import argparse import sys from app import app from data.database import Namespace, Repository, RepositoryPermission, Role from data.model.permission import get_user_repo_permissions from data.model.user import get_active_users, get_nonrobot_user DESCRIPTION = ''' Fix user repositories missing admin permissions for owning user. ''' parser = argparse.ArgumentParser(description=DESCRIPTION) parser.add_argument('users', nargs='*', help='Users to check') parser.add_argument('-a', '--all', action='store_true', help='Check all users') parser.add_argument('-n', '--dry-run', action='store_true', help="Don't act") ADMIN = Role.get(name='admin') def repos_for_namespace(namespace): return (Repository .select(Repository.id, Repository.name, Namespace.username) .join(Namespace) .where(Namespace.username == namespace)) def has_admin(user, repo): perms = get_user_repo_permissions(user, repo) return any(p.role == ADMIN for p in perms) def get_users(all_users=False, users_list=None): if all_users: return get_active_users(disabled=False) return map(get_nonrobot_user, users_list) def ensure_admin(user, repos, dry_run=False): repos = [repo for repo in repos if not has_admin(user, repo)] for repo in repos: print('User {} missing admin on: {}'.format(user.username, repo.name)) if not dry_run: RepositoryPermission.create(user=user, repository=repo, role=ADMIN) print('Granted {} admin on: {}'.format(user.username, repo.name)) return len(repos) def main(): args = parser.parse_args() found = 0 if not args.all and len(args.users) == 0: sys.exit('Need a list of users or --all') for user in get_users(all_users=args.all, users_list=args.users): if user is not None: repos = repos_for_namespace(user.username) found += ensure_admin(user, repos, dry_run=args.dry_run) print('\nFound {} user repos missing admin' ' permissions for owner.'.format(found)) if __name__ == '__main__': main()