vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix permissions when converting a user to an org

Browse source 
Fixes #1366
This commit is contained in:
Joseph Schorr 2016-04-14 17:39:45 -04:00
parent a65012a71e
commit c604dbd0f6
3 changed files with 45 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
data/model/organization.py
View file

@ -35,23 +35,30 @@ def get_organization(name):
def convert_user_to_organization(user_obj, admin_user):
# Change the user to an organization.
user_obj.organization = True
if user_obj.robot:
raise DataModelException('Cannot convert a robot into an organization')
# disable this account for login.
user_obj.password_hash = None
user_obj.save()
with db_transaction():
# Change the user to an organization and disable this account for login.
user_obj.organization = True
user_obj.password_hash = None
user_obj.save()
# Clear any federated auth pointing to this user
FederatedLogin.delete().where(FederatedLogin.user == user_obj).execute()
# Clear any federated auth pointing to this user.
FederatedLogin.delete().where(FederatedLogin.user == user_obj).execute()
# Create a team for the owners
owners_team = team.create_team('owners', user_obj, 'admin')
# Delete any user-specific permissions on repositories.
(RepositoryPermission.delete()
.where(RepositoryPermission.user == user_obj)
.execute())
# Add the user who will admin the org to the owners team
team.add_user_to_team(admin_user, owners_team)
# Create a team for the owners
owners_team = team.create_team('owners', user_obj, 'admin')
return user_obj
# Add the user who will admin the org to the owners team
team.add_user_to_team(admin_user, owners_team)
return user_obj
def get_user_organizations(username):

20
static/directives/convert-user-to-org.html
View file

@ -1,15 +1,19 @@
<div class="convert-user-to-org-element">
<!-- Step 0 -->
<div class="panel" ng-show="convertStep == 0">
<div class="panel-body" ng-show="user.organizations.length > 0">
<div class="co-alert co-alert-info">
Cannot convert this account into an organization, as it is a member of {{user.organizations.length}} other
organization{{user.organizations.length > 1 ? 's' : ''}}. Please leave
{{user.organizations.length > 1 ? 'those organizations' : 'that organization'}} first.
</div>
<div ng-show="convertStep == 0">
<div ng-show="user.organizations.length > 0">
Cannot convert this account into an organization, as it is a member of {{user.organizations.length}} other
organization{{user.organizations.length > 1 ? 's' : ''}}. Please leave
{{user.organizations.length > 1 ? 'those organizations' : 'that organization'}} first.
<ul>
<li ng-repeat="org in user.organizations">
{{ org.name }}
</li>
</ul>
</div>
<div class="panel-body" ng-show="user.organizations.length == 0">
<div ng-show="user.organizations.length == 0">
<div class="co-alert co-alert-warning">
Note: Converting a user account into an organization <b>cannot be undone</b>
</div>

14
test/test_api_usage.py
View file

@ -417,6 +417,15 @@ class TestConvertToOrganization(ApiTestCase):
def test_convert(self):
self.login(READ_ACCESS_USER)
# Add at least one permission for the read-user.
read_user = model.user.get_user(READ_ACCESS_USER)
simple_repo = model.repository.get_repository(ADMIN_ACCESS_USER, 'simple')
read_role = database.Role.get(name='read')
database.RepositoryPermission.create(user=read_user, repository=simple_repo, role=read_role)
# Convert the read user into an organization.
json = self.postJsonResponse(ConvertToOrganization,
data={'adminUser': ADMIN_ACCESS_USER,
'adminPassword': 'password',
@ -436,6 +445,11 @@ class TestConvertToOrganization(ApiTestCase):
self.assertEquals(READ_ACCESS_USER, json['name'])
self.assertEquals(True, json['is_admin'])
# Verify the now-org has no permissions.
count = (database.RepositoryPermission.select()
.where(database.RepositoryPermission.user == organization)
.count())
self.assertEquals(0, count)
def test_convert_via_email(self):
self.login(READ_ACCESS_USER)