vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
This repository has been archived on 2020-03-24. You can view files and clone it, but cannot push or open issues or pull requests.
quay/util/fixuseradmin.py
Brad Ison 87e55870b7 Add script for fixing missing admin permissions 
Adds a util script to find and fix repositories in user namespaces
that are missing admin permissions for the owning user.  These admin
permissions are required, but were missing in some cases.  See:

  https://github.com/coreos-inc/quay/pull/2998
2018-02-13 16:23:17 -05:00

70 lines
2 KiB
Python
Raw Blame History

import argparse
import sys
from app import app
from data.database import Namespace, Repository, RepositoryPermission, Role
from data.model.permission import get_user_repo_permissions
from data.model.user import get_active_users, get_nonrobot_user
DESCRIPTION = '''
Fix user repositories missing admin permissions for owning user.
'''
parser = argparse.ArgumentParser(description=DESCRIPTION)
parser.add_argument('users', nargs='*', help='Users to check')
parser.add_argument('-a', '--all', action='store_true', help='Check all users')
parser.add_argument('-n', '--dry-run', action='store_true', help="Don't act")
ADMIN = Role.get(name='admin')
def repos_for_namespace(namespace):
return (Repository
.select(Repository.id, Repository.name, Namespace.username)
.join(Namespace)
.where(Namespace.username == namespace))
def has_admin(user, repo):
perms = get_user_repo_permissions(user, repo)
return any(p.role == ADMIN for p in perms)
def get_users(all_users=False, users_list=None):
if all_users:
return get_active_users(disabled=False)
return map(get_nonrobot_user, users_list)
def ensure_admin(user, repos, dry_run=False):
repos = [repo for repo in repos if not has_admin(user, repo)]
for repo in repos:
print('User {} missing admin on: {}'.format(user.username, repo.name))
if not dry_run:
RepositoryPermission.create(user=user, repository=repo, role=ADMIN)
print('Granted {} admin on: {}'.format(user.username, repo.name))
return len(repos)
def main():
args = parser.parse_args()
found = 0
if not args.all and len(args.users) == 0:
sys.exit('Need a list of users or --all')
for user in get_users(all_users=args.all, users_list=args.users):
if user is not None:
repos = repos_for_namespace(user.username)
found += ensure_admin(user, repos, dry_run=args.dry_run)
print('\nFound {} user repos missing admin'
' permissions for owner.'.format(found))
if __name__ == '__main__':
main()
Reference in a new issue View git blame Copy permalink