Fix the problem where users in normal repos are marked as outside of the organization.
This commit is contained in:
parent
22dd031f91
commit
a1476b32ea
4 changed files with 57 additions and 24 deletions
|
@ -246,7 +246,7 @@ def get_matching_users(username_prefix, organization=None):
|
|||
if organization:
|
||||
self.is_org_member = (args[1] == organization.username)
|
||||
else:
|
||||
self.is_org_member = False
|
||||
self.is_org_member = None
|
||||
|
||||
|
||||
return (MatchingUserResult(*args) for args in query.tuples().limit(10))
|
||||
|
|
|
@ -229,12 +229,16 @@ def get_matching_entities(prefix):
|
|||
}
|
||||
|
||||
def user_view(user):
|
||||
return {
|
||||
user_json = {
|
||||
'name': user.username,
|
||||
'kind': 'user',
|
||||
'is_org_member': user.is_org_member,
|
||||
}
|
||||
|
||||
if user.is_org_member is not None:
|
||||
user_json['is_org_member'] = user.is_org_member
|
||||
|
||||
return user_json
|
||||
|
||||
team_data = [team_view(team) for team in teams]
|
||||
user_data = [user_view(user) for user in users]
|
||||
return jsonify({
|
||||
|
@ -704,18 +708,17 @@ def request_repo_build(namespace, repository):
|
|||
abort(403) # Permissions denied
|
||||
|
||||
|
||||
def role_view_org(repo_perm_obj, org_member):
|
||||
return {
|
||||
'role': repo_perm_obj.role.name,
|
||||
'is_org_member': org_member,
|
||||
}
|
||||
|
||||
def role_view(repo_perm_obj):
|
||||
return {
|
||||
'role': repo_perm_obj.role.name,
|
||||
}
|
||||
|
||||
|
||||
def wrap_role_view_org(role_json, org_member):
|
||||
role_json['is_org_member'] = org_member
|
||||
return role_json
|
||||
|
||||
|
||||
@app.route('/api/repository/<path:repository>/image/', methods=['GET'])
|
||||
@parse_repository_name
|
||||
def list_repository_images(namespace, repository):
|
||||
|
@ -817,16 +820,26 @@ def list_repo_team_permissions(namespace, repository):
|
|||
def list_repo_user_permissions(namespace, repository):
|
||||
permission = AdministerRepositoryPermission(namespace, repository)
|
||||
if permission.can():
|
||||
# Determine how to wrap the permissions
|
||||
role_view_func = role_view
|
||||
try:
|
||||
model.get_organization(namespace) # Will raise an error if not org
|
||||
org_members = model.get_organization_member_set(namespace)
|
||||
def wrapped_role_view(repo_perm):
|
||||
unwrapped = role_view(repo_perm)
|
||||
return wrap_role_view_org(unwrapped,
|
||||
repo_perm.user.username in org_members)
|
||||
|
||||
role_view_func = wrapped_role_view
|
||||
|
||||
except model.InvalidOrganizationException:
|
||||
# This repository isn't under an org
|
||||
pass
|
||||
|
||||
repo_perms = model.get_all_repo_users(namespace, repository)
|
||||
org_members = model.get_organization_member_set(namespace)
|
||||
|
||||
def process_perm(repo_perm):
|
||||
return (repo_perm.user.username,
|
||||
role_view_org(repo_perm,
|
||||
repo_perm.user.username in org_members))
|
||||
|
||||
return jsonify({
|
||||
'permissions': dict(process_perm(perm) for perm in repo_perms)
|
||||
'permissions': {perm.user.username: role_view_func(perm)
|
||||
for perm in repo_perms}
|
||||
})
|
||||
|
||||
abort(403) # Permission denied
|
||||
|
@ -842,8 +855,18 @@ def get_user_permissions(namespace, repository, username):
|
|||
permission = AdministerRepositoryPermission(namespace, repository)
|
||||
if permission.can():
|
||||
perm = model.get_user_reponame_permission(username, namespace, repository)
|
||||
org_members = model.get_organization_member_set(namespace)
|
||||
return jsonify(role_view_org(perm, perm.user.username in org_members))
|
||||
perm_view = role_view(perm)
|
||||
|
||||
try:
|
||||
model.get_organization(namespace)
|
||||
org_members = model.get_organization_member_set(namespace)
|
||||
perm_view = wrap_role_view_org(perm_view,
|
||||
perm.user.username in org_members)
|
||||
except model.InvalidOrganizationException:
|
||||
# This repository is not part of an organization
|
||||
pass
|
||||
|
||||
return jsonify(perm_view)
|
||||
|
||||
abort(403) # Permission denied
|
||||
|
||||
|
@ -882,8 +905,18 @@ def change_user_permissions(namespace, repository, username):
|
|||
logger.warning('User tried to remove themselves as admin.')
|
||||
abort(409)
|
||||
|
||||
org_members = model.get_organization_member_set(namespace)
|
||||
resp = jsonify(role_view_org(perm, perm.user.username in org_members))
|
||||
perm_view = role_view(perm)
|
||||
|
||||
try:
|
||||
model.get_organization(namespace)
|
||||
org_members = model.get_organization_member_set(namespace)
|
||||
perm_view = wrap_role_view_org(perm_view,
|
||||
perm.user.username in org_members)
|
||||
except model.InvalidOrganizationException:
|
||||
# This repository is not part of an organization
|
||||
pass
|
||||
|
||||
resp = jsonify(perm_view)
|
||||
if request.method == 'POST':
|
||||
resp.status_code = 201
|
||||
return resp
|
||||
|
|
|
@ -422,7 +422,7 @@ quayApp.directive('entitySearch', function () {
|
|||
}
|
||||
template += '<span class="name">' + datum.value + '</span>';
|
||||
|
||||
if (!datum.entity.is_org_member) {
|
||||
if (datum.entity.is_org_member !== undefined && !datum.entity.is_org_member) {
|
||||
template += '<div class="alert-warning warning">This user is outside your organization</div>';
|
||||
}
|
||||
|
||||
|
|
|
@ -54,10 +54,10 @@
|
|||
|
||||
<!-- User Permissions -->
|
||||
<tr ng-repeat="(name, permission) in permissions['user']">
|
||||
<td class="{{ 'user entity ' + (permission.is_org_member ? '' : 'outside') }}">
|
||||
<td class="{{ 'user entity ' + (permission.is_org_member? '' : 'outside') }}">
|
||||
<i class="fa fa-user"></i>
|
||||
<span>{{name}}</span>
|
||||
<i class="fa fa-exclamation-triangle" ng-show="!permission.is_org_member" data-trigger="hover" bs-popover="{'content': 'This user is not a member of the organization'}"></i>
|
||||
<i class="fa fa-exclamation-triangle" ng-show="permission.is_org_member !== undefined && !permission.is_org_member" data-trigger="hover" bs-popover="{'content': 'This user is not a member of the organization'}"></i>
|
||||
</td>
|
||||
<td class="user-permissions">
|
||||
<div class="btn-group btn-group-sm">
|
||||
|
|
Reference in a new issue