Add repo permissions dialog for existing teams and robots

Fixes #1686
2016-08-22 14:42:35 -04:00 · 2016-08-22 14:42:35 -04:00 · 391d70d9ec
commit 391d70d9ec
parent b5efc57655
18 changed files with 496 additions and 224 deletions
--- a/endpoints/api/team.py
+++ b/endpoints/api/team.py
@ -5,7 +5,7 @@ from flask import request
 import features

 from endpoints.api import (resource, nickname, ApiResource, validate_json_request, request_error,
-                           log_action, internal_only, require_scope, path_param, query_param, 
+                           log_action, internal_only, require_scope, path_param, query_param,
                           truthy_bool, parse_args, require_user_admin, show_if)
 from endpoints.exception import Unauthorized, NotFound
 from auth.permissions import AdministerOrganizationPermission, ViewTeamPermission
@ -15,6 +15,15 @@ from data import model
 from util.useremails import send_org_invite_email
 from app import avatar

+def permission_view(permission):
+  return {
+    'repository': {
+      'name': permission.repository.name,
+      'is_public': permission.repository.visibility.name == 'public'
+    },
+    'role': permission.role.name
+  }
+

 def try_accept_invite(code, user):
  (team, inviter) = model.team.confirm_team_invite(code, user)
@ -346,6 +355,30 @@ class InviteTeamMember(ApiResource):
    raise Unauthorized()


+@resource('/v1/organization/<orgname>/team/<teamname>/permissions')
+@path_param('orgname', 'The name of the organization')
+@path_param('teamname', 'The name of the team')
+class TeamPermissions(ApiResource):
+  """ Resource for listing the permissions an org's team has in the system. """
+  @nickname('getTeamPermissions')
+  def get(self, orgname, teamname):
+    """ Returns the list of repository permissions for the org's team. """
+    permission = AdministerOrganizationPermission(orgname)
+    if permission.can():
+      try:
+        team = model.team.get_organization_team(orgname, teamname)
+      except model.InvalidTeamException:
+        raise NotFound()
+
+      permissions = model.permission.list_team_permissions(team)
+
+      return {
+        'permissions': [permission_view(permission) for permission in permissions]
+      }
+
+    raise Unauthorized()
+
+
@resource('/v1/teaminvite/<code>')
@internal_only
@show_if(features.MAILING)