Make sure to search teams as well when determining the robots which have access to a private repo

2014-08-18 19:19:01 -04:00 · 2014-08-18 19:19:01 -04:00 · 02d3b70013
commit 02d3b70013
parent c4a27b2c7a
2 changed files with 30 additions and 2 deletions
--- a/data/model/legacy.py
+++ b/data/model/legacy.py
@ -825,6 +825,34 @@ def get_all_repo_users(namespace_name, repository_name):
                         Repository.name == repository_name)


+def get_all_repo_users_transitive_via_teams(namespace_name, repository_name):
+  select = User.select().distinct()
+  with_team_member = select.join(TeamMember)
+  with_team = with_team_member.join(Team)
+  with_perm = with_team.join(RepositoryPermission)
+  with_repo = with_perm.join(Repository)
+  return with_repo.where(Repository.namespace == namespace_name,
+                          Repository.name == repository_name)
+
+
+def get_all_repo_users_transitive(namespace_name, repository_name):
+  # Load the users found via teams and directly via permissions.
+  via_teams = get_all_repo_users_transitive_via_teams(namespace_name, repository_name)
+  directly = [perm.user for perm in get_all_repo_users(namespace_name, repository_name)]
+
+  # Filter duplicates.
+  user_set = set()
+
+  def check_add(u):
+    if u.username in user_set:
+      return False
+
+    user_set.add(u.username)
+    return True
+
+  return [user for user in list(directly) + list(via_teams) if check_add(user)]
+
+
 def get_repository_for_resource(resource_key):
  try:
    return (Repository