Merge pull request #1754 from coreos-inc/team-add-perms

Better UI and permissions handling for robots and teams
2016-09-06 17:21:19 -04:00 · 2016-09-06 17:21:19 -04:00 · cd8b45e25b
commit cd8b45e25b
parent 0a7949fc10 391d70d9ec
21 changed files with 895 additions and 458 deletions
--- a/endpoints/api/organization.py
+++ b/endpoints/api/organization.py
@ -8,13 +8,12 @@ import features

 from app import billing as stripe, avatar
 from endpoints.api import (resource, nickname, ApiResource, validate_json_request, request_error,
-                           related_user_resource, internal_only, require_user_admin, log_action, 
+                           related_user_resource, internal_only, require_user_admin, log_action,
                           show_if, path_param, require_scope)
 from endpoints.exception import Unauthorized, NotFound
-from endpoints.api.team import team_view
 from endpoints.api.user import User, PrivateRepositories
 from auth.permissions import (AdministerOrganizationPermission, OrganizationMemberPermission,
-                              CreateRepositoryPermission)
+                              CreateRepositoryPermission, ViewTeamPermission)
 from auth.auth_context import get_authenticated_user
 from auth import scopes
 from data import model
@ -24,6 +23,18 @@ from data.billing import get_plan
 logger = logging.getLogger(__name__)


+def team_view(orgname, team):
+  return {
+    'name': team.name,
+    'description': team.description,
+    'role': team.role_name,
+    'avatar': avatar.get_data_for_team(team),
+    'can_view': ViewTeamPermission(orgname, team.name).can(),
+
+    'repo_count': team.repo_count,
+    'member_count': team.member_count,
+  }
+

 def org_view(o, teams):
  is_admin = AdministerOrganizationPermission(o.username).can()
--- a/endpoints/api/team.py
+++ b/endpoints/api/team.py
@ -5,7 +5,7 @@ from flask import request
 import features

 from endpoints.api import (resource, nickname, ApiResource, validate_json_request, request_error,
-                           log_action, internal_only, require_scope, path_param, query_param, 
+                           log_action, internal_only, require_scope, path_param, query_param,
                           truthy_bool, parse_args, require_user_admin, show_if)
 from endpoints.exception import Unauthorized, NotFound
 from auth.permissions import AdministerOrganizationPermission, ViewTeamPermission
@ -15,6 +15,15 @@ from data import model
 from util.useremails import send_org_invite_email
 from app import avatar

+def permission_view(permission):
+  return {
+    'repository': {
+      'name': permission.repository.name,
+      'is_public': permission.repository.visibility.name == 'public'
+    },
+    'role': permission.role.name
+  }
+

 def try_accept_invite(code, user):
  (team, inviter) = model.team.confirm_team_invite(code, user)
@ -346,6 +355,30 @@ class InviteTeamMember(ApiResource):
    raise Unauthorized()


+@resource('/v1/organization/<orgname>/team/<teamname>/permissions')
+@path_param('orgname', 'The name of the organization')
+@path_param('teamname', 'The name of the team')
+class TeamPermissions(ApiResource):
+  """ Resource for listing the permissions an org's team has in the system. """
+  @nickname('getTeamPermissions')
+  def get(self, orgname, teamname):
+    """ Returns the list of repository permissions for the org's team. """
+    permission = AdministerOrganizationPermission(orgname)
+    if permission.can():
+      try:
+        team = model.team.get_organization_team(orgname, teamname)
+      except model.InvalidTeamException:
+        raise NotFound()
+
+      permissions = model.permission.list_team_permissions(team)
+
+      return {
+        'permissions': [permission_view(permission) for permission in permissions]
+      }
+
+    raise Unauthorized()
+
+
@resource('/v1/teaminvite/<code>')
@internal_only
@show_if(features.MAILING)