Add the ability to login with a robot, use the wrench icon for robots all over the place.
This commit is contained in:
parent
b407c1d9fb
commit
e69591c7d6
8 changed files with 46 additions and 15 deletions
14
auth/auth.py
14
auth/auth.py
|
@ -48,6 +48,20 @@ def process_basic_auth(auth):
|
||||||
except model.DataModelException:
|
except model.DataModelException:
|
||||||
logger.debug('Invalid token: %s' % credentials[1])
|
logger.debug('Invalid token: %s' % credentials[1])
|
||||||
|
|
||||||
|
elif '+' in credentials[0]:
|
||||||
|
logger.debug('Trying robot auth with credentials %s' % str(credentials))
|
||||||
|
# Use as robot auth
|
||||||
|
try:
|
||||||
|
robot = model.verify_robot(credentials[0], credentials[1])
|
||||||
|
logger.debug('Successfully validated robot: %s' % credentials[0])
|
||||||
|
ctx = _request_ctx_stack.top
|
||||||
|
ctx.authenticated_user = robot
|
||||||
|
|
||||||
|
identity_changed.send(app, identity=Identity(robot.username, 'username'))
|
||||||
|
return
|
||||||
|
except model.InvalidRobotException:
|
||||||
|
logger.debug('Invalid robot or password for robot: %s' % credentials[0])
|
||||||
|
|
||||||
else:
|
else:
|
||||||
authenticated = model.verify_user(credentials[0], credentials[1])
|
authenticated = model.verify_user(credentials[0], credentials[1])
|
||||||
|
|
||||||
|
|
|
@ -627,7 +627,7 @@ def get_all_repo_teams(namespace_name, repository_name):
|
||||||
|
|
||||||
|
|
||||||
def get_all_repo_users(namespace_name, repository_name):
|
def get_all_repo_users(namespace_name, repository_name):
|
||||||
select = RepositoryPermission.select(User.username, Role.name,
|
select = RepositoryPermission.select(User.username, User.robot, Role.name,
|
||||||
RepositoryPermission)
|
RepositoryPermission)
|
||||||
with_user = select.join(User)
|
with_user = select.join(User)
|
||||||
with_role = with_user.switch(RepositoryPermission).join(Role)
|
with_role = with_user.switch(RepositoryPermission).join(Role)
|
||||||
|
|
|
@ -292,7 +292,8 @@ def get_matching_entities(prefix):
|
||||||
def user_view(user):
|
def user_view(user):
|
||||||
user_json = {
|
user_json = {
|
||||||
'name': user.username,
|
'name': user.username,
|
||||||
'kind': 'robot' if user.is_robot else 'user',
|
'kind': 'user',
|
||||||
|
'is_robot': user.is_robot,
|
||||||
}
|
}
|
||||||
|
|
||||||
if user.is_org_member is not None:
|
if user.is_org_member is not None:
|
||||||
|
@ -455,7 +456,8 @@ def get_organization_private_allowed(orgname):
|
||||||
|
|
||||||
def member_view(member):
|
def member_view(member):
|
||||||
return {
|
return {
|
||||||
'username': member.username
|
'username': member.username,
|
||||||
|
'is_robot': member.robot,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -917,6 +919,11 @@ def role_view(repo_perm_obj):
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def wrap_role_view_user(role_json, user):
|
||||||
|
role_json['is_robot'] = user.robot
|
||||||
|
return role_json
|
||||||
|
|
||||||
|
|
||||||
def wrap_role_view_org(role_json, org_member):
|
def wrap_role_view_org(role_json, org_member):
|
||||||
role_json['is_org_member'] = org_member
|
role_json['is_org_member'] = org_member
|
||||||
return role_json
|
return role_json
|
||||||
|
@ -1033,7 +1040,7 @@ def list_repo_user_permissions(namespace, repository):
|
||||||
model.get_organization(namespace) # Will raise an error if not org
|
model.get_organization(namespace) # Will raise an error if not org
|
||||||
org_members = model.get_organization_member_set(namespace)
|
org_members = model.get_organization_member_set(namespace)
|
||||||
def wrapped_role_view(repo_perm):
|
def wrapped_role_view(repo_perm):
|
||||||
unwrapped = role_view(repo_perm)
|
unwrapped = wrap_role_view_user(role_view(repo_perm), repo_perm.user)
|
||||||
return wrap_role_view_org(unwrapped,
|
return wrap_role_view_org(unwrapped,
|
||||||
repo_perm.user.username in org_members)
|
repo_perm.user.username in org_members)
|
||||||
|
|
||||||
|
@ -1062,7 +1069,7 @@ def get_user_permissions(namespace, repository, username):
|
||||||
permission = AdministerRepositoryPermission(namespace, repository)
|
permission = AdministerRepositoryPermission(namespace, repository)
|
||||||
if permission.can():
|
if permission.can():
|
||||||
perm = model.get_user_reponame_permission(username, namespace, repository)
|
perm = model.get_user_reponame_permission(username, namespace, repository)
|
||||||
perm_view = role_view(perm)
|
perm_view = wrap_role_view_user(role_view(perm), perm.user)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
model.get_organization(namespace)
|
model.get_organization(namespace)
|
||||||
|
@ -1107,7 +1114,7 @@ def change_user_permissions(namespace, repository, username):
|
||||||
|
|
||||||
perm = model.set_user_repo_permission(username, namespace, repository,
|
perm = model.set_user_repo_permission(username, namespace, repository,
|
||||||
new_permission['role'])
|
new_permission['role'])
|
||||||
perm_view = role_view(perm)
|
perm_view = wrap_role_view_user(role_view(perm), perm.user)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
model.get_organization(namespace)
|
model.get_organization(namespace)
|
||||||
|
|
|
@ -62,6 +62,13 @@ def create_user():
|
||||||
except model.InvalidTokenException:
|
except model.InvalidTokenException:
|
||||||
abort(401)
|
abort(401)
|
||||||
|
|
||||||
|
elif '+' in username:
|
||||||
|
try:
|
||||||
|
model.verify_robot(username, password)
|
||||||
|
return make_response('Verified', 201)
|
||||||
|
except model.InvalidRobotException:
|
||||||
|
abort(401)
|
||||||
|
|
||||||
existing_user = model.get_user(username)
|
existing_user = model.get_user(username)
|
||||||
if existing_user:
|
if existing_user:
|
||||||
verified = model.verify_user(username, password)
|
verified = model.verify_user(username, password)
|
||||||
|
|
|
@ -643,8 +643,10 @@ quayApp.directive('entitySearch', function () {
|
||||||
},
|
},
|
||||||
template: function (datum) {
|
template: function (datum) {
|
||||||
template = '<div class="entity-mini-listing">';
|
template = '<div class="entity-mini-listing">';
|
||||||
if (datum.entity.kind == 'user') {
|
if (datum.entity.kind == 'user' && !datum.entity.is_robot) {
|
||||||
template += '<i class="fa fa-user fa-lg"></i>';
|
template += '<i class="fa fa-user fa-lg"></i>';
|
||||||
|
} else if (datum.entity.kind == 'user' && datum.entity.is_robot) {
|
||||||
|
template += '<i class="fa fa-wrench fa-lg"></i>';
|
||||||
} else if (datum.entity.kind == 'team') {
|
} else if (datum.entity.kind == 'team') {
|
||||||
template += '<i class="fa fa-group fa-lg"></i>';
|
template += '<i class="fa fa-group fa-lg"></i>';
|
||||||
}
|
}
|
||||||
|
|
|
@ -527,7 +527,7 @@ function RepoAdminCtrl($scope, Restangular, $routeParams, $rootScope) {
|
||||||
// Need the $scope.apply for both the permission stuff to change and for
|
// Need the $scope.apply for both the permission stuff to change and for
|
||||||
// the XHR call to be made.
|
// the XHR call to be made.
|
||||||
$scope.$apply(function() {
|
$scope.$apply(function() {
|
||||||
$scope.addRole(entity.name, 'read', entity.kind, entity.is_org_member)
|
$scope.addRole(entity.name, 'read', entity.kind);
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -545,15 +545,14 @@ function RepoAdminCtrl($scope, Restangular, $routeParams, $rootScope) {
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
$scope.addRole = function(entityName, role, kind, is_org_member) {
|
$scope.addRole = function(entityName, role, kind) {
|
||||||
var permission = {
|
var permission = {
|
||||||
'role': role,
|
'role': role,
|
||||||
'is_org_member': is_org_member
|
|
||||||
};
|
};
|
||||||
|
|
||||||
var permissionPost = Restangular.one(getRestUrl('repository', namespace, name, 'permissions', kind, entityName));
|
var permissionPost = Restangular.one(getRestUrl('repository', namespace, name, 'permissions', kind, entityName));
|
||||||
permissionPost.customPOST(permission).then(function() {
|
permissionPost.customPOST(permission).then(function(result) {
|
||||||
$scope.permissions[kind][entityName] = permission;
|
$scope.permissions[kind][entityName] = result;
|
||||||
}, function(result) {
|
}, function(result) {
|
||||||
$('#cannotchangeModal').modal({});
|
$('#cannotchangeModal').modal({});
|
||||||
});
|
});
|
||||||
|
|
|
@ -72,7 +72,8 @@
|
||||||
<!-- User Permissions -->
|
<!-- User Permissions -->
|
||||||
<tr ng-repeat="(name, permission) in permissions['user']">
|
<tr ng-repeat="(name, permission) in permissions['user']">
|
||||||
<td class="{{ 'user entity ' + (permission.is_org_member ? '' : 'outside') }}">
|
<td class="{{ 'user entity ' + (permission.is_org_member ? '' : 'outside') }}">
|
||||||
<i class="fa fa-user"></i>
|
<i class="fa fa-user" ng-show="!permission.is_robot"></i>
|
||||||
|
<i class="fa fa-wrench" ng-show="permission.is_robot"></i>
|
||||||
<span>{{name}}</span>
|
<span>{{name}}</span>
|
||||||
<i class="fa fa-exclamation-triangle" ng-show="permission.is_org_member === false" data-trigger="hover" bs-popover="{'content': 'This user is not a member of the organization'}"></i>
|
<i class="fa fa-exclamation-triangle" ng-show="permission.is_org_member === false" data-trigger="hover" bs-popover="{'content': 'This user is not a member of the organization'}"></i>
|
||||||
</td>
|
</td>
|
||||||
|
|
|
@ -20,7 +20,8 @@
|
||||||
<table class="permissions">
|
<table class="permissions">
|
||||||
<tr ng-repeat="(name, member) in members">
|
<tr ng-repeat="(name, member) in members">
|
||||||
<td class="user entity">
|
<td class="user entity">
|
||||||
<i class="fa fa-user"></i>
|
<i class="fa fa-user" ng-show="!member.is_robot"></i>
|
||||||
|
<i class="fa fa-wrench" ng-show="member.is_robot"></i>
|
||||||
<span>{{ member.username }}</span>
|
<span>{{ member.username }}</span>
|
||||||
</td>
|
</td>
|
||||||
<td>
|
<td>
|
||||||
|
|
Reference in a new issue