First stab at applying prototypes.
This commit is contained in:
yackob03
parent
3f67ff77a4
commit
330051f7d9
3 changed files with 92 additions and 27 deletions
|
|
@ -135,14 +135,18 @@ class RepositoryPermission(BaseModel):
|
||||||
|
|
||||||
class PermissionPrototype(BaseModel):
|
class PermissionPrototype(BaseModel):
|
||||||
org = ForeignKeyField(User, index=True, related_name='orgpermissionproto')
|
org = ForeignKeyField(User, index=True, related_name='orgpermissionproto')
|
||||||
user = ForeignKeyField(User, index=True, related_name='userpermissionproto',
|
activating_user = ForeignKeyField(User, index=True, null=True,
|
||||||
null=True)
|
related_name='userpermissionproto')
|
||||||
|
delegate_user = ForeignKeyField(User, related_name='receivingpermission',
|
||||||
|
null=True)
|
||||||
|
delegate_team = ForeignKeyField(Team, related_name='receivingpermission',
|
||||||
|
null=True)
|
||||||
role = ForeignKeyField(Role)
|
role = ForeignKeyField(Role)
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
database = db
|
database = db
|
||||||
indexes = (
|
indexes = (
|
||||||
(('org', 'user'), True),
|
(('org', 'activating_user'), False),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -192,7 +196,7 @@ class Image(BaseModel):
|
||||||
database = db
|
database = db
|
||||||
indexes = (
|
indexes = (
|
||||||
# we don't really want duplicates
|
# we don't really want duplicates
|
||||||
(('repository', 'docker_image_id'), True),
|
(('repository', 'docker_image_id'), False),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -737,15 +737,57 @@ def set_repository_visibility(repo, visibility):
|
||||||
repo.save()
|
repo.save()
|
||||||
|
|
||||||
|
|
||||||
def create_repository(namespace, name, owner, visibility='private'):
|
def create_repository(namespace, name, creating_user, visibility='private'):
|
||||||
private = Visibility.get(name=visibility)
|
private = Visibility.get(name=visibility)
|
||||||
repo = Repository.create(namespace=namespace, name=name,
|
repo = Repository.create(namespace=namespace, name=name,
|
||||||
visibility=private)
|
visibility=private)
|
||||||
admin = Role.get(name='admin')
|
admin = Role.get(name='admin')
|
||||||
|
|
||||||
if owner and not owner.organization:
|
if creating_user and not creating_user.organization:
|
||||||
permission = RepositoryPermission.create(user=owner, repository=repo,
|
permission = RepositoryPermission.create(user=creating_user,
|
||||||
role=admin)
|
repository=repo, role=admin)
|
||||||
|
|
||||||
|
if creating_user.username != namespace:
|
||||||
|
# Permission prototypes only work for orgs
|
||||||
|
org = get_organization(namespace)
|
||||||
|
user_clause = (PermissionPrototype.activating_user == creating_user |
|
||||||
|
PermissionPrototype >> None)
|
||||||
|
|
||||||
|
team_protos = (PermissionPrototype
|
||||||
|
.select()
|
||||||
|
.where(PermissionPrototype.org == org, user_clause,
|
||||||
|
PermissionPrototype.delegate_user >> None))
|
||||||
|
|
||||||
|
final_protos = {}
|
||||||
|
for proto in team_protos:
|
||||||
|
# We will skip the proto if it is pre-empted by a more important proto
|
||||||
|
if (proto.delegate_team.name in final_protos and
|
||||||
|
proto.activating_user is None):
|
||||||
|
continue
|
||||||
|
|
||||||
|
# By this point, it is either a user specific proto, or there is no
|
||||||
|
# proto yet, so we can safely assume it applies
|
||||||
|
final_protos[proto.delegate_team.name] = (proto.delegate_team,
|
||||||
|
proto.role)
|
||||||
|
|
||||||
|
for team, role in final_protos.values():
|
||||||
|
RepositoryPermission.create(team=team, repository=repo, role=role)
|
||||||
|
|
||||||
|
final_user_protos = {}
|
||||||
|
for proto in team_protos:
|
||||||
|
# We will skip the proto if it is pre-empted by a more important proto
|
||||||
|
if (proto.delegate_user.username in final_user_protos and
|
||||||
|
proto.activating_user is None):
|
||||||
|
continue
|
||||||
|
|
||||||
|
# By this point, it is either a user specific proto, or there is no
|
||||||
|
# proto yet, so we can safely assume it applies
|
||||||
|
final_user_protos[proto.delegate_user.username] = (proto.delegate_user,
|
||||||
|
proto.role)
|
||||||
|
|
||||||
|
for user, role in final_user_protos.values():
|
||||||
|
RepositoryPermission.create(user=user, repository=repo, role=role)
|
||||||
|
|
||||||
return repo
|
return repo
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -763,7 +805,8 @@ def set_image_checksum(docker_image_id, repository, checksum):
|
||||||
return fetched
|
return fetched
|
||||||
|
|
||||||
|
|
||||||
def set_image_size(docker_image_id, namespace_name, repository_name, image_size):
|
def set_image_size(docker_image_id, namespace_name, repository_name,
|
||||||
|
image_size):
|
||||||
joined = Image.select().join(Repository)
|
joined = Image.select().join(Repository)
|
||||||
image_list = list(joined.where(Repository.name == repository_name,
|
image_list = list(joined.where(Repository.name == repository_name,
|
||||||
Repository.namespace == namespace_name,
|
Repository.namespace == namespace_name,
|
||||||
|
|
|
||||||
54
initdb.py
54
initdb.py
|
|
@ -266,37 +266,55 @@ def populate_database():
|
||||||
six_ago = today - timedelta(5)
|
six_ago = today - timedelta(5)
|
||||||
four_ago = today - timedelta(4)
|
four_ago = today - timedelta(4)
|
||||||
|
|
||||||
model.log_action('org_create_team', org.username, performer=new_user_1, timestamp=week_ago,
|
model.log_action('org_create_team', org.username, performer=new_user_1,
|
||||||
metadata={'team': 'readers'})
|
timestamp=week_ago, metadata={'team': 'readers'})
|
||||||
|
|
||||||
model.log_action('org_set_team_role', org.username, performer=new_user_1, timestamp=week_ago,
|
model.log_action('org_set_team_role', org.username, performer=new_user_1,
|
||||||
|
timestamp=week_ago,
|
||||||
metadata={'team': 'readers', 'role': 'read'})
|
metadata={'team': 'readers', 'role': 'read'})
|
||||||
|
|
||||||
model.log_action('create_repo', org.username, performer=new_user_1, repository=org_repo, timestamp=week_ago,
|
model.log_action('create_repo', org.username, performer=new_user_1,
|
||||||
|
repository=org_repo, timestamp=week_ago,
|
||||||
metadata={'namespace': org.username, 'repo': 'orgrepo'})
|
metadata={'namespace': org.username, 'repo': 'orgrepo'})
|
||||||
|
|
||||||
model.log_action('change_repo_permission', org.username, performer=new_user_2, repository=org_repo, timestamp=six_ago,
|
model.log_action('change_repo_permission', org.username,
|
||||||
metadata={'username': new_user_1.username, 'repo': 'orgrepo', 'role': 'admin'})
|
performer=new_user_2, repository=org_repo,
|
||||||
|
timestamp=six_ago,
|
||||||
|
metadata={'username': new_user_1.username,
|
||||||
|
'repo': 'orgrepo', 'role': 'admin'})
|
||||||
|
|
||||||
model.log_action('change_repo_permission', org.username, performer=new_user_1, repository=org_repo, timestamp=six_ago,
|
model.log_action('change_repo_permission', org.username,
|
||||||
metadata={'username': new_user_2.username, 'repo': 'orgrepo', 'role': 'read'})
|
performer=new_user_1, repository=org_repo,
|
||||||
|
timestamp=six_ago,
|
||||||
|
metadata={'username': new_user_2.username,
|
||||||
|
'repo': 'orgrepo', 'role': 'read'})
|
||||||
|
|
||||||
model.log_action('add_repo_accesstoken', org.username, performer=new_user_1, repository=org_repo, timestamp=four_ago,
|
model.log_action('add_repo_accesstoken', org.username, performer=new_user_1,
|
||||||
|
repository=org_repo, timestamp=four_ago,
|
||||||
metadata={'repo': 'orgrepo', 'token': 'deploytoken'})
|
metadata={'repo': 'orgrepo', 'token': 'deploytoken'})
|
||||||
|
|
||||||
model.log_action('push_repo', org.username, performer=new_user_2, repository=org_repo, timestamp=today,
|
model.log_action('push_repo', org.username, performer=new_user_2,
|
||||||
metadata={'username': new_user_2.username, 'repo': 'orgrepo'})
|
repository=org_repo, timestamp=today,
|
||||||
|
metadata={'username': new_user_2.username,
|
||||||
|
'repo': 'orgrepo'})
|
||||||
|
|
||||||
model.log_action('pull_repo', org.username, performer=new_user_2, repository=org_repo, timestamp=today,
|
model.log_action('pull_repo', org.username, performer=new_user_2,
|
||||||
metadata={'username': new_user_2.username, 'repo': 'orgrepo'})
|
repository=org_repo, timestamp=today,
|
||||||
|
metadata={'username': new_user_2.username,
|
||||||
|
'repo': 'orgrepo'})
|
||||||
|
|
||||||
model.log_action('pull_repo', org.username, repository=org_repo, timestamp=today,
|
model.log_action('pull_repo', org.username, repository=org_repo,
|
||||||
metadata={'token': 'sometoken', 'token_code': 'somecode', 'repo': 'orgrepo'})
|
timestamp=today,
|
||||||
|
metadata={'token': 'sometoken', 'token_code': 'somecode',
|
||||||
|
'repo': 'orgrepo'})
|
||||||
|
|
||||||
model.log_action('delete_tag', org.username, performer=new_user_2, repository=org_repo, timestamp=today,
|
model.log_action('delete_tag', org.username, performer=new_user_2,
|
||||||
metadata={'username': new_user_2.username, 'repo': 'orgrepo', 'tag': 'sometag'})
|
repository=org_repo, timestamp=today,
|
||||||
|
metadata={'username': new_user_2.username,
|
||||||
|
'repo': 'orgrepo', 'tag': 'sometag'})
|
||||||
|
|
||||||
model.log_action('pull_repo', org.username, repository=org_repo, timestamp=today,
|
model.log_action('pull_repo', org.username, repository=org_repo,
|
||||||
|
timestamp=today,
|
||||||
metadata={'token_code': 'somecode', 'repo': 'orgrepo'})
|
metadata={'token_code': 'somecode', 'repo': 'orgrepo'})
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
|
|
|
||||||
Reference in a new issue