vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

First stab at applying prototypes.

Browse source
This commit is contained in:
yackob03 2014-01-20 19:05:26 -05:00
parent 3f67ff77a4
commit 330051f7d9
3 changed files with 92 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
data/database.py
View file

@ -135,14 +135,18 @@ class RepositoryPermission(BaseModel):
class PermissionPrototype(BaseModel):
org = ForeignKeyField(User, index=True, related_name='orgpermissionproto')
user = ForeignKeyField(User, index=True, related_name='userpermissionproto',
null=True)
activating_user = ForeignKeyField(User, index=True, null=True,
related_name='userpermissionproto')
delegate_user = ForeignKeyField(User, related_name='receivingpermission',
null=True)
delegate_team = ForeignKeyField(Team, related_name='receivingpermission',
null=True)
role = ForeignKeyField(Role)
class Meta:
database = db
indexes = (
(('org', 'user'), True),
(('org', 'activating_user'), False),
)
@ -192,7 +196,7 @@ class Image(BaseModel):
database = db
indexes = (
# we don't really want duplicates
(('repository', 'docker_image_id'), True),
(('repository', 'docker_image_id'), False),
)

53
data/model.py
View file

@ -737,15 +737,57 @@ def set_repository_visibility(repo, visibility):
repo.save()
def create_repository(namespace, name, owner, visibility='private'):
def create_repository(namespace, name, creating_user, visibility='private'):
private = Visibility.get(name=visibility)
repo = Repository.create(namespace=namespace, name=name,
visibility=private)
admin = Role.get(name='admin')
if owner and not owner.organization:
permission = RepositoryPermission.create(user=owner, repository=repo,
role=admin)
if creating_user and not creating_user.organization:
permission = RepositoryPermission.create(user=creating_user,
repository=repo, role=admin)
if creating_user.username != namespace:
# Permission prototypes only work for orgs
org = get_organization(namespace)
user_clause = (PermissionPrototype.activating_user == creating_user |
PermissionPrototype >> None)
team_protos = (PermissionPrototype
.select()
.where(PermissionPrototype.org == org, user_clause,
PermissionPrototype.delegate_user >> None))
final_protos = {}
for proto in team_protos:
# We will skip the proto if it is pre-empted by a more important proto
if (proto.delegate_team.name in final_protos and
proto.activating_user is None):
continue
# By this point, it is either a user specific proto, or there is no
# proto yet, so we can safely assume it applies
final_protos[proto.delegate_team.name] = (proto.delegate_team,
proto.role)
for team, role in final_protos.values():
RepositoryPermission.create(team=team, repository=repo, role=role)
final_user_protos = {}
for proto in team_protos:
# We will skip the proto if it is pre-empted by a more important proto
if (proto.delegate_user.username in final_user_protos and
proto.activating_user is None):
continue
# By this point, it is either a user specific proto, or there is no
# proto yet, so we can safely assume it applies
final_user_protos[proto.delegate_user.username] = (proto.delegate_user,
proto.role)
for user, role in final_user_protos.values():
RepositoryPermission.create(user=user, repository=repo, role=role)
return repo
@ -763,7 +805,8 @@ def set_image_checksum(docker_image_id, repository, checksum):
return fetched
def set_image_size(docker_image_id, namespace_name, repository_name, image_size):
def set_image_size(docker_image_id, namespace_name, repository_name,
image_size):
joined = Image.select().join(Repository)
image_list = list(joined.where(Repository.name == repository_name,
Repository.namespace == namespace_name,

54
initdb.py
View file

@ -266,37 +266,55 @@ def populate_database():
six_ago = today - timedelta(5)
four_ago = today - timedelta(4)
model.log_action('org_create_team', org.username, performer=new_user_1, timestamp=week_ago,
metadata={'team': 'readers'})
model.log_action('org_create_team', org.username, performer=new_user_1,
timestamp=week_ago, metadata={'team': 'readers'})
model.log_action('org_set_team_role', org.username, performer=new_user_1, timestamp=week_ago,
model.log_action('org_set_team_role', org.username, performer=new_user_1,
timestamp=week_ago,
metadata={'team': 'readers', 'role': 'read'})
model.log_action('create_repo', org.username, performer=new_user_1, repository=org_repo, timestamp=week_ago,
model.log_action('create_repo', org.username, performer=new_user_1,
repository=org_repo, timestamp=week_ago,
metadata={'namespace': org.username, 'repo': 'orgrepo'})
model.log_action('change_repo_permission', org.username, performer=new_user_2, repository=org_repo, timestamp=six_ago,
metadata={'username': new_user_1.username, 'repo': 'orgrepo', 'role': 'admin'})
model.log_action('change_repo_permission', org.username,
performer=new_user_2, repository=org_repo,
timestamp=six_ago,
metadata={'username': new_user_1.username,
'repo': 'orgrepo', 'role': 'admin'})
model.log_action('change_repo_permission', org.username, performer=new_user_1, repository=org_repo, timestamp=six_ago,
metadata={'username': new_user_2.username, 'repo': 'orgrepo', 'role': 'read'})
model.log_action('change_repo_permission', org.username,
performer=new_user_1, repository=org_repo,
timestamp=six_ago,
metadata={'username': new_user_2.username,
'repo': 'orgrepo', 'role': 'read'})
model.log_action('add_repo_accesstoken', org.username, performer=new_user_1, repository=org_repo, timestamp=four_ago,
model.log_action('add_repo_accesstoken', org.username, performer=new_user_1,
repository=org_repo, timestamp=four_ago,
metadata={'repo': 'orgrepo', 'token': 'deploytoken'})
model.log_action('push_repo', org.username, performer=new_user_2, repository=org_repo, timestamp=today,
metadata={'username': new_user_2.username, 'repo': 'orgrepo'})
model.log_action('push_repo', org.username, performer=new_user_2,
repository=org_repo, timestamp=today,
metadata={'username': new_user_2.username,
'repo': 'orgrepo'})
model.log_action('pull_repo', org.username, performer=new_user_2, repository=org_repo, timestamp=today,
metadata={'username': new_user_2.username, 'repo': 'orgrepo'})
model.log_action('pull_repo', org.username, performer=new_user_2,
repository=org_repo, timestamp=today,
metadata={'username': new_user_2.username,
'repo': 'orgrepo'})
model.log_action('pull_repo', org.username, repository=org_repo, timestamp=today,
metadata={'token': 'sometoken', 'token_code': 'somecode', 'repo': 'orgrepo'})
model.log_action('pull_repo', org.username, repository=org_repo,
timestamp=today,
metadata={'token': 'sometoken', 'token_code': 'somecode',
'repo': 'orgrepo'})
model.log_action('delete_tag', org.username, performer=new_user_2, repository=org_repo, timestamp=today,
metadata={'username': new_user_2.username, 'repo': 'orgrepo', 'tag': 'sometag'})
model.log_action('delete_tag', org.username, performer=new_user_2,
repository=org_repo, timestamp=today,
metadata={'username': new_user_2.username,
'repo': 'orgrepo', 'tag': 'sometag'})
model.log_action('pull_repo', org.username, repository=org_repo, timestamp=today,
model.log_action('pull_repo', org.username, repository=org_repo,
timestamp=today,
metadata={'token_code': 'somecode', 'repo': 'orgrepo'})
if __name__ == '__main__':