vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add repo permissions dialog for existing teams and robots

Browse source 
Fixes #1686
This commit is contained in:
Joseph Schorr 2016-08-22 14:42:35 -04:00
parent b5efc57655
commit 391d70d9ec
18 changed files with 496 additions and 224 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
data/model/permission.py
View file

@ -5,6 +5,17 @@ from data.database import (RepositoryPermission, User, Repository, Visibility, R
from data.model import DataModelException, _basequery from data.model import DataModelException, _basequery
def list_team_permissions(team):
return (RepositoryPermission
.select(RepositoryPermission)
.join(Repository)
.join(Visibility)
.switch(RepositoryPermission)
.join(Role)
.switch(RepositoryPermission)
.where(RepositoryPermission.team == team))
def list_robot_permissions(robot_name): def list_robot_permissions(robot_name):
return (RepositoryPermission return (RepositoryPermission
.select(RepositoryPermission, User, Repository) .select(RepositoryPermission, User, Repository)

54
data/model/team.py
View file

@ -191,29 +191,47 @@ def get_teams_within_org(organization):
""" Returns a AttrDict of team info (id, name, description), its role under the org, """ Returns a AttrDict of team info (id, name, description), its role under the org,
the number of repositories on which it has permission, and the number of members. the number of repositories on which it has permission, and the number of members.
""" """
query = (Team.select(Team.id, Team.name, Team.description, TeamRole.name, query = (Team.select()
fn.Count(RepositoryPermission.id), fn.Count(TeamMember.id))
.where(Team.organization == organization) .where(Team.organization == organization)
.join(TeamRole) .join(TeamRole))
.switch(Team)
.join(RepositoryPermission, JOIN_LEFT_OUTER) def _team_view(team):
.switch(Team) return {
.join(TeamMember, JOIN_LEFT_OUTER) 'id': team.id,
.group_by(Team.id) 'name': team.name,
'description': team.description,
'role_name': team.role.name,
'repo_count': 0,
'member_count': 0,
}
teams = {team.id: _team_view(team) for team in query}
if not teams:
# Just in case. Should ideally never happen.
return []
# Add repository permissions count.
permission_tuples = (RepositoryPermission.select(RepositoryPermission.team,
fn.Count(RepositoryPermission.id))
.where(RepositoryPermission.team << teams.keys())
.group_by(RepositoryPermission.team)
.tuples()) .tuples())
def _team_view(team_tuple): for perm_tuple in permission_tuples:
return AttrDict({ teams[perm_tuple[0]]['repo_count'] = perm_tuple[1]
'id': team_tuple[0],
'name': team_tuple[1],
'description': team_tuple[2],
'role_name': team_tuple[3],
'repo_count': team_tuple[4], # Add the member count.
'member_count': team_tuple[5], members_tuples = (TeamMember.select(TeamMember.team,
}) fn.Count(TeamMember.id))
.where(TeamMember.team << teams.keys())
.group_by(TeamMember.team)
.tuples())
return [_team_view(team_tuple) for team_tuple in query] for member_tuple in members_tuples:
teams[member_tuple[0]]['member_count'] = member_tuple[1]
return [AttrDict(team_info) for team_info in teams.values()]
def get_user_teams_within_org(username, organization): def get_user_teams_within_org(username, organization):

33
endpoints/api/team.py
View file

@ -15,6 +15,15 @@ from data import model
from util.useremails import send_org_invite_email from util.useremails import send_org_invite_email
from app import avatar from app import avatar
def permission_view(permission):
return {
'repository': {
'name': permission.repository.name,
'is_public': permission.repository.visibility.name == 'public'
},
'role': permission.role.name
}
def try_accept_invite(code, user): def try_accept_invite(code, user):
(team, inviter) = model.team.confirm_team_invite(code, user) (team, inviter) = model.team.confirm_team_invite(code, user)
@ -346,6 +355,30 @@ class InviteTeamMember(ApiResource):
raise Unauthorized() raise Unauthorized()
@resource('/v1/organization/<orgname>/team/<teamname>/permissions')
@path_param('orgname', 'The name of the organization')
@path_param('teamname', 'The name of the team')
class TeamPermissions(ApiResource):
""" Resource for listing the permissions an org's team has in the system. """
@nickname('getTeamPermissions')
def get(self, orgname, teamname):
""" Returns the list of repository permissions for the org's team. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
team = model.team.get_organization_team(orgname, teamname)
except model.InvalidTeamException:
raise NotFound()
permissions = model.permission.list_team_permissions(team)
return {
'permissions': [permission_view(permission) for permission in permissions]
}
raise Unauthorized()
@resource('/v1/teaminvite/<code>') @resource('/v1/teaminvite/<code>')
@internal_only @internal_only
@show_if(features.MAILING) @show_if(features.MAILING)

35
static/css/directives/ui/add-repo-permissions.css
View file

@ -1,35 +0,0 @@
.add-repo-permissions-element label {
margin-top: 4px;
}
.add-repo-permissions-element .co-table {
margin-top: 20px;
}
.add-repo-permissions-element .fa-hdd-o {
margin-right: 4px;
vertical-align: middle;
}
.add-repo-permissions-element .co-filter-box {
display: block;
float: right;
margin-bottom: 20px;
}
.add-repo-permissions-element .co-filter-box .filter-message {
left: -180px;
top: 4px;
}
.add-repo-permissions-element .co-filter-box input {
width: 100%;
padding-top: 2px;
padding-bottom: 2px;
height: 28px;
}
.add-repo-permissions-element label .avatar {
vertical-align: text-bottom;
margin-left: 4px;
}

35
static/css/directives/ui/set-repo-permissions.css Normal file
View file

@ -0,0 +1,35 @@
.set-repo-permissions-element label {
margin-top: 4px;
}
.set-repo-permissions-element .co-table {
margin-top: 20px;
}
.set-repo-permissions-element .fa-hdd-o {
margin-right: 4px;
vertical-align: middle;
}
.set-repo-permissions-element .co-filter-box {
display: block;
float: right;
margin-bottom: 20px;
}
.set-repo-permissions-element .co-filter-box .filter-message {
left: -180px;
top: 4px;
}
.set-repo-permissions-element .co-filter-box input {
width: 100%;
padding-top: 2px;
padding-bottom: 2px;
height: 28px;
}
.set-repo-permissions-element label .avatar {
vertical-align: text-bottom;
margin-left: 4px;
}

21
static/directives/create-entity-dialog.html
View file

@ -8,23 +8,24 @@
<i class="fa {{ entityIcon }}"></i> <i class="fa {{ entityIcon }}"></i>
Create {{ entityTitle }} Create {{ entityTitle }}
</h4> </h4>
<h4 class="modal-title" ng-show="view == 'addperms' || view == 'addingperms'"> <h4 class="modal-title" ng-show="view == 'setperms' || view == 'settingperms'">
Add permissions for <i class="fa {{ entityIcon }}"></i> {{ entity.name }} Add permissions for <i class="fa {{ entityIcon }}"></i> {{ entity.name }}
</h4> </h4>
</div> <!-- /.model-header --> </div> <!-- /.model-header -->
<div class="modal-body" ng-show="view == 'creating' || view == 'addingperms'"> <div class="modal-body" ng-show="view == 'creating' || view == 'settingperms'">
<div class="cor-loader"></div> <div class="cor-loader"></div>
</div> </div>
<div class="modal-body co-modal-body-scrollable" ng-show="view == 'addperms'"> <div class="modal-body co-modal-body-scrollable" ng-show="view == 'setperms'">
<div class="add-repo-permissions" namespace="info.namespace" <div class="set-repo-permissions"
namespace="info.namespace"
entity-name="entity.name" entity-name="entity.name"
entity-kind="entityKind" entity-kind="entityKind"
checked-repository="info.repository" has-changed-repositories="context.hasChangedRepositories"
has-checked-repositories="context.hasCheckedRepositories" has-checked-repositories="context.hasCheckedRepositories"
repositories-loaded="repositoriesLoaded(repositories)" repositories-loaded="repositoriesLoaded(repositories)"
adding-permissions="addingPermissions()" setting-permissions="settingPermissions()"
permissions-added="permissionsAdded(repositories)" permissions-set="permissionsSet(repositories)"
add-permissions="context.addPermissionsCounter" set-permissions="context.setPermissionsCounter"
ng-if="entity"></div> ng-if="entity"></div>
</div> </div>
<div class="modal-body" ng-show="view == 'enterName'"> <div class="modal-body" ng-show="view == 'enterName'">
@ -37,8 +38,8 @@
</div> </div>
</form> </form>
</div> <!-- /.modal-body --> </div> <!-- /.modal-body -->
<div class="modal-footer" ng-show="view == 'addperms'"> <div class="modal-footer" ng-show="view == 'setperms'">
<button type="button" class="btn btn-primary" ng-click="addPermissions()" <button type="button" class="btn btn-primary" ng-click="setPermissions()"
ng-show="context.hasCheckedRepositories">Add permissions</button> ng-show="context.hasCheckedRepositories">Add permissions</button>
<button type="button" class="btn btn-default" ng-click="hide()">Close</button> <button type="button" class="btn btn-default" ng-click="hide()">Close</button>
</div> <!-- /.footer-body --> </div> <!-- /.footer-body -->

71
static/directives/robots-manager.html
View file

@ -35,12 +35,11 @@
<thead> <thead>
<td>Robot Account Name</td> <td>Robot Account Name</td>
<td ng-if="organization">Teams</td> <td ng-if="organization">Teams</td>
<td>Direct Repository Permissions</td> <td>Repositories</td>
<td class="options-col"></td> <td class="options-col"></td>
</thead> </thead>
<tbody ng-repeat="robotInfo in robots | filter:robotFilter | orderBy:getShortenedRobotName" bindonce> <tr ng-repeat="robotInfo in robots | filter:robotFilter | orderBy:getShortenedRobotName" bindonce>
<tr ng-class="robotInfo.showing_permissions ? 'open' : 'closed'">
<td class="robot"> <td class="robot">
<i class="fa ci-robot hidden-xs"></i> <i class="fa ci-robot hidden-xs"></i>
<a ng-click="showRobot(robotInfo)"> <a ng-click="showRobot(robotInfo)">
@ -61,28 +60,18 @@
</span> </span>
</td> </td>
<td> <td>
<span class="empty" bo-if="robotInfo.repositories.length == 0"> <span class="empty" ng-if="robotInfo.repositories.length == 0">
<a is-only-text="!organization.is_admin" ng-click="setPermissions(robotInfo)">
No repositories No repositories
</span>
<span class="member-perm-summary" bo-if="robotInfo.repositories.length > 0">
<span ng-click="showPermissions(robotInfo)">
<i class="fa"
ng-class="robotInfo.showing_permissions ? 'fa-caret-down' : 'fa-caret-right'"
data-title="View Permissions List" bs-tooltip></i>
</span>
<a class="hidden-xs" is-only-text="!organization.is_admin"
ng-click="showPermissions(robotInfo)">
<span bo-text="robotInfo.repositories.length"></span>
<span bo-if="robotInfo.repositories.length == 1">repository</span>
<span bo-if="robotInfo.repositories.length > 1">repositories</span>
</a> </a>
<span class="visible-xs">
<span bo-text="robotInfo.repositories.length"></span>
<span bo-if="robotInfo.repositories.length == 1">repository</span>
<span bo-if="robotInfo.repositories.length > 1">repositories</span>
</span> </span>
<span class="member-perm-summary" ng-if="robotInfo.repositories.length > 0">
<a is-only-text="!organization.is_admin" ng-click="setPermissions(robotInfo)">
{{ robotInfo.repositories.length }}
<span ng-if="robotInfo.repositories.length == 1">repository</span>
<span ng-if="robotInfo.repositories.length > 1">repositories</span>
</a>
</span> </span>
</td> </td>
<td class="options-col"> <td class="options-col">
@ -90,43 +79,21 @@
<span class="cor-option" option-click="showRobot(robotInfo)"> <span class="cor-option" option-click="showRobot(robotInfo)">
<i class="fa fa-key"></i> View Credentials <i class="fa fa-key"></i> View Credentials
</span> </span>
<span class="cor-option" option-click="setPermissions(robotInfo)">
<i class="fa fa-hdd-o"></i> Set Repository Permissions
</span>
<span class="cor-option" option-click="askDeleteRobot(robotInfo)"> <span class="cor-option" option-click="askDeleteRobot(robotInfo)">
<i class="fa fa-times"></i> Delete Robot {{ robotInfo.name }} <i class="fa fa-times"></i> Delete Robot {{ robotInfo.name }}
</span> </span>
</span> </span>
</td> </td>
</tr> </tr>
<tr ng-if="robotInfo.showing_permissions"> </table>
<td class="permissions-display-row" colspan="4"> </div>
<span class="cor-loader" ng-if="robotInfo.loading_permissions"></span>
<div class="permissions-table-wrapper">
<table class="permissions-table" ng-if="!robotInfo.loading_permissions">
<thead>
<td>Repository</td>
<td>Permission</td>
</thead>
<tr ng-repeat="permission in robotInfo.permissions"> <!-- Set repo permissions dialog -->
<td> <div class="set-repo-permissions-dialog" info="setRepoPermissionsInfo"
<span class="repo-icon repo-circle no-background" repo="permission.repository"></span> permissions-set="handlePermissionsSet(info, repositories)"></div>
<a ng-href="/repository/{{ getPrefix(robotInfo.name) }}/{{ permission.repository.name }}?tab=settings">{{ getPrefix(robotInfo.name) }}/{{ permission.repository.name }}</a>
</td>
<td>
<div class="btn-group btn-group-sm">
<span class="role-group"
current-role="permission.role"
roles="repoRoles"
read-only="true"></span>
</div>
</td>
</tr>
</table>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div class="create-robot-dialog" info="createRobotInfo" robot-created="robotCreated()"></div> <div class="create-robot-dialog" info="createRobotInfo" robot-created="robotCreated()"></div>
<div class="robot-credentials-dialog" info="robotDisplayInfo"></div> <div class="robot-credentials-dialog" info="robotDisplayInfo"></div>

35
static/directives/set-repo-permissions-dialog.html Normal file
View file

@ -0,0 +1,35 @@
<div class="set-repo-permissions-dialog-element">
<div class="modal fade co-dialog wider">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" ng-click="hide()" aria-hidden="true">&times;</button>
<h4 class="modal-title">
Set permissions for <i class="fa {{ info.entityIcon }}"></i> {{ info.entityName }}
</h4>
</div> <!-- /.model-header -->
<div class="modal-body" ng-show="working">
<div class="cor-loader"></div>
</div>
<div class="modal-body co-modal-body-scrollable" ng-show="!working" style="padding-bottom: 210px;">
<div class="set-repo-permissions"
namespace="context.info.namespace"
entity-name="context.info.entityName"
entity-kind="context.info.entityKind"
has-changed-repositories="context.hasChangedRepositories"
has-checked-repositories="context.hasCheckedRepositories"
setting-permissions="settingPermissions()"
permissions-set="permissionsSetComplete(repositories)"
set-permissions="setPermissionsCounter"
ng-if="context.info.namespace && context.info.entityName && context.info.entityKind">
</div>
</div> <!-- /.modal-body -->
<div class="modal-footer" ng-show="!working">
<button type="button" class="btn btn-primary" ng-click="setPermissions()"
ng-show="context.hasChangedRepositories">Update permissions</button>
<button type="button" class="btn btn-default" ng-click="hide()">Close</button>
</div> <!-- /.footer-body -->
</div>
</div>
</div>
</div>

2
static/directives/add-repo-permissions.html → static/directives/set-repo-permissions.html
View file

@ -1,4 +1,4 @@
<div class="add-repo-permissions-element"> <div class="set-repo-permissions-element">
<span class="co-filter-box"> <span class="co-filter-box">
<span class="filter-message" ng-if="options.filter"> <span class="filter-message" ng-if="options.filter">
Showing {{ orderedRepositories.entries.length }} of {{ repositories.length }} repositories Showing {{ orderedRepositories.entries.length }} of {{ repositories.length }} repositories

25
static/directives/teams-manager.html
View file

@ -81,19 +81,31 @@
</span> </span>
</td> </td>
<td class="hidden-xs"> <td class="hidden-xs">
<span bo-text="team.repo_count"></span> repositories <span class="empty" ng-if="team.repo_count == 0">
<a is-only-text="!organization.is_admin" ng-click="setRepoPermissions(team.name)">
No repositories
</a>
</span>
<span class="member-perm-summary" ng-if="team.repo_count > 0">
<a is-only-text="!organization.is_admin" ng-click="setRepoPermissions(team.name)">
{{ team.repo_count }}
<span ng-if="team.repo_count == 1">repository</span>
<span ng-if="team.repo_count > 1">repositories</span>
</a>
</span>
</td> </td>
<td> <td>
<span class="role-group" current-role="team.role" pull-left="true" <span class="role-group" current-role="team.role" pull-left="true"
role-changed="setRole(role, team.name)" roles="teamRoles"></span> role-changed="setRole(role, team.name)" roles="teamRoles"></span>
</td> </td>
<td> <td>
<span class="cor-options-menu"> <span class="cor-options-menu" ng-show="organization.is_admin">
<span class="cor-option" option-click="viewTeam(team.name)"> <span class="cor-option" option-click="viewTeam(team.name)">
<i class="fa fa-user"></i> Manage Team Members <i class="fa fa-user"></i> Manage Team Members
</span> </span>
<span class="cor-option" option-click="addRepoPermissions(team.name)"> <span class="cor-option" option-click="setRepoPermissions(team.name)">
<i class="fa fa-hdd-o"></i> Add Repository Permissions <i class="fa fa-hdd-o"></i> Set Repository Permissions
</span> </span>
<span class="cor-option" option-click="askDeleteTeam(team.name)"> <span class="cor-option" option-click="askDeleteTeam(team.name)">
<i class="fa fa-times"></i> Delete Team {{ team.name }} <i class="fa fa-times"></i> Delete Team {{ team.name }}
@ -169,8 +181,13 @@
</table> </table>
</div> </div>
<!-- Create team dialog -->
<div class="create-team-dialog" info="createTeamInfo" team-created="handleTeamCreated(team)"></div> <div class="create-team-dialog" info="createTeamInfo" team-created="handleTeamCreated(team)"></div>
<!-- Set repo permissions dialog -->
<div class="set-repo-permissions-dialog" info="setRepoPermissionsInfo"
permissions-set="handlePermissionsSet(info, repositories)"></div>
<!-- Remove member confirm --> <!-- Remove member confirm -->
<div class="cor-confirm-dialog" <div class="cor-confirm-dialog"
dialog-context="removeMemberInfo" dialog-context="removeMemberInfo"

14
static/js/directives/ui/create-entity-dialog.js
View file

@ -22,7 +22,7 @@ angular.module('quay').directive('createEntityDialog', function () {
controller: function($scope, $element, ApiService, UIService, UserService) { controller: function($scope, $element, ApiService, UIService, UserService) {
$scope.context = { $scope.context = {
'addPermissionsCounter': 0 'setPermissionsCounter': 0
}; };
$scope.$on('$destroy', function() { $scope.$on('$destroy', function() {
@ -71,17 +71,17 @@ angular.module('quay').directive('createEntityDialog', function () {
}); });
}; };
$scope.permissionsAdded = function(repositories) { $scope.permissionsSet = function(repositories) {
$scope.entity['repo_count'] = repositories.length; $scope.entity['repo_count'] = repositories.length;
$scope.hide(); $scope.hide();
}; };
$scope.addingPermissions = function() { $scope.settingPermissions = function() {
$scope.view = 'addingperms'; $scope.view = 'settingperms';
}; };
$scope.addPermissions = function() { $scope.setPermissions = function() {
$scope.context.addPermissionsCounter++; $scope.context.setPermissionsCounter++;
}; };
$scope.repositoriesLoaded = function(repositories) { $scope.repositoriesLoaded = function(repositories) {
@ -90,7 +90,7 @@ angular.module('quay').directive('createEntityDialog', function () {
return; return;
} }
$scope.view = 'addperms'; $scope.view = 'setperms';
}; };
$scope.$watch('entityNameRegex', function(r) { $scope.$watch('entityNameRegex', function(r) {

32
static/js/directives/ui/robots-manager.js
View file

@ -33,15 +33,6 @@ angular.module('quay').directive('robotsManager', function () {
locationListener && locationListener(); locationListener && locationListener();
}); });
var loadRobotPermissions = function(info) {
var shortName = $scope.getShortenedName(info.name);
info.loading_permissions = true;
ApiService.getRobotPermissions($scope.organization, null, {'robot_shortname': shortName}).then(function(resp) {
info.permissions = resp.permissions;
info.loading_permissions = false;
}, ApiService.errorDisplay('Could not load robot permissions'));
};
$scope.filterToRobot = function(robotName) { $scope.filterToRobot = function(robotName) {
if ($scope.robotFilter == robotName) { if ($scope.robotFilter == robotName) {
return; return;
@ -56,14 +47,6 @@ angular.module('quay').directive('robotsManager', function () {
$scope.robotFilter = robotName; $scope.robotFilter = robotName;
}; };
$scope.showPermissions = function(robotInfo) {
robotInfo.showing_permissions = !robotInfo.showing_permissions;
if (robotInfo.showing_permissions) {
loadRobotPermissions(robotInfo);
}
};
$scope.showRobot = function(info) { $scope.showRobot = function(info) {
$scope.robotDisplayInfo = { $scope.robotDisplayInfo = {
'name': info.name 'name': info.name
@ -126,6 +109,21 @@ angular.module('quay').directive('robotsManager', function () {
}); });
}; };
$scope.setPermissions = function(info) {
var namespace = $scope.organization ? $scope.organization.name : $scope.user.username;
$scope.setRepoPermissionsInfo = {
'namespace': namespace,
'entityName': info.name,
'entityKind': 'robot',
'entityIcon': 'ci-robot'
};
};
$scope.handlePermissionsSet = function(info, repositories) {
var index = $scope.findRobotIndexByName(info.entityName);
$scope.robots[index]['repositories'] = repositories;
};
$scope.robotCreated = function() { $scope.robotCreated = function() {
update(); update();
}; };

60
static/js/directives/ui/set-repo-permissions-dialog.js Normal file
View file

@ -0,0 +1,60 @@
/**
* An element which displays a dialog for setting permissions for an entity to repositories under
* a namespace.
*/
angular.module('quay').directive('setRepoPermissionsDialog', function () {
var directiveDefinitionObject = {
priority: 0,
templateUrl: '/static/directives/set-repo-permissions-dialog.html',
replace: false,
transclude: true,
restrict: 'C',
scope: {
'info': '=info',
'permissionsSet': '&permissionsSet',
},
controller: function($scope, $element) {
$scope.setPermissionsCounter = 0;
$scope.loading = false;
$scope.context = {};
$scope.setPermissions = function() {
$scope.setPermissionsCounter++;
};
$scope.settingPermissions = function() {
$scope.working = true;
};
$scope.show = function() {
$scope.setPermissionsCounter = 0;
$scope.working = false;
$element.find('.modal').modal({});
};
$scope.hide = function() {
$scope.working = false;
$scope.context.info = null;
$scope.context.hasChangedRepositories = false;
$scope.context.hasCheckedRepositories = false;
$element.find('.modal').modal('hide');
};
$scope.permissionsSetComplete = function(repositories) {
$scope.hide();
$scope.permissionsSet({'repositories': repositories, 'info': $scope.info});
};
$scope.$watch('info', function(info) {
if (info) {
$scope.context.info = info;
$scope.show();
}
});
}
};
return directiveDefinitionObject;
});

115
static/js/directives/ui/add-repo-permissions.js → static/js/directives/ui/set-repo-permissions.js
View file

@ -1,11 +1,11 @@
/** /**
* An element which displays a table for adding permissions for an entity to repositories under * An element which displays a table for setting permissions for an entity to repositories under
* a namespace. * a namespace.
*/ */
angular.module('quay').directive('addRepoPermissions', function () { angular.module('quay').directive('setRepoPermissions', function () {
var directiveDefinitionObject = { var directiveDefinitionObject = {
priority: 0, priority: 0,
templateUrl: '/static/directives/add-repo-permissions.html', templateUrl: '/static/directives/set-repo-permissions.html',
replace: false, replace: false,
transclude: true, transclude: true,
restrict: 'C', restrict: 'C',
@ -14,15 +14,14 @@ angular.module('quay').directive('addRepoPermissions', function () {
'entityName': '=entityName', 'entityName': '=entityName',
'entityKind': '=entityKind', 'entityKind': '=entityKind',
'checkedRepository': '=checkedRepository', 'setPermissions': '=setPermissions',
'addPermissions': '=addPermissions',
'hasCheckedRepositories': '=hasCheckedRepositories', 'hasCheckedRepositories': '=hasCheckedRepositories',
'hasChangedRepositories': '=hasChangedRepositories',
'repositoriesLoaded': '&repositoriesLoaded', 'repositoriesLoaded': '&repositoriesLoaded',
'addingPermissions': '&addingPermissions', 'settingPermissions': '&settingPermissions',
'permissionsAdded': '&permissionsAdded', 'permissionsSet': '&permissionsSet',
}, },
controller: function($scope, $element, ApiService, UIService, TableService, RolesService, UserService) { controller: function($scope, $element, ApiService, UIService, TableService, RolesService, UserService) {
@ -36,6 +35,20 @@ angular.module('quay').directive('addRepoPermissions', function () {
$scope.repositories = null; $scope.repositories = null;
$scope.currentNamespace = null; $scope.currentNamespace = null;
$scope.currentEntityName = null;
var checkForChanges = function() {
var hasChanges = false;
$scope.repositories.forEach(function(repo) {
if (repo['permission'] != repo['original_permission']) {
hasChanges = true;
}
});
$scope.hasCheckedRepositories = !!$scope.checkedRepos.checked.length;
$scope.hasChangedRepositories = hasChanges;
};
var handleRepoCheckChange = function() { var handleRepoCheckChange = function() {
$scope.repositories.forEach(function(repo) { $scope.repositories.forEach(function(repo) {
@ -48,7 +61,7 @@ angular.module('quay').directive('addRepoPermissions', function () {
} }
}); });
$scope.hasCheckedRepositories = !!$scope.checkedRepos.checked.length; checkForChanges();
}; };
var setRepoState = function() { var setRepoState = function() {
@ -62,18 +75,43 @@ angular.module('quay').directive('addRepoPermissions', function () {
['last_modified_datetime']); ['last_modified_datetime']);
}; };
var loadRepositories = function() { var loadRepositoriesAndPermissions = function() {
if (!$scope.namespace || !$scope.entityName || !$scope.entityKind) { if (!$scope.namespace || !$scope.entityName || !$scope.entityKind) {
return; return;
} }
if ($scope.namespace == $scope.currentNamespace) { if (($scope.entityName == $scope.currentEntityName) &&
($scope.namespace == $scope.currentNamespace)) {
return; return;
} }
$scope.currentNamespace = $scope.namespace;
$scope.currentEntityName = $scope.entityName;
// Load the repository permissions for the entity first. We then load the full repo list
// and compare.
RolesService.getRepoPermissions($scope.namespace, $scope.entityKind, $scope.entityName,
function(permissions) {
if (permissions == null) {
$scope.currentNamespace = null;
$scope.currentEntityName = null;
return;
}
var existingPermissionsMap = {};
permissions.forEach(function(existingPermission) {
existingPermissionsMap[existingPermission.repository.name] = existingPermission.role;
});
loadRepositories(existingPermissionsMap);
});
};
var loadRepositories = function(existingPermissionsMap) {
$scope.namespaceInfo = UserService.getNamespace($scope.namespace); $scope.namespaceInfo = UserService.getNamespace($scope.namespace);
// Load the repositories under the entity's namespace. // Load the repositories under the entity's namespace, along with the current repo
// permissions for the entity.
var params = { var params = {
'namespace': $scope.namespace, 'namespace': $scope.namespace,
'last_modified': true 'last_modified': true
@ -84,12 +122,15 @@ angular.module('quay').directive('addRepoPermissions', function () {
var repos = []; var repos = [];
resp['repositories'].forEach(function(repo) { resp['repositories'].forEach(function(repo) {
var existingPermission = existingPermissionsMap[repo.name] || 'none';
repos.push({ repos.push({
'namespace': repo.namespace, 'namespace': repo.namespace,
'name': repo.name, 'name': repo.name,
'last_modified': repo.last_modified, 'last_modified': repo.last_modified,
'last_modified_datetime': TableService.getReversedTimestamp(repo.last_modified), 'last_modified_datetime': TableService.getReversedTimestamp(repo.last_modified),
'permission': 'none' 'permission': existingPermission,
'original_permission': existingPermission
}); });
}); });
@ -100,53 +141,55 @@ angular.module('quay').directive('addRepoPermissions', function () {
$scope.repositories = repos; $scope.repositories = repos;
$scope.checkedRepos = UIService.createCheckStateController($scope.repositories, 'name'); $scope.checkedRepos = UIService.createCheckStateController($scope.repositories, 'name');
$scope.checkedRepos.listen(handleRepoCheckChange);
if ($scope.checkedRepository) {
repos.forEach(function(repo) { repos.forEach(function(repo) {
if (repo['namespace'] == $scope.checkedRepository.namespace && if (repo.permission != 'none') {
repo['name'] == $scope.checkedRepository.name) {
$scope.checkedRepos.checkItem(repo); $scope.checkedRepos.checkItem(repo);
$scope.options.filter = $scope.checkedRepository.name;
} }
}); });
}
$scope.checkedRepos.listen(handleRepoCheckChange);
setRepoState(); setRepoState();
$scope.repositoriesLoaded({'repositories': repos}); $scope.repositoriesLoaded({'repositories': repos});
}, ApiService.errorDisplay('Could not load repositories')); }, ApiService.errorDisplay('Could not load repositories'));
}; };
var addPermissions = function() { var setPermissions = function() {
if (!$scope.checkedRepos || !$scope.namespace || !$scope.repositories) { if (!$scope.checkedRepos || !$scope.namespace || !$scope.repositories) {
return; return;
} }
$scope.addingPermissions(); $scope.settingPermissions();
var repos = $scope.checkedRepos.checked; var repos = $scope.repositories;
var counter = 0; var counter = 0;
var addPerm = function() { var setPerm = function() {
if (counter >= repos.length) { if (counter >= repos.length) {
$scope.permissionsAdded({'repositories': repos}); $scope.permissionsSet({'repositories': $scope.checkedRepos.checked});
$scope.checkedRepos.setChecked([]);
return; return;
} }
var repo = repos[counter]; var repo = repos[counter];
if (repo['permission'] == repo['original_permission']) {
// Skip changing it.
counter++;
setPerm();
return;
}
RolesService.setRepositoryRole(repo, repo.permission, $scope.entityKind, RolesService.setRepositoryRole(repo, repo.permission, $scope.entityKind,
$scope.entityName, $scope.entityName, function(status) {
function(status) {
if (status) { if (status) {
counter++; counter++;
addPerm(); setPerm();
} else {
$scope.permissionsAdded();
} }
}); });
}; };
addPerm(); setPerm();
}; };
$scope.setRole = function(role, repo) { $scope.setRole = function(role, repo) {
@ -157,6 +200,8 @@ angular.module('quay').directive('addRepoPermissions', function () {
} else { } else {
$scope.checkedRepos.checkItem(repo); $scope.checkedRepos.checkItem(repo);
} }
checkForChanges();
}; };
$scope.allRepositoriesFilter = function(item) { $scope.allRepositoriesFilter = function(item) {
@ -175,13 +220,13 @@ angular.module('quay').directive('addRepoPermissions', function () {
$scope.$watch('options.reverse', setRepoState); $scope.$watch('options.reverse', setRepoState);
$scope.$watch('options.filter', setRepoState); $scope.$watch('options.filter', setRepoState);
$scope.$watch('namespace', loadRepositories); $scope.$watch('namespace', loadRepositoriesAndPermissions);
$scope.$watch('entityName', loadRepositories); $scope.$watch('entityName', loadRepositoriesAndPermissions);
$scope.$watch('entityKind', loadRepositories); $scope.$watch('entityKind', loadRepositoriesAndPermissions);
$scope.$watch('addPermissions', function(value) { $scope.$watch('setPermissions', function(value) {
if (value) { if (value) {
addPermissions(); setPermissions();
} }
}); });
} }

14
static/js/directives/ui/teams-manager.js
View file

@ -196,6 +196,20 @@ angular.module('quay').directive('teamsManager', function () {
$scope.removeMemberInfo = $.extend({}, memberInfo); $scope.removeMemberInfo = $.extend({}, memberInfo);
}; };
$scope.setRepoPermissions = function(teamName) {
$scope.setRepoPermissionsInfo = {
'namespace': $scope.organization.name,
'entityName': teamName,
'entityKind': 'team',
'entityIcon': 'fa-group'
};
};
$scope.handlePermissionsSet = function(info, repositories) {
var team = $scope.organization.teams[info.entityName];
team['repo_count'] = repositories.length;
};
$scope.$watch('organization', setTeamsState); $scope.$watch('organization', setTeamsState);
$scope.$watch('isEnabled', setTeamsState); $scope.$watch('isEnabled', setTeamsState);

49
static/js/services/roles-service.js
View file

@ -1,7 +1,8 @@
/** /**
* Service which defines the various role groups. * Service which defines the various role groups.
*/ */
angular.module('quay').factory('RolesService', ['UtilService', 'Restangular', 'ApiService', function(UtilService, Restangular, ApiService) { angular.module('quay').factory('RolesService', ['UtilService', 'Restangular', 'ApiService', 'UserService',
function(UtilService, Restangular, ApiService, UserService) {
var roleService = {}; var roleService = {};
roleService.repoRolesOrNone = [ roleService.repoRolesOrNone = [
@ -20,14 +21,22 @@ angular.module('quay').factory('RolesService', ['UtilService', 'Restangular', 'A
{ 'id': 'admin', 'title': 'Admin', 'kind': 'primary', 'description': 'Full admin access to the organization' } { 'id': 'admin', 'title': 'Admin', 'kind': 'primary', 'description': 'Full admin access to the organization' }
]; ];
var getPermissionEndpoint = function(repository, entityName, kind) { var getPermissionEndpoint = function(repository, entityName, entityKind) {
if (entityKind == 'robot') {
entityKind = 'user';
}
var namespace = repository.namespace; var namespace = repository.namespace;
var name = repository.name; var name = repository.name;
var url = UtilService.getRestUrl('repository', namespace, name, 'permissions', kind, entityName); var url = UtilService.getRestUrl('repository', namespace, name, 'permissions', entityKind, entityName);
return Restangular.one(url); return Restangular.one(url);
}; };
roleService.deleteRepositoryRole = function(repository, entityKind, entityName, callback) { roleService.deleteRepositoryRole = function(repository, entityKind, entityName, callback) {
if (entityKind == 'robot') {
entityKind = 'user';
}
var errorDisplay = ApiService.errorDisplay('Cannot change permission', function(resp) { var errorDisplay = ApiService.errorDisplay('Cannot change permission', function(resp) {
callback(false); callback(false);
}); });
@ -39,6 +48,15 @@ angular.module('quay').factory('RolesService', ['UtilService', 'Restangular', 'A
}; };
roleService.setRepositoryRole = function(repository, role, entityKind, entityName, callback) { roleService.setRepositoryRole = function(repository, role, entityKind, entityName, callback) {
if (role == 'none') {
roleService.deleteRepositoryRole(repository, entityKind, entityName, callback);
return;
}
if (entityKind == 'robot') {
entityKind = 'user';
}
var errorDisplay = ApiService.errorDisplay('Cannot change permission', function(resp) { var errorDisplay = ApiService.errorDisplay('Cannot change permission', function(resp) {
callback(false); callback(false);
}); });
@ -53,5 +71,30 @@ angular.module('quay').factory('RolesService', ['UtilService', 'Restangular', 'A
}, errorDisplay); }, errorDisplay);
}; };
roleService.getRepoPermissions = function(namespace, entityKind, entityName, callback) {
var errorHandler = ApiService.errorDisplay('Could not load permissions', callback);
if (entityKind == 'team') {
var params = {
'orgname': namespace,
'teamname': entityName
};
ApiService.getTeamPermissions(null, params).then(function(resp) {
callback(resp.permissions);
}, errorHandler);
} else if (entityKind == 'robot') {
var parts = entityName.split('+');
var shortName = parts[1];
var orgname = UserService.isOrganization(namespace) ? namespace : null;
ApiService.getRobotPermissions(orgname, null, {'robot_shortname': shortName}).then(function(resp) {
callback(resp.permissions);
}, errorHandler);
} else {
throw Error('Unknown entity kind ' + entityKind);
}
};
return roleService; return roleService;
}]); }]);

21
test/test_api_security.py
View file

@ -10,7 +10,8 @@ from data import model
from initdb import setup_database_for_testing, finished_database_for_testing from initdb import setup_database_for_testing, finished_database_for_testing
from endpoints.api import api_bp, api from endpoints.api import api_bp, api
from endpoints.api.team import TeamMember, TeamMemberList, OrganizationTeam, TeamMemberInvite from endpoints.api.team import (TeamMember, TeamMemberList, OrganizationTeam, TeamMemberInvite,
TeamPermissions)
from endpoints.api.tag import RepositoryTagImages, RepositoryTag, ListRepositoryTags, RevertTag from endpoints.api.tag import RepositoryTagImages, RepositoryTag, ListRepositoryTags, RevertTag
from endpoints.api.search import EntitySearch from endpoints.api.search import EntitySearch
from endpoints.api.image import RepositoryImage, RepositoryImageList from endpoints.api.image import RepositoryImage, RepositoryImageList
@ -678,6 +679,24 @@ class TestTeamMemberBuynlargeDevtableOwners(ApiTestCase):
self._run_test('DELETE', 400, 'devtable', None) self._run_test('DELETE', 400, 'devtable', None)
class TestTeamPermissionsBuynlarge(ApiTestCase):
def setUp(self):
ApiTestCase.setUp(self)
self._set_url(TeamPermissions, orgname="buynlarge", teamname="readers")
def test_get_anonymous(self):
self._run_test('GET', 401, None, None)
def test_get_freshuser(self):
self._run_test('GET', 403, 'freshuser', None)
def test_get_reader(self):
self._run_test('GET', 403, 'reader', None)
def test_get_devtable(self):
self._run_test('GET', 200, 'devtable', None)
class TestTeamMemberListBuynlargeReaders(ApiTestCase): class TestTeamMemberListBuynlargeReaders(ApiTestCase):
def setUp(self): def setUp(self):
ApiTestCase.setUp(self) ApiTestCase.setUp(self)

13
test/test_api_usage.py
View file

@ -27,7 +27,8 @@ from data import database, model
from data.database import RepositoryActionCount, Repository as RepositoryTable from data.database import RepositoryActionCount, Repository as RepositoryTable
from test.helpers import assert_action_logged from test.helpers import assert_action_logged
from endpoints.api.team import TeamMember, TeamMemberList, TeamMemberInvite, OrganizationTeam from endpoints.api.team import (TeamMember, TeamMemberList, TeamMemberInvite, OrganizationTeam,
TeamPermissions)
from endpoints.api.tag import RepositoryTagImages, RepositoryTag, RevertTag, ListRepositoryTags from endpoints.api.tag import RepositoryTagImages, RepositoryTag, RevertTag, ListRepositoryTags
from endpoints.api.search import EntitySearch, ConductSearch from endpoints.api.search import EntitySearch, ConductSearch
from endpoints.api.image import RepositoryImage, RepositoryImageList from endpoints.api.image import RepositoryImage, RepositoryImageList
@ -1155,6 +1156,16 @@ class TestDeleteOrganizationTeam(ApiTestCase):
self.assertEquals(msg, data['message']) self.assertEquals(msg, data['message'])
class TestTeamPermissions(ApiTestCase):
def test_team_permissions(self):
self.login(ADMIN_ACCESS_USER)
resp = self.getJsonResponse(TeamPermissions,
params=dict(orgname=ORGANIZATION, teamname='readers'))
self.assertEquals(1, len(resp['permissions']))
class TestGetOrganizationTeamMembers(ApiTestCase): class TestGetOrganizationTeamMembers(ApiTestCase):
def test_invalidteam(self): def test_invalidteam(self):
self.login(ADMIN_ACCESS_USER) self.login(ADMIN_ACCESS_USER)