vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix the problem where a user's admin priviledges can be revoked with defaults.

Browse source
This commit is contained in:
yackob03 2014-01-21 19:23:26 -05:00
parent 56e0df0d58
commit 489c900cfd
1 changed files with 25 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
data/model.py
View file

@ -341,9 +341,11 @@ def list_federated_logins(user):
def create_confirm_email_code(user, new_email=None): def create_confirm_email_code(user, new_email=None):
if new_email: if new_email:
if not validate_email(new_email): if not validate_email(new_email):
raise InvalidEmailAddressException('Invalid email address: %s' % new_email) raise InvalidEmailAddressException('Invalid email address: %s' %
new_email)
code = EmailConfirmation.create(user=user, email_confirm=True, new_email=new_email) code = EmailConfirmation.create(user=user, email_confirm=True,
new_email=new_email)
return code return code
@ -461,7 +463,8 @@ def get_matching_users(username_prefix, robot_namespace=None,
def verify_user(username_or_email, password): def verify_user(username_or_email, password):
try: try:
fetched = User.get((User.username == username_or_email) | (User.email == username_or_email)) fetched = User.get((User.username == username_or_email) |
(User.email == username_or_email))
except User.DoesNotExist: except User.DoesNotExist:
return None return None
@ -532,18 +535,24 @@ def get_user_teams_within_org(username, organization):
User.username == username) User.username == username)
def get_visible_repository_count(username=None, include_public=True, sort=False, namespace=None): def get_visible_repository_count(username=None, include_public=True,
return get_visible_repository_internal(username=username, include_public=include_public, sort=False, namespace=None):
sort=sort, namespace=namespace, get_count=True) return get_visible_repository_internal(username=username,
include_public=include_public,
sort=sort, namespace=namespace,
get_count=True)
def get_visible_repositories(username=None, include_public=True, page=None, limit=None, def get_visible_repositories(username=None, include_public=True, page=None,
sort=False, namespace=None): limit=None, sort=False, namespace=None):
return get_visible_repository_internal(username=username, include_public=include_public, page=page, return get_visible_repository_internal(username=username,
limit=limit, sort=sort, namespace=namespace, get_count=False) include_public=include_public,
page=page, limit=limit, sort=sort,
namespace=namespace, get_count=False)
def get_visible_repository_internal(username=None, include_public=True, limit=None, page=None, def get_visible_repository_internal(username=None, include_public=True,
sort=False, namespace=None, get_count=False): limit=None, page=None, sort=False,
namespace=None, get_count=False):
if not username and not include_public: if not username and not include_public:
return [] return []
@ -842,6 +851,10 @@ def create_repository(namespace, name, creating_user, visibility='private'):
PermissionPrototype.delegate_team >> None)) PermissionPrototype.delegate_team >> None))
def create_user_permission(user, repo, role): def create_user_permission(user, repo, role):
# The creating user always gets admin anyway
if user.username == creating_user.username:
return
RepositoryPermission.create(user=user, repository=repo, role=role) RepositoryPermission.create(user=user, repository=repo, role=role)
__apply_default_permissions(repo, user_protos, 'username', __apply_default_permissions(repo, user_protos, 'username',