Next batch of backend permissions for orgs.
This commit is contained in:
yackob03
parent
100ec563fa
commit
dd77ebd64f
11 changed files with 13596 additions and 62 deletions
|
|
@ -37,9 +37,14 @@ class User(BaseModel):
|
|||
organization = BooleanField(default=False, index=True)
|
||||
|
||||
|
||||
class TeamRole(BaseModel):
|
||||
name = CharField(index=True)
|
||||
|
||||
|
||||
class Team(BaseModel):
|
||||
name = CharField(index=True)
|
||||
organization = ForeignKeyField(User, index=True)
|
||||
role = ForeignKeyField(TeamRole)
|
||||
|
||||
class Meta:
|
||||
database = db
|
||||
|
|
@ -117,18 +122,6 @@ class RepositoryPermission(BaseModel):
|
|||
)
|
||||
|
||||
|
||||
class TeamPermission(BaseModel):
|
||||
team = ForeignKeyField(Team, index=True)
|
||||
organization = ForeignKeyField(User, index=True)
|
||||
role = ForeignKeyField(Role)
|
||||
|
||||
class Meta:
|
||||
database = db
|
||||
indexes = (
|
||||
(('team', 'organization'), True),
|
||||
)
|
||||
|
||||
|
||||
def random_string_generator(length=16):
|
||||
def random_string():
|
||||
random = SystemRandom()
|
||||
|
|
@ -212,10 +205,13 @@ def initialize_db():
|
|||
RepositoryPermission, Visibility, RepositoryTag,
|
||||
EmailConfirmation, FederatedLogin, LoginService,
|
||||
QueueItem, RepositoryBuild, Team, TeamMember,
|
||||
TeamPermission])
|
||||
TeamRole])
|
||||
Role.create(name='admin')
|
||||
Role.create(name='write')
|
||||
Role.create(name='read')
|
||||
TeamRole.create(name='admin')
|
||||
TeamRole.create(name='creator')
|
||||
TeamRole.create(name='member')
|
||||
Visibility.create(name='public')
|
||||
Visibility.create(name='private')
|
||||
LoginService.create(name='github')
|
||||
|
|
|
|||
|
|
@ -89,20 +89,17 @@ def create_organization(name, email, creating_user):
|
|||
new_org.save()
|
||||
|
||||
# Create a team for the owners
|
||||
owners_team = create_team('Owners', new_org)
|
||||
owners_team = create_team('Owners', new_org, 'admin')
|
||||
|
||||
# Add the user who created the org to the owners
|
||||
# Add the user who created the org to the owners team
|
||||
add_user_to_team(creating_user, owners_team)
|
||||
|
||||
# Give the owners team admin access to the namespace
|
||||
set_team_org_permission(owners_team, new_org, 'admin')
|
||||
|
||||
return new_org
|
||||
except InvalidUsernameException:
|
||||
raise InvalidOrganizationException('Invalid organization name: %s' % name)
|
||||
|
||||
|
||||
def create_team(name, org):
|
||||
def create_team(name, org, team_role_name):
|
||||
if not validate_username(name):
|
||||
raise InvalidTeamException('Invalid team name: %s' % name)
|
||||
|
||||
|
|
@ -110,27 +107,19 @@ def create_team(name, org):
|
|||
raise InvalidOrganizationException('User with name %s is not an org.' %
|
||||
org.username)
|
||||
|
||||
return Team.create(name=name, organization=org)
|
||||
team_role = TeamRole.get(TeamRole.name == team_role_name)
|
||||
return Team.create(name=name, organization=org, role=team_role)
|
||||
|
||||
|
||||
def add_user_to_team(user, team):
|
||||
return TeamMember.create(user=user, team=team)
|
||||
|
||||
|
||||
def set_team_org_permission(team, org, role_name):
|
||||
new_role = Role.get(Role.name == role_name)
|
||||
|
||||
# Fetch any existing permission for this user on the repo
|
||||
try:
|
||||
perm = TeamPermission.get(TeamPermission.team == team,
|
||||
TeamPermission.organization == org)
|
||||
perm.role = new_role
|
||||
perm.save()
|
||||
return perm
|
||||
except TeamPermission.DoesNotExist:
|
||||
new_perm = TeamPermission.create(team=team, organization=org,
|
||||
role=new_role)
|
||||
return new_perm
|
||||
def set_team_org_permission(team, org, team_role_name):
|
||||
new_role = TeamRole.get(TeamRole.name == tean_role_name)
|
||||
team.role = new_role
|
||||
team.save()
|
||||
return team
|
||||
|
||||
|
||||
def create_federated_user(username, email, service_name, service_id):
|
||||
|
|
@ -327,10 +316,31 @@ def update_email(user, new_email):
|
|||
|
||||
|
||||
def get_all_user_permissions(user):
|
||||
select = User.select(User, Repository, RepositoryPermission, Role)
|
||||
with_repo = select.join(RepositoryPermission).join(Repository)
|
||||
with_role = with_repo.switch(RepositoryPermission).join(Role)
|
||||
return with_role.where(User.username == user.username)
|
||||
select = RepositoryPermission.select(RepositoryPermission, Role, Repository)
|
||||
with_role = select.join(Role)
|
||||
with_repo = with_role.switch(RepositoryPermission).join(Repository)
|
||||
through_user = with_repo.switch(RepositoryPermission).join(User,
|
||||
JOIN_LEFT_OUTER)
|
||||
as_perm = through_user.switch(RepositoryPermission)
|
||||
through_team = as_perm.join(Team, JOIN_LEFT_OUTER).join(TeamMember,
|
||||
JOIN_LEFT_OUTER)
|
||||
|
||||
UserThroughTeam = User.alias()
|
||||
with_team_member = through_team.join(UserThroughTeam, JOIN_LEFT_OUTER,
|
||||
on=(UserThroughTeam.id ==
|
||||
TeamMember.user))
|
||||
|
||||
return with_team_member.where((User.id == user) |
|
||||
(UserThroughTeam.id == user))
|
||||
|
||||
|
||||
def get_org_wide_permissions(user):
|
||||
Org = User.alias()
|
||||
team_with_role = Team.select(Team, Org, TeamRole).join(TeamRole)
|
||||
with_org = team_with_role.switch(Team).join(Org, on=(Team.organization ==
|
||||
Org.id))
|
||||
with_user = with_org.switch(Team).join(TeamMember).join(User)
|
||||
return with_user.where(User.id == user, Org.organization == True)
|
||||
|
||||
|
||||
def get_all_repo_teams(namespace_name, repository_name):
|
||||
|
|
|
|||
Reference in a new issue