vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add logs support for the new default permissions model

Browse source
This commit is contained in:
Joseph Schorr 2014-01-21 17:04:00 -05:00
parent aeeacd1d0d
commit 3864fc3e88
5 changed files with 79 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
endpoints/api.py
View file

@ -578,6 +578,26 @@ def get_organization_prototype_permissions(orgname):
abort(403)
def log_prototype_action(action_kind, orgname, prototype, **kwargs):
username = current_user.db_user().username
log_params = {
'prototypeid': prototype.uuid,
'username': username,
'activating_username': prototype.activating_user.username,
'role': prototype.role.name
}
for key, value in kwargs.items():
log_params[key] = value
if prototype.delegate_user:
log_params['delegate_user'] = prototype.delegate_user.username
elif prototype.delegate_team:
log_params['delegate_team'] = prototype.delegate_team.name
log_action(action_kind, orgname, log_params)
@app.route('/api/organization/<orgname>/prototypes', methods=['POST'])
@api_login_required
def create_organization_prototype_permission(orgname):
@ -609,7 +629,9 @@ def create_organization_prototype_permission(orgname):
abort(400)
role_name = details['role']
prototype = model.add_prototype_permission(org, role_name, activating_user, delegate_user, delegate_team)
log_prototype_action('create_prototype_permission', orgname, prototype)
return jsonify(prototype_view(prototype))
abort(403)
@ -629,6 +651,8 @@ def delete_organization_prototype_permission(orgname, prototypeid):
if not prototype:
abort(404)
log_prototype_action('delete_prototype_permission', orgname, prototype)
return make_response('Deleted', 204)
abort(403)
@ -644,12 +668,18 @@ def update_organization_prototype_permission(orgname, prototypeid):
except model.InvalidOrganizationException:
abort(404)
existing = model.get_prototype_permission(org, prototypeid)
if not existing:
abort(404)
details = request.get_json()
role_name = details['role']
prototype = model.update_prototype_permission(org, prototypeid, role_name)
if not prototype:
abort(404)
log_prototype_action('modify_prototype_permission', orgname, prototype, original_role = existing.role.name)
return jsonify(prototype_view(prototype))
abort(403)

6
initdb.py
View file

@ -154,9 +154,9 @@ def initialize_database():
LogEntryKind.create(name='org_set_team_description')
LogEntryKind.create(name='org_set_team_role')
LogEntryKind.create(name='org_create_prototype_permission')
LogEntryKind.create(name='org_modify_prototype_permission')
LogEntryKind.create(name='org_delete_prototype_permission')
LogEntryKind.create(name='create_prototype_permission')
LogEntryKind.create(name='modify_prototype_permission')
LogEntryKind.create(name='delete_prototype_permission')
def wipe_database():

8
static/css/quay.css
View file

@ -327,7 +327,15 @@ i.toggle-icon:hover {
height: 12px;
border-radius: 50%;
margin-right: 6px;
margin-top: 6px;
vertical-align: middle;
float: left;
}
.logs-view-element .log .log-description {
margin-left: 20px;
display: block;
line-height: 25px;
}
.billing-options-element .current-card {

4
static/directives/logs-view.html
View file

@ -41,7 +41,7 @@
<table class="table">
<thead>
<th>Description</th>
<th>Date/Time</th>
<th style="min-width: 226px">Date/Time</th>
<th>User/Token</th>
</thead>
@ -49,7 +49,7 @@
<tr class="log" ng-repeat="log in (logs | visibleLogFilter:kindsAllowed | filter:search | limitTo:150)">
<td>
<span class="circle" style="{{ 'background: ' + getColor(log.kind) }}"></span>
<span ng-bind-html="getDescription(log)"></span>
<span class="log-description" ng-bind-html="getDescription(log)"></span>
</td>
<td>{{ log.datetime }}</td>
<td>

40
static/js/app.js
View file

@ -1232,6 +1232,7 @@ quayApp.directive('logsView', function () {
return 'Remove permission for token {token} from repository {repo}';
}
},
'delete_tag': 'Tag {tag} deleted in repository {repo} by user {username}',
'change_repo_visibility': 'Change visibility for repository {repo} to {visibility}',
'add_repo_accesstoken': 'Create access token {token} in repository {repo}',
'delete_repo_accesstoken': 'Delete access token {token} in repository {repo}',
@ -1244,7 +1245,28 @@ quayApp.directive('logsView', function () {
'org_add_team_member': 'Add member {member} to team {team}',
'org_remove_team_member': 'Remove member {member} from team {team}',
'org_set_team_description': 'Change description of team {team}: {description}',
'org_set_team_role': 'Change permission of team {team} to {role}'
'org_set_team_role': 'Change permission of team {team} to {role}',
'create_prototype_permission': function(metadata) {
if (metadata.delegate_user) {
return 'Create default permission: {role} for {delegate_user}, when creating user is {activating_username}';
} else if (metadata.delegate_team) {
return 'Create default permission: {role} for {delegate_team}, when creating user is {activating_username}';
}
},
'modify_prototype_permission': function(metadata) {
if (metadata.delegate_user) {
return 'Modify default permission: {role} (from {original_role}) for {delegate_user}, when creating user is {activating_username}';
} else if (metadata.delegate_team) {
return 'Modify default permission: {role} (from {original_role}) for {delegate_team}, when creating user is {activating_username}';
}
},
'delete_prototype_permission': function(metadata) {
if (metadata.delegate_user) {
return 'Delete default permission: {role} for {delegate_user}, when creating user is {activating_username}';
} else if (metadata.delegate_team) {
return 'Delete default permission: {role} for {delegate_team}, when creating user is {activating_username}';
}
}
};
var logKinds = {
@ -1267,12 +1289,16 @@ quayApp.directive('logsView', function () {
'delete_repo_webhook': 'Delete webhook',
'set_repo_description': 'Change repository description',
'build_dockerfile': 'Build image from Dockerfile',
'delete_tag': 'Delete Tag',
'org_create_team': 'Create team',
'org_delete_team': 'Delete team',
'org_add_team_member': 'Add team member',
'org_remove_team_member': 'Remove team member',
'org_set_team_description': 'Change team description',
'org_set_team_role': 'Change team permission'
'org_set_team_role': 'Change team permission',
'create_prototype_permission': 'Create default permission',
'modify_prototype_permission': 'Modify default permission',
'delete_prototype_permission': 'Delete default permission'
};
var getDateString = function(date) {
@ -1350,10 +1376,16 @@ quayApp.directive('logsView', function () {
$scope.getDescription = function(log) {
var fieldIcons = {
'username': 'user',
'activating_username': 'user',
'delegate_user': 'user',
'delegate_team': 'group',
'team': 'group',
'token': 'key',
'repo': 'hdd-o',
'robot': 'wrench'
'robot': 'wrench',
'tag': 'tag',
'role': 'th-large',
'original_role': 'th-large'
};
log.metadata['_ip'] = log.ip ? log.ip : null;
@ -1377,7 +1409,7 @@ quayApp.directive('logsView', function () {
description = description.replace('{' + key + '}', '<code>' + markedDown + '</code>');
}
}
return $sce.trustAsHtml(description);
return $sce.trustAsHtml(description.replace('\n', '<br>'));
};
$scope.$watch('organization', update);