vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add a bunch of the missing permissions from the API.

Browse source
This commit is contained in:
yackob03 2013-11-04 16:18:40 -05:00
parent 3698e494a1
commit 2eb7ff2442
2 changed files with 112 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

153
endpoints/api.py
View file

@ -24,7 +24,9 @@ from util.gravatar import compute_hash
from auth.permissions import (ReadRepositoryPermission,
ModifyRepositoryPermission,
AdministerRepositoryPermission,
CreateRepositoryPermission)
CreateRepositoryPermission,
AdministerOrganizationPermission,
OrganizationMemberPermission)
from endpoints import registry
from endpoints.web import common_login
from util.cache import cache_control
@ -58,11 +60,11 @@ def plans_list():
@app.route('/api/user/', methods=['GET'])
def get_logged_in_user():
def org_view(o):
# TODO: return whether the user is really the admin of the organization
admin_org = AdministerOrganizationPermission(o.username)
return {
'name': o.username,
'gravatar': compute_hash(o.email),
'is_org_admin': True
'is_org_admin': admin_org.can()
}
if current_user.is_anonymous():
@ -235,6 +237,7 @@ user_files = UserRequestFiles(app.config['AWS_ACCESS_KEY'],
app.config['AWS_SECRET_KEY'],
app.config['REGISTRY_S3_BUCKET'])
@app.route('/api/organization/<orgname>', methods=['GET'])
def get_organization(orgname):
def team_view(t):
@ -294,80 +297,81 @@ def member_view(m):
'username': m.username
}
@app.route('/api/organization/<orgname>/team/<teamname>/members', methods=['GET'])
@app.route('/api/organization/<orgname>/team/<teamname>/members',
methods=['GET'])
def get_organization_team_members(orgname, teamname):
if current_user.is_anonymous():
abort(404)
permission = ViewTeamPermission(orgname, teamname)
if permission.can():
user = current_user.db_user()
team = None
# TODO: determine whether the user has permission to view the team members of this team
# (i.e. they are a member of the team [maybe??] OR they are an admin of the org)
user = current_user.db_user()
team = None
try:
team = model.get_organization_team(orgname, teamname)
except:
abort(404)
members = model.get_organization_team_members(team.id)
return jsonify({
'members': { m.username : member_view(m) for m in members }
})
try:
team = model.get_organization_team(orgname, teamname)
except:
abort(404)
members = model.get_organization_team_members(team.id)
return jsonify({
'members': { m.username : member_view(m) for m in members }
})
abort(403)
@app.route('/api/organization/<orgname>/team/<teamname>/members/<membername>', methods=['PUT', 'POST'])
@app.route('/api/organization/<orgname>/team/<teamname>/members/<membername>',
methods=['PUT', 'POST'])
def update_organization_team_member(orgname, teamname, membername):
if current_user.is_anonymous():
abort(404)
permission = AdministerOrganizationPermission(orgname)
if permission.can():
team = None
user = None
# TODO: determine whether the user has permission to put this user as a member of the team.
team = None
user = None
# Find the team.
try:
team = model.get_organization_team(orgname, teamname)
except:
abort(404)
# Find the team.
try:
team = model.get_organization_team(orgname, teamname)
except:
abort(404)
# Find the user.
user = model.get_user(membername)
if not user:
abort(400)
# Add the user to the team.
model.add_user_to_team(user, team)
# Find the user.
user = model.get_user(membername)
if not user:
abort(400)
# Add the user to the team.
model.add_user_to_team(user, team)
return jsonify(member_view(user))
return jsonify(member_view(user))
abort(403)
@app.route('/api/organization/<orgname>/team/<teamname>/members/<membername>', methods=['DELETE'])
@app.route('/api/organization/<orgname>/team/<teamname>/members/<membername>',
methods=['DELETE'])
def delete_organization_team_member(orgname, teamname, membername):
if current_user.is_anonymous():
abort(404)
permission = AdministerOrganizationPermission(orgname)
if permission.can():
team = None
user = None
# TODO: determine whether the user has permission to delete this user as a member of the team.
team = None
user = None
# Find the team.
try:
team = model.get_organization_team(orgname, teamname)
except:
abort(404)
# Find the team.
try:
team = model.get_organization_team(orgname, teamname)
except:
abort(404)
# Find the user.
user = model.get_user(membername)
if not user:
abort(400)
# Remote the user from the team.
model.remove_user_from_team(user, team)
# Find the user.
user = model.get_user(membername)
if not user:
abort(400)
# Remote the user from the team.
model.remove_user_from_team(user, team)
return jsonify({
'success': True
})
return jsonify({
'success': True
})
abort(403)
@app.route('/api/repository', methods=['POST'])
@ -648,11 +652,10 @@ def request_repo_build(namespace, repository):
abort(403) # Permissions denied
def role_view(repo_perm_obj, username=None):
# TODO: Determine whether the user (if given) is outside of the organization.
def role_view(repo_perm_obj, org_member):
return {
'role': repo_perm_obj.role.name,
'outside_org': username != 'devtable'
'outside_org': org_member
}
@ -733,32 +736,36 @@ def list_tag_images(namespace, repository, tag):
abort(403) # Permission denied
@app.route('/api/repository/<path:repository>/permissions/team/', methods=['GET'])
@app.route('/api/repository/<path:repository>/permissions/team/',
methods=['GET'])
@api_login_required
@parse_repository_name
def list_repo_team_permissions(namespace, repository):
permission = AdministerRepositoryPermission(namespace, repository)
if permission.can():
repo_perms = model.get_all_repo_teams(namespace, repository)
org_member = OrganizationMemberPermission(namespace).can()
return jsonify({
'permissions': {repo_perm.team.name: role_view(repo_perm)
'permissions': {repo_perm.team.name: role_view(repo_perm, org_member)
for repo_perm in repo_perms}
})
abort(403) # Permission denied
@app.route('/api/repository/<path:repository>/permissions/user/', methods=['GET'])
@app.route('/api/repository/<path:repository>/permissions/user/',
methods=['GET'])
@api_login_required
@parse_repository_name
def list_repo_user_permissions(namespace, repository):
permission = AdministerRepositoryPermission(namespace, repository)
if permission.can():
repo_perms = model.get_all_repo_users(namespace, repository)
member = OrganizationMemberPermission(namespace).can()
return jsonify({
'permissions': {repo_perm.user.username: role_view(repo_perm, username=repo_perm.user.username)
'permissions': {repo_perm.user.username: role_view(repo_perm, member)
for repo_perm in repo_perms}
})
@ -775,7 +782,8 @@ def get_user_permissions(namespace, repository, username):
permission = AdministerRepositoryPermission(namespace, repository)
if permission.can():
perm = model.get_user_reponame_permission(username, namespace, repository)
return jsonify(role_view(perm, username=username))
org_member = OrganizationMemberPermission(namespace).can()
return jsonify(role_view(perm, org_member))
abort(403) # Permission denied
@ -790,7 +798,8 @@ def get_team_permissions(namespace, repository, teamname):
permission = AdministerRepositoryPermission(namespace, repository)
if permission.can():
perm = model.get_team_reponame_permission(username, namespace, repository)
return jsonify(role_view(perm))
org_member = OrganizationMemberPermission(namespace).can()
return jsonify(role_view(perm, org_member))
abort(403) # Permission denied
@ -814,7 +823,8 @@ def change_user_permissions(namespace, repository, username):
logger.warning('User tried to remove themselves as admin.')
abort(409)
resp = jsonify(role_view(perm, username=username))
org_member = OrganizationMemberPermission(namespace).can()
resp = jsonify(role_view(perm, org_member))
if request.method == 'POST':
resp.status_code = 201
return resp
@ -841,7 +851,8 @@ def change_team_permissions(namespace, repository, teamname):
logger.warning('User tried to remove themselves as admin.')
abort(409)
resp = jsonify(role_view(perm))
org_member = OrganizationMemberPermission(namespace).can()
resp = jsonify(role_view(perm, org_member))
if request.method == 'POST':
resp.status_code = 201
return resp