diff --git a/data/model/legacy.py b/data/model/legacy.py index b5afdfeb8..9feea0738 100644 --- a/data/model/legacy.py +++ b/data/model/legacy.py @@ -825,6 +825,34 @@ def get_all_repo_users(namespace_name, repository_name): Repository.name == repository_name) +def get_all_repo_users_transitive_via_teams(namespace_name, repository_name): + select = User.select().distinct() + with_team_member = select.join(TeamMember) + with_team = with_team_member.join(Team) + with_perm = with_team.join(RepositoryPermission) + with_repo = with_perm.join(Repository) + return with_repo.where(Repository.namespace == namespace_name, + Repository.name == repository_name) + + +def get_all_repo_users_transitive(namespace_name, repository_name): + # Load the users found via teams and directly via permissions. + via_teams = get_all_repo_users_transitive_via_teams(namespace_name, repository_name) + directly = [perm.user for perm in get_all_repo_users(namespace_name, repository_name)] + + # Filter duplicates. + user_set = set() + + def check_add(u): + if u.username in user_set: + return False + + user_set.add(u.username) + return True + + return [user for user in list(directly) + list(via_teams) if check_add(user)] + + def get_repository_for_resource(resource_key): try: return (Repository diff --git a/endpoints/api/trigger.py b/endpoints/api/trigger.py index 3203e4a79..4ec20bfdc 100644 --- a/endpoints/api/trigger.py +++ b/endpoints/api/trigger.py @@ -350,8 +350,8 @@ class BuildTriggerAnalyze(RepositoryParamResource): (robot_namespace, shortname) = parse_robot_username(user.username) return AdministerOrganizationPermission(robot_namespace).can() - repo_perms = model.get_all_repo_users(base_namespace, base_repository) - read_robots = [robot_view(perm.user) for perm in repo_perms if is_valid_robot(perm.user)] + repo_users = list(model.get_all_repo_users_transitive(base_namespace, base_repository)) + read_robots = [robot_view(user) for user in repo_users if is_valid_robot(user)] return { 'namespace': base_namespace,