From c604dbd0f69be59b4d6fa246b86555617c0c8931 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Thu, 14 Apr 2016 17:39:45 -0400 Subject: [PATCH 1/2] Fix permissions when converting a user to an org Fixes #1366 --- data/model/organization.py | 31 +++++++++++++--------- static/directives/convert-user-to-org.html | 20 ++++++++------ test/test_api_usage.py | 14 ++++++++++ 3 files changed, 45 insertions(+), 20 deletions(-) diff --git a/data/model/organization.py b/data/model/organization.py index e83c6907e..a63b020cc 100644 --- a/data/model/organization.py +++ b/data/model/organization.py @@ -35,23 +35,30 @@ def get_organization(name): def convert_user_to_organization(user_obj, admin_user): - # Change the user to an organization. - user_obj.organization = True + if user_obj.robot: + raise DataModelException('Cannot convert a robot into an organization') - # disable this account for login. - user_obj.password_hash = None - user_obj.save() + with db_transaction(): + # Change the user to an organization and disable this account for login. + user_obj.organization = True + user_obj.password_hash = None + user_obj.save() - # Clear any federated auth pointing to this user - FederatedLogin.delete().where(FederatedLogin.user == user_obj).execute() + # Clear any federated auth pointing to this user. + FederatedLogin.delete().where(FederatedLogin.user == user_obj).execute() - # Create a team for the owners - owners_team = team.create_team('owners', user_obj, 'admin') + # Delete any user-specific permissions on repositories. + (RepositoryPermission.delete() + .where(RepositoryPermission.user == user_obj) + .execute()) - # Add the user who will admin the org to the owners team - team.add_user_to_team(admin_user, owners_team) + # Create a team for the owners + owners_team = team.create_team('owners', user_obj, 'admin') - return user_obj + # Add the user who will admin the org to the owners team + team.add_user_to_team(admin_user, owners_team) + + return user_obj def get_user_organizations(username): diff --git a/static/directives/convert-user-to-org.html b/static/directives/convert-user-to-org.html index 4ba2d356a..17de3c008 100644 --- a/static/directives/convert-user-to-org.html +++ b/static/directives/convert-user-to-org.html @@ -1,15 +1,19 @@
-
-
-
- Cannot convert this account into an organization, as it is a member of {{user.organizations.length}} other - organization{{user.organizations.length > 1 ? 's' : ''}}. Please leave - {{user.organizations.length > 1 ? 'those organizations' : 'that organization'}} first. -
+
+
+ Cannot convert this account into an organization, as it is a member of {{user.organizations.length}} other + organization{{user.organizations.length > 1 ? 's' : ''}}. Please leave + {{user.organizations.length > 1 ? 'those organizations' : 'that organization'}} first. + +
    +
  • + {{ org.name }} +
    • +
-
+
Note: Converting a user account into an organization cannot be undone
diff --git a/test/test_api_usage.py b/test/test_api_usage.py index 66e24df22..7f6e69c7c 100644 --- a/test/test_api_usage.py +++ b/test/test_api_usage.py @@ -417,6 +417,15 @@ class TestConvertToOrganization(ApiTestCase): def test_convert(self): self.login(READ_ACCESS_USER) + + # Add at least one permission for the read-user. + read_user = model.user.get_user(READ_ACCESS_USER) + simple_repo = model.repository.get_repository(ADMIN_ACCESS_USER, 'simple') + read_role = database.Role.get(name='read') + + database.RepositoryPermission.create(user=read_user, repository=simple_repo, role=read_role) + + # Convert the read user into an organization. json = self.postJsonResponse(ConvertToOrganization, data={'adminUser': ADMIN_ACCESS_USER, 'adminPassword': 'password', @@ -436,6 +445,11 @@ class TestConvertToOrganization(ApiTestCase): self.assertEquals(READ_ACCESS_USER, json['name']) self.assertEquals(True, json['is_admin']) + # Verify the now-org has no permissions. + count = (database.RepositoryPermission.select() + .where(database.RepositoryPermission.user == organization) + .count()) + self.assertEquals(0, count) def test_convert_via_email(self): self.login(READ_ACCESS_USER) From 74cbe2ebb123e5756adf9f30216edb78504d80a9 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Fri, 15 Apr 2016 15:13:22 -0400 Subject: [PATCH 2/2] Cleanup the convert user UI a bit --- .../css/directives/ui/convert-user-to-org.css | 46 ++++++++++++-- static/css/directives/ui/plans-table.css | 30 +++++++++ static/css/quay.css | 28 --------- static/directives/convert-user-to-org.html | 62 +++++++++++-------- static/js/services/api-service.js | 2 +- 5 files changed, 106 insertions(+), 62 deletions(-) create mode 100644 static/css/directives/ui/plans-table.css diff --git a/static/css/directives/ui/convert-user-to-org.css b/static/css/directives/ui/convert-user-to-org.css index c0cf59336..eefa6c44a 100644 --- a/static/css/directives/ui/convert-user-to-org.css +++ b/static/css/directives/ui/convert-user-to-org.css @@ -1,9 +1,14 @@ +.convert-user-to-org-element { + padding: 10px; +} + .convert-user-to-org .convert-form h3 { margin-bottom: 20px; } .convert-user-to-org #convertForm { max-width: 700px; + margin-top: 20px; } .convert-user-to-org #convertForm .form-group { @@ -12,24 +17,53 @@ .convert-user-to-org #convertForm input { margin-bottom: 10px; - margin-left: 20px; } .convert-user-to-org #convertForm .existing-data { + display: block; font-size: 16px; font-weight: bold; } +.convert-user-to-org #convertForm .existing-data .avatar { + margin-right: 4px; +} + +.convert-user-to-org #convertForm .existing-data .username { + vertical-align: middle; +} + + .convert-user-to-org #convertForm .description { margin-top: 10px; display: block; color: #888; font-size: 12px; - margin-left: 20px; } -.convert-user-to-org #convertForm .existing-data { - display: block; - padding-left: 20px; - margin-top: 10px; +.convert-user-to-org .org-list { + list-style: none; } + +.convert-user-to-org .org-list li { + margin-top: 4px; +} + +.convert-user-to-org .org-list li a { + vertical-align: middle; + margin-left: 6px; +} + +.convert-user-to-org .fa-arrow-circle-right { + margin-left: 6px; +} + +.convert-user-to-org .form-group-content { + padding-left: 10px; + padding-top: 10px; +} + + +.convert-user-to-org .form-group-content .co-table { + margin: 0px; +} \ No newline at end of file diff --git a/static/css/directives/ui/plans-table.css b/static/css/directives/ui/plans-table.css new file mode 100644 index 000000000..434c3bb68 --- /dev/null +++ b/static/css/directives/ui/plans-table.css @@ -0,0 +1,30 @@ +.plans-table-element table { + margin: 20px; + border: 1px solid #eee; +} + +.plans-table-element thead td { + padding-top: 10px !important; +} + +.plans-table-element td { + vertical-align: middle !important; +} + +.plans-table-element .plan-price { + font-size: 16px; +} + +.plans-table ul { + margin-top: 10px; + padding: 0px; +} + +.plans-table ul li { + padding: 4px; + margin: 0px; +} + +.plans-table ul li .plan-info { + padding: 4px; +} \ No newline at end of file diff --git a/static/css/quay.css b/static/css/quay.css index e2938b286..ffd627e63 100644 --- a/static/css/quay.css +++ b/static/css/quay.css @@ -2819,34 +2819,6 @@ p.editable:hover i { margin-bottom: 20px; } -.plans-table-element table { - margin: 20px; - border: 1px solid #eee; -} - -.plans-table-element td { - vertical-align: middle !important; -} - -.plans-table-element .plan-price { - font-size: 16px; -} - -.plans-table ul { - margin-top: 10px; - padding: 0px; -} - -.plans-table ul li { - padding: 4px; - margin: 0px; -} - -.plans-table ul li .plan-info { - padding: 4px; -} - - .repo-breadcrumb-element .crumb { cursor: pointer; } diff --git a/static/directives/convert-user-to-org.html b/static/directives/convert-user-to-org.html index 17de3c008..774260822 100644 --- a/static/directives/convert-user-to-org.html +++ b/static/directives/convert-user-to-org.html @@ -3,53 +3,61 @@
Cannot convert this account into an organization, as it is a member of {{user.organizations.length}} other - organization{{user.organizations.length > 1 ? 's' : ''}}. Please leave - {{user.organizations.length > 1 ? 'those organizations' : 'that organization'}} first. - -
    + organization{{user.organizations.length > 1 ? 's' : ''}}. +

    + Please leave the following organizations first: +
-
- Note: Converting a user account into an organization cannot be undone -
- - +
+ Fill out the form below to convert your current user account into an organization. Your existing repositories will be maintained under the + namespace. All direct permissions delegated to {{ user.username }} will be deleted. +
-
- - {{ user.username }}
- This will continue to be the namespace for your repositories +
+
+ + {{ user.username }} +
+ This will continue to be the namespace for your repositories +
- - - - The username and password for the account that will become an administrator of the organization. - Note that this account must be a separate registered account from the account that you are - trying to convert, and must already exist. - +
+ + + + The username and password for the account that will become an administrator of the organization. + Note that this account must be a separate registered account from the account that you are + trying to convert, and must already exist. + +
-
+
+
+ The billing plan for the new organization. If private repositories are unneeded, select "Open Source". +
@@ -64,7 +72,7 @@