- Add support for super users
- Add a super user API - Add a super user interface
This commit is contained in:
Joseph Schorr
parent
4d4f3b1c18
commit
0e320c964f
15 changed files with 524 additions and 33 deletions
|
|
@ -22,6 +22,7 @@ _TeamTypeNeed = namedtuple('teamwideneed', ['type', 'orgname', 'teamname', 'role
|
|||
_TeamNeed = partial(_TeamTypeNeed, 'orgteam')
|
||||
_UserTypeNeed = namedtuple('userspecificneed', ['type', 'username', 'role'])
|
||||
_UserNeed = partial(_UserTypeNeed, 'user')
|
||||
_SuperUserNeed = partial(namedtuple('superuserneed', ['type']), '_superuser')
|
||||
|
||||
|
||||
REPO_ROLES = [None, 'read', 'write', 'admin']
|
||||
|
|
@ -88,6 +89,10 @@ class QuayDeferredPermissionUser(Identity):
|
|||
logger.debug('Loading user permissions after deferring.')
|
||||
user_object = model.get_user(self.id)
|
||||
|
||||
# Add the superuser need, if applicable.
|
||||
if user_object.username is not None and user_object.username in app.config.get('SUPER_USERS', []):
|
||||
self.provides.add(_SuperUserNeed())
|
||||
|
||||
# Add the user specific permissions, only for non-oauth permission
|
||||
user_grant = _UserNeed(user_object.username, self._user_role_for_scopes('admin'))
|
||||
logger.debug('User permission: {0}'.format(user_grant))
|
||||
|
|
@ -171,6 +176,11 @@ class CreateRepositoryPermission(Permission):
|
|||
super(CreateRepositoryPermission, self).__init__(admin_org,
|
||||
create_repo_org)
|
||||
|
||||
class SuperUserPermission(Permission):
|
||||
def __init__(self):
|
||||
need = _SuperUserNeed()
|
||||
super(SuperUserPermission, self).__init__(need)
|
||||
|
||||
|
||||
class UserAdminPermission(Permission):
|
||||
def __init__(self, username):
|
||||
|
|
|
|||
Reference in a new issue