Next batch of backend permissions for orgs.
This commit is contained in:
yackob03
parent
100ec563fa
commit
dd77ebd64f
11 changed files with 13596 additions and 62 deletions
|
|
@ -14,6 +14,7 @@ logger = logging.getLogger(__name__)
|
|||
|
||||
_ResourceNeed = namedtuple('resource', ['type', 'namespace', 'name', 'role'])
|
||||
_RepositoryNeed = partial(_ResourceNeed, 'repository')
|
||||
_OrganizationNeed = namedtuple('organization', ['orgname', 'role'])
|
||||
|
||||
|
||||
class QuayDeferredPermissionUser(Identity):
|
||||
|
|
@ -27,13 +28,27 @@ class QuayDeferredPermissionUser(Identity):
|
|||
logger.debug('Loading user permissions after deferring.')
|
||||
user_object = model.get_user(self.id)
|
||||
|
||||
for user in model.get_all_user_permissions(user_object):
|
||||
grant = _RepositoryNeed(user.repositorypermission.repository.namespace,
|
||||
user.repositorypermission.repository.name,
|
||||
user.repositorypermission.role.name)
|
||||
# Add the user specific permissions
|
||||
user_grant = UserNeed(user_object.username)
|
||||
self.provides.add(user_grant)
|
||||
|
||||
# Every user is the admin of their own 'org'
|
||||
user_namespace = _OrganizationNeed(user_object.username, 'admin')
|
||||
self.provides.add(user_namespace)
|
||||
|
||||
# Add repository permissions
|
||||
for perm in model.get_all_user_permissions(user_object):
|
||||
grant = _RepositoryNeed(perm.repository.namespace,
|
||||
perm.repository.name, perm.role.name)
|
||||
logger.debug('User added permission: {0}'.format(grant))
|
||||
self.provides.add(grant)
|
||||
|
||||
# Add namespace permissions derived
|
||||
for team in model.get_org_wide_permissions(user_object):
|
||||
grant = _OrganizationNeed(team.organization.username, team.role.name)
|
||||
logger.debug('Organization team added permission: {0}'.format(grant))
|
||||
self.provides.add(grant)
|
||||
|
||||
self._permissions_loaded = True
|
||||
|
||||
return super(QuayDeferredPermissionUser, self).can(permission)
|
||||
|
|
@ -43,6 +58,7 @@ class ModifyRepositoryPermission(Permission):
|
|||
def __init__(self, namespace, name):
|
||||
admin_need = _RepositoryNeed(namespace, name, 'admin')
|
||||
write_need = _RepositoryNeed(namespace, name, 'write')
|
||||
org_admin_need = _OrganizationNeed(namespace, 'admin')
|
||||
super(ModifyRepositoryPermission, self).__init__(admin_need, write_need)
|
||||
|
||||
|
||||
|
|
@ -51,14 +67,25 @@ class ReadRepositoryPermission(Permission):
|
|||
admin_need = _RepositoryNeed(namespace, name, 'admin')
|
||||
write_need = _RepositoryNeed(namespace, name, 'write')
|
||||
read_need = _RepositoryNeed(namespace, name, 'read')
|
||||
org_admin_need = _OrganizationNeed(namespace, 'admin')
|
||||
super(ReadRepositoryPermission, self).__init__(admin_need, write_need,
|
||||
read_need)
|
||||
read_need, org_admin_need)
|
||||
|
||||
|
||||
class AdministerRepositoryPermission(Permission):
|
||||
def __init__(self, namespace, name):
|
||||
admin_need = _RepositoryNeed(namespace, name, 'admin')
|
||||
super(AdministerRepositoryPermission, self).__init__(admin_need)
|
||||
org_admin_need = _OrganizationNeed(namespace, 'admin')
|
||||
super(AdministerRepositoryPermission, self).__init__(admin_need,
|
||||
org_admin_need)
|
||||
|
||||
|
||||
class CreateRepositoryPermission(Permission):
|
||||
def __init__(self, namespace):
|
||||
admin_org = _OrganizationNeed(namespace, 'admin')
|
||||
create_repo_org = _OrganizationNeed(namespace, 'creator')
|
||||
super(CreateRepositoryPermission, self).__init__(admin_org,
|
||||
create_repo_org)
|
||||
|
||||
|
||||
class UserPermission(Permission):
|
||||
|
|
|
|||
Reference in a new issue