def _delete_user_linked_data(user):
if user.organization:
# Delete the organization's teams.
with db_transaction():
for team in Team.select().where(Team.organization == user):
team.delete_instance(recursive=True)
# Delete any OAuth approvals and tokens associated with the user.
with db_transaction():
for app in OAuthApplication.select().where(OAuthApplication.organization == user):
app.delete_instance(recursive=True)
else:
# Remove the user from any teams in which they are a member.
TeamMember.delete().where(TeamMember.user == user).execute()
# Delete any repository buildtriggers where the user is the connected user.
with db_transaction():
triggers = RepositoryBuildTrigger.select().where(RepositoryBuildTrigger.connected_user == user)
for trigger in triggers:
trigger.delete_instance(recursive=True, delete_nullable=False)
# Delete any mirrors with robots owned by this user.
with db_transaction():
robots = list(list_namespace_robots(user.username))
RepoMirrorConfig.delete().where(RepoMirrorConfig.internal_robot << robots).execute()
# Delete any robots owned by this user.
with db_transaction():
robots = list(list_namespace_robots(user.username))
for robot in robots:
robot.delete_instance(recursive=True, delete_nullable=True)
# Null out any service key approvals. We technically lose information here, but its better than
# falling and only occurs if a superuser is being deleted.
ServiceKeyApproval.update(approver=None).where(ServiceKeyApproval.approver == user).execute()
def get_matching_user_teams(team_prefix, user_obj, limit=10):
team_prefix_search = prefix_search(Team.name, team_prefix)
query = (Team.select(Team.id.distinct(),
Team).join(User).switch(Team).join(TeamMember).where(
TeamMember.user == user_obj,
team_prefix_search).limit(limit))
return query
def add_user_as_admin(user_obj, org_obj):
try:
admin_role = TeamRole.get(name="admin")
admin_team = (Team.select().where(Team.role == admin_role,
Team.organization == org_obj).get())
team.add_user_to_team(user_obj, admin_team)
except team.UserAlreadyInTeam:
pass
def get_organization_team(orgname, teamname):
joined = Team.select().join(User)
query = joined.where(Team.name == teamname, User.organization == True,
User.username == orgname).limit(1)
result = list(query)
if not result:
raise InvalidTeamException("Team does not exist: %s/%s", orgname,
teamname)
return result[0]
def __get_user_admin_teams(org_name, username):
Org = User.alias()
user_teams = Team.select().join(TeamMember).join(User)
with_org = user_teams.switch(Team).join(Org,
on=(Org.id == Team.organization))
with_role = with_org.switch(Team).join(TeamRole)
admin_teams = with_role.where(User.username == username,
Org.username == org_name,
TeamRole.name == "admin")
return admin_teams
def set_team_repo_permission(team_name, namespace_name, repository_name,
role_name):
try:
team = (Team.select().join(User).where(
Team.name == team_name, User.username == namespace_name).get())
except Team.DoesNotExist:
raise DataModelException("No team %s in organization %s" %
(team_name, namespace_name))
return __set_entity_repo_permission(team, "team", namespace_name,
repository_name, role_name)
def get_org_wide_permissions(user, org_filter=None):
Org = User.alias()
team_with_role = Team.select(Team, Org, TeamRole).join(TeamRole)
with_org = team_with_role.switch(Team).join(
Org, on=(Team.organization == Org.id))
with_user = with_org.switch(Team).join(TeamMember).join(User)
if org_filter:
with_user.where(Org.username == org_filter)
return with_user.where(User.id == user, Org.organization == True)
def get_matching_admined_teams(team_prefix, user_obj, limit=10):
team_prefix_search = prefix_search(Team.name, team_prefix)
admined_orgs = (_basequery.get_user_organizations(
user_obj.username).switch(Team).join(TeamRole).where(
TeamRole.name == "admin"))
query = (Team.select(Team.id.distinct(),
Team).join(User).switch(Team).join(TeamMember).where(
team_prefix_search, Team.organization <<
(admined_orgs)).limit(limit))
return query
def admin_dashboard():
teams = Team.select()
solves = ChallengeSolve.select(ChallengeSolve, Challenge).join(Challenge)
adjustments = ScoreAdjustment.select()
scoredata = scoreboard.get_all_scores(teams, solves, adjustments)
lastsolvedata = scoreboard.get_last_solves(teams, solves)
tickets = list(TroubleTicket.select().where(TroubleTicket.active == True))
return render_template("admin/dashboard.html",
teams=teams,
scoredata=scoredata,
lastsolvedata=lastsolvedata,
tickets=tickets)
def get_teams_within_org(organization, has_external_auth=False):
"""
Returns a AttrDict of team info (id, name, description), its role under the org, the number of
repositories on which it has permission, and the number of members.
"""
query = Team.select().where(
Team.organization == organization).join(TeamRole)
def _team_view(team):
return {
"id": team.id,
"name": team.name,
"description": team.description,
"role_name": Team.role.get_name(team.role_id),
"repo_count": 0,
"member_count": 0,
"is_synced": False,
}
teams = {team.id: _team_view(team) for team in query}
if not teams:
# Just in case. Should ideally never happen.
return []
# Add repository permissions count.
permission_tuples = (RepositoryPermission.select(
RepositoryPermission.team, fn.Count(RepositoryPermission.id)).where(
RepositoryPermission.team << list(teams.keys())).group_by(
RepositoryPermission.team).tuples())
for perm_tuple in permission_tuples:
teams[perm_tuple[0]]["repo_count"] = perm_tuple[1]
# Add the member count.
members_tuples = (TeamMember.select(TeamMember.team, fn.Count(
TeamMember.id)).where(TeamMember.team << list(teams.keys())).group_by(
TeamMember.team).tuples())
for member_tuple in members_tuples:
teams[member_tuple[0]]["member_count"] = member_tuple[1]
# Add syncing information.
if has_external_auth:
sync_query = TeamSync.select(
TeamSync.team).where(TeamSync.team << list(teams.keys()))
for team_sync in sync_query:
teams[team_sync.team_id]["is_synced"] = True
return [AttrDict(team_info) for team_info in list(teams.values())]
def _user_teams(user, resource):
changed = False
p_exact_teams = resource["exact_teams"]
p_add_teams = resource["add_teams"]
p_remove_teams = resource["remove_teams"]
team_names = p_exact_teams or p_add_teams or p_remove_teams
if team_names is None:
return False
teams = []
for name in team_names:
try:
teams.append(Team.get(Team.name == name))
except model.InvalidTeamException:
abort(400, message="Team '%s' does not exist" % name)
teams = set(teams)
current_teams = set(Team.select().join(TeamMember).join(User)).where(
User.username == user.username)
teams_to_add = teams - current_teams
teams_to_remove = current_teams - teams
if p_add_teams:
teams_to_remove = []
elif p_remove_teams:
teams_to_add = []
for team in teams_to_add:
changed = True
model.team.add_user_to_team(user, team)
query = TeamMember.select().join(User).switch(TeamMember).join(Team).join(
TeamRole)
for team in teams_to_remove:
changed = True
found = list(
query.where(User.username == user.username,
Team.name == team.name))
found[0].delete_instance()
return changed
def remove_team(org_name, team_name, removed_by_username):
joined = Team.select(Team, TeamRole).join(User).switch(Team).join(TeamRole)
found = list(
joined.where(User.organization == True, User.username == org_name,
Team.name == team_name))
if not found:
raise InvalidTeamException("Team '%s' is not a team in org '%s'" %
(team_name, org_name))
team = found[0]
if team.role.name == "admin":
admin_teams = list(
__get_user_admin_teams(org_name, removed_by_username))
if len(admin_teams) <= 1:
# The team we are trying to remove is the only admin team containing this user.
msg = "Deleting team '%s' would remove admin ability for user '%s' in organization '%s'"
raise DataModelException(
msg % (team_name, removed_by_username, org_name))
team.delete_instance(recursive=True, delete_nullable=True)
def get_user_teams_within_org(username, organization):
joined = Team.select().join(TeamMember).join(User)
return joined.where(Team.organization == organization,
User.username == username)
def get_matching_teams(team_prefix, organization):
team_prefix_search = prefix_search(Team.name, team_prefix)
query = Team.select().where(team_prefix_search,
Team.organization == organization)
return query.limit(10)
