Fix the problem where a user's admin priviledges can be revoked with defaults.

2014-01-21 19:23:26 -05:00 · 2014-01-21 19:23:26 -05:00 · 489c900cfd
commit 489c900cfd
parent 56e0df0d58
1 changed files with 25 additions and 12 deletions
--- a/data/model.py
+++ b/data/model.py
@ -341,9 +341,11 @@ def list_federated_logins(user):
 def create_confirm_email_code(user, new_email=None):
  if new_email:
    if not validate_email(new_email):
-      raise InvalidEmailAddressException('Invalid email address: %s' % new_email)
+      raise InvalidEmailAddressException('Invalid email address: %s' %
+                                         new_email)

-  code = EmailConfirmation.create(user=user, email_confirm=True, new_email=new_email)
+  code = EmailConfirmation.create(user=user, email_confirm=True,
+                                  new_email=new_email)
  return code


@ -461,7 +463,8 @@ def get_matching_users(username_prefix, robot_namespace=None,

 def verify_user(username_or_email, password):
  try:
-    fetched = User.get((User.username == username_or_email) | (User.email == username_or_email))
+    fetched = User.get((User.username == username_or_email) |
+                       (User.email == username_or_email))
  except User.DoesNotExist:
    return None

@ -532,18 +535,24 @@ def get_user_teams_within_org(username, organization):
                      User.username == username)


-def get_visible_repository_count(username=None, include_public=True, sort=False, namespace=None):
-  return get_visible_repository_internal(username=username, include_public=include_public,
-                                         sort=sort, namespace=namespace, get_count=True)
+def get_visible_repository_count(username=None, include_public=True,
+                                 sort=False, namespace=None):
+  return get_visible_repository_internal(username=username,
+                                         include_public=include_public,
+                                         sort=sort, namespace=namespace,
+                                         get_count=True)

-def get_visible_repositories(username=None, include_public=True, page=None, limit=None,
-                             sort=False, namespace=None):
-  return get_visible_repository_internal(username=username, include_public=include_public, page=page,
-                                         limit=limit, sort=sort, namespace=namespace, get_count=False)
+def get_visible_repositories(username=None, include_public=True, page=None,
+                             limit=None, sort=False, namespace=None):
+  return get_visible_repository_internal(username=username,
+                                         include_public=include_public,
+                                         page=page, limit=limit, sort=sort,
+                                         namespace=namespace, get_count=False)


-def get_visible_repository_internal(username=None, include_public=True, limit=None, page=None,
-                             sort=False, namespace=None, get_count=False):
+def get_visible_repository_internal(username=None, include_public=True,
+                                    limit=None, page=None, sort=False,
+                                    namespace=None, get_count=False):
  if not username and not include_public:
    return []

@ -842,6 +851,10 @@ def create_repository(namespace, name, creating_user, visibility='private'):
                             PermissionPrototype.delegate_team >> None))

      def create_user_permission(user, repo, role):
+        # The creating user always gets admin anyway
+        if user.username == creating_user.username:
+          return
+
        RepositoryPermission.create(user=user, repository=repo, role=role)

      __apply_default_permissions(repo, user_protos, 'username',