Begin the work to allow robots and teams to be managed via API.
This commit is contained in:
Jake Moshenko
parent
b8979c0499
commit
02e47ed572
4 changed files with 33 additions and 12 deletions
|
|
@ -47,6 +47,7 @@ SCOPE_MAX_TEAM_ROLES = defaultdict(lambda: None)
|
|||
SCOPE_MAX_TEAM_ROLES.update({
|
||||
scopes.CREATE_REPO: 'creator',
|
||||
scopes.DIRECT_LOGIN: 'admin',
|
||||
scopes.ORG_ADMIN: 'admin',
|
||||
})
|
||||
|
||||
SCOPE_MAX_USER_ROLES = defaultdict(lambda: None)
|
||||
|
|
|
|||
|
|
@ -1,17 +1,19 @@
|
|||
from collections import namedtuple
|
||||
|
||||
|
||||
Scope = namedtuple('scope', ['scope', 'icon', 'title', 'description'])
|
||||
Scope = namedtuple('scope', ['scope', 'icon', 'dangerous', 'title', 'description'])
|
||||
|
||||
|
||||
READ_REPO = Scope(scope='repo:read',
|
||||
icon='fa-hdd-o',
|
||||
dangerous=False,
|
||||
title='View all visible repositories',
|
||||
description=('This application will be able to view and pull all repositories '
|
||||
'visible to the granting user or robot account'))
|
||||
|
||||
WRITE_REPO = Scope(scope='repo:write',
|
||||
icon='fa-hdd-o',
|
||||
dangerous=False,
|
||||
title='Read/Write to any accessible repositories',
|
||||
description=('This application will be able to view, push and pull to all '
|
||||
'repositories to which the granting user or robot account has '
|
||||
|
|
@ -19,34 +21,47 @@ WRITE_REPO = Scope(scope='repo:write',
|
|||
|
||||
ADMIN_REPO = Scope(scope='repo:admin',
|
||||
icon='fa-hdd-o',
|
||||
dangerous=False,
|
||||
title='Administer Repositories',
|
||||
description=('This application will have administrator access to all '
|
||||
'repositories to which the granting user or robot account has '
|
||||
'access'))
|
||||
|
||||
CREATE_REPO = Scope(scope='repo:create',
|
||||
icon='fa-plus',
|
||||
title='Create Repositories',
|
||||
description=('This application will be able to create repositories in to any '
|
||||
'namespaces that the granting user or robot account is allowed to '
|
||||
'create repositories'))
|
||||
icon='fa-plus',
|
||||
dangerous=False,
|
||||
title='Create Repositories',
|
||||
description=('This application will be able to create repositories in to any '
|
||||
'namespaces that the granting user or robot account is allowed '
|
||||
'to create repositories'))
|
||||
|
||||
READ_USER = Scope(scope= 'user:read',
|
||||
icon='fa-user',
|
||||
dangerous=False,
|
||||
title='Read User Information',
|
||||
description=('This application will be able to read user information such as '
|
||||
'username and email address.'))
|
||||
|
||||
ORG_ADMIN = Scope(scope='org:admin',
|
||||
icon='fa-exclamation-triangle',
|
||||
dangerous=True,
|
||||
title='Administer Organization',
|
||||
description=('This application will be able to administer your organizations '
|
||||
'including creating robots, creating teams, adjusting team '
|
||||
'membership, and changing billing settings. You should have '
|
||||
'absolute trust in the requesting application before granting this '
|
||||
'permission.'))
|
||||
|
||||
DIRECT_LOGIN = Scope(scope='direct_user_login',
|
||||
icon='fa-exclamation-triangle',
|
||||
dangerous=True,
|
||||
title='Full Access',
|
||||
description=('This scope should not be available to OAuth applications. '
|
||||
'Never approve a request for this scope!'))
|
||||
|
||||
|
||||
ALL_SCOPES = {scope.scope:scope for scope in (READ_REPO, WRITE_REPO, ADMIN_REPO, CREATE_REPO,
|
||||
READ_USER)}
|
||||
READ_USER, ORG_ADMIN)}
|
||||
|
||||
IMPLIED_SCOPES = {
|
||||
ADMIN_REPO: {ADMIN_REPO, WRITE_REPO, READ_REPO},
|
||||
|
|
@ -54,6 +69,7 @@ IMPLIED_SCOPES = {
|
|||
READ_REPO: {READ_REPO},
|
||||
CREATE_REPO: {CREATE_REPO},
|
||||
READ_USER: {READ_USER},
|
||||
ORG_ADMIN: {ORG_ADMIN},
|
||||
None: set(),
|
||||
}
|
||||
|
||||
|
|
|
|||
Reference in a new issue