From 330051f7d9d2463b23e092595b31d9b0c4084bbe Mon Sep 17 00:00:00 2001 From: yackob03 Date: Mon, 20 Jan 2014 19:05:26 -0500 Subject: [PATCH] First stab at applying prototypes. --- data/database.py | 12 +++++++---- data/model.py | 53 ++++++++++++++++++++++++++++++++++++++++++----- initdb.py | 54 ++++++++++++++++++++++++++++++++---------------- 3 files changed, 92 insertions(+), 27 deletions(-) diff --git a/data/database.py b/data/database.py index e9c0ff6ff..5b1a672b5 100644 --- a/data/database.py +++ b/data/database.py @@ -135,14 +135,18 @@ class RepositoryPermission(BaseModel): class PermissionPrototype(BaseModel): org = ForeignKeyField(User, index=True, related_name='orgpermissionproto') - user = ForeignKeyField(User, index=True, related_name='userpermissionproto', - null=True) + activating_user = ForeignKeyField(User, index=True, null=True, + related_name='userpermissionproto') + delegate_user = ForeignKeyField(User, related_name='receivingpermission', + null=True) + delegate_team = ForeignKeyField(Team, related_name='receivingpermission', + null=True) role = ForeignKeyField(Role) class Meta: database = db indexes = ( - (('org', 'user'), True), + (('org', 'activating_user'), False), ) @@ -192,7 +196,7 @@ class Image(BaseModel): database = db indexes = ( # we don't really want duplicates - (('repository', 'docker_image_id'), True), + (('repository', 'docker_image_id'), False), ) diff --git a/data/model.py b/data/model.py index 12658289c..4ca6469e4 100644 --- a/data/model.py +++ b/data/model.py @@ -737,15 +737,57 @@ def set_repository_visibility(repo, visibility): repo.save() -def create_repository(namespace, name, owner, visibility='private'): +def create_repository(namespace, name, creating_user, visibility='private'): private = Visibility.get(name=visibility) repo = Repository.create(namespace=namespace, name=name, visibility=private) admin = Role.get(name='admin') - if owner and not owner.organization: - permission = RepositoryPermission.create(user=owner, repository=repo, - role=admin) + if creating_user and not creating_user.organization: + permission = RepositoryPermission.create(user=creating_user, + repository=repo, role=admin) + + if creating_user.username != namespace: + # Permission prototypes only work for orgs + org = get_organization(namespace) + user_clause = (PermissionPrototype.activating_user == creating_user | + PermissionPrototype >> None) + + team_protos = (PermissionPrototype + .select() + .where(PermissionPrototype.org == org, user_clause, + PermissionPrototype.delegate_user >> None)) + + final_protos = {} + for proto in team_protos: + # We will skip the proto if it is pre-empted by a more important proto + if (proto.delegate_team.name in final_protos and + proto.activating_user is None): + continue + + # By this point, it is either a user specific proto, or there is no + # proto yet, so we can safely assume it applies + final_protos[proto.delegate_team.name] = (proto.delegate_team, + proto.role) + + for team, role in final_protos.values(): + RepositoryPermission.create(team=team, repository=repo, role=role) + + final_user_protos = {} + for proto in team_protos: + # We will skip the proto if it is pre-empted by a more important proto + if (proto.delegate_user.username in final_user_protos and + proto.activating_user is None): + continue + + # By this point, it is either a user specific proto, or there is no + # proto yet, so we can safely assume it applies + final_user_protos[proto.delegate_user.username] = (proto.delegate_user, + proto.role) + + for user, role in final_user_protos.values(): + RepositoryPermission.create(user=user, repository=repo, role=role) + return repo @@ -763,7 +805,8 @@ def set_image_checksum(docker_image_id, repository, checksum): return fetched -def set_image_size(docker_image_id, namespace_name, repository_name, image_size): +def set_image_size(docker_image_id, namespace_name, repository_name, + image_size): joined = Image.select().join(Repository) image_list = list(joined.where(Repository.name == repository_name, Repository.namespace == namespace_name, diff --git a/initdb.py b/initdb.py index 2cd57708f..a92a3548d 100644 --- a/initdb.py +++ b/initdb.py @@ -266,37 +266,55 @@ def populate_database(): six_ago = today - timedelta(5) four_ago = today - timedelta(4) - model.log_action('org_create_team', org.username, performer=new_user_1, timestamp=week_ago, - metadata={'team': 'readers'}) + model.log_action('org_create_team', org.username, performer=new_user_1, + timestamp=week_ago, metadata={'team': 'readers'}) - model.log_action('org_set_team_role', org.username, performer=new_user_1, timestamp=week_ago, + model.log_action('org_set_team_role', org.username, performer=new_user_1, + timestamp=week_ago, metadata={'team': 'readers', 'role': 'read'}) - model.log_action('create_repo', org.username, performer=new_user_1, repository=org_repo, timestamp=week_ago, + model.log_action('create_repo', org.username, performer=new_user_1, + repository=org_repo, timestamp=week_ago, metadata={'namespace': org.username, 'repo': 'orgrepo'}) - model.log_action('change_repo_permission', org.username, performer=new_user_2, repository=org_repo, timestamp=six_ago, - metadata={'username': new_user_1.username, 'repo': 'orgrepo', 'role': 'admin'}) + model.log_action('change_repo_permission', org.username, + performer=new_user_2, repository=org_repo, + timestamp=six_ago, + metadata={'username': new_user_1.username, + 'repo': 'orgrepo', 'role': 'admin'}) - model.log_action('change_repo_permission', org.username, performer=new_user_1, repository=org_repo, timestamp=six_ago, - metadata={'username': new_user_2.username, 'repo': 'orgrepo', 'role': 'read'}) + model.log_action('change_repo_permission', org.username, + performer=new_user_1, repository=org_repo, + timestamp=six_ago, + metadata={'username': new_user_2.username, + 'repo': 'orgrepo', 'role': 'read'}) - model.log_action('add_repo_accesstoken', org.username, performer=new_user_1, repository=org_repo, timestamp=four_ago, + model.log_action('add_repo_accesstoken', org.username, performer=new_user_1, + repository=org_repo, timestamp=four_ago, metadata={'repo': 'orgrepo', 'token': 'deploytoken'}) - model.log_action('push_repo', org.username, performer=new_user_2, repository=org_repo, timestamp=today, - metadata={'username': new_user_2.username, 'repo': 'orgrepo'}) + model.log_action('push_repo', org.username, performer=new_user_2, + repository=org_repo, timestamp=today, + metadata={'username': new_user_2.username, + 'repo': 'orgrepo'}) - model.log_action('pull_repo', org.username, performer=new_user_2, repository=org_repo, timestamp=today, - metadata={'username': new_user_2.username, 'repo': 'orgrepo'}) + model.log_action('pull_repo', org.username, performer=new_user_2, + repository=org_repo, timestamp=today, + metadata={'username': new_user_2.username, + 'repo': 'orgrepo'}) - model.log_action('pull_repo', org.username, repository=org_repo, timestamp=today, - metadata={'token': 'sometoken', 'token_code': 'somecode', 'repo': 'orgrepo'}) + model.log_action('pull_repo', org.username, repository=org_repo, + timestamp=today, + metadata={'token': 'sometoken', 'token_code': 'somecode', + 'repo': 'orgrepo'}) - model.log_action('delete_tag', org.username, performer=new_user_2, repository=org_repo, timestamp=today, - metadata={'username': new_user_2.username, 'repo': 'orgrepo', 'tag': 'sometag'}) + model.log_action('delete_tag', org.username, performer=new_user_2, + repository=org_repo, timestamp=today, + metadata={'username': new_user_2.username, + 'repo': 'orgrepo', 'tag': 'sometag'}) - model.log_action('pull_repo', org.username, repository=org_repo, timestamp=today, + model.log_action('pull_repo', org.username, repository=org_repo, + timestamp=today, metadata={'token_code': 'somecode', 'repo': 'orgrepo'}) if __name__ == '__main__':