From 3864fc3e88c669a45287d34a458bad8d17102699 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Tue, 21 Jan 2014 17:04:00 -0500 Subject: [PATCH] Add logs support for the new default permissions model --- endpoints/api.py | 30 ++++++++++++++++++++++++ initdb.py | 6 ++--- static/css/quay.css | 8 +++++++ static/directives/logs-view.html | 4 ++-- static/js/app.js | 40 ++++++++++++++++++++++++++++---- 5 files changed, 79 insertions(+), 9 deletions(-) diff --git a/endpoints/api.py b/endpoints/api.py index 1e4e0bf20..80faa58be 100644 --- a/endpoints/api.py +++ b/endpoints/api.py @@ -578,6 +578,26 @@ def get_organization_prototype_permissions(orgname): abort(403) +def log_prototype_action(action_kind, orgname, prototype, **kwargs): + username = current_user.db_user().username + log_params = { + 'prototypeid': prototype.uuid, + 'username': username, + 'activating_username': prototype.activating_user.username, + 'role': prototype.role.name + } + + for key, value in kwargs.items(): + log_params[key] = value + + if prototype.delegate_user: + log_params['delegate_user'] = prototype.delegate_user.username + elif prototype.delegate_team: + log_params['delegate_team'] = prototype.delegate_team.name + + log_action(action_kind, orgname, log_params) + + @app.route('/api/organization//prototypes', methods=['POST']) @api_login_required def create_organization_prototype_permission(orgname): @@ -609,7 +629,9 @@ def create_organization_prototype_permission(orgname): abort(400) role_name = details['role'] + prototype = model.add_prototype_permission(org, role_name, activating_user, delegate_user, delegate_team) + log_prototype_action('create_prototype_permission', orgname, prototype) return jsonify(prototype_view(prototype)) abort(403) @@ -629,6 +651,8 @@ def delete_organization_prototype_permission(orgname, prototypeid): if not prototype: abort(404) + log_prototype_action('delete_prototype_permission', orgname, prototype) + return make_response('Deleted', 204) abort(403) @@ -644,12 +668,18 @@ def update_organization_prototype_permission(orgname, prototypeid): except model.InvalidOrganizationException: abort(404) + existing = model.get_prototype_permission(org, prototypeid) + if not existing: + abort(404) + details = request.get_json() role_name = details['role'] prototype = model.update_prototype_permission(org, prototypeid, role_name) if not prototype: abort(404) + log_prototype_action('modify_prototype_permission', orgname, prototype, original_role = existing.role.name) + return jsonify(prototype_view(prototype)) abort(403) diff --git a/initdb.py b/initdb.py index 15eed9183..4e664410b 100644 --- a/initdb.py +++ b/initdb.py @@ -154,9 +154,9 @@ def initialize_database(): LogEntryKind.create(name='org_set_team_description') LogEntryKind.create(name='org_set_team_role') - LogEntryKind.create(name='org_create_prototype_permission') - LogEntryKind.create(name='org_modify_prototype_permission') - LogEntryKind.create(name='org_delete_prototype_permission') + LogEntryKind.create(name='create_prototype_permission') + LogEntryKind.create(name='modify_prototype_permission') + LogEntryKind.create(name='delete_prototype_permission') def wipe_database(): diff --git a/static/css/quay.css b/static/css/quay.css index 96b01e354..3d7b5a4c4 100644 --- a/static/css/quay.css +++ b/static/css/quay.css @@ -327,7 +327,15 @@ i.toggle-icon:hover { height: 12px; border-radius: 50%; margin-right: 6px; + margin-top: 6px; vertical-align: middle; + float: left; +} + +.logs-view-element .log .log-description { + margin-left: 20px; + display: block; + line-height: 25px; } .billing-options-element .current-card { diff --git a/static/directives/logs-view.html b/static/directives/logs-view.html index 8114ce22d..45d3f50fc 100644 --- a/static/directives/logs-view.html +++ b/static/directives/logs-view.html @@ -41,7 +41,7 @@ - + @@ -49,7 +49,7 @@
DescriptionDate/TimeDate/Time User/Token
- + {{ log.datetime }} diff --git a/static/js/app.js b/static/js/app.js index 35f82278c..c0c158932 100644 --- a/static/js/app.js +++ b/static/js/app.js @@ -1232,6 +1232,7 @@ quayApp.directive('logsView', function () { return 'Remove permission for token {token} from repository {repo}'; } }, + 'delete_tag': 'Tag {tag} deleted in repository {repo} by user {username}', 'change_repo_visibility': 'Change visibility for repository {repo} to {visibility}', 'add_repo_accesstoken': 'Create access token {token} in repository {repo}', 'delete_repo_accesstoken': 'Delete access token {token} in repository {repo}', @@ -1244,7 +1245,28 @@ quayApp.directive('logsView', function () { 'org_add_team_member': 'Add member {member} to team {team}', 'org_remove_team_member': 'Remove member {member} from team {team}', 'org_set_team_description': 'Change description of team {team}: {description}', - 'org_set_team_role': 'Change permission of team {team} to {role}' + 'org_set_team_role': 'Change permission of team {team} to {role}', + 'create_prototype_permission': function(metadata) { + if (metadata.delegate_user) { + return 'Create default permission: {role} for {delegate_user}, when creating user is {activating_username}'; + } else if (metadata.delegate_team) { + return 'Create default permission: {role} for {delegate_team}, when creating user is {activating_username}'; + } + }, + 'modify_prototype_permission': function(metadata) { + if (metadata.delegate_user) { + return 'Modify default permission: {role} (from {original_role}) for {delegate_user}, when creating user is {activating_username}'; + } else if (metadata.delegate_team) { + return 'Modify default permission: {role} (from {original_role}) for {delegate_team}, when creating user is {activating_username}'; + } + }, + 'delete_prototype_permission': function(metadata) { + if (metadata.delegate_user) { + return 'Delete default permission: {role} for {delegate_user}, when creating user is {activating_username}'; + } else if (metadata.delegate_team) { + return 'Delete default permission: {role} for {delegate_team}, when creating user is {activating_username}'; + } + } }; var logKinds = { @@ -1267,12 +1289,16 @@ quayApp.directive('logsView', function () { 'delete_repo_webhook': 'Delete webhook', 'set_repo_description': 'Change repository description', 'build_dockerfile': 'Build image from Dockerfile', + 'delete_tag': 'Delete Tag', 'org_create_team': 'Create team', 'org_delete_team': 'Delete team', 'org_add_team_member': 'Add team member', 'org_remove_team_member': 'Remove team member', 'org_set_team_description': 'Change team description', - 'org_set_team_role': 'Change team permission' + 'org_set_team_role': 'Change team permission', + 'create_prototype_permission': 'Create default permission', + 'modify_prototype_permission': 'Modify default permission', + 'delete_prototype_permission': 'Delete default permission' }; var getDateString = function(date) { @@ -1350,10 +1376,16 @@ quayApp.directive('logsView', function () { $scope.getDescription = function(log) { var fieldIcons = { 'username': 'user', + 'activating_username': 'user', + 'delegate_user': 'user', + 'delegate_team': 'group', 'team': 'group', 'token': 'key', 'repo': 'hdd-o', - 'robot': 'wrench' + 'robot': 'wrench', + 'tag': 'tag', + 'role': 'th-large', + 'original_role': 'th-large' }; log.metadata['_ip'] = log.ip ? log.ip : null; @@ -1377,7 +1409,7 @@ quayApp.directive('logsView', function () { description = description.replace('{' + key + '}', '' + markedDown + ''); } } - return $sce.trustAsHtml(description); + return $sce.trustAsHtml(description.replace('\n', '
')); }; $scope.$watch('organization', update);