Fix the problem where users in normal repos are marked as outside of the organization.

data/model.py

@@ -246,7 +246,7 @@ def get_matching_users(username_prefix, organization=None):
       if organization:
         self.is_org_member = (args[1] == organization.username)
       else:
-        self.is_org_member = False
+        self.is_org_member = None
 
 
   return (MatchingUserResult(*args) for args in query.tuples().limit(10))

endpoints/api.py

@@ -229,12 +229,16 @@ def get_matching_entities(prefix):
     }
 
   def user_view(user):
-    return {
+    user_json = {
       'name': user.username,
       'kind': 'user',
-      'is_org_member': user.is_org_member,
     }
 
+    if user.is_org_member is not None:
+      user_json['is_org_member'] = user.is_org_member
+
+    return user_json
+
   team_data = [team_view(team) for team in teams]
   user_data = [user_view(user) for user in users]
   return jsonify({
@@ -704,18 +708,17 @@ def request_repo_build(namespace, repository):
   abort(403)  # Permissions denied
 
 
-def role_view_org(repo_perm_obj, org_member):
-  return {
-    'role': repo_perm_obj.role.name,
-    'is_org_member': org_member,
-  }
-
 def role_view(repo_perm_obj):
   return {
     'role': repo_perm_obj.role.name,
   }
 
 
+def wrap_role_view_org(role_json, org_member):
+  role_json['is_org_member'] = org_member
+  return role_json
+
+
 @app.route('/api/repository/<path:repository>/image/', methods=['GET'])
 @parse_repository_name
 def list_repository_images(namespace, repository):
@@ -817,16 +820,26 @@ def list_repo_team_permissions(namespace, repository):
 def list_repo_user_permissions(namespace, repository):
   permission = AdministerRepositoryPermission(namespace, repository)
   if permission.can():
+    # Determine how to wrap the permissions
+    role_view_func = role_view
+    try:
+      model.get_organization(namespace)  # Will raise an error if not org
+      org_members = model.get_organization_member_set(namespace)
+      def wrapped_role_view(repo_perm):
+        unwrapped = role_view(repo_perm)
+        return wrap_role_view_org(unwrapped,
+                                  repo_perm.user.username in org_members)
+
+      role_view_func = wrapped_role_view
+
+    except model.InvalidOrganizationException:
+      # This repository isn't under an org
+      pass
+
     repo_perms = model.get_all_repo_users(namespace, repository)
-    org_members = model.get_organization_member_set(namespace)
-
-    def process_perm(repo_perm):
-      return (repo_perm.user.username,
-              role_view_org(repo_perm,
-                            repo_perm.user.username in org_members))
-
     return jsonify({
-      'permissions': dict(process_perm(perm) for perm in repo_perms)
+      'permissions': {perm.user.username: role_view_func(perm)
+                      for perm in repo_perms}
     })
 
   abort(403)  # Permission denied
@@ -842,8 +855,18 @@ def get_user_permissions(namespace, repository, username):
   permission = AdministerRepositoryPermission(namespace, repository)
   if permission.can():
     perm = model.get_user_reponame_permission(username, namespace, repository)
-    org_members = model.get_organization_member_set(namespace)
+    perm_view = role_view(perm)
-    return jsonify(role_view_org(perm, perm.user.username in org_members))
+
+    try:
+      model.get_organization(namespace)
+      org_members = model.get_organization_member_set(namespace)
+      perm_view = wrap_role_view_org(perm_view,
+                                     perm.user.username in org_members)
+    except model.InvalidOrganizationException:
+      # This repository is not part of an organization
+      pass
+
+    return jsonify(perm_view)
 
   abort(403)  # Permission denied
 
@@ -882,8 +905,18 @@ def change_user_permissions(namespace, repository, username):
       logger.warning('User tried to remove themselves as admin.')
       abort(409)
 
-    org_members = model.get_organization_member_set(namespace)
+    perm_view = role_view(perm)
-    resp = jsonify(role_view_org(perm, perm.user.username in org_members))
+
+    try:
+      model.get_organization(namespace)
+      org_members = model.get_organization_member_set(namespace)
+      perm_view = wrap_role_view_org(perm_view,
+                                     perm.user.username in org_members)
+    except model.InvalidOrganizationException:
+      # This repository is not part of an organization
+      pass
+
+    resp = jsonify(perm_view)
     if request.method == 'POST':
       resp.status_code = 201
     return resp

static/js/app.js

@@ -422,7 +422,7 @@ quayApp.directive('entitySearch', function () {
           }
           template += '<span class="name">' + datum.value + '</span>';
 
-          if (!datum.entity.is_org_member) {
+          if (datum.entity.is_org_member !== undefined && !datum.entity.is_org_member) {
             template += '<div class="alert-warning warning">This user is outside your organization</div>';
           }
 

static/partials/repo-admin.html

@@ -54,10 +54,10 @@
         
         <!-- User Permissions -->
         <tr ng-repeat="(name, permission) in permissions['user']">
-          <td class="{{ 'user entity ' + (permission.is_org_member ? '' : 'outside') }}">
+          <td class="{{ 'user entity ' + (permission.is_org_member? '' : 'outside') }}">
             <i class="fa fa-user"></i> 
             <span>{{name}}</span>
-            <i class="fa fa-exclamation-triangle" ng-show="!permission.is_org_member" data-trigger="hover" bs-popover="{'content': 'This user is not a member of the organization'}"></i>
+            <i class="fa fa-exclamation-triangle" ng-show="permission.is_org_member !== undefined && !permission.is_org_member" data-trigger="hover" bs-popover="{'content': 'This user is not a member of the organization'}"></i>
           </td>
           <td class="user-permissions">
             <div class="btn-group btn-group-sm">