Add a secondary tab to Teams for managing org members
Also adds the ability to completely remove a user from an organization (repo permissions and teams), in a single click Fixes #212
This commit is contained in:
Joseph Schorr
parent
cb238f8764
commit
3a59c99b08
8 changed files with 373 additions and 105 deletions
|
|
@ -414,6 +414,28 @@ def convert_user_to_organization(user, admin_user):
|
|||
return user
|
||||
|
||||
|
||||
def remove_organization_member(org, user):
|
||||
org_admins = [u.username for u in __get_org_admin_users(org)]
|
||||
if len(org_admins) == 1 and user.username in org_admins:
|
||||
raise DataModelException('Cannot remove user as they are the only organization admin')
|
||||
|
||||
with config.app_config['DB_TRANSACTION_FACTORY'](db):
|
||||
# Find and remove the user from any repositorys under the org.
|
||||
permissions = (RepositoryPermission.select(RepositoryPermission.id)
|
||||
.join(Repository)
|
||||
.where(Repository.namespace_user == org,
|
||||
RepositoryPermission.user == user))
|
||||
|
||||
RepositoryPermission.delete().where(RepositoryPermission.id << permissions).execute()
|
||||
|
||||
# Find and remove the user from any teams under the org.
|
||||
members = (TeamMember.select(TeamMember.id)
|
||||
.join(Team)
|
||||
.where(Team.organization == org, TeamMember.user == user))
|
||||
|
||||
TeamMember.delete().where(TeamMember.id << members).execute()
|
||||
|
||||
|
||||
def create_team(name, org, team_role_name, description=''):
|
||||
(username_valid, username_issue) = validate_username(name)
|
||||
if not username_valid:
|
||||
|
|
@ -428,6 +450,15 @@ def create_team(name, org, team_role_name, description=''):
|
|||
description=description)
|
||||
|
||||
|
||||
def __get_org_admin_users(org):
|
||||
return (User.select()
|
||||
.join(TeamMember)
|
||||
.join(Team)
|
||||
.join(TeamRole)
|
||||
.where(Team.organization == org, TeamRole.name == 'admin', User.robot == False)
|
||||
.distinct())
|
||||
|
||||
|
||||
def __get_user_admin_teams(org_name, teamname, username):
|
||||
Org = User.alias()
|
||||
user_teams = Team.select().join(TeamMember).join(User)
|
||||
|
|
@ -877,6 +908,23 @@ def verify_user(username_or_email, password):
|
|||
# We weren't able to authorize the user
|
||||
return None
|
||||
|
||||
def list_organization_member_permissions(organization):
|
||||
query = (RepositoryPermission.select(RepositoryPermission, Repository, User)
|
||||
.join(Repository)
|
||||
.switch(RepositoryPermission)
|
||||
.join(User)
|
||||
.where(Repository.namespace_user == organization)
|
||||
.where(User.robot == False))
|
||||
return query
|
||||
|
||||
|
||||
def list_organization_members_by_teams(organization):
|
||||
query = (TeamMember.select(Team, User)
|
||||
.annotate(Team)
|
||||
.annotate(User)
|
||||
.where(Team.organization == organization))
|
||||
return query
|
||||
|
||||
|
||||
def get_user_organizations(username):
|
||||
UserAlias = User.alias()
|
||||
|
|
@ -905,14 +953,6 @@ def get_organization_team(orgname, teamname):
|
|||
|
||||
return result[0]
|
||||
|
||||
|
||||
def get_organization_members_with_teams(organization, membername = None):
|
||||
joined = TeamMember.select().annotate(Team).annotate(User)
|
||||
query = joined.where(Team.organization == organization)
|
||||
if membername:
|
||||
query = query.where(User.username == membername)
|
||||
return query
|
||||
|
||||
def get_organization_team_members(teamid):
|
||||
joined = User.select().join(TeamMember).join(Team)
|
||||
query = joined.where(Team.id == teamid)
|
||||
|
|
|
|||
Reference in a new issue