Made a stupid assumption about when users belonged to an organization, now paying for my terrible ways.
This commit is contained in:
yackob03
parent
109f09f0d0
commit
3a11ea4229
5 changed files with 71 additions and 33 deletions
|
|
@ -197,7 +197,6 @@ def get_matching_users(prefix):
|
|||
@app.route('/api/entities/<prefix>', methods=['GET'])
|
||||
@api_login_required
|
||||
def get_matching_entities(prefix):
|
||||
users = model.get_matching_users(prefix)
|
||||
teams = []
|
||||
|
||||
organization_name = request.args.get('organization', None)
|
||||
|
|
@ -208,10 +207,12 @@ def get_matching_entities(prefix):
|
|||
except:
|
||||
pass
|
||||
|
||||
if organization:
|
||||
if organization:
|
||||
# TODO: ensure that the user has access to the organization
|
||||
teams = model.get_matching_teams(prefix, organization)
|
||||
|
||||
users = model.get_matching_users(prefix, organization)
|
||||
|
||||
def team_view(team):
|
||||
return {
|
||||
'name': team.name,
|
||||
|
|
@ -224,7 +225,7 @@ def get_matching_entities(prefix):
|
|||
return {
|
||||
'name': user.username,
|
||||
'kind': 'user',
|
||||
'outside_org': True
|
||||
'is_org_member': user.is_org_member,
|
||||
}
|
||||
|
||||
team_data = [team_view(team) for team in teams]
|
||||
|
|
@ -661,10 +662,15 @@ def request_repo_build(namespace, repository):
|
|||
abort(403) # Permissions denied
|
||||
|
||||
|
||||
def role_view(repo_perm_obj, org_member):
|
||||
def role_view_org(repo_perm_obj, org_member):
|
||||
return {
|
||||
'role': repo_perm_obj.role.name,
|
||||
'is_org_member': org_member,
|
||||
}
|
||||
|
||||
def role_view(repo_perm_obj):
|
||||
return {
|
||||
'role': repo_perm_obj.role.name,
|
||||
'outside_org': org_member
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -753,10 +759,9 @@ def list_repo_team_permissions(namespace, repository):
|
|||
permission = AdministerRepositoryPermission(namespace, repository)
|
||||
if permission.can():
|
||||
repo_perms = model.get_all_repo_teams(namespace, repository)
|
||||
org_member = OrganizationMemberPermission(namespace).can()
|
||||
|
||||
return jsonify({
|
||||
'permissions': {repo_perm.team.name: role_view(repo_perm, org_member)
|
||||
'permissions': {repo_perm.team.name: role_view(repo_perm)
|
||||
for repo_perm in repo_perms}
|
||||
})
|
||||
|
||||
|
|
@ -771,11 +776,15 @@ def list_repo_user_permissions(namespace, repository):
|
|||
permission = AdministerRepositoryPermission(namespace, repository)
|
||||
if permission.can():
|
||||
repo_perms = model.get_all_repo_users(namespace, repository)
|
||||
member = OrganizationMemberPermission(namespace).can()
|
||||
org_members = model.get_organization_member_set(namespace)
|
||||
|
||||
def process_perm(repo_perm):
|
||||
return (repo_perm.user.username,
|
||||
role_view_org(repo_perm,
|
||||
repo_perm.user.username in org_members))
|
||||
|
||||
return jsonify({
|
||||
'permissions': {repo_perm.user.username: role_view(repo_perm, member)
|
||||
for repo_perm in repo_perms}
|
||||
'permissions': dict(process_perm(perm) for perm in repo_perms)
|
||||
})
|
||||
|
||||
abort(403) # Permission denied
|
||||
|
|
@ -791,8 +800,8 @@ def get_user_permissions(namespace, repository, username):
|
|||
permission = AdministerRepositoryPermission(namespace, repository)
|
||||
if permission.can():
|
||||
perm = model.get_user_reponame_permission(username, namespace, repository)
|
||||
org_member = OrganizationMemberPermission(namespace).can()
|
||||
return jsonify(role_view(perm, org_member))
|
||||
org_members = model.get_organization_member_set(namespace)
|
||||
return jsonify(role_view_org(perm, perm.user.username in org_members))
|
||||
|
||||
abort(403) # Permission denied
|
||||
|
||||
|
|
@ -807,8 +816,7 @@ def get_team_permissions(namespace, repository, teamname):
|
|||
permission = AdministerRepositoryPermission(namespace, repository)
|
||||
if permission.can():
|
||||
perm = model.get_team_reponame_permission(username, namespace, repository)
|
||||
org_member = OrganizationMemberPermission(namespace).can()
|
||||
return jsonify(role_view(perm, org_member))
|
||||
return jsonify(role_view(perm))
|
||||
|
||||
abort(403) # Permission denied
|
||||
|
||||
|
|
@ -832,8 +840,8 @@ def change_user_permissions(namespace, repository, username):
|
|||
logger.warning('User tried to remove themselves as admin.')
|
||||
abort(409)
|
||||
|
||||
org_member = OrganizationMemberPermission(namespace).can()
|
||||
resp = jsonify(role_view(perm, org_member))
|
||||
org_members = model.get_organization_member_set(namespace)
|
||||
resp = jsonify(role_view_org(perm, perm.user.username in org_members))
|
||||
if request.method == 'POST':
|
||||
resp.status_code = 201
|
||||
return resp
|
||||
|
|
@ -860,8 +868,7 @@ def change_team_permissions(namespace, repository, teamname):
|
|||
logger.warning('User tried to remove themselves as admin.')
|
||||
abort(409)
|
||||
|
||||
org_member = OrganizationMemberPermission(namespace).can()
|
||||
resp = jsonify(role_view(perm, org_member))
|
||||
resp = jsonify(role_view(perm))
|
||||
if request.method == 'POST':
|
||||
resp.status_code = 201
|
||||
return resp
|
||||
|
|
|
|||
Reference in a new issue