Merge pull request #3004 from bison/repo-admin-script
Add script for fixing missing admin permissions
This commit is contained in:
Brad Ison
GitHub
commit
00e0de5005
1 changed files with 70 additions and 0 deletions
70
util/fixuseradmin.py
Normal file
70
util/fixuseradmin.py
Normal file
|
|
@ -0,0 +1,70 @@
|
||||||
|
import argparse
|
||||||
|
import sys
|
||||||
|
|
||||||
|
from app import app
|
||||||
|
from data.database import Namespace, Repository, RepositoryPermission, Role
|
||||||
|
from data.model.permission import get_user_repo_permissions
|
||||||
|
from data.model.user import get_active_users, get_nonrobot_user
|
||||||
|
|
||||||
|
DESCRIPTION = '''
|
||||||
|
Fix user repositories missing admin permissions for owning user.
|
||||||
|
'''
|
||||||
|
|
||||||
|
parser = argparse.ArgumentParser(description=DESCRIPTION)
|
||||||
|
parser.add_argument('users', nargs='*', help='Users to check')
|
||||||
|
parser.add_argument('-a', '--all', action='store_true', help='Check all users')
|
||||||
|
parser.add_argument('-n', '--dry-run', action='store_true', help="Don't act")
|
||||||
|
|
||||||
|
ADMIN = Role.get(name='admin')
|
||||||
|
|
||||||
|
|
||||||
|
def repos_for_namespace(namespace):
|
||||||
|
return (Repository
|
||||||
|
.select(Repository.id, Repository.name, Namespace.username)
|
||||||
|
.join(Namespace)
|
||||||
|
.where(Namespace.username == namespace))
|
||||||
|
|
||||||
|
|
||||||
|
def has_admin(user, repo):
|
||||||
|
perms = get_user_repo_permissions(user, repo)
|
||||||
|
return any(p.role == ADMIN for p in perms)
|
||||||
|
|
||||||
|
|
||||||
|
def get_users(all_users=False, users_list=None):
|
||||||
|
if all_users:
|
||||||
|
return get_active_users(disabled=False)
|
||||||
|
|
||||||
|
return map(get_nonrobot_user, users_list)
|
||||||
|
|
||||||
|
|
||||||
|
def ensure_admin(user, repos, dry_run=False):
|
||||||
|
repos = [repo for repo in repos if not has_admin(user, repo)]
|
||||||
|
|
||||||
|
for repo in repos:
|
||||||
|
print('User {} missing admin on: {}'.format(user.username, repo.name))
|
||||||
|
|
||||||
|
if not dry_run:
|
||||||
|
RepositoryPermission.create(user=user, repository=repo, role=ADMIN)
|
||||||
|
print('Granted {} admin on: {}'.format(user.username, repo.name))
|
||||||
|
|
||||||
|
return len(repos)
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
args = parser.parse_args()
|
||||||
|
found = 0
|
||||||
|
|
||||||
|
if not args.all and len(args.users) == 0:
|
||||||
|
sys.exit('Need a list of users or --all')
|
||||||
|
|
||||||
|
for user in get_users(all_users=args.all, users_list=args.users):
|
||||||
|
if user is not None:
|
||||||
|
repos = repos_for_namespace(user.username)
|
||||||
|
found += ensure_admin(user, repos, dry_run=args.dry_run)
|
||||||
|
|
||||||
|
print('\nFound {} user repos missing admin'
|
||||||
|
' permissions for owner.'.format(found))
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main()
|
||||||
Reference in a new issue