Ejemplo n.º 1
0
def api_order_screenshots(token: APIToken, package: Package, order: [any]):
    if not token.canOperateOnPackage(package):
        error(403, "API token does not have access to the package")

    guard(do_order_screenshots)(token.owner, package, order)

    return jsonify({"success": True})
Ejemplo n.º 2
0
def create_edit_token(username, id=None):
    user = User.query.filter_by(username=username).first()
    if user is None:
        abort(404)

    if not user.checkPerm(current_user, Permission.CREATE_TOKEN):
        abort(403)

    is_new = id is None

    token = None
    access_token = None
    if not is_new:
        token = APIToken.query.get(id)
        if token is None:
            abort(404)
        elif token.owner != user:
            abort(403)

        access_token = session.pop("token_" + str(token.id), None)

    form = CreateAPIToken(formdata=request.form, obj=token)
    form.package.query_factory = lambda: Package.query.filter_by(author=user
                                                                 ).all()

    if form.validate_on_submit():
        if is_new:
            token = APIToken()
            token.owner = user
            token.access_token = randomString(32)

        form.populate_obj(token)
        db.session.add(token)
        db.session.commit()  # save

        if is_new:
            # Store token so it can be shown in the edit page
            session["token_" + str(token.id)] = token.access_token

        return redirect(
            url_for("api.create_edit_token", username=username, id=token.id))

    return render_template("api/create_edit_token.html",
                           user=user,
                           form=form,
                           token=token,
                           access_token=access_token)
Ejemplo n.º 3
0
def api_edit_package(token: APIToken, package: Package, data: dict, reason: str = "API"):
	if not token.canOperateOnPackage(package):
		error(403, "API token does not have access to the package")

	reason += ", token=" + token.name

	package = guard(do_edit_package)(token.owner, package, False, data, reason)

	return jsonify({
		"success": True,
		"package": package.getAsDictionary(current_app.config["BASE_URL"])
	})
Ejemplo n.º 4
0
def api_create_screenshot(token: APIToken, package: Package, title: str, file, reason="API"):
	if not token.canOperateOnPackage(package):
		error(403, "API token does not have access to the package")

	reason += ", token=" + token.name

	ss : PackageScreenshot = guard(do_create_screenshot)(token.owner, package, title, file, reason)

	return jsonify({
		"success": True,
		"screenshot": ss.getAsDictionary()
	})
Ejemplo n.º 5
0
def api_create_zip_release(token: APIToken, package: Package, title: str, file,
		min_v: MinetestRelease = None, max_v: MinetestRelease = None, reason="API", commit_hash:str=None):
	if not token.canOperateOnPackage(package):
		error(403, "API token does not have access to the package")

	reason += ", token=" + token.name

	rel = guard(do_create_zip_release)(token.owner, package, title, file, min_v, max_v, reason, commit_hash)

	return jsonify({
		"success": True,
		"task": url_for("tasks.check", id=rel.task_id),
		"release": rel.getAsDictionary()
	})
Ejemplo n.º 6
0
def order_screenshots(token: APIToken, package: Package):
    if not token:
        error(401, "Authentication needed")

    if not package.checkPerm(token.owner, Permission.ADD_SCREENSHOTS):
        error(403, "You do not have the permission to delete screenshots")

    if not token.canOperateOnPackage(package):
        error(403, "API token does not have access to the package")

    json = request.json
    if json is None or not isinstance(json, list):
        error(400, "Expected order body to be array")

    return api_order_screenshots(token, package, request.json)
Ejemplo n.º 7
0
def delete_release(token: APIToken, package: Package, id: int):
    release = PackageRelease.query.get(id)
    if release is None or release.package != package:
        error(404, "Release not found")

    if not token:
        error(401, "Authentication needed")

    if not token.canOperateOnPackage(package):
        error(403, "API token does not have access to the package")

    if not release.checkPerm(token.owner, Permission.DELETE_RELEASE):
        error(
            403,
            "Unable to delete the release, make sure there's a newer release available"
        )

    db.session.delete(release)
    db.session.commit()

    return jsonify({"success": True})
Ejemplo n.º 8
0
def delete_screenshot(token: APIToken, package: Package, id: int):
    ss = PackageScreenshot.query.get(id)
    if ss is None or ss.package != package:
        error(404, "Screenshot not found")

    if not token:
        error(401, "Authentication needed")

    if not package.checkPerm(token.owner, Permission.ADD_SCREENSHOTS):
        error(403, "You do not have the permission to delete screenshots")

    if not token.canOperateOnPackage(package):
        error(403, "API token does not have access to the package")

    if package.cover_image == ss:
        package.cover_image = None
        db.session.merge(package)

    db.session.delete(ss)
    db.session.commit()

    return jsonify({"success": True})
Ejemplo n.º 9
0
def setup_webhook():
    pid = request.args.get("pid")
    if pid is None:
        abort(404)

    package = Package.query.get(pid)
    if package is None:
        abort(404)

    if not package.checkPerm(current_user, Permission.APPROVE_RELEASE):
        flash("Only trusted members can use webhooks", "danger")
        return redirect(package.getDetailsURL())

    gh_user, gh_repo = package.getGitHubFullName()
    if gh_user is None or gh_repo is None:
        flash("Unable to get Github full name from repo address", "danger")
        return redirect(package.getDetailsURL())

    if current_user.github_access_token is None:
        return github.authorize("write:repo_hook",
                                redirect_uri=abs_url_for(
                                    "github.callback_webhook", pid=pid))

    form = SetupWebhookForm(formdata=request.form)
    if form.validate_on_submit():
        token = APIToken()
        token.name = "GitHub Webhook for " + package.title
        token.owner = current_user
        token.access_token = randomString(32)
        token.package = package

        event = form.event.data
        if event != "push" and event != "create":
            abort(500)

        if handleMakeWebhook(gh_user, gh_repo, package,
                             current_user.github_access_token, event, token):
            flash("Successfully created webhook", "success")
            return redirect(package.getDetailsURL())
        else:
            return redirect(url_for("github.setup_webhook", pid=package.id))

    return render_template("github/setup_webhook.html",
                           form=form,
                           package=package)