def get(self, orgname, quota_id):
orgperm = OrganizationMemberPermission(orgname)
if not orgperm.can() and not SuperUserPermission().can():
raise Unauthorized()
quota = get_quota(orgname, quota_id)
return quota_view(quota)
def get(self, orgname, quota_id):
orgperm = OrganizationMemberPermission(orgname)
if not orgperm.can():
raise Unauthorized()
quota = get_quota(orgname, quota_id)
return [
limit_view(limit) for limit in
model.namespacequota.get_namespace_quota_limit_list(quota)
]
def get(self, orgname, quota_id, limit_id):
orgperm = OrganizationMemberPermission(orgname)
if not orgperm.can():
raise Unauthorized()
quota = get_quota(orgname, quota_id)
quota_limit = model.namespacequota.get_namespace_quota_limit(
quota, limit_id)
if quota_limit is None:
raise NotFound()
return limit_view(quota_limit)
def get(self, orgname, parsed_args):
""" List the organization's robots. """
permission = OrganizationMemberPermission(orgname)
if permission.can():
include_token = (AdministerOrganizationPermission(orgname).can() and
parsed_args.get('token', True))
include_permissions = (AdministerOrganizationPermission(orgname).can() and
parsed_args.get('permissions', False))
return robots_list(orgname, include_permissions=include_permissions,
include_token=include_token,
limit=parsed_args.get('limit'))
raise Unauthorized()
def get(self, orgname):
"""
Retrieves the proxy cache configuration of the organization.
"""
permission = OrganizationMemberPermission(orgname)
if not permission.can():
raise Unauthorized()
try:
config = model.proxy_cache.get_proxy_cache_config_for_org(orgname)
except model.InvalidProxyCacheConfigException:
return proxy_cache_view(None)
return proxy_cache_view(config)
def org_view(o, teams):
is_admin = AdministerOrganizationPermission(o.username).can()
is_member = OrganizationMemberPermission(o.username).can()
view = {
"name": o.username,
"email": o.email if is_admin else "",
"avatar": avatar.get_data_for_user(o),
"is_admin": is_admin,
"is_member": is_member,
}
if teams is not None:
teams = sorted(teams, key=lambda team: team.id)
view["teams"] = {t.name: team_view(o.username, t) for t in teams}
view["ordered_teams"] = [team.name for team in teams]
if is_admin:
view["invoice_email"] = o.invoice_email
view["invoice_email_address"] = o.invoice_email_address
view["tag_expiration_s"] = o.removed_tag_expiration_s
view["is_free_account"] = o.stripe_id is None
if features.QUOTA_MANAGEMENT:
quotas = model.namespacequota.get_namespace_quota_list(o.username)
view["quotas"] = [quota_view(quota)
for quota in quotas] if quotas else []
view["quota_report"] = model.namespacequota.get_quota_for_view(
o.username)
return view
def get(self, orgname):
orgperm = OrganizationMemberPermission(orgname)
if not orgperm.can() and not SuperUserPermission().can():
raise Unauthorized()
try:
org = model.organization.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
default_config = False
quotas = model.namespacequota.get_namespace_quota_list(orgname)
# If no quota is defined for the org, return systems default quota
if not quotas and config.app_config.get(
"DEFAULT_SYSTEM_REJECT_QUOTA_BYTES") != 0:
quotas = [model.namespacequota.get_system_default_quota(orgname)]
default_config = True
return [quota_view(quota, default_config) for quota in quotas]
def get(self, orgname):
""" Get the details for the specified organization """
try:
org = model.organization.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
teams = None
if OrganizationMemberPermission(orgname).can():
has_syncing = features.TEAM_SYNCING and bool(authentication.federated_service)
teams = model.team.get_teams_within_org(org, has_syncing)
return org_view(org, teams)
def redirect_to_repository(namespace_name, repo_name, tag_name):
# Always return 200 for ac-discovery, to ensure that rkt and other ACI-compliant clients can
# find the metadata they need. Permissions will be checked in the registry API.
if request.args.get("ac-discovery", 0) == 1:
return index("")
# Redirect to the repository page if the user can see the repository.
is_public = model.repository.repository_is_public(namespace_name,
repo_name)
permission = ReadRepositoryPermission(namespace_name, repo_name)
repo = model.repository.get_repository(namespace_name, repo_name)
if repo and (permission.can() or is_public):
repo_path = "/".join([namespace_name, repo_name])
if repo.kind.name == "application":
return redirect(url_for("web.application", path=repo_path))
else:
return redirect(
url_for("web.repository",
path=repo_path,
tab="tags",
tag=tag_name))
namespace_exists = bool(model.user.get_user_or_org(namespace_name))
namespace_permission = OrganizationMemberPermission(namespace_name).can()
if get_authenticated_user() and get_authenticated_user(
).username == namespace_name:
namespace_permission = True
# Otherwise, we display an error for the user. Which error we display depends on permissions:
# > If the namespace doesn't exist, 404.
# > If the user is a member of the namespace:
# - If the repository doesn't exist, 404
# - If the repository does exist (no access), 403
# > If the user is not a member of the namespace: 403
error_info = {
"reason": "notfound",
"for_repo": True,
"namespace_exists": namespace_exists,
"namespace": namespace_name,
"repo_name": repo_name,
}
if not namespace_exists or (namespace_permission and repo is None):
resp = index("", error_code=404, error_info=json.dumps(error_info))
resp.status_code = 404
return resp
else:
resp = index("", error_code=403, error_info=json.dumps(error_info))
resp.status_code = 403
return resp
def org_view(o, teams):
is_admin = AdministerOrganizationPermission(o.username).can()
is_member = OrganizationMemberPermission(o.username).can()
view = {
"name": o.username,
"email": o.email if is_admin else "",
"avatar": avatar.get_data_for_user(o),
"is_admin": is_admin,
"is_member": is_member,
}
if teams is not None:
teams = sorted(teams, key=lambda team: team.id)
view["teams"] = {t.name: team_view(o.username, t) for t in teams}
view["ordered_teams"] = [team.name for team in teams]
if is_admin:
view["invoice_email"] = o.invoice_email
view["invoice_email_address"] = o.invoice_email_address
view["tag_expiration_s"] = o.removed_tag_expiration_s
view["is_free_account"] = o.stripe_id is None
return view
def org_view(o, teams):
is_admin = AdministerOrganizationPermission(o.username).can()
is_member = OrganizationMemberPermission(o.username).can()
view = {
'name': o.username,
'email': o.email if is_admin else '',
'avatar': avatar.get_data_for_user(o),
'is_admin': is_admin,
'is_member': is_member
}
if teams is not None:
teams = sorted(teams, key=lambda team: team.id)
view['teams'] = {t.name: team_view(o.username, t) for t in teams}
view['ordered_teams'] = [team.name for team in teams]
if is_admin:
view['invoice_email'] = o.invoice_email
view['invoice_email_address'] = o.invoice_email_address
view['tag_expiration_s'] = o.removed_tag_expiration_s
view['is_free_account'] = o.stripe_id is None
return view
def get(self, prefix, parsed_args):
"""
Get a list of entities that match the specified prefix.
"""
# Ensure we don't have any unicode characters in the search, as it breaks the search. Nothing
# being searched can have unicode in it anyway, so this is a safe operation.
prefix = prefix.encode("unidecode", "ignore").replace(" ", "").lower()
teams = []
org_data = []
namespace_name = parsed_args["namespace"]
robot_namespace = None
organization = None
try:
organization = model.organization.get_organization(namespace_name)
# namespace name was an org
permission = OrganizationMemberPermission(namespace_name)
if permission.can():
robot_namespace = namespace_name
if parsed_args["includeTeams"]:
teams = model.team.get_matching_teams(prefix, organization)
if (parsed_args["includeOrgs"]
and AdministerOrganizationPermission(namespace_name)
and namespace_name.startswith(prefix)):
org_data = [{
"name":
namespace_name,
"kind":
"org",
"is_org_member":
True,
"avatar":
avatar.get_data_for_org(organization),
}]
except model.organization.InvalidOrganizationException:
# namespace name was a user
user = get_authenticated_user()
if user and user.username == namespace_name:
# Check if there is admin user permissions (login only)
admin_permission = UserAdminPermission(user.username)
if admin_permission.can():
robot_namespace = namespace_name
# Lookup users in the database for the prefix query.
users = model.user.get_matching_users(
prefix,
robot_namespace,
organization,
limit=10,
exact_matches_only=not features.PARTIAL_USER_AUTOCOMPLETE,
)
# Lookup users via the user system for the prefix query. We'll filter out any users that
# already exist in the database.
external_users, federated_id, _ = authentication.query_users(prefix,
limit=10)
filtered_external_users = []
if external_users and federated_id is not None:
users = list(users)
user_ids = [user.id for user in users]
# Filter the users if any are already found via the database. We do so by looking up all
# the found users in the federated user system.
federated_query = model.user.get_federated_logins(
user_ids, federated_id)
found = {result.service_ident for result in federated_query}
filtered_external_users = [
user for user in external_users if not user.username in found
]
def entity_team_view(team):
result = {
"name": team.name,
"kind": "team",
"is_org_member": True,
"avatar": avatar.get_data_for_team(team),
}
return result
def user_view(user):
user_json = {
"name": user.username,
"kind": "user",
"is_robot": user.robot,
"avatar": avatar.get_data_for_user(user),
}
if organization is not None:
user_json["is_org_member"] = user.robot or user.is_org_member
return user_json
def external_view(user):
result = {
"name": user.username,
"kind": "external",
"title": user.email or "",
"avatar": avatar.get_data_for_external_user(user),
}
return result
team_data = [entity_team_view(team) for team in teams]
user_data = [user_view(user) for user in users]
external_data = [
external_view(user) for user in filtered_external_users
]
return {"results": team_data + user_data + org_data + external_data}