From 22dd031f9139f4e685c62ad21d6725daa48f56b7 Mon Sep 17 00:00:00 2001
From: yackob03 <jacob.moshenko@gmail.com>
Date: Tue, 5 Nov 2013 17:09:50 -0500
Subject: [PATCH 1/2] Add a user called freshuser that doesn't belong to
 anything.

---
 initdb.py         |   4 ++++
 test/data/test.db | Bin 96256 -> 96256 bytes
 2 files changed, 4 insertions(+)

diff --git a/initdb.py b/initdb.py
index 6acb613f2..1c8fa9e26 100644
--- a/initdb.py
+++ b/initdb.py
@@ -115,6 +115,10 @@ if __name__ == '__main__':
     new_user_2.verified = True
     new_user_2.save()
 
+    new_user_3 = model.create_user('freshuser', 'password', 'no@thanks.com')
+    new_user_3.verified = True
+    new_user_3.save()
+
     __generate_repository(new_user_1, 'simple', 'Simple repository.', False,
                           [], (4, [], ['latest', 'prod']))
 
diff --git a/test/data/test.db b/test/data/test.db
index a7088591b06e12fe09675f27ee2f6952d4b9ed3c..73072ab0e2d69bef23da4eaeb0698fff989720ce 100644
GIT binary patch
delta 655
zcmbu*%}>*C7zglQ`~0S>B8CJFC<#WFa4>Z3X1A5az`7S$%DNY}$;LtU-m=n-b#HhP
z{sT?VTm=6Bw=BlU#fujXo(<uSi6n%W7!woi62i%wm*@1!_xn80&bejh-16!^A-<mS
z6XLt|1NR6f2MG4SLmrcZ{uq8sk~VCNdu=b*fI`!|mKh3J%Z-vQxAaoO=E&Jthpk&y
zvgJD8?lM~3A=jO8)^Be`gIkps9;L39)lPm>=Q}NTpefdq37=Eq+RIy7ZJ{aWw5m=Q
zYMTX;LX*3er)GG)l~<L*WwOwqldJhuI8b}s(bA>G4OMBnlTn}KdZKRo)NDYmE6?<>
z=!q{@tE$$iXtbPf8DGQ+W6yh!YloJ!mAt^%!}+G3$hf-ph7zZBL3idhVwIv?Vl!Ng
zZrGQK9(y~T(F3ZI*fzd<Cq^(FA@~7Da17tfH+%%+>-_Ced<&+DtLu%^`6&~gA@~hH
z;R4P~cmj_wPz1(cC15y604sF^A@nbZh7b)Q8bWjl_mNqA3LjwKOf<k4h<8Tu7|ak?
zKkI)M?~W7LIC=h%z`gZfa2=Bv2nzR#7v`GeO*~0ZwT@P5=(yKB@UQU!kx7Rmq7+*R
z_+5-Em6C)|l9#f}u~;_f7bG9cr+q@g?c}l{(HUhDg0#wnB59YOj|l1DH3!2wXIXZZ
e;U2K=IfkEe@HEGA4u<dldH)F({<q-G;o)E22)up(

delta 511
zcmZqpz}oPEb%Hdb=R_H2M$e52OU${LnS~gb=Q3L`3vCu;VPR%cVV=C*O2s#siIYLH
zk=2%yfuo=_DJL^o#VAq5&`8BEq$J8RJK53F(%Zzv$-FSkJvhChv@oh9+rr;RU(eFW
zup}`hz*{dRD=#rAH?Yb@uf)G_@_BEG$#boxOp_{t^pc|dQX?V)eZ8|Y3-cX4{ftvf
z0}>rAO;bw3QeBh$yd#~=QUmq%3{9Q#Q+$ox@(U-wv6cWj^CkoH7v`JHFM-ZH%{=+E
zJ^$nv_A)^6PYld|n7=cB0*XIjmSJJ$WMpPx=3r!EX6E4JVqjpvRKWmJ!2nXh09CP-
zf%!D^3+AmrGnO+?UhFNp`INVi2qW|4yYWhl%$pK^GP5%?u`n}oGH*)x#Lvgf#LXhf
z$eCZBms(WJys2b~b99J>iNAS}pOLqRtAU}Xw~L3RpOLYfMP!7JXP||Dcu<ggu)B+^
zTX0CAkBPs3WVnU9i;JH{m`MoGi!NTiMr=j~hQ_*vhPnnO3WjD@re;<qMta7^rY6P)
RoBwY=$m~F=1&j9V0RWk|j&lG2


From a1476b32eac8b2f4242d1a444e628d7bf33e1c99 Mon Sep 17 00:00:00 2001
From: yackob03 <jacob.moshenko@gmail.com>
Date: Tue, 5 Nov 2013 17:10:14 -0500
Subject: [PATCH 2/2] Fix the problem where users in normal repos are marked as
 outside of the organization.

---
 data/model.py                   |  2 +-
 endpoints/api.py                | 73 ++++++++++++++++++++++++---------
 static/js/app.js                |  2 +-
 static/partials/repo-admin.html |  4 +-
 4 files changed, 57 insertions(+), 24 deletions(-)

diff --git a/data/model.py b/data/model.py
index a10a560fc..2e0a9241f 100644
--- a/data/model.py
+++ b/data/model.py
@@ -246,7 +246,7 @@ def get_matching_users(username_prefix, organization=None):
       if organization:
         self.is_org_member = (args[1] == organization.username)
       else:
-        self.is_org_member = False
+        self.is_org_member = None
 
 
   return (MatchingUserResult(*args) for args in query.tuples().limit(10))
diff --git a/endpoints/api.py b/endpoints/api.py
index b5db0d544..807720b1a 100644
--- a/endpoints/api.py
+++ b/endpoints/api.py
@@ -229,12 +229,16 @@ def get_matching_entities(prefix):
     }
 
   def user_view(user):
-    return {
+    user_json = {
       'name': user.username,
       'kind': 'user',
-      'is_org_member': user.is_org_member,
     }
 
+    if user.is_org_member is not None:
+      user_json['is_org_member'] = user.is_org_member
+
+    return user_json
+
   team_data = [team_view(team) for team in teams]
   user_data = [user_view(user) for user in users]
   return jsonify({
@@ -704,18 +708,17 @@ def request_repo_build(namespace, repository):
   abort(403)  # Permissions denied
 
 
-def role_view_org(repo_perm_obj, org_member):
-  return {
-    'role': repo_perm_obj.role.name,
-    'is_org_member': org_member,
-  }
-
 def role_view(repo_perm_obj):
   return {
     'role': repo_perm_obj.role.name,
   }
 
 
+def wrap_role_view_org(role_json, org_member):
+  role_json['is_org_member'] = org_member
+  return role_json
+
+
 @app.route('/api/repository/<path:repository>/image/', methods=['GET'])
 @parse_repository_name
 def list_repository_images(namespace, repository):
@@ -817,16 +820,26 @@ def list_repo_team_permissions(namespace, repository):
 def list_repo_user_permissions(namespace, repository):
   permission = AdministerRepositoryPermission(namespace, repository)
   if permission.can():
+    # Determine how to wrap the permissions
+    role_view_func = role_view
+    try:
+      model.get_organization(namespace)  # Will raise an error if not org
+      org_members = model.get_organization_member_set(namespace)
+      def wrapped_role_view(repo_perm):
+        unwrapped = role_view(repo_perm)
+        return wrap_role_view_org(unwrapped,
+                                  repo_perm.user.username in org_members)
+
+      role_view_func = wrapped_role_view
+
+    except model.InvalidOrganizationException:
+      # This repository isn't under an org
+      pass
+
     repo_perms = model.get_all_repo_users(namespace, repository)
-    org_members = model.get_organization_member_set(namespace)
-
-    def process_perm(repo_perm):
-      return (repo_perm.user.username,
-              role_view_org(repo_perm,
-                            repo_perm.user.username in org_members))
-
     return jsonify({
-      'permissions': dict(process_perm(perm) for perm in repo_perms)
+      'permissions': {perm.user.username: role_view_func(perm)
+                      for perm in repo_perms}
     })
 
   abort(403)  # Permission denied
@@ -842,8 +855,18 @@ def get_user_permissions(namespace, repository, username):
   permission = AdministerRepositoryPermission(namespace, repository)
   if permission.can():
     perm = model.get_user_reponame_permission(username, namespace, repository)
-    org_members = model.get_organization_member_set(namespace)
-    return jsonify(role_view_org(perm, perm.user.username in org_members))
+    perm_view = role_view(perm)
+
+    try:
+      model.get_organization(namespace)
+      org_members = model.get_organization_member_set(namespace)
+      perm_view = wrap_role_view_org(perm_view,
+                                     perm.user.username in org_members)
+    except model.InvalidOrganizationException:
+      # This repository is not part of an organization
+      pass
+
+    return jsonify(perm_view)
 
   abort(403)  # Permission denied
 
@@ -882,8 +905,18 @@ def change_user_permissions(namespace, repository, username):
       logger.warning('User tried to remove themselves as admin.')
       abort(409)
 
-    org_members = model.get_organization_member_set(namespace)
-    resp = jsonify(role_view_org(perm, perm.user.username in org_members))
+    perm_view = role_view(perm)
+
+    try:
+      model.get_organization(namespace)
+      org_members = model.get_organization_member_set(namespace)
+      perm_view = wrap_role_view_org(perm_view,
+                                     perm.user.username in org_members)
+    except model.InvalidOrganizationException:
+      # This repository is not part of an organization
+      pass
+
+    resp = jsonify(perm_view)
     if request.method == 'POST':
       resp.status_code = 201
     return resp
diff --git a/static/js/app.js b/static/js/app.js
index a45a627b9..db3406836 100644
--- a/static/js/app.js
+++ b/static/js/app.js
@@ -422,7 +422,7 @@ quayApp.directive('entitySearch', function () {
           }
           template += '<span class="name">' + datum.value + '</span>';
 
-          if (!datum.entity.is_org_member) {
+          if (datum.entity.is_org_member !== undefined && !datum.entity.is_org_member) {
             template += '<div class="alert-warning warning">This user is outside your organization</div>';
           }
 
diff --git a/static/partials/repo-admin.html b/static/partials/repo-admin.html
index 94d431155..c23e01121 100644
--- a/static/partials/repo-admin.html
+++ b/static/partials/repo-admin.html
@@ -54,10 +54,10 @@
         
         <!-- User Permissions -->
         <tr ng-repeat="(name, permission) in permissions['user']">
-          <td class="{{ 'user entity ' + (permission.is_org_member ? '' : 'outside') }}">
+          <td class="{{ 'user entity ' + (permission.is_org_member? '' : 'outside') }}">
             <i class="fa fa-user"></i> 
             <span>{{name}}</span>
-            <i class="fa fa-exclamation-triangle" ng-show="!permission.is_org_member" data-trigger="hover" bs-popover="{'content': 'This user is not a member of the organization'}"></i>
+            <i class="fa fa-exclamation-triangle" ng-show="permission.is_org_member !== undefined && !permission.is_org_member" data-trigger="hover" bs-popover="{'content': 'This user is not a member of the organization'}"></i>
           </td>
           <td class="user-permissions">
             <div class="btn-group btn-group-sm">