`if permission.can():`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`parent = model.organization.get_organization(orgname)`
			`robot, password = model.user.get_robot(robot_shortname, parent)`
Add ability to regenerate robot account credentials 2014-08-25 21:19:23 +00:00			`return robot_view(robot.username, password)`
Strip whitespace from ALL the things. 2014-11-24 21:07:38 +00:00
Add ability to regenerate robot account credentials 2014-08-25 21:19:23 +00:00			`raise Unauthorized()`

Begin the work to allow robots and teams to be managed via API. 2014-08-06 00:53:00 +00:00			`@require_scope(scopes.ORG_ADMIN)`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`@nickname('createOrgRobot')`
			`def put(self, orgname, robot_shortname):`
			`""" Create a new robot in the organization. """`
			`permission = AdministerOrganizationPermission(orgname)`
			`if permission.can():`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`parent = model.organization.get_organization(orgname)`
			`robot, password = model.user.create_robot(robot_shortname, parent)`
			`log_action('create_robot', orgname, {'robot': robot_shortname})`
Fix the org robot create response. 2014-03-17 19:26:16 +00:00			`return robot_view(robot.username, password), 201`
Port logs and robots. 2014-03-14 20:02:13 +00:00
Feed error messages through a cors wrapper so that people on other domains can see what's happening. 2014-03-17 20:57:35 +00:00			`raise Unauthorized()`
Port logs and robots. 2014-03-14 20:02:13 +00:00
Begin the work to allow robots and teams to be managed via API. 2014-08-06 00:53:00 +00:00			`@require_scope(scopes.ORG_ADMIN)`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`@nickname('deleteOrgRobot')`
			`def delete(self, orgname, robot_shortname):`
			`""" Delete an existing organization robot. """`
			`permission = AdministerOrganizationPermission(orgname)`
			`if permission.can():`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`model.user.delete_robot(format_robot_username(orgname, robot_shortname))`
Port logs and robots. 2014-03-14 20:02:13 +00:00			`log_action('delete_robot', orgname, {'robot': robot_shortname})`
			`return 'Deleted', 204`

Feed error messages through a cors wrapper so that people on other domains can see what's happening. 2014-03-17 20:57:35 +00:00			`raise Unauthorized()`
Add ability to regenerate robot account credentials 2014-08-25 21:19:23 +00:00

- Fix tests - Add new endpoints for retrieving the repo permissions for a robot account - Have the robots list return the number of repositories for which there are permissions - Other UI fixes 2015-03-31 22:50:43 +00:00			`@resource('/v1/user/robots/<robot_shortname>/permissions')`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`@path_param('robot_shortname',`
			`'The short name for the robot, without any user or organization prefix')`
- Fix tests - Add new endpoints for retrieving the repo permissions for a robot account - Have the robots list return the number of repositories for which there are permissions - Other UI fixes 2015-03-31 22:50:43 +00:00			`class UserRobotPermissions(ApiResource):`
			`""" Resource for listing the permissions a user's robot has in the system. """`
			`@require_user_admin`
			`@nickname('getUserRobotPermissions')`
			`def get(self, robot_shortname):`
			`""" Returns the list of repository permissions for the user's robot. """`
			`parent = get_authenticated_user()`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`robot, _ = model.user.get_robot(robot_shortname, parent)`
			`permissions = model.permission.list_robot_permissions(robot.username)`
- Fix tests - Add new endpoints for retrieving the repo permissions for a robot account - Have the robots list return the number of repositories for which there are permissions - Other UI fixes 2015-03-31 22:50:43 +00:00
			`return {`
			`'permissions': [permission_view(permission) for permission in permissions]`
			`}`


			`@resource('/v1/organization/<orgname>/robots/<robot_shortname>/permissions')`
			`@path_param('orgname', 'The name of the organization')`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`@path_param('robot_shortname',`
			`'The short name for the robot, without any user or organization prefix')`
- Fix tests - Add new endpoints for retrieving the repo permissions for a robot account - Have the robots list return the number of repositories for which there are permissions - Other UI fixes 2015-03-31 22:50:43 +00:00			`@related_user_resource(UserRobotPermissions)`
			`class OrgRobotPermissions(ApiResource):`
			`""" Resource for listing the permissions an org's robot has in the system. """`
			`@require_user_admin`
			`@nickname('getOrgRobotPermissions')`
			`def get(self, orgname, robot_shortname):`
			`""" Returns the list of repository permissions for the org's robot. """`
			`permission = AdministerOrganizationPermission(orgname)`
			`if permission.can():`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`parent = model.organization.get_organization(orgname)`
			`robot, _ = model.user.get_robot(robot_shortname, parent)`
			`permissions = model.permission.list_robot_permissions(robot.username)`
- Fix tests - Add new endpoints for retrieving the repo permissions for a robot account - Have the robots list return the number of repositories for which there are permissions - Other UI fixes 2015-03-31 22:50:43 +00:00
			`return {`
			`'permissions': [permission_view(permission) for permission in permissions]`
			`}`

			`abort(403)`


Add ability to regenerate robot account credentials 2014-08-25 21:19:23 +00:00			`@resource('/v1/user/robots/<robot_shortname>/regenerate')`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`@path_param('robot_shortname',`
			`'The short name for the robot, without any user or organization prefix')`
Add ability to regenerate robot account credentials 2014-08-25 21:19:23 +00:00			`class RegenerateUserRobot(ApiResource):`
			`""" Resource for regenerate an organization's robot's token. """`
			`@require_user_admin`
			`@nickname('regenerateUserRobotToken')`
			`def post(self, robot_shortname):`
			`""" Regenerates the token for a user's robot. """`
			`parent = get_authenticated_user()`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`robot, password = model.user.regenerate_robot_token(robot_shortname, parent)`
			`log_action('regenerate_robot_token', parent.username, {'robot': robot_shortname})`
Add ability to regenerate robot account credentials 2014-08-25 21:19:23 +00:00			`return robot_view(robot.username, password)`


			`@resource('/v1/organization/<orgname>/robots/<robot_shortname>/regenerate')`
			`@path_param('orgname', 'The name of the organization')`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`@path_param('robot_shortname',`
			`'The short name for the robot, without any user or organization prefix')`
Add ability to regenerate robot account credentials 2014-08-25 21:19:23 +00:00			`@related_user_resource(RegenerateUserRobot)`
			`class RegenerateOrgRobot(ApiResource):`
			`""" Resource for regenerate an organization's robot's token. """`
			`@require_scope(scopes.ORG_ADMIN)`
			`@nickname('regenerateOrgRobotToken')`
			`def post(self, orgname, robot_shortname):`
			`""" Regenerates the token for an organization robot. """`
			`permission = AdministerOrganizationPermission(orgname)`
			`if permission.can():`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`parent = model.organization.get_organization(orgname)`
			`robot, password = model.user.regenerate_robot_token(robot_shortname, parent)`
			`log_action('regenerate_robot_token', orgname, {'robot': robot_shortname})`
Add ability to regenerate robot account credentials 2014-08-25 21:19:23 +00:00			`return robot_view(robot.username, password)`

			`raise Unauthorized()`