def get(self, orgname, teamname, parsed_args):
"""
Retrieve the list of members for the specified team.
"""
view_permission = ViewTeamPermission(orgname, teamname)
edit_permission = AdministerOrganizationPermission(orgname)
if view_permission.can():
team = None
try:
team = model.team.get_organization_team(orgname, teamname)
except model.InvalidTeamException:
raise NotFound()
members = model.organization.get_organization_team_members(team.id)
invites = []
if parsed_args["includePending"] and edit_permission.can():
invites = model.team.get_organization_team_member_invites(
team.id)
data = {
"name":
teamname,
"members":
[member_view(m)
for m in members] + [invite_view(i) for i in invites],
"can_edit":
edit_permission.can(),
}
if features.TEAM_SYNCING and authentication.federated_service:
if _syncing_setup_allowed(orgname):
data["can_sync"] = {
"service": authentication.federated_service,
}
data["can_sync"].update(authentication.service_metadata())
sync_info = model.team.get_team_sync_information(
orgname, teamname)
if sync_info is not None:
data["synced"] = {
"service": sync_info.service.name,
}
if SuperUserPermission().can():
data["synced"].update({
"last_updated":
format_date(sync_info.last_updated),
"config":
json.loads(sync_info.config),
})
return data
raise Unauthorized()
def put(self, orgname, prototypeid):
""" Update the role of an existing permission prototype. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.organization.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
existing = model.permission.get_prototype_permission(org, prototypeid)
if not existing:
raise NotFound()
details = request.get_json()
role_name = details["role"]
prototype = model.permission.update_prototype_permission(org, prototypeid, role_name)
if not prototype:
raise NotFound()
log_prototype_action(
"modify_prototype_permission", orgname, prototype, original_role=existing.role.name
)
users_filter = {prototype.activating_user, prototype.delegate_user}
org_members = model.organization.get_organization_member_set(
org, users_filter=users_filter
)
return prototype_view(prototype, org_members)
raise Unauthorized()
def post(self, orgname):
permission = AdministerOrganizationPermission(orgname)
if not permission.can():
raise Unauthorized()
try:
model.proxy_cache.get_proxy_cache_config_for_org(orgname)
request_error("Proxy Cache Configuration already exists")
except model.InvalidProxyCacheConfigException:
pass
data = request.get_json()
# filter None values
data = {k: v for k, v in data.items() if v is not None}
try:
config = ProxyCacheConfig(**data)
existing = model.organization.get_organization(orgname)
config.organization = existing
proxy = Proxy(config, "something-totally-fake", True)
response = proxy.get(f"{proxy.base_url}/v2/")
if response.status_code == 200:
return "Valid", 202
except UpstreamRegistryError as e:
raise request_error(
message=
"Failed login to remote registry. Please verify entered details and try again."
)
raise request_error(
message="Failed to validate Proxy cache configuration")
def post(self, orgname):
"""
Creates a new application under this organization.
"""
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.organization.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
app_data = request.get_json()
application = model.oauth.create_application(
org,
app_data["name"],
app_data.get("application_uri", ""),
app_data.get("redirect_uri", ""),
description=app_data.get("description", ""),
avatar_email=app_data.get("avatar_email", None),
)
app_data.update({
"application_name": application.name,
"client_id": application.client_id
})
log_action("create_application", orgname, app_data)
return app_view(application)
raise Unauthorized()
def delete(self, orgname, client_id):
"""
Deletes the application under this organization.
"""
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.organization.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
application = model.oauth.delete_application(org, client_id)
if not application:
raise NotFound()
log_action(
"delete_application",
orgname,
{
"application_name": application.name,
"client_id": client_id
},
)
return "", 204
raise Unauthorized()
def put(self, orgname, client_id):
"""
Updates an application under this organization.
"""
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.organization.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
application = model.oauth.lookup_application(org, client_id)
if not application:
raise NotFound()
app_data = request.get_json()
application.name = app_data["name"]
application.application_uri = app_data["application_uri"]
application.redirect_uri = app_data["redirect_uri"]
application.description = app_data.get("description", "")
application.avatar_email = app_data.get("avatar_email", None)
application.save()
app_data.update({
"application_name": application.name,
"client_id": application.client_id
})
log_action("update_application", orgname, app_data)
return app_view(application)
raise Unauthorized()
def delete(self, orgname, teamname, email):
"""
Delete an invite of an email address to join a team.
"""
permission = AdministerOrganizationPermission(orgname)
if permission.can():
team = None
# Find the team.
try:
team = model.team.get_organization_team(orgname, teamname)
except model.InvalidTeamException:
raise NotFound()
# Delete the invite.
if not model.team.delete_team_email_invite(team, email):
raise NotFound()
log_action(
"org_delete_team_member_invite",
orgname,
{
"email": email,
"team": teamname,
"member": email
},
)
return "", 204
raise Unauthorized()
def post(self, orgname):
"""
Creates proxy cache configuration for the organization.
"""
permission = AdministerOrganizationPermission(orgname)
if not permission.can():
raise Unauthorized()
try:
model.proxy_cache.get_proxy_cache_config_for_org(orgname)
raise request_error("Proxy Cache Configuration already exists")
except model.InvalidProxyCacheConfigException:
pass
data = request.get_json()
# filter None values
data = {k: v for k, v in data.items() if (v is not None or not "")}
try:
config = model.proxy_cache.create_proxy_cache_config(**data)
if config is not None:
return "Created", 201
except model.DataModelException as e:
logger.error(
"Error while creating Proxy cache configuration as: %s",
str(e))
return request_error("Error while creating Proxy cache configuration")
def get(self, orgname):
"""
List the existing prototypes for this organization.
"""
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.organization.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
permissions = model.permission.get_prototype_permissions(org)
users_filter = {p.activating_user
for p in permissions
} | {p.delegate_user
for p in permissions}
org_members = model.organization.get_organization_member_set(
org, users_filter=users_filter)
return {
"prototypes":
[prototype_view(p, org_members) for p in permissions]
}
raise Unauthorized()
def put(self, orgname, teamname, email):
"""
Invites an email address to an existing team.
"""
permission = AdministerOrganizationPermission(orgname)
if permission.can():
team = None
# Find the team.
try:
team = model.team.get_organization_team(orgname, teamname)
except model.InvalidTeamException:
raise NotFound()
# Invite the email to the team.
inviter = get_authenticated_user()
invite = handle_addinvite_team(inviter, team, email=email)
log_action(
"org_invite_team_member",
orgname,
{
"email": email,
"team": teamname,
"member": email
},
)
return invite_view(invite)
raise Unauthorized()
def post(self, orgname, client_id):
"""
Resets the client secret of the application.
"""
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.organization.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
application = model.oauth.lookup_application(org, client_id)
if not application:
raise NotFound()
application = model.oauth.reset_client_secret(application)
log_action(
"reset_application_client_secret",
orgname,
{
"application_name": application.name,
"client_id": client_id
},
)
return app_view(application)
raise Unauthorized()
def post(self, orgname):
""" Creates a new application under this organization. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.organization.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
app_data = request.get_json()
application = model.oauth.create_application(
org,
app_data['name'],
app_data.get('application_uri', ''),
app_data.get('redirect_uri', ''),
description=app_data.get('description', ''),
avatar_email=app_data.get('avatar_email', None))
app_data.update({
'application_name': application.name,
'client_id': application.client_id
})
log_action('create_application', orgname, app_data)
return app_view(application)
raise Unauthorized()
def put(self, orgname, robot_shortname):
"""
Create a new robot in the organization.
"""
permission = AdministerOrganizationPermission(orgname)
if permission.can():
create_data = request.get_json() or {}
robot = model.create_org_robot(
robot_shortname,
orgname,
create_data.get("description"),
create_data.get("unstructured_metadata"),
)
log_action(
"create_robot",
orgname,
{
"robot":
robot_shortname,
"description":
create_data.get("description"),
"unstructured_metadata":
create_data.get("unstructured_metadata"),
},
)
return robot.to_dict(include_metadata=True,
include_token=True), 201
raise Unauthorized()
def get(self, orgname):
"""
Fetch any existing subscription for the org.
"""
cus = None
permission = AdministerOrganizationPermission(orgname)
if permission.can():
private_repos = model.user.get_private_repo_count(orgname)
organization = model.organization.get_organization(orgname)
if organization.stripe_id:
try:
cus = billing.Customer.retrieve(organization.stripe_id)
except stripe.error.APIConnectionError as e:
abort(503, message="Cannot contact Stripe")
if cus.subscription:
return subscription_view(cus.subscription, private_repos)
return {
"hasSubscription": False,
"isExistingCustomer": cus is not None,
"plan": "free",
"usedPrivateRepos": private_repos,
}
raise Unauthorized()
def get(self, orgname):
""" List outside collaborators of the specified organization. """
permission = AdministerOrganizationPermission(orgname)
if not permission.can():
raise Unauthorized()
try:
org = model.organization.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
all_perms = model.permission.list_organization_member_permissions(org)
membership = model.team.list_organization_members_by_teams(org)
org_members = set(m.user.username for m in membership)
collaborators = {}
for perm in all_perms:
username = perm.user.username
# Only interested in non-member permissions.
if username in org_members:
continue
if username not in collaborators:
collaborators[username] = {
"kind": "user",
"name": username,
"avatar": avatar.get_data_for_user(perm.user),
"repositories": [],
}
collaborators[username]["repositories"].append(perm.repository.name)
return {"collaborators": collaborators.values()}
def receipt():
if not current_user.is_authenticated:
abort(401)
return
invoice_id = request.args.get('id')
if invoice_id:
invoice = stripe.Invoice.retrieve(invoice_id)
if invoice:
user_or_org = model.user.get_user_or_org_by_customer_id(invoice.customer)
if user_or_org:
if user_or_org.organization:
admin_org = AdministerOrganizationPermission(user_or_org.username)
if not admin_org.can():
abort(404)
return
else:
if not user_or_org.username == current_user.db_user().username:
abort(404)
return
def format_date(timestamp):
return datetime.fromtimestamp(timestamp).strftime('%Y-%m-%d')
file_data = renderInvoiceToPdf(invoice, user_or_org)
receipt_filename = 'quay-receipt-%s.pdf' % (format_date(invoice.date))
return Response(file_data,
mimetype="application/pdf",
headers={"Content-Disposition": "attachment;filename=" + receipt_filename})
abort(404)
def get(self, orgname, robot_shortname):
""" Returns the organization's robot with the specified name. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
robot = model.get_org_robot(robot_shortname, orgname)
return robot.to_dict(include_metadata=True, include_token=True)
raise Unauthorized()
def get(self, orgname):
""" Get the organization's credit card. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
organization = model.organization.get_organization(orgname)
return get_card(organization)
raise Unauthorized()
def post(self, orgname, robot_shortname):
""" Regenerates the token for an organization robot. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
robot = model.regenerate_org_robot_token(robot_shortname, orgname)
log_action("regenerate_robot_token", orgname, {"robot": robot_shortname})
return robot.to_dict(include_token=True)
raise Unauthorized()
def delete(self, orgname, robot_shortname):
""" Delete an existing organization robot. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
model.delete_robot(format_robot_username(orgname, robot_shortname))
log_action("delete_robot", orgname, {"robot": robot_shortname})
return "", 204
raise Unauthorized()
def post(self, orgname):
""" Create a new permission prototype. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.organization.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
details = request.get_json()
activating_username = None
if (
"activating_user" in details
and details["activating_user"]
and "name" in details["activating_user"]
):
activating_username = details["activating_user"]["name"]
delegate = details["delegate"] if "delegate" in details else {}
delegate_kind = delegate.get("kind", None)
delegate_name = delegate.get("name", None)
delegate_username = delegate_name if delegate_kind == "user" else None
delegate_teamname = delegate_name if delegate_kind == "team" else None
activating_user = (
model.user.get_user(activating_username) if activating_username else None
)
delegate_user = model.user.get_user(delegate_username) if delegate_username else None
delegate_team = (
model.team.get_organization_team(orgname, delegate_teamname)
if delegate_teamname
else None
)
if activating_username and not activating_user:
raise request_error(message="Unknown activating user")
if not delegate_user and not delegate_team:
raise request_error(message="Missing delegate user or team")
role_name = details["role"]
prototype = model.permission.add_prototype_permission(
org, role_name, activating_user, delegate_user, delegate_team
)
log_prototype_action("create_prototype_permission", orgname, prototype)
users_filter = {prototype.activating_user, prototype.delegate_user}
org_members = model.organization.get_organization_member_set(
org, users_filter=users_filter
)
return prototype_view(prototype, org_members)
raise Unauthorized()
def get(self, orgname, robot_shortname):
""" Returns the list of repository permissions for the org's robot. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
robot = model.get_org_robot(robot_shortname, orgname)
permissions = model.list_robot_permissions(robot.name)
return {"permissions": [permission.to_dict() for permission in permissions]}
abort(403)
def delete(self, orgname, teamname):
""" Delete the specified team. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
model.team.remove_team(orgname, teamname,
get_authenticated_user().username)
log_action("org_delete_team", orgname, {"team": teamname})
return "", 204
raise Unauthorized()
def put(self, orgname, teamname):
"""
Update the org-wide permission for the specified team.
"""
edit_permission = AdministerOrganizationPermission(orgname)
if edit_permission.can():
team = None
details = request.get_json()
is_existing = False
try:
team = model.team.get_organization_team(orgname, teamname)
is_existing = True
except model.InvalidTeamException:
# Create the new team.
description = details[
"description"] if "description" in details else ""
role = details["role"] if "role" in details else "member"
org = model.organization.get_organization(orgname)
team = model.team.create_team(teamname, org, role, description)
log_action("org_create_team", orgname, {"team": teamname})
if is_existing:
if "description" in details and team.description != details[
"description"]:
team.description = details["description"]
team.save()
log_action(
"org_set_team_description",
orgname,
{
"team": teamname,
"description": team.description
},
)
if "role" in details:
role = Team.role.get_name(team.role_id)
if role != details["role"]:
team = model.team.set_team_org_permission(
team, details["role"],
get_authenticated_user().username)
log_action(
"org_set_team_role",
orgname,
{
"team": teamname,
"role": details["role"]
},
)
return team_view(orgname, team, is_new_team=not is_existing), 200
raise Unauthorized()
def post(self, orgname):
""" Update the orgnaization's credit card. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
organization = model.organization.get_organization(orgname)
token = request.get_json()['token']
response = set_card(organization, token)
log_action('account_change_cc', orgname)
return response
raise Unauthorized()
def get(self, orgname):
""" List the invoices for the specified orgnaization. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
organization = model.organization.get_organization(orgname)
if not organization.stripe_id:
raise NotFound()
return get_invoices(organization.stripe_id)
raise Unauthorized()
def get(self, orgname):
""" List the invoice fields for the organization. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
organization = model.organization.get_organization(orgname)
if not organization.stripe_id:
raise NotFound()
return {'fields': get_invoice_fields(organization)[0]}
abort(403)
def put(self, orgname):
""" Create or update the org's subscription. """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
request_data = request.get_json()
plan = request_data['plan']
token = request_data['token'] if 'token' in request_data else None
organization = model.organization.get_organization(orgname)
return subscribe(organization, plan, token,
True) # Business plan required
raise Unauthorized()
def get(self, orgname, membername):
"""
Retrieves the details of a member of the organization.
"""
permission = AdministerOrganizationPermission(orgname)
if permission.can():
# Lookup the user.
member = model.user.get_user(membername)
if not member:
raise NotFound()
organization = model.user.get_user_or_org(orgname)
if not organization:
raise NotFound()
# Lookup the user's information in the organization.
teams = list(
model.team.get_user_teams_within_org(membername, organization))
if not teams:
# 404 if the user is not a robot under the organization, as that means the referenced
# user or robot is not a member of this organization.
if not member.robot:
raise NotFound()
namespace, _ = parse_robot_username(member.username)
if namespace != orgname:
raise NotFound()
repo_permissions = model.permission.list_organization_member_permissions(
organization, member)
def local_team_view(team):
return {
"name": team.name,
"avatar": avatar.get_data_for_team(team),
}
return {
"name":
member.username,
"kind":
"robot" if member.robot else "user",
"avatar":
avatar.get_data_for_user(member),
"teams": [local_team_view(team) for team in teams],
"repositories": [
permission.repository.name
for permission in repo_permissions
],
}
raise Unauthorized()
def get(self, orgname):
""" List the applications for the specified organization """
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.organization.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
applications = model.oauth.list_applications_for_org(org)
return {"applications": [app_view(application) for application in applications]}
raise Unauthorized()
