2013-09-23 16:37:40 +00:00
|
|
|
import logging
|
2013-10-02 04:48:03 +00:00
|
|
|
import stripe
|
2013-10-18 18:31:14 +00:00
|
|
|
import re
|
2013-10-25 19:13:11 +00:00
|
|
|
import requests
|
2013-10-25 22:17:43 +00:00
|
|
|
import urlparse
|
|
|
|
import json
|
2013-09-23 16:37:40 +00:00
|
|
|
|
2013-11-06 22:09:22 +00:00
|
|
|
from flask import request, make_response, jsonify, abort
|
2013-10-14 21:50:07 +00:00
|
|
|
from flask.ext.login import login_required, current_user, logout_user
|
|
|
|
from flask.ext.principal import identity_changed, AnonymousIdentity
|
2013-09-23 16:37:40 +00:00
|
|
|
from functools import wraps
|
2013-10-10 04:40:25 +00:00
|
|
|
from collections import defaultdict
|
2013-09-23 16:37:40 +00:00
|
|
|
|
2013-09-25 16:45:12 +00:00
|
|
|
from data import model
|
2013-10-25 05:14:38 +00:00
|
|
|
from data.queue import dockerfile_build_queue
|
2013-11-05 19:40:45 +00:00
|
|
|
from data.plans import USER_PLANS, BUSINESS_PLANS, get_plan
|
2013-09-23 16:37:40 +00:00
|
|
|
from app import app
|
2013-10-14 21:50:07 +00:00
|
|
|
from util.email import send_confirmation_email, send_recovery_email
|
2013-09-25 20:46:28 +00:00
|
|
|
from util.names import parse_repository_name
|
2013-09-27 22:15:31 +00:00
|
|
|
from util.gravatar import compute_hash
|
2013-09-26 21:59:20 +00:00
|
|
|
from auth.permissions import (ReadRepositoryPermission,
|
2013-09-27 17:24:07 +00:00
|
|
|
ModifyRepositoryPermission,
|
2013-11-04 20:42:08 +00:00
|
|
|
AdministerRepositoryPermission,
|
2013-11-04 21:18:40 +00:00
|
|
|
CreateRepositoryPermission,
|
|
|
|
AdministerOrganizationPermission,
|
2013-11-04 21:25:54 +00:00
|
|
|
OrganizationMemberPermission,
|
|
|
|
ViewTeamPermission)
|
2013-10-01 18:46:44 +00:00
|
|
|
from endpoints import registry
|
2013-10-14 21:50:07 +00:00
|
|
|
from endpoints.web import common_login
|
2013-10-20 05:18:31 +00:00
|
|
|
from util.cache import cache_control
|
2013-09-23 16:37:40 +00:00
|
|
|
|
2013-10-18 18:31:14 +00:00
|
|
|
|
2013-11-07 04:21:12 +00:00
|
|
|
store = app.config['STORAGE']
|
|
|
|
user_files = app.config['USERFILES']
|
2013-09-23 16:37:40 +00:00
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
|
2013-09-30 21:51:07 +00:00
|
|
|
def api_login_required(f):
|
|
|
|
@wraps(f)
|
|
|
|
def decorated_view(*args, **kwargs):
|
|
|
|
if not current_user.is_authenticated():
|
|
|
|
abort(401)
|
|
|
|
return f(*args, **kwargs)
|
|
|
|
return decorated_view
|
|
|
|
|
|
|
|
|
2013-11-07 17:54:21 +00:00
|
|
|
@app.errorhandler(model.DataModelException)
|
|
|
|
def handle_dme(ex):
|
|
|
|
return make_response(ex.message, 400)
|
2013-11-06 22:09:22 +00:00
|
|
|
|
|
|
|
|
2013-11-07 17:54:21 +00:00
|
|
|
@app.errorhandler(KeyError)
|
2013-09-27 22:16:26 +00:00
|
|
|
def handle_dme(ex):
|
|
|
|
return make_response(ex.message, 400)
|
|
|
|
|
2013-11-05 19:40:45 +00:00
|
|
|
|
2013-09-23 16:37:40 +00:00
|
|
|
@app.route('/api/')
|
|
|
|
def welcome():
|
|
|
|
return make_response('welcome', 200)
|
|
|
|
|
2013-11-05 19:40:45 +00:00
|
|
|
|
2013-11-01 23:13:58 +00:00
|
|
|
@app.route('/api/plans/')
|
|
|
|
def plans_list():
|
2013-11-05 19:40:45 +00:00
|
|
|
return jsonify({
|
|
|
|
'user': USER_PLANS,
|
|
|
|
'business': BUSINESS_PLANS,
|
|
|
|
})
|
|
|
|
|
2013-09-23 16:37:40 +00:00
|
|
|
|
2013-10-01 23:37:33 +00:00
|
|
|
@app.route('/api/user/', methods=['GET'])
|
2013-09-26 23:59:58 +00:00
|
|
|
def get_logged_in_user():
|
2013-10-31 22:17:26 +00:00
|
|
|
def org_view(o):
|
2013-11-04 21:18:40 +00:00
|
|
|
admin_org = AdministerOrganizationPermission(o.username)
|
2013-10-31 22:17:26 +00:00
|
|
|
return {
|
|
|
|
'name': o.username,
|
|
|
|
'gravatar': compute_hash(o.email),
|
2013-11-04 21:18:40 +00:00
|
|
|
'is_org_admin': admin_org.can()
|
2013-10-31 22:17:26 +00:00
|
|
|
}
|
|
|
|
|
2013-09-30 21:32:03 +00:00
|
|
|
if current_user.is_anonymous():
|
|
|
|
return jsonify({'anonymous': True})
|
|
|
|
|
2013-10-15 18:48:49 +00:00
|
|
|
user = current_user.db_user()
|
2013-10-31 22:17:26 +00:00
|
|
|
organizations = model.get_user_organizations(user.username)
|
|
|
|
|
2013-09-26 23:59:58 +00:00
|
|
|
return jsonify({
|
|
|
|
'verified': user.verified,
|
|
|
|
'anonymous': False,
|
|
|
|
'username': user.username,
|
|
|
|
'email': user.email,
|
2013-09-27 22:15:31 +00:00
|
|
|
'gravatar': compute_hash(user.email),
|
2013-10-10 17:44:34 +00:00
|
|
|
'askForPassword': user.password_hash is None,
|
2013-10-31 22:17:26 +00:00
|
|
|
'organizations': [org_view(o) for o in organizations]
|
2013-09-26 23:59:58 +00:00
|
|
|
})
|
|
|
|
|
2013-10-31 22:17:26 +00:00
|
|
|
|
2013-10-10 17:44:34 +00:00
|
|
|
@app.route('/api/user/', methods=['PUT'])
|
|
|
|
@api_login_required
|
|
|
|
def change_user_details():
|
2013-10-15 18:48:49 +00:00
|
|
|
user = current_user.db_user()
|
2013-10-10 17:44:34 +00:00
|
|
|
|
|
|
|
user_data = request.get_json();
|
|
|
|
|
|
|
|
try:
|
2013-11-06 22:56:31 +00:00
|
|
|
if 'password' in user_data:
|
2013-10-10 17:44:34 +00:00
|
|
|
logger.debug('Changing password for user: %s', user.username)
|
|
|
|
model.change_password(user, user_data['password'])
|
|
|
|
except model.InvalidPasswordException, ex:
|
|
|
|
error_resp = jsonify({
|
|
|
|
'message': ex.message,
|
|
|
|
})
|
|
|
|
error_resp.status_code = 400
|
|
|
|
return error_resp
|
|
|
|
|
|
|
|
return jsonify({
|
|
|
|
'verified': user.verified,
|
|
|
|
'anonymous': False,
|
|
|
|
'username': user.username,
|
|
|
|
'email': user.email,
|
|
|
|
'gravatar': compute_hash(user.email),
|
|
|
|
'askForPassword': user.password_hash is None,
|
|
|
|
})
|
2013-09-26 23:59:58 +00:00
|
|
|
|
2013-11-05 19:40:45 +00:00
|
|
|
|
2013-10-01 23:37:33 +00:00
|
|
|
@app.route('/api/user/', methods=['POST'])
|
|
|
|
def create_user_api():
|
|
|
|
user_data = request.get_json()
|
2013-11-06 22:09:22 +00:00
|
|
|
|
2013-10-02 02:13:43 +00:00
|
|
|
existing_user = model.get_user(user_data['username'])
|
|
|
|
if existing_user:
|
|
|
|
error_resp = jsonify({
|
2013-10-10 17:44:34 +00:00
|
|
|
'message': 'The username already exists'
|
2013-10-02 02:13:43 +00:00
|
|
|
})
|
|
|
|
error_resp.status_code = 400
|
|
|
|
return error_resp
|
|
|
|
|
2013-10-01 23:37:33 +00:00
|
|
|
try:
|
|
|
|
new_user = model.create_user(user_data['username'], user_data['password'],
|
|
|
|
user_data['email'])
|
|
|
|
code = model.create_confirm_email_code(new_user)
|
|
|
|
send_confirmation_email(new_user.username, new_user.email, code.code)
|
|
|
|
return make_response('Created', 201)
|
|
|
|
except model.DataModelException as ex:
|
|
|
|
error_resp = jsonify({
|
2013-10-10 16:55:03 +00:00
|
|
|
'message': ex.message,
|
2013-10-01 23:37:33 +00:00
|
|
|
})
|
|
|
|
error_resp.status_code = 400
|
|
|
|
return error_resp
|
|
|
|
|
|
|
|
|
2013-10-14 21:50:07 +00:00
|
|
|
@app.route('/api/signin', methods=['POST'])
|
|
|
|
def signin_api():
|
|
|
|
signin_data = request.get_json()
|
|
|
|
|
|
|
|
username = signin_data['username']
|
|
|
|
password = signin_data['password']
|
|
|
|
|
|
|
|
#TODO Allow email login
|
|
|
|
needs_email_verification = False
|
|
|
|
invalid_credentials = False
|
|
|
|
|
|
|
|
verified = model.verify_user(username, password)
|
|
|
|
if verified:
|
|
|
|
if common_login(verified):
|
|
|
|
return make_response('Success', 200)
|
|
|
|
else:
|
|
|
|
needs_email_verification = True
|
|
|
|
|
|
|
|
else:
|
|
|
|
invalid_credentials = True
|
|
|
|
|
|
|
|
response = jsonify({
|
|
|
|
'needsEmailVerification': needs_email_verification,
|
|
|
|
'invalidCredentials': invalid_credentials,
|
|
|
|
})
|
|
|
|
response.status_code = 403
|
|
|
|
return response
|
|
|
|
|
|
|
|
|
|
|
|
@app.route("/api/signout", methods=['POST'])
|
|
|
|
@api_login_required
|
|
|
|
def logout():
|
|
|
|
logout_user()
|
|
|
|
|
|
|
|
identity_changed.send(app, identity=AnonymousIdentity())
|
|
|
|
|
|
|
|
return make_response('Success', 200)
|
|
|
|
|
|
|
|
|
|
|
|
@app.route("/api/recovery", methods=['POST'])
|
|
|
|
def send_recovery():
|
|
|
|
email = request.get_json()['email']
|
|
|
|
code = model.create_reset_password_email_code(email)
|
|
|
|
send_recovery_email(email, code.code)
|
|
|
|
return make_response('Created', 201)
|
|
|
|
|
|
|
|
|
2013-09-27 23:21:54 +00:00
|
|
|
@app.route('/api/users/<prefix>', methods=['GET'])
|
2013-09-30 21:54:06 +00:00
|
|
|
@api_login_required
|
2013-09-27 23:21:54 +00:00
|
|
|
def get_matching_users(prefix):
|
|
|
|
users = model.get_matching_users(prefix)
|
|
|
|
|
|
|
|
return jsonify({
|
|
|
|
'users': [user.username for user in users]
|
|
|
|
})
|
|
|
|
|
|
|
|
|
2013-11-02 01:48:10 +00:00
|
|
|
@app.route('/api/entities/<prefix>', methods=['GET'])
|
|
|
|
@api_login_required
|
|
|
|
def get_matching_entities(prefix):
|
|
|
|
teams = []
|
|
|
|
|
|
|
|
organization_name = request.args.get('organization', None)
|
|
|
|
organization = None
|
|
|
|
if organization_name:
|
2013-11-05 00:11:01 +00:00
|
|
|
permission = OrganizationMemberPermission(organization_name)
|
|
|
|
if permission.can():
|
|
|
|
try:
|
|
|
|
organization = model.get_organization(organization_name)
|
|
|
|
except:
|
|
|
|
pass
|
2013-11-02 01:48:10 +00:00
|
|
|
|
2013-11-05 00:11:01 +00:00
|
|
|
if organization:
|
|
|
|
teams = model.get_matching_teams(prefix, organization)
|
2013-11-02 01:48:10 +00:00
|
|
|
|
2013-11-04 23:52:38 +00:00
|
|
|
users = model.get_matching_users(prefix, organization)
|
|
|
|
|
2013-11-02 01:48:10 +00:00
|
|
|
def team_view(team):
|
2013-11-05 03:58:21 +00:00
|
|
|
result = {
|
2013-11-02 01:48:10 +00:00
|
|
|
'name': team.name,
|
2013-11-05 00:06:56 +00:00
|
|
|
'kind': 'team',
|
2013-11-05 03:58:21 +00:00
|
|
|
'is_org_member': True
|
2013-11-02 01:48:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
def user_view(user):
|
2013-11-05 22:10:14 +00:00
|
|
|
user_json = {
|
2013-11-02 01:48:10 +00:00
|
|
|
'name': user.username,
|
|
|
|
'kind': 'user',
|
|
|
|
}
|
|
|
|
|
2013-11-05 22:10:14 +00:00
|
|
|
if user.is_org_member is not None:
|
|
|
|
user_json['is_org_member'] = user.is_org_member
|
|
|
|
|
|
|
|
return user_json
|
|
|
|
|
2013-11-02 01:48:10 +00:00
|
|
|
team_data = [team_view(team) for team in teams]
|
|
|
|
user_data = [user_view(user) for user in users]
|
|
|
|
return jsonify({
|
|
|
|
'results': team_data + user_data
|
|
|
|
})
|
|
|
|
|
|
|
|
|
2013-11-05 01:17:58 +00:00
|
|
|
def team_view(orgname, t):
|
|
|
|
view_permission = ViewTeamPermission(orgname, t.name)
|
2013-11-05 03:58:21 +00:00
|
|
|
role = model.get_team_org_role(t).name
|
2013-11-05 01:17:58 +00:00
|
|
|
return {
|
|
|
|
'id': t.id,
|
|
|
|
'name': t.name,
|
|
|
|
'description': t.description,
|
2013-11-05 03:58:21 +00:00
|
|
|
'can_view': view_permission.can(),
|
|
|
|
'role': role
|
2013-11-05 01:17:58 +00:00
|
|
|
}
|
|
|
|
|
2013-11-05 19:40:45 +00:00
|
|
|
|
2013-10-31 22:17:26 +00:00
|
|
|
@app.route('/api/organization/<orgname>', methods=['GET'])
|
2013-11-06 22:09:22 +00:00
|
|
|
@api_login_required
|
2013-10-31 22:17:26 +00:00
|
|
|
def get_organization(orgname):
|
2013-11-06 22:56:31 +00:00
|
|
|
permission = OrganizationMemberPermission(orgname)
|
|
|
|
if permission.can():
|
|
|
|
user = current_user.db_user()
|
2013-11-04 21:39:29 +00:00
|
|
|
|
2013-11-06 22:56:31 +00:00
|
|
|
def org_view(o, teams):
|
|
|
|
admin_org = AdministerOrganizationPermission(orgname)
|
|
|
|
is_admin = admin_org.can()
|
|
|
|
return {
|
|
|
|
'name': o.username,
|
|
|
|
'gravatar': compute_hash(o.email),
|
|
|
|
'teams': {t.name : team_view(orgname, t) for t in teams},
|
|
|
|
'is_admin': is_admin
|
|
|
|
}
|
2013-10-31 22:17:26 +00:00
|
|
|
|
2013-11-06 22:56:31 +00:00
|
|
|
try:
|
|
|
|
org = model.get_organization(orgname)
|
|
|
|
except model.InvalidOrganizationException:
|
|
|
|
abort(404)
|
2013-10-31 22:17:26 +00:00
|
|
|
|
2013-11-06 22:56:31 +00:00
|
|
|
teams = model.get_teams_within_org(org)
|
|
|
|
return jsonify(org_view(org, teams))
|
2013-10-31 22:17:26 +00:00
|
|
|
|
2013-11-06 22:56:31 +00:00
|
|
|
abort(403)
|
2013-10-25 05:14:38 +00:00
|
|
|
|
2013-11-07 00:06:59 +00:00
|
|
|
@app.route('/api/organization/<orgname>/members', methods=['GET'])
|
|
|
|
@api_login_required
|
|
|
|
def get_organization_members(orgname):
|
|
|
|
permission = AdministerOrganizationPermission(orgname)
|
|
|
|
if permission.can():
|
|
|
|
try:
|
|
|
|
org = model.get_organization(orgname)
|
|
|
|
except model.InvalidOrganizationException:
|
|
|
|
abort(404)
|
|
|
|
|
|
|
|
# Loop to create the members dictionary. Note that the members collection
|
|
|
|
# will return an entry for *every team* a member is on, so we will have
|
|
|
|
# duplicate keys (which is why we pre-build the dictionary).
|
|
|
|
members_dict = {}
|
|
|
|
members = model.get_organization_members_with_teams(org)
|
|
|
|
for member in members:
|
|
|
|
if not member.user.username in members_dict:
|
|
|
|
members_dict[member.user.username] = {'username': member.user.username, 'teams': []}
|
|
|
|
|
|
|
|
members_dict[member.user.username]['teams'].append(member.team.name)
|
|
|
|
|
|
|
|
return jsonify({'members': members_dict})
|
|
|
|
|
|
|
|
abort(403)
|
|
|
|
|
2013-11-01 23:13:58 +00:00
|
|
|
@app.route('/api/organization/<orgname>/private', methods=['GET'])
|
2013-11-06 22:09:22 +00:00
|
|
|
@api_login_required
|
2013-11-05 19:55:05 +00:00
|
|
|
def get_organization_private_allowed(orgname):
|
|
|
|
permission = CreateRepositoryPermission(orgname)
|
|
|
|
if permission.can():
|
2013-11-05 19:53:48 +00:00
|
|
|
organization = model.get_organization(orgname)
|
2013-11-01 23:13:58 +00:00
|
|
|
|
2013-11-05 19:55:05 +00:00
|
|
|
private_repos = model.get_private_repo_count(organization.username)
|
|
|
|
if organization.stripe_id:
|
|
|
|
cus = stripe.Customer.retrieve(organization.stripe_id)
|
|
|
|
if cus.subscription:
|
|
|
|
repos_allowed = get_plan(cus.subscription.plan.id)
|
|
|
|
return jsonify({
|
|
|
|
'privateAllowed': (private_repos < repos_allowed)
|
|
|
|
})
|
|
|
|
|
|
|
|
return jsonify({
|
|
|
|
'privateAllowed': False
|
|
|
|
})
|
2013-11-01 23:13:58 +00:00
|
|
|
|
2013-11-05 19:55:05 +00:00
|
|
|
abort(403)
|
2013-11-01 23:13:58 +00:00
|
|
|
|
|
|
|
|
2013-11-04 20:31:38 +00:00
|
|
|
def member_view(m):
|
|
|
|
return {
|
|
|
|
'username': m.username
|
|
|
|
}
|
|
|
|
|
2013-11-05 01:17:58 +00:00
|
|
|
|
|
|
|
@app.route('/api/organization/<orgname>/team/<teamname>',
|
|
|
|
methods=['PUT', 'POST'])
|
2013-11-06 22:09:22 +00:00
|
|
|
@api_login_required
|
2013-11-05 01:17:58 +00:00
|
|
|
def update_organization_team(orgname, teamname):
|
|
|
|
edit_permission = AdministerOrganizationPermission(orgname)
|
|
|
|
if edit_permission.can():
|
|
|
|
team = None
|
|
|
|
|
2013-11-05 03:58:21 +00:00
|
|
|
json = request.get_json()
|
|
|
|
is_existing = False
|
2013-11-05 01:17:58 +00:00
|
|
|
try:
|
|
|
|
team = model.get_organization_team(orgname, teamname)
|
2013-11-05 03:58:21 +00:00
|
|
|
is_existing = True
|
2013-11-05 01:17:58 +00:00
|
|
|
except:
|
2013-11-05 03:58:21 +00:00
|
|
|
# Create the new team.
|
|
|
|
description = json['description'] if 'description' in json else ''
|
|
|
|
role = json['role'] if 'role' in json else 'member'
|
|
|
|
|
2013-11-05 22:20:43 +00:00
|
|
|
org = model.get_organization(orgname)
|
|
|
|
team = model.create_team(teamname, org, role, description)
|
2013-11-05 03:58:21 +00:00
|
|
|
|
|
|
|
if is_existing:
|
|
|
|
if 'description' in json:
|
|
|
|
team.description = json['description']
|
|
|
|
team.save()
|
|
|
|
if 'role' in json:
|
2013-11-05 23:37:28 +00:00
|
|
|
team = model.set_team_org_permission(team, json['role'],
|
|
|
|
current_user.db_user().username)
|
2013-11-05 01:17:58 +00:00
|
|
|
|
2013-11-05 23:37:28 +00:00
|
|
|
resp = jsonify(team_view(orgname, team))
|
|
|
|
if not is_existing:
|
|
|
|
resp.status_code = 201
|
|
|
|
return resp
|
2013-11-05 01:17:58 +00:00
|
|
|
|
|
|
|
abort(403)
|
|
|
|
|
|
|
|
|
2013-11-05 19:53:48 +00:00
|
|
|
@app.route('/api/organization/<orgname>/team/<teamname>',
|
|
|
|
methods=['DELETE'])
|
2013-11-06 22:09:22 +00:00
|
|
|
@api_login_required
|
2013-11-05 19:53:48 +00:00
|
|
|
def delete_organization_team(orgname, teamname):
|
2013-11-05 20:50:56 +00:00
|
|
|
permission = AdministerOrganizationPermission(orgname)
|
|
|
|
if permission.can():
|
2013-11-05 23:37:28 +00:00
|
|
|
model.remove_team(orgname, teamname, current_user.db_user().username)
|
2013-11-05 19:53:48 +00:00
|
|
|
return make_response('Deleted', 204)
|
|
|
|
|
|
|
|
abort(403)
|
|
|
|
|
|
|
|
|
2013-11-04 21:18:40 +00:00
|
|
|
@app.route('/api/organization/<orgname>/team/<teamname>/members',
|
|
|
|
methods=['GET'])
|
2013-11-06 22:09:22 +00:00
|
|
|
@api_login_required
|
2013-11-04 19:56:54 +00:00
|
|
|
def get_organization_team_members(orgname, teamname):
|
2013-11-04 21:25:54 +00:00
|
|
|
view_permission = ViewTeamPermission(orgname, teamname)
|
|
|
|
edit_permission = AdministerOrganizationPermission(orgname)
|
2013-11-04 19:56:54 +00:00
|
|
|
|
2013-11-04 21:25:54 +00:00
|
|
|
if view_permission.can():
|
2013-11-04 21:18:40 +00:00
|
|
|
user = current_user.db_user()
|
|
|
|
team = None
|
2013-11-04 19:56:54 +00:00
|
|
|
|
2013-11-04 21:18:40 +00:00
|
|
|
try:
|
|
|
|
team = model.get_organization_team(orgname, teamname)
|
|
|
|
except:
|
|
|
|
abort(404)
|
|
|
|
|
|
|
|
members = model.get_organization_team_members(team.id)
|
|
|
|
return jsonify({
|
2013-11-04 21:25:54 +00:00
|
|
|
'members': { m.username : member_view(m) for m in members },
|
|
|
|
'can_edit': edit_permission.can()
|
2013-11-04 21:18:40 +00:00
|
|
|
})
|
2013-11-04 21:21:49 +00:00
|
|
|
|
2013-11-04 21:18:40 +00:00
|
|
|
abort(403)
|
2013-11-04 19:56:54 +00:00
|
|
|
|
|
|
|
|
2013-11-04 21:18:40 +00:00
|
|
|
@app.route('/api/organization/<orgname>/team/<teamname>/members/<membername>',
|
|
|
|
methods=['PUT', 'POST'])
|
2013-11-06 22:09:22 +00:00
|
|
|
@api_login_required
|
2013-11-04 19:56:54 +00:00
|
|
|
def update_organization_team_member(orgname, teamname, membername):
|
2013-11-04 21:18:40 +00:00
|
|
|
permission = AdministerOrganizationPermission(orgname)
|
|
|
|
if permission.can():
|
|
|
|
team = None
|
|
|
|
user = None
|
2013-11-04 19:56:54 +00:00
|
|
|
|
2013-11-04 21:18:40 +00:00
|
|
|
# Find the team.
|
|
|
|
try:
|
|
|
|
team = model.get_organization_team(orgname, teamname)
|
|
|
|
except:
|
|
|
|
abort(404)
|
2013-11-04 19:56:54 +00:00
|
|
|
|
2013-11-04 21:18:40 +00:00
|
|
|
# Find the user.
|
|
|
|
user = model.get_user(membername)
|
|
|
|
if not user:
|
|
|
|
abort(400)
|
|
|
|
|
|
|
|
# Add the user to the team.
|
|
|
|
model.add_user_to_team(user, team)
|
2013-11-04 19:56:54 +00:00
|
|
|
|
2013-11-04 21:18:40 +00:00
|
|
|
return jsonify(member_view(user))
|
2013-11-04 19:56:54 +00:00
|
|
|
|
2013-11-04 21:18:40 +00:00
|
|
|
abort(403)
|
2013-11-04 19:56:54 +00:00
|
|
|
|
|
|
|
|
2013-11-04 21:18:40 +00:00
|
|
|
@app.route('/api/organization/<orgname>/team/<teamname>/members/<membername>',
|
|
|
|
methods=['DELETE'])
|
2013-11-06 22:09:22 +00:00
|
|
|
@api_login_required
|
2013-11-04 19:56:54 +00:00
|
|
|
def delete_organization_team_member(orgname, teamname, membername):
|
2013-11-04 21:18:40 +00:00
|
|
|
permission = AdministerOrganizationPermission(orgname)
|
|
|
|
if permission.can():
|
|
|
|
# Remote the user from the team.
|
2013-11-05 23:37:28 +00:00
|
|
|
invoking_user = current_user.db_user().username
|
|
|
|
model.remove_user_from_team(orgname, teamname, membername, invoking_user)
|
2013-11-05 19:53:48 +00:00
|
|
|
return make_response('Deleted', 204)
|
2013-11-04 19:56:54 +00:00
|
|
|
|
2013-11-04 21:18:40 +00:00
|
|
|
abort(403)
|
2013-11-04 19:56:54 +00:00
|
|
|
|
|
|
|
|
2013-10-26 20:03:11 +00:00
|
|
|
@app.route('/api/repository', methods=['POST'])
|
2013-09-30 21:51:07 +00:00
|
|
|
@api_login_required
|
2013-09-23 16:37:40 +00:00
|
|
|
def create_repo_api():
|
2013-10-25 19:13:11 +00:00
|
|
|
owner = current_user.db_user()
|
2013-11-01 21:35:26 +00:00
|
|
|
json = request.get_json()
|
2013-11-04 20:47:27 +00:00
|
|
|
namespace_name = json['namespace'] if 'namespace' in json else owner.username
|
2013-10-25 05:14:38 +00:00
|
|
|
|
2013-11-04 20:47:27 +00:00
|
|
|
permission = CreateRepositoryPermission(namespace_name)
|
2013-11-04 20:42:08 +00:00
|
|
|
if permission.can():
|
|
|
|
repository_name = json['repository']
|
|
|
|
visibility = json['visibility']
|
2013-10-31 19:04:07 +00:00
|
|
|
|
2013-11-04 20:47:27 +00:00
|
|
|
existing = model.get_repository(namespace_name, repository_name)
|
|
|
|
if existing:
|
|
|
|
return make_response('Repository already exists', 400)
|
2013-10-25 05:14:38 +00:00
|
|
|
|
2013-11-07 04:21:12 +00:00
|
|
|
visibility = json['visibility']
|
2013-10-25 05:14:38 +00:00
|
|
|
|
2013-11-04 20:47:27 +00:00
|
|
|
repo = model.create_repository(namespace_name, repository_name, owner,
|
|
|
|
visibility)
|
|
|
|
repo.description = json['description']
|
|
|
|
repo.save()
|
|
|
|
|
2013-11-04 20:42:08 +00:00
|
|
|
return jsonify({
|
|
|
|
'namespace': namespace_name,
|
|
|
|
'name': repository_name
|
|
|
|
})
|
|
|
|
|
|
|
|
abort(403)
|
2013-09-23 16:37:40 +00:00
|
|
|
|
|
|
|
|
2013-10-01 21:02:49 +00:00
|
|
|
@app.route('/api/find/repository', methods=['GET'])
|
|
|
|
def match_repos_api():
|
|
|
|
prefix = request.args.get('query', '')
|
2013-10-08 15:29:42 +00:00
|
|
|
|
2013-09-27 23:21:54 +00:00
|
|
|
def repo_view(repo):
|
|
|
|
return {
|
|
|
|
'namespace': repo.namespace,
|
|
|
|
'name': repo.name,
|
2013-09-28 21:11:10 +00:00
|
|
|
'description': repo.description
|
2013-09-27 23:21:54 +00:00
|
|
|
}
|
|
|
|
|
2013-10-08 15:29:42 +00:00
|
|
|
username = None
|
|
|
|
if current_user.is_authenticated():
|
2013-10-15 18:48:49 +00:00
|
|
|
username = current_user.db_user().username
|
2013-10-08 15:29:42 +00:00
|
|
|
|
2013-09-28 03:25:57 +00:00
|
|
|
matching = model.get_matching_repositories(prefix, username)
|
2013-09-27 23:21:54 +00:00
|
|
|
response = {
|
2013-09-28 03:25:57 +00:00
|
|
|
'repositories': [repo_view(repo) for repo in matching]
|
2013-09-27 23:21:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return jsonify(response)
|
|
|
|
|
2013-09-26 21:59:20 +00:00
|
|
|
|
2013-09-23 16:37:40 +00:00
|
|
|
@app.route('/api/repository/', methods=['GET'])
|
|
|
|
def list_repos_api():
|
2013-09-28 04:05:32 +00:00
|
|
|
def repo_view(repo_obj):
|
2013-10-22 05:26:14 +00:00
|
|
|
is_public = model.repository_is_public(repo_obj.namespace, repo_obj.name)
|
|
|
|
|
2013-09-23 16:37:40 +00:00
|
|
|
return {
|
2013-09-28 04:05:32 +00:00
|
|
|
'namespace': repo_obj.namespace,
|
|
|
|
'name': repo_obj.name,
|
|
|
|
'description': repo_obj.description,
|
2013-10-22 05:26:14 +00:00
|
|
|
'is_public': is_public
|
2013-09-23 16:37:40 +00:00
|
|
|
}
|
2013-10-08 15:29:42 +00:00
|
|
|
|
2013-10-02 04:28:24 +00:00
|
|
|
limit = request.args.get('limit', None)
|
2013-10-31 22:17:26 +00:00
|
|
|
namespace_filter = request.args.get('namespace', None)
|
2013-10-02 04:28:24 +00:00
|
|
|
include_public = request.args.get('public', 'true')
|
|
|
|
include_private = request.args.get('private', 'true')
|
|
|
|
sort = request.args.get('sort', 'false')
|
2013-09-23 16:37:40 +00:00
|
|
|
|
2013-10-02 04:28:24 +00:00
|
|
|
try:
|
|
|
|
limit = int(limit) if limit else None
|
|
|
|
except:
|
|
|
|
limit = None
|
|
|
|
|
|
|
|
include_public = include_public == 'true'
|
|
|
|
include_private = include_private == 'true'
|
|
|
|
sort = sort == 'true'
|
|
|
|
|
2013-10-08 15:29:42 +00:00
|
|
|
username = None
|
|
|
|
if current_user.is_authenticated() and include_private:
|
2013-10-15 18:48:49 +00:00
|
|
|
username = current_user.db_user().username
|
2013-10-08 15:29:42 +00:00
|
|
|
|
|
|
|
repo_query = model.get_visible_repositories(username, limit=limit,
|
|
|
|
include_public=include_public,
|
2013-10-31 22:17:26 +00:00
|
|
|
sort=sort, namespace=namespace_filter)
|
2013-10-08 15:29:42 +00:00
|
|
|
repos = [repo_view(repo) for repo in repo_query]
|
2013-09-23 16:37:40 +00:00
|
|
|
response = {
|
|
|
|
'repositories': repos
|
|
|
|
}
|
|
|
|
|
|
|
|
return jsonify(response)
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/repository/<path:repository>', methods=['PUT'])
|
2013-09-30 21:51:07 +00:00
|
|
|
@api_login_required
|
2013-09-23 16:37:40 +00:00
|
|
|
@parse_repository_name
|
|
|
|
def update_repo_api(namespace, repository):
|
2013-09-26 21:59:20 +00:00
|
|
|
permission = ModifyRepositoryPermission(namespace, repository)
|
2013-09-28 00:03:07 +00:00
|
|
|
if permission.can():
|
2013-09-26 21:59:20 +00:00
|
|
|
repo = model.get_repository(namespace, repository)
|
|
|
|
if repo:
|
|
|
|
values = request.get_json()
|
|
|
|
repo.description = values['description']
|
|
|
|
repo.save()
|
|
|
|
return jsonify({
|
|
|
|
'success': True
|
|
|
|
})
|
2013-09-28 00:03:07 +00:00
|
|
|
|
2013-11-07 04:21:12 +00:00
|
|
|
abort(403)
|
2013-09-23 16:37:40 +00:00
|
|
|
|
|
|
|
|
2013-10-08 15:29:42 +00:00
|
|
|
@app.route('/api/repository/<path:repository>/changevisibility',
|
|
|
|
methods=['POST'])
|
2013-09-30 21:51:07 +00:00
|
|
|
@api_login_required
|
2013-09-28 21:11:10 +00:00
|
|
|
@parse_repository_name
|
|
|
|
def change_repo_visibility_api(namespace, repository):
|
|
|
|
permission = AdministerRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can():
|
|
|
|
repo = model.get_repository(namespace, repository)
|
|
|
|
if repo:
|
|
|
|
values = request.get_json()
|
|
|
|
model.set_repository_visibility(repo, values['visibility'])
|
|
|
|
return jsonify({
|
|
|
|
'success': True
|
|
|
|
})
|
|
|
|
|
2013-11-06 22:56:31 +00:00
|
|
|
abort(403)
|
2013-09-28 21:11:10 +00:00
|
|
|
|
|
|
|
|
2013-10-01 16:13:25 +00:00
|
|
|
@app.route('/api/repository/<path:repository>', methods=['DELETE'])
|
|
|
|
@api_login_required
|
|
|
|
@parse_repository_name
|
|
|
|
def delete_repository(namespace, repository):
|
|
|
|
permission = AdministerRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can():
|
|
|
|
model.purge_repository(namespace, repository)
|
2013-10-01 18:46:44 +00:00
|
|
|
registry.delete_repository_storage(namespace, repository)
|
2013-10-01 16:13:25 +00:00
|
|
|
return make_response('Deleted', 204)
|
|
|
|
|
2013-11-06 22:56:31 +00:00
|
|
|
abort(403)
|
2013-10-01 16:13:25 +00:00
|
|
|
|
|
|
|
|
2013-09-27 21:01:45 +00:00
|
|
|
def image_view(image):
|
|
|
|
return {
|
2013-10-01 18:14:39 +00:00
|
|
|
'id': image.docker_image_id,
|
2013-09-27 21:01:45 +00:00
|
|
|
'created': image.created,
|
|
|
|
'comment': image.comment,
|
2013-10-10 04:40:18 +00:00
|
|
|
'ancestors': image.ancestors,
|
|
|
|
'dbid': image.id,
|
2013-09-27 21:01:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-09-23 16:37:40 +00:00
|
|
|
@app.route('/api/repository/<path:repository>', methods=['GET'])
|
|
|
|
@parse_repository_name
|
|
|
|
def get_repo_api(namespace, repository):
|
2013-09-27 18:56:14 +00:00
|
|
|
logger.debug('Get repo: %s/%s' % (namespace, repository))
|
2013-09-28 00:03:07 +00:00
|
|
|
|
2013-09-26 21:59:20 +00:00
|
|
|
def tag_view(tag):
|
|
|
|
image = model.get_tag_image(namespace, repository, tag.name)
|
|
|
|
if not image:
|
|
|
|
return {}
|
|
|
|
|
|
|
|
return {
|
|
|
|
'name': tag.name,
|
2013-09-27 17:24:07 +00:00
|
|
|
'image': image_view(image),
|
2013-09-26 21:59:20 +00:00
|
|
|
}
|
|
|
|
|
2013-11-02 01:48:10 +00:00
|
|
|
organization = None
|
|
|
|
try:
|
|
|
|
organization = model.get_organization(namespace)
|
|
|
|
except:
|
|
|
|
pass
|
|
|
|
|
2013-09-26 21:59:20 +00:00
|
|
|
permission = ReadRepositoryPermission(namespace, repository)
|
2013-09-28 21:11:10 +00:00
|
|
|
is_public = model.repository_is_public(namespace, repository)
|
|
|
|
if permission.can() or is_public:
|
2013-09-26 21:59:20 +00:00
|
|
|
repo = model.get_repository(namespace, repository)
|
|
|
|
if repo:
|
|
|
|
tags = model.list_repository_tags(namespace, repository)
|
2013-09-27 17:24:07 +00:00
|
|
|
tag_dict = {tag.name: tag_view(tag) for tag in tags}
|
|
|
|
can_write = ModifyRepositoryPermission(namespace, repository).can()
|
2013-09-27 18:56:14 +00:00
|
|
|
can_admin = AdministerRepositoryPermission(namespace, repository).can()
|
2013-10-27 20:00:44 +00:00
|
|
|
active_builds = model.list_repository_builds(namespace, repository,
|
|
|
|
include_inactive=False)
|
2013-10-25 19:13:11 +00:00
|
|
|
|
2013-09-27 17:24:07 +00:00
|
|
|
return jsonify({
|
|
|
|
'namespace': namespace,
|
|
|
|
'name': repository,
|
|
|
|
'description': repo.description,
|
|
|
|
'tags': tag_dict,
|
|
|
|
'can_write': can_write,
|
2013-09-27 18:56:14 +00:00
|
|
|
'can_admin': can_admin,
|
2013-10-25 19:13:11 +00:00
|
|
|
'is_public': is_public,
|
2013-10-27 20:00:44 +00:00
|
|
|
'is_building': len(active_builds) > 0,
|
2013-11-02 01:48:10 +00:00
|
|
|
'is_organization': bool(organization)
|
2013-09-27 17:24:07 +00:00
|
|
|
})
|
2013-09-26 21:59:20 +00:00
|
|
|
|
2013-11-06 22:56:31 +00:00
|
|
|
abort(404) # Not found
|
2013-09-27 17:24:07 +00:00
|
|
|
abort(403) # Permission denied
|
|
|
|
|
|
|
|
|
2013-10-25 19:13:11 +00:00
|
|
|
@app.route('/api/repository/<path:repository>/build/', methods=['GET'])
|
2013-10-26 21:41:29 +00:00
|
|
|
@api_login_required
|
2013-10-25 19:13:11 +00:00
|
|
|
@parse_repository_name
|
|
|
|
def get_repo_builds(namespace, repository):
|
2013-10-25 22:17:43 +00:00
|
|
|
permission = ModifyRepositoryPermission(namespace, repository)
|
2013-10-25 19:13:11 +00:00
|
|
|
if permission.can():
|
|
|
|
def build_view(build_obj):
|
|
|
|
if build_obj.status_url:
|
|
|
|
# Delegate the status to the build node
|
|
|
|
node_status = requests.get(build_obj.status_url).json()
|
|
|
|
node_status['id'] = build_obj.id
|
|
|
|
return node_status
|
|
|
|
|
|
|
|
# If there was no status url, do the best we can
|
|
|
|
return {
|
|
|
|
'id': build_obj.id,
|
|
|
|
'total_commands': None,
|
|
|
|
'total_images': None,
|
|
|
|
'current_command': None,
|
|
|
|
'current_image': None,
|
|
|
|
'image_completion_percent': None,
|
|
|
|
'status': build_obj.phase,
|
|
|
|
'message': None,
|
|
|
|
}
|
|
|
|
|
|
|
|
builds = model.list_repository_builds(namespace, repository)
|
|
|
|
return jsonify({
|
|
|
|
'builds': [build_view(build) for build in builds]
|
|
|
|
})
|
|
|
|
|
2013-10-25 19:47:34 +00:00
|
|
|
abort(403) # Permissions denied
|
|
|
|
|
2013-10-25 19:13:11 +00:00
|
|
|
|
2013-10-26 21:20:59 +00:00
|
|
|
|
|
|
|
@app.route('/api/filedrop/', methods=['POST'])
|
2013-11-06 22:09:22 +00:00
|
|
|
@api_login_required
|
2013-10-26 21:20:59 +00:00
|
|
|
def get_filedrop_url():
|
2013-10-26 22:37:53 +00:00
|
|
|
mime_type = request.get_json()['mimeType']
|
|
|
|
(url, file_id) = user_files.prepare_for_drop(mime_type)
|
2013-10-26 21:20:59 +00:00
|
|
|
return jsonify({
|
|
|
|
'url': url,
|
|
|
|
'file_id': file_id
|
|
|
|
})
|
|
|
|
|
|
|
|
|
2013-10-25 22:17:43 +00:00
|
|
|
@app.route('/api/repository/<path:repository>/build/', methods=['POST'])
|
2013-10-26 21:41:29 +00:00
|
|
|
@api_login_required
|
2013-10-25 22:17:43 +00:00
|
|
|
@parse_repository_name
|
|
|
|
def request_repo_build(namespace, repository):
|
|
|
|
permission = ModifyRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can():
|
|
|
|
logger.debug('User requested repository initialization.')
|
2013-10-26 21:20:59 +00:00
|
|
|
dockerfile_id = request.get_json()['file_id']
|
2013-10-25 22:17:43 +00:00
|
|
|
|
|
|
|
repo = model.get_repository(namespace, repository)
|
|
|
|
token = model.create_access_token(repo, 'write')
|
|
|
|
|
|
|
|
host = urlparse.urlparse(request.url).netloc
|
|
|
|
tag = '%s/%s/%s' % (host, repo.namespace, repo.name)
|
|
|
|
build_request = model.create_repository_build(repo, token, dockerfile_id,
|
|
|
|
tag)
|
2013-10-27 23:06:20 +00:00
|
|
|
dockerfile_build_queue.put(json.dumps({'build_id': build_request.id}))
|
2013-10-25 22:17:43 +00:00
|
|
|
|
2013-11-07 17:54:21 +00:00
|
|
|
resp = jsonify({
|
2013-10-26 21:20:59 +00:00
|
|
|
'started': True
|
|
|
|
})
|
2013-11-07 17:54:21 +00:00
|
|
|
resp.status_code = 201
|
|
|
|
return resp
|
2013-10-25 22:17:43 +00:00
|
|
|
|
|
|
|
abort(403) # Permissions denied
|
|
|
|
|
|
|
|
|
2013-11-04 23:52:38 +00:00
|
|
|
def role_view(repo_perm_obj):
|
2013-09-27 18:56:14 +00:00
|
|
|
return {
|
2013-11-01 23:34:46 +00:00
|
|
|
'role': repo_perm_obj.role.name,
|
2013-09-27 18:56:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-11-05 22:10:14 +00:00
|
|
|
def wrap_role_view_org(role_json, org_member):
|
|
|
|
role_json['is_org_member'] = org_member
|
|
|
|
return role_json
|
|
|
|
|
|
|
|
|
2013-10-10 04:40:25 +00:00
|
|
|
@app.route('/api/repository/<path:repository>/image/', methods=['GET'])
|
|
|
|
@parse_repository_name
|
|
|
|
def list_repository_images(namespace, repository):
|
|
|
|
permission = ReadRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can() or model.repository_is_public(namespace, repository):
|
|
|
|
all_images = model.get_repository_images(namespace, repository)
|
|
|
|
all_tags = model.list_repository_tags(namespace, repository)
|
|
|
|
|
|
|
|
tags_by_image_id = defaultdict(list)
|
|
|
|
for tag in all_tags:
|
|
|
|
tags_by_image_id[tag.image.docker_image_id].append(tag.name)
|
|
|
|
|
|
|
|
|
|
|
|
def add_tags(image_json):
|
|
|
|
image_json['tags'] = tags_by_image_id[image_json['id']]
|
|
|
|
return image_json
|
|
|
|
|
|
|
|
|
|
|
|
return jsonify({
|
|
|
|
'images': [add_tags(image_view(image)) for image in all_images]
|
|
|
|
})
|
|
|
|
|
|
|
|
abort(403)
|
|
|
|
|
|
|
|
|
2013-10-19 02:28:46 +00:00
|
|
|
@app.route('/api/repository/<path:repository>/image/<image_id>',
|
|
|
|
methods=['GET'])
|
|
|
|
@parse_repository_name
|
|
|
|
def get_image(namespace, repository, image_id):
|
|
|
|
permission = ReadRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can() or model.repository_is_public(namespace, repository):
|
|
|
|
image = model.get_repo_image(namespace, repository, image_id)
|
|
|
|
if not image:
|
|
|
|
abort(404)
|
|
|
|
|
|
|
|
return jsonify(image_view(image))
|
|
|
|
abort(403)
|
|
|
|
|
|
|
|
|
2013-10-17 22:25:19 +00:00
|
|
|
@app.route('/api/repository/<path:repository>/image/<image_id>/changes',
|
|
|
|
methods=['GET'])
|
2013-10-20 05:18:31 +00:00
|
|
|
@cache_control(max_age=60*60) # Cache for one hour
|
2013-10-17 22:25:19 +00:00
|
|
|
@parse_repository_name
|
2013-10-19 02:28:46 +00:00
|
|
|
def get_image_changes(namespace, repository, image_id):
|
2013-10-17 22:25:19 +00:00
|
|
|
permission = ReadRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can() or model.repository_is_public(namespace, repository):
|
2013-10-18 18:31:14 +00:00
|
|
|
diffs_path = store.image_file_diffs_path(namespace, repository, image_id)
|
|
|
|
|
|
|
|
try:
|
|
|
|
response_json = store.get_content(diffs_path)
|
|
|
|
return make_response(response_json)
|
|
|
|
except IOError:
|
|
|
|
abort(404)
|
2013-10-17 22:25:19 +00:00
|
|
|
|
|
|
|
abort(403)
|
|
|
|
|
|
|
|
|
2013-09-28 00:03:07 +00:00
|
|
|
@app.route('/api/repository/<path:repository>/tag/<tag>/images',
|
|
|
|
methods=['GET'])
|
2013-09-27 21:01:45 +00:00
|
|
|
@parse_repository_name
|
|
|
|
def list_tag_images(namespace, repository, tag):
|
|
|
|
permission = ReadRepositoryPermission(namespace, repository)
|
2013-09-28 04:05:32 +00:00
|
|
|
if permission.can() or model.repository_is_public(namespace, repository):
|
2013-11-06 22:09:22 +00:00
|
|
|
try:
|
|
|
|
tag_image = model.get_tag_image(namespace, repository, tag)
|
|
|
|
except model.DataModelException:
|
|
|
|
abort(404)
|
|
|
|
|
2013-09-30 19:30:00 +00:00
|
|
|
parent_images = model.get_parent_images(tag_image)
|
|
|
|
|
|
|
|
parents = list(parent_images)
|
|
|
|
parents.reverse()
|
|
|
|
all_images = [tag_image] + parents
|
2013-09-28 00:03:07 +00:00
|
|
|
|
2013-09-27 21:01:45 +00:00
|
|
|
return jsonify({
|
2013-09-30 19:30:00 +00:00
|
|
|
'images': [image_view(image) for image in all_images]
|
2013-09-27 21:01:45 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
abort(403) # Permission denied
|
|
|
|
|
|
|
|
|
2013-11-04 21:18:40 +00:00
|
|
|
@app.route('/api/repository/<path:repository>/permissions/team/',
|
|
|
|
methods=['GET'])
|
2013-11-02 01:48:10 +00:00
|
|
|
@api_login_required
|
|
|
|
@parse_repository_name
|
|
|
|
def list_repo_team_permissions(namespace, repository):
|
|
|
|
permission = AdministerRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can():
|
|
|
|
repo_perms = model.get_all_repo_teams(namespace, repository)
|
|
|
|
|
|
|
|
return jsonify({
|
2013-11-04 23:52:38 +00:00
|
|
|
'permissions': {repo_perm.team.name: role_view(repo_perm)
|
2013-11-02 01:48:10 +00:00
|
|
|
for repo_perm in repo_perms}
|
|
|
|
})
|
|
|
|
|
|
|
|
abort(403) # Permission denied
|
|
|
|
|
|
|
|
|
2013-11-04 21:18:40 +00:00
|
|
|
@app.route('/api/repository/<path:repository>/permissions/user/',
|
|
|
|
methods=['GET'])
|
2013-09-30 21:51:07 +00:00
|
|
|
@api_login_required
|
2013-09-27 17:24:07 +00:00
|
|
|
@parse_repository_name
|
2013-11-02 01:48:10 +00:00
|
|
|
def list_repo_user_permissions(namespace, repository):
|
2013-09-27 17:24:07 +00:00
|
|
|
permission = AdministerRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can():
|
2013-11-05 22:10:14 +00:00
|
|
|
# Determine how to wrap the permissions
|
|
|
|
role_view_func = role_view
|
|
|
|
try:
|
|
|
|
model.get_organization(namespace) # Will raise an error if not org
|
|
|
|
org_members = model.get_organization_member_set(namespace)
|
|
|
|
def wrapped_role_view(repo_perm):
|
|
|
|
unwrapped = role_view(repo_perm)
|
|
|
|
return wrap_role_view_org(unwrapped,
|
|
|
|
repo_perm.user.username in org_members)
|
|
|
|
|
|
|
|
role_view_func = wrapped_role_view
|
2013-11-04 23:52:38 +00:00
|
|
|
|
2013-11-05 22:10:14 +00:00
|
|
|
except model.InvalidOrganizationException:
|
|
|
|
# This repository isn't under an org
|
|
|
|
pass
|
2013-09-27 17:24:07 +00:00
|
|
|
|
2013-11-05 22:10:14 +00:00
|
|
|
repo_perms = model.get_all_repo_users(namespace, repository)
|
2013-09-27 17:24:07 +00:00
|
|
|
return jsonify({
|
2013-11-05 22:10:14 +00:00
|
|
|
'permissions': {perm.user.username: role_view_func(perm)
|
|
|
|
for perm in repo_perms}
|
2013-09-27 17:24:07 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
abort(403) # Permission denied
|
|
|
|
|
2013-09-27 18:56:14 +00:00
|
|
|
|
2013-11-02 01:48:10 +00:00
|
|
|
@app.route('/api/repository/<path:repository>/permissions/user/<username>',
|
2013-09-27 18:56:14 +00:00
|
|
|
methods=['GET'])
|
2013-09-30 21:51:07 +00:00
|
|
|
@api_login_required
|
2013-09-27 18:56:14 +00:00
|
|
|
@parse_repository_name
|
2013-11-02 01:48:10 +00:00
|
|
|
def get_user_permissions(namespace, repository, username):
|
2013-09-27 18:56:14 +00:00
|
|
|
logger.debug('Get repo: %s/%s permissions for user %s' %
|
|
|
|
(namespace, repository, username))
|
|
|
|
permission = AdministerRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can():
|
2013-09-27 19:53:39 +00:00
|
|
|
perm = model.get_user_reponame_permission(username, namespace, repository)
|
2013-11-05 22:10:14 +00:00
|
|
|
perm_view = role_view(perm)
|
|
|
|
|
|
|
|
try:
|
|
|
|
model.get_organization(namespace)
|
|
|
|
org_members = model.get_organization_member_set(namespace)
|
|
|
|
perm_view = wrap_role_view_org(perm_view,
|
|
|
|
perm.user.username in org_members)
|
|
|
|
except model.InvalidOrganizationException:
|
|
|
|
# This repository is not part of an organization
|
|
|
|
pass
|
|
|
|
|
|
|
|
return jsonify(perm_view)
|
2013-09-27 18:56:14 +00:00
|
|
|
|
|
|
|
abort(403) # Permission denied
|
|
|
|
|
|
|
|
|
2013-11-02 01:48:10 +00:00
|
|
|
@app.route('/api/repository/<path:repository>/permissions/team/<teamname>',
|
|
|
|
methods=['GET'])
|
|
|
|
@api_login_required
|
|
|
|
@parse_repository_name
|
|
|
|
def get_team_permissions(namespace, repository, teamname):
|
|
|
|
logger.debug('Get repo: %s/%s permissions for team %s' %
|
|
|
|
(namespace, repository, teamname))
|
|
|
|
permission = AdministerRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can():
|
2013-11-07 17:54:21 +00:00
|
|
|
perm = model.get_team_reponame_permission(teamname, namespace, repository)
|
2013-11-04 23:52:38 +00:00
|
|
|
return jsonify(role_view(perm))
|
2013-11-02 01:48:10 +00:00
|
|
|
|
|
|
|
abort(403) # Permission denied
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/repository/<path:repository>/permissions/user/<username>',
|
2013-09-27 18:56:14 +00:00
|
|
|
methods=['PUT', 'POST'])
|
2013-09-30 21:51:07 +00:00
|
|
|
@api_login_required
|
2013-09-27 17:24:07 +00:00
|
|
|
@parse_repository_name
|
2013-11-02 01:48:10 +00:00
|
|
|
def change_user_permissions(namespace, repository, username):
|
2013-09-27 17:24:07 +00:00
|
|
|
permission = AdministerRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can():
|
|
|
|
new_permission = request.get_json()
|
|
|
|
|
2013-09-27 18:56:14 +00:00
|
|
|
logger.debug('Setting permission to: %s for user %s' %
|
|
|
|
(new_permission['role'], username))
|
2013-09-27 19:53:39 +00:00
|
|
|
|
2013-11-07 17:54:21 +00:00
|
|
|
perm = model.set_user_repo_permission(username, namespace, repository,
|
|
|
|
new_permission['role'])
|
2013-11-05 22:10:14 +00:00
|
|
|
perm_view = role_view(perm)
|
|
|
|
|
|
|
|
try:
|
|
|
|
model.get_organization(namespace)
|
|
|
|
org_members = model.get_organization_member_set(namespace)
|
|
|
|
perm_view = wrap_role_view_org(perm_view,
|
|
|
|
perm.user.username in org_members)
|
|
|
|
except model.InvalidOrganizationException:
|
|
|
|
# This repository is not part of an organization
|
|
|
|
pass
|
|
|
|
|
|
|
|
resp = jsonify(perm_view)
|
2013-09-27 18:56:14 +00:00
|
|
|
if request.method == 'POST':
|
|
|
|
resp.status_code = 201
|
|
|
|
return resp
|
|
|
|
|
|
|
|
abort(403) # Permission denied
|
|
|
|
|
2013-09-28 00:03:07 +00:00
|
|
|
|
2013-11-02 01:48:10 +00:00
|
|
|
@app.route('/api/repository/<path:repository>/permissions/team/<teamname>',
|
|
|
|
methods=['PUT', 'POST'])
|
|
|
|
@api_login_required
|
|
|
|
@parse_repository_name
|
|
|
|
def change_team_permissions(namespace, repository, teamname):
|
|
|
|
permission = AdministerRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can():
|
|
|
|
new_permission = request.get_json()
|
|
|
|
|
|
|
|
logger.debug('Setting permission to: %s for team %s' %
|
|
|
|
(new_permission['role'], teamname))
|
|
|
|
|
2013-11-07 17:54:21 +00:00
|
|
|
perm = model.set_team_repo_permission(teamname, namespace, repository,
|
|
|
|
new_permission['role'])
|
2013-11-02 01:48:10 +00:00
|
|
|
|
2013-11-04 23:52:38 +00:00
|
|
|
resp = jsonify(role_view(perm))
|
2013-11-02 01:48:10 +00:00
|
|
|
if request.method == 'POST':
|
|
|
|
resp.status_code = 201
|
|
|
|
return resp
|
|
|
|
|
|
|
|
abort(403) # Permission denied
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/repository/<path:repository>/permissions/user/<username>',
|
2013-09-27 18:56:14 +00:00
|
|
|
methods=['DELETE'])
|
2013-09-30 21:51:07 +00:00
|
|
|
@api_login_required
|
2013-09-27 18:56:14 +00:00
|
|
|
@parse_repository_name
|
2013-11-02 01:48:10 +00:00
|
|
|
def delete_user_permissions(namespace, repository, username):
|
2013-09-27 18:56:14 +00:00
|
|
|
permission = AdministerRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can():
|
2013-11-07 17:54:21 +00:00
|
|
|
model.delete_user_permission(username, namespace, repository)
|
2013-09-27 18:56:14 +00:00
|
|
|
return make_response('Deleted', 204)
|
2013-09-27 17:24:07 +00:00
|
|
|
|
2013-09-27 18:56:14 +00:00
|
|
|
abort(403) # Permission denied
|
2013-10-02 04:48:03 +00:00
|
|
|
|
|
|
|
|
2013-11-02 01:48:10 +00:00
|
|
|
@app.route('/api/repository/<path:repository>/permissions/team/<teamname>',
|
|
|
|
methods=['DELETE'])
|
|
|
|
@api_login_required
|
|
|
|
@parse_repository_name
|
|
|
|
def delete_team_permissions(namespace, repository, teamname):
|
|
|
|
permission = AdministerRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can():
|
2013-11-07 17:54:21 +00:00
|
|
|
model.delete_team_permission(teamname, namespace, repository)
|
2013-11-02 01:48:10 +00:00
|
|
|
return make_response('Deleted', 204)
|
|
|
|
|
|
|
|
abort(403) # Permission denied
|
|
|
|
|
|
|
|
|
2013-10-16 18:24:10 +00:00
|
|
|
def token_view(token_obj):
|
|
|
|
return {
|
|
|
|
'friendlyName': token_obj.friendly_name,
|
|
|
|
'code': token_obj.code,
|
|
|
|
'role': token_obj.role.name,
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/repository/<path:repository>/tokens/', methods=['GET'])
|
|
|
|
@api_login_required
|
|
|
|
@parse_repository_name
|
|
|
|
def list_repo_tokens(namespace, repository):
|
|
|
|
permission = AdministerRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can():
|
|
|
|
tokens = model.get_repository_delegate_tokens(namespace, repository)
|
|
|
|
|
|
|
|
return jsonify({
|
|
|
|
'tokens': {token.code: token_view(token) for token in tokens}
|
|
|
|
})
|
|
|
|
|
|
|
|
abort(403) # Permission denied
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/repository/<path:repository>/tokens/<code>', methods=['GET'])
|
|
|
|
@api_login_required
|
|
|
|
@parse_repository_name
|
|
|
|
def get_tokens(namespace, repository, code):
|
|
|
|
permission = AdministerRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can():
|
|
|
|
perm = model.get_repo_delegate_token(namespace, repository, code)
|
|
|
|
return jsonify(token_view(perm))
|
|
|
|
|
|
|
|
abort(403) # Permission denied
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/repository/<path:repository>/tokens/', methods=['POST'])
|
|
|
|
@api_login_required
|
|
|
|
@parse_repository_name
|
|
|
|
def create_token(namespace, repository):
|
|
|
|
permission = AdministerRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can():
|
|
|
|
token_params = request.get_json()
|
|
|
|
|
|
|
|
token = model.create_delegate_token(namespace, repository,
|
|
|
|
token_params['friendlyName'])
|
|
|
|
|
|
|
|
resp = jsonify(token_view(token))
|
|
|
|
resp.status_code = 201
|
|
|
|
return resp
|
|
|
|
|
|
|
|
abort(403) # Permission denied
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/repository/<path:repository>/tokens/<code>', methods=['PUT'])
|
|
|
|
@api_login_required
|
|
|
|
@parse_repository_name
|
|
|
|
def change_token(namespace, repository, code):
|
|
|
|
permission = AdministerRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can():
|
|
|
|
new_permission = request.get_json()
|
|
|
|
|
|
|
|
logger.debug('Setting permission to: %s for code %s' %
|
|
|
|
(new_permission['role'], code))
|
|
|
|
|
|
|
|
token = model.set_repo_delegate_token_role(namespace, repository, code,
|
|
|
|
new_permission['role'])
|
|
|
|
|
|
|
|
resp = jsonify(token_view(token))
|
|
|
|
return resp
|
|
|
|
|
|
|
|
abort(403) # Permission denied
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/repository/<path:repository>/tokens/<code>',
|
|
|
|
methods=['DELETE'])
|
|
|
|
@api_login_required
|
|
|
|
@parse_repository_name
|
|
|
|
def delete_token(namespace, repository, code):
|
|
|
|
permission = AdministerRepositoryPermission(namespace, repository)
|
|
|
|
if permission.can():
|
|
|
|
model.delete_delegate_token(namespace, repository, code)
|
|
|
|
return make_response('Deleted', 204)
|
|
|
|
|
|
|
|
abort(403) # Permission denied
|
|
|
|
|
|
|
|
|
2013-10-08 15:29:42 +00:00
|
|
|
def subscription_view(stripe_subscription, used_repos):
|
2013-10-02 04:48:03 +00:00
|
|
|
return {
|
2013-10-02 05:40:11 +00:00
|
|
|
'currentPeriodStart': stripe_subscription.current_period_start,
|
|
|
|
'currentPeriodEnd': stripe_subscription.current_period_end,
|
2013-10-02 04:48:03 +00:00
|
|
|
'plan': stripe_subscription.plan.id,
|
2013-10-02 05:40:11 +00:00
|
|
|
'usedPrivateRepos': used_repos,
|
2013-10-02 04:48:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/user/plan', methods=['PUT'])
|
|
|
|
@api_login_required
|
2013-11-06 19:19:56 +00:00
|
|
|
def subscribe_api():
|
2013-10-02 04:48:03 +00:00
|
|
|
request_data = request.get_json()
|
|
|
|
plan = request_data['plan']
|
2013-11-06 19:19:56 +00:00
|
|
|
token = request_data['token'] if 'token' in request_data else None
|
2013-10-15 18:48:49 +00:00
|
|
|
user = current_user.db_user()
|
2013-11-06 19:48:59 +00:00
|
|
|
return subscribe(user, plan, token, USER_PLANS)
|
2013-11-06 19:19:56 +00:00
|
|
|
|
2013-11-06 19:48:59 +00:00
|
|
|
def subscribe(user, plan, token, accepted_plans):
|
|
|
|
plan_found = None
|
|
|
|
for plan_obj in accepted_plans:
|
|
|
|
if plan_obj['stripeId'] == plan:
|
|
|
|
plan_found = plan_obj
|
|
|
|
|
|
|
|
if not plan_found:
|
|
|
|
abort(404)
|
|
|
|
|
2013-10-02 05:40:11 +00:00
|
|
|
private_repos = model.get_private_repo_count(user.username)
|
2013-10-02 04:48:03 +00:00
|
|
|
|
|
|
|
if not user.stripe_id:
|
|
|
|
# Create the customer and plan simultaneously
|
2013-11-06 19:19:56 +00:00
|
|
|
card = token
|
2013-10-02 04:48:03 +00:00
|
|
|
cus = stripe.Customer.create(email=user.email, plan=plan, card=card)
|
|
|
|
user.stripe_id = cus.id
|
|
|
|
user.save()
|
2013-10-08 15:29:42 +00:00
|
|
|
|
2013-10-02 05:40:11 +00:00
|
|
|
resp = jsonify(subscription_view(cus.subscription, private_repos))
|
2013-10-02 04:48:03 +00:00
|
|
|
resp.status_code = 201
|
|
|
|
return resp
|
|
|
|
|
|
|
|
else:
|
|
|
|
# Change the plan
|
|
|
|
cus = stripe.Customer.retrieve(user.stripe_id)
|
2013-10-02 06:05:53 +00:00
|
|
|
|
2013-11-06 19:48:59 +00:00
|
|
|
if plan_found['price'] == 0:
|
2013-10-04 18:35:51 +00:00
|
|
|
cus.cancel_subscription()
|
|
|
|
cus.save()
|
2013-10-02 06:05:53 +00:00
|
|
|
|
2013-10-04 18:35:51 +00:00
|
|
|
response_json = {
|
2013-11-06 19:48:59 +00:00
|
|
|
'plan': plan,
|
2013-10-04 18:35:51 +00:00
|
|
|
'usedPrivateRepos': private_repos,
|
|
|
|
}
|
2013-10-02 04:48:03 +00:00
|
|
|
|
2013-10-04 18:35:51 +00:00
|
|
|
else:
|
|
|
|
cus.plan = plan
|
|
|
|
# User may have been a previous customer who is resubscribing
|
2013-11-06 19:19:56 +00:00
|
|
|
if token:
|
|
|
|
cus.card = token
|
2013-10-02 16:43:25 +00:00
|
|
|
|
2013-10-04 18:35:51 +00:00
|
|
|
cus.save()
|
|
|
|
response_json = subscription_view(cus.subscription, private_repos)
|
2013-10-02 06:05:53 +00:00
|
|
|
|
2013-10-04 18:35:51 +00:00
|
|
|
return jsonify(response_json)
|
2013-10-02 06:05:53 +00:00
|
|
|
|
|
|
|
|
2013-11-06 19:19:56 +00:00
|
|
|
@app.route('/api/organization/<orgname>/plan', methods=['PUT'])
|
|
|
|
@api_login_required
|
|
|
|
def subscribe_org_api(orgname):
|
|
|
|
permission = AdministerOrganizationPermission(orgname)
|
|
|
|
if permission.can():
|
|
|
|
request_data = request.get_json()
|
|
|
|
plan = request_data['plan']
|
|
|
|
token = request_data['token'] if 'token' in request_data else None
|
|
|
|
organization = model.get_organization(orgname)
|
2013-11-06 19:48:59 +00:00
|
|
|
return subscribe(organization, plan, token, BUSINESS_PLANS)
|
2013-11-06 19:19:56 +00:00
|
|
|
|
|
|
|
abort(403)
|
|
|
|
|
|
|
|
|
2013-10-04 18:35:51 +00:00
|
|
|
@app.route('/api/user/plan', methods=['GET'])
|
2013-10-02 06:05:53 +00:00
|
|
|
@api_login_required
|
2013-10-04 18:35:51 +00:00
|
|
|
def get_subscription():
|
2013-10-15 18:48:49 +00:00
|
|
|
user = current_user.db_user()
|
2013-10-04 18:35:51 +00:00
|
|
|
private_repos = model.get_private_repo_count(user.username)
|
2013-10-02 06:05:53 +00:00
|
|
|
|
|
|
|
if user.stripe_id:
|
|
|
|
cus = stripe.Customer.retrieve(user.stripe_id)
|
|
|
|
|
2013-11-01 23:13:58 +00:00
|
|
|
if cus.subscription:
|
2013-10-04 18:35:51 +00:00
|
|
|
return jsonify(subscription_view(cus.subscription, private_repos))
|
|
|
|
|
|
|
|
return jsonify({
|
|
|
|
'plan': 'free',
|
|
|
|
'usedPrivateRepos': private_repos,
|
2013-10-08 15:29:42 +00:00
|
|
|
})
|
2013-11-06 19:19:56 +00:00
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/organization/<orgname>/plan', methods=['GET'])
|
|
|
|
@api_login_required
|
|
|
|
def get_org_subscription(orgname):
|
|
|
|
permission = AdministerOrganizationPermission(orgname)
|
|
|
|
if permission.can():
|
|
|
|
private_repos = model.get_private_repo_count(orgname)
|
|
|
|
organization = model.get_organization(orgname)
|
|
|
|
if organization.stripe_id:
|
|
|
|
cus = stripe.Customer.retrieve(organization.stripe_id)
|
|
|
|
|
|
|
|
if cus.subscription:
|
|
|
|
return jsonify(subscription_view(cus.subscription, private_repos))
|
|
|
|
|
|
|
|
return jsonify({
|
|
|
|
'plan': 'bus-free',
|
|
|
|
'usedPrivateRepos': private_repos,
|
|
|
|
})
|
|
|
|
|
|
|
|
abort(403)
|