def _delete_user_linked_data(user): if user.organization: # Delete the organization's teams. with db_transaction(): for team in Team.select().where(Team.organization == user): team.delete_instance(recursive=True) # Delete any OAuth approvals and tokens associated with the user. with db_transaction(): for app in OAuthApplication.select().where(OAuthApplication.organization == user): app.delete_instance(recursive=True) else: # Remove the user from any teams in which they are a member. TeamMember.delete().where(TeamMember.user == user).execute() # Delete any repository buildtriggers where the user is the connected user. with db_transaction(): triggers = RepositoryBuildTrigger.select().where(RepositoryBuildTrigger.connected_user == user) for trigger in triggers: trigger.delete_instance(recursive=True, delete_nullable=False) # Delete any mirrors with robots owned by this user. with db_transaction(): robots = list(list_namespace_robots(user.username)) RepoMirrorConfig.delete().where(RepoMirrorConfig.internal_robot << robots).execute() # Delete any robots owned by this user. with db_transaction(): robots = list(list_namespace_robots(user.username)) for robot in robots: robot.delete_instance(recursive=True, delete_nullable=True) # Null out any service key approvals. We technically lose information here, but its better than # falling and only occurs if a superuser is being deleted. ServiceKeyApproval.update(approver=None).where(ServiceKeyApproval.approver == user).execute()
def get_matching_user_teams(team_prefix, user_obj, limit=10): team_prefix_search = prefix_search(Team.name, team_prefix) query = (Team.select(Team.id.distinct(), Team).join(User).switch(Team).join(TeamMember).where( TeamMember.user == user_obj, team_prefix_search).limit(limit)) return query
def add_user_as_admin(user_obj, org_obj): try: admin_role = TeamRole.get(name="admin") admin_team = (Team.select().where(Team.role == admin_role, Team.organization == org_obj).get()) team.add_user_to_team(user_obj, admin_team) except team.UserAlreadyInTeam: pass
def filter_to_repos_for_user(query, user_id=None, namespace=None, repo_kind="image", include_public=True, start_id=None): if not include_public and not user_id: return Repository.select().where(Repository.id == "-1") # Filter on the type of repository. if repo_kind is not None: try: query = query.where( Repository.kind == Repository.kind.get_id(repo_kind)) except RepositoryKind.DoesNotExist: raise DataModelException("Unknown repository kind") # Add the start ID if necessary. if start_id is not None: query = query.where(Repository.id >= start_id) # Add a namespace filter if necessary. if namespace: query = query.where(Namespace.username == namespace) # Build a set of queries that, when unioned together, return the full set of visible repositories # for the filters specified. queries = [] if include_public: queries.append( query.where(Repository.visibility == get_public_repo_visibility())) if user_id is not None: AdminTeam = Team.alias() AdminTeamMember = TeamMember.alias() # Add repositories in which the user has permission. queries.append( query.switch(RepositoryPermission).where( RepositoryPermission.user == user_id)) # Add repositories in which the user is a member of a team that has permission. queries.append( query.switch(RepositoryPermission).join(Team).join( TeamMember).where(TeamMember.user == user_id)) # Add repositories under namespaces in which the user is the org admin. queries.append( query.switch(Repository).join( AdminTeam, on=(Repository.namespace_user == AdminTeam.organization)).join( AdminTeamMember, on=(AdminTeam.id == AdminTeamMember.team)).where( AdminTeam.role == _lookup_team_role("admin")).where( AdminTeamMember.user == user_id)) return reduce(lambda l, r: l | r, queries)
def admin_toggle_eligibility(tid): team = Team.get(Team.id == tid) if team.eligibility is None: team.eligibility = False else: team.eligibility = not team.eligibility team.save() flash("Eligibility set to {}".format(team.eligible)) return redirect(url_for(".admin_show_team", tid=tid))
def list_notifications(user, kind_name=None, id_filter=None, include_dismissed=False, page=None, limit=None): base_query = Notification.select( Notification.id, Notification.uuid, Notification.kind, Notification.metadata_json, Notification.dismissed, Notification.lookup_path, Notification.created, Notification.created.alias("cd"), Notification.target, ).join(NotificationKind) if kind_name is not None: base_query = base_query.where(NotificationKind.name == kind_name) if id_filter is not None: base_query = base_query.where(Notification.uuid == id_filter) if not include_dismissed: base_query = base_query.where(Notification.dismissed == False) # Lookup directly for the user. user_direct = base_query.clone().where(Notification.target == user) # Lookup via organizations admined by the user. Org = User.alias() AdminTeam = Team.alias() AdminTeamMember = TeamMember.alias() AdminUser = User.alias() via_orgs = (base_query.clone().join( Org, on=(Org.id == Notification.target)).join( AdminTeam, on=(Org.id == AdminTeam.organization)).join( TeamRole, on=(AdminTeam.role == TeamRole.id)).switch(AdminTeam).join( AdminTeamMember, on=(AdminTeam.id == AdminTeamMember.team)).join( AdminUser, on=(AdminTeamMember.user == AdminUser.id )).where((AdminUser.id == user) & (TeamRole.name == "admin"))) query = user_direct | via_orgs if page: query = query.paginate(page, limit) elif limit: query = query.limit(limit) return query.order_by(SQL("cd desc"))
def get_organization_team(orgname, teamname): joined = Team.select().join(User) query = joined.where(Team.name == teamname, User.organization == True, User.username == orgname).limit(1) result = list(query) if not result: raise InvalidTeamException("Team does not exist: %s/%s", orgname, teamname) return result[0]
def __get_user_admin_teams(org_name, username): Org = User.alias() user_teams = Team.select().join(TeamMember).join(User) with_org = user_teams.switch(Team).join(Org, on=(Org.id == Team.organization)) with_role = with_org.switch(Team).join(TeamRole) admin_teams = with_role.where(User.username == username, Org.username == org_name, TeamRole.name == "admin") return admin_teams
def admin_score_adjust(tid): value = int(request.form["value"]) reason = request.form["reason"] team = Team.get(Team.id == tid) ScoreAdjustment.create(team=team, value=value, reason=reason) flash("Score adjusted.") return redirect(url_for(".admin_show_team", tid=tid))
def _user_teams(user, resource): changed = False p_exact_teams = resource["exact_teams"] p_add_teams = resource["add_teams"] p_remove_teams = resource["remove_teams"] team_names = p_exact_teams or p_add_teams or p_remove_teams if team_names is None: return False teams = [] for name in team_names: try: teams.append(Team.get(Team.name == name)) except model.InvalidTeamException: abort(400, message="Team '%s' does not exist" % name) teams = set(teams) current_teams = set(Team.select().join(TeamMember).join(User)).where( User.username == user.username) teams_to_add = teams - current_teams teams_to_remove = current_teams - teams if p_add_teams: teams_to_remove = [] elif p_remove_teams: teams_to_add = [] for team in teams_to_add: changed = True model.team.add_user_to_team(user, team) query = TeamMember.select().join(User).switch(TeamMember).join(Team).join( TeamRole) for team in teams_to_remove: changed = True found = list( query.where(User.username == user.username, Team.name == team.name)) found[0].delete_instance() return changed
def set_team_repo_permission(team_name, namespace_name, repository_name, role_name): try: team = (Team.select().join(User).where( Team.name == team_name, User.username == namespace_name).get()) except Team.DoesNotExist: raise DataModelException("No team %s in organization %s" % (team_name, namespace_name)) return __set_entity_repo_permission(team, "team", namespace_name, repository_name, role_name)
def get_org_wide_permissions(user, org_filter=None): Org = User.alias() team_with_role = Team.select(Team, Org, TeamRole).join(TeamRole) with_org = team_with_role.switch(Team).join( Org, on=(Team.organization == Org.id)) with_user = with_org.switch(Team).join(TeamMember).join(User) if org_filter: with_user.where(Org.username == org_filter) return with_user.where(User.id == user, Org.organization == True)
def get_matching_admined_teams(team_prefix, user_obj, limit=10): team_prefix_search = prefix_search(Team.name, team_prefix) admined_orgs = (_basequery.get_user_organizations( user_obj.username).switch(Team).join(TeamRole).where( TeamRole.name == "admin")) query = (Team.select(Team.id.distinct(), Team).join(User).switch(Team).join(TeamMember).where( team_prefix_search, Team.organization << (admined_orgs)).limit(limit)) return query
def admin_dashboard(): teams = Team.select() solves = ChallengeSolve.select(ChallengeSolve, Challenge).join(Challenge) adjustments = ScoreAdjustment.select() scoredata = scoreboard.get_all_scores(teams, solves, adjustments) lastsolvedata = scoreboard.get_last_solves(teams, solves) tickets = list(TroubleTicket.select().where(TroubleTicket.active == True)) return render_template("admin/dashboard.html", teams=teams, scoredata=scoredata, lastsolvedata=lastsolvedata, tickets=tickets)
def get_teams_within_org(organization, has_external_auth=False): """ Returns a AttrDict of team info (id, name, description), its role under the org, the number of repositories on which it has permission, and the number of members. """ query = Team.select().where( Team.organization == organization).join(TeamRole) def _team_view(team): return { "id": team.id, "name": team.name, "description": team.description, "role_name": Team.role.get_name(team.role_id), "repo_count": 0, "member_count": 0, "is_synced": False, } teams = {team.id: _team_view(team) for team in query} if not teams: # Just in case. Should ideally never happen. return [] # Add repository permissions count. permission_tuples = (RepositoryPermission.select( RepositoryPermission.team, fn.Count(RepositoryPermission.id)).where( RepositoryPermission.team << list(teams.keys())).group_by( RepositoryPermission.team).tuples()) for perm_tuple in permission_tuples: teams[perm_tuple[0]]["repo_count"] = perm_tuple[1] # Add the member count. members_tuples = (TeamMember.select(TeamMember.team, fn.Count( TeamMember.id)).where(TeamMember.team << list(teams.keys())).group_by( TeamMember.team).tuples()) for member_tuple in members_tuples: teams[member_tuple[0]]["member_count"] = member_tuple[1] # Add syncing information. if has_external_auth: sync_query = TeamSync.select( TeamSync.team).where(TeamSync.team << list(teams.keys())) for team_sync in sync_query: teams[team_sync.team_id]["is_synced"] = True return [AttrDict(team_info) for team_info in list(teams.values())]
def create_team(name, org_obj, team_role_name, description=""): (teamname_valid, teamname_issue) = validate_team_name(name) if not teamname_valid: raise InvalidTeamException("Invalid team name %s: %s" % (name, teamname_issue)) if not org_obj.organization: raise InvalidTeamException( "Specified organization %s was not an organization" % org_obj.username) team_role = TeamRole.get(TeamRole.name == team_role_name) return Team.create(name=name, organization=org_obj, role=team_role, description=description)
def remove_team(org_name, team_name, removed_by_username): joined = Team.select(Team, TeamRole).join(User).switch(Team).join(TeamRole) found = list( joined.where(User.organization == True, User.username == org_name, Team.name == team_name)) if not found: raise InvalidTeamException("Team '%s' is not a team in org '%s'" % (team_name, org_name)) team = found[0] if team.role.name == "admin": admin_teams = list( __get_user_admin_teams(org_name, removed_by_username)) if len(admin_teams) <= 1: # The team we are trying to remove is the only admin team containing this user. msg = "Deleting team '%s' would remove admin ability for user '%s' in organization '%s'" raise DataModelException( msg % (team_name, removed_by_username, org_name)) team.delete_instance(recursive=True, delete_nullable=True)
def get_matching_teams(team_prefix, organization): team_prefix_search = prefix_search(Team.name, team_prefix) query = Team.select().where(team_prefix_search, Team.organization == organization) return query.limit(10)
def admin_show_team(tid): team = Team.get(Team.id == tid) return render_template("admin/team.html", team=team)
def get_user_teams_within_org(username, organization): joined = Team.select().join(TeamMember).join(User) return joined.where(Team.organization == organization, User.username == username)