def create_repository( namespace, name, creating_user, visibility="private", repo_kind="image", description=None ): namespace_user = User.get(username=namespace) yesterday = datetime.now() - timedelta(days=1) with db_transaction(): repo = Repository.create( name=name, visibility=Repository.visibility.get_id(visibility), namespace_user=namespace_user, kind=Repository.kind.get_id(repo_kind), description=description, ) RepositoryActionCount.create(repository=repo, count=0, date=yesterday) RepositorySearchScore.create(repository=repo, score=0) # Note: We put the admin create permission under the transaction to ensure it is created. if creating_user and not creating_user.organization: admin = Role.get(name="admin") RepositoryPermission.create(user=creating_user, repository=repo, role=admin) # Apply default permissions (only occurs for repositories under organizations) if creating_user and not creating_user.organization and creating_user.username != namespace: permission.apply_default_permissions(repo, creating_user) return repo
def process(resources): response = [] changed = True for resource in resources: p_state = resource["state"] p_name = resource["name"] try: role = Role.get(name=p_name) except Role.DoesNotExist: role = None if p_state == "absent": if role is not None: changed = True role.delete_instance() response.append("Role '%s' deleted" % p_name) changed = True else: response.append("Role '%s' does not exist" % p_name) else: if role is None: changed = True role = Role.create(name=p_name) response.append("Role '%s' created" % p_name) else: response.append("Role '%s' exists" % p_name) return {"failed": False, "changed": changed, "meta": response}, 200
def update_prototype_permission(org, uid, role_name): found = get_prototype_permission(org, uid) if not found: return None new_role = Role.get(Role.name == role_name) found.role = new_role found.save() return found
def create_repository(namespace, name, creating_user, visibility="private", repo_kind="image", description=None): namespace_user = User.get(username=namespace) yesterday = datetime.now() - timedelta(days=1) try: with db_transaction(): # Check if the repository exists to avoid an IntegrityError if possible. existing = get_repository(namespace, name) if existing is not None: return None try: repo = Repository.create( name=name, visibility=Repository.visibility.get_id(visibility), namespace_user=namespace_user, kind=Repository.kind.get_id(repo_kind), description=description, ) except IntegrityError as ie: raise _RepositoryExistsException(ie) RepositoryActionCount.create(repository=repo, count=0, date=yesterday) RepositorySearchScore.create(repository=repo, score=0) # Note: We put the admin create permission under the transaction to ensure it is created. if creating_user and not creating_user.organization: admin = Role.get(name="admin") RepositoryPermission.create(user=creating_user, repository=repo, role=admin) except _RepositoryExistsException as ree: try: return Repository.get(namespace_user=namespace_user, name=name) except Repository.DoesNotExist: logger.error( "Got integrity error when trying to create repository %s/%s: %s", namespace, name, ree.internal_exception, ) return None # Apply default permissions (only occurs for repositories under organizations) if creating_user and not creating_user.organization and creating_user.username != namespace: permission.apply_default_permissions(repo, creating_user) return repo
def create_delegate_token(namespace_name, repository_name, friendly_name, role="read"): read_only = Role.get(name=role) repo = _basequery.get_existing_repository(namespace_name, repository_name) new_token = AccessToken.create(repository=repo, role=read_only, friendly_name=friendly_name, temporary=False) return new_token
def create_access_token(repo, role, kind=None, friendly_name=None): role = Role.get(Role.name == role) kind_ref = None if kind is not None: kind_ref = AccessTokenKind.get(AccessTokenKind.name == kind) new_token = AccessToken.create(repository=repo, temporary=True, role=role, kind=kind_ref, friendly_name=friendly_name) return new_token
def add_prototype_permission(org, role_name, activating_user, delegate_user=None, delegate_team=None): new_role = Role.get(Role.name == role_name) return PermissionPrototype.create( org=org, role=new_role, activating_user=activating_user, delegate_user=delegate_user, delegate_team=delegate_team, )
def __set_entity_repo_permission(entity, permission_entity_property, namespace_name, repository_name, role_name): repo = _basequery.get_existing_repository(namespace_name, repository_name) new_role = Role.get(Role.name == role_name) # Fetch any existing permission for this entity on the repo try: entity_attr = getattr(RepositoryPermission, permission_entity_property) perm = RepositoryPermission.get(entity_attr == entity, RepositoryPermission.repository == repo) perm.role = new_role perm.save() return perm except RepositoryPermission.DoesNotExist: set_entity_kwargs = {permission_entity_property: entity} new_perm = RepositoryPermission.create(repository=repo, role=new_role, **set_entity_kwargs) return new_perm
from app import app from data.database import Namespace, Repository, RepositoryPermission, Role from data.model.permission import get_user_repo_permissions from data.model.user import get_active_users, get_nonrobot_user DESCRIPTION = """ Fix user repositories missing admin permissions for owning user. """ parser = argparse.ArgumentParser(description=DESCRIPTION) parser.add_argument("users", nargs="*", help="Users to check") parser.add_argument("-a", "--all", action="store_true", help="Check all users") parser.add_argument("-n", "--dry-run", action="store_true", help="Don't act") ADMIN = Role.get(name="admin") def repos_for_namespace(namespace): return (Repository.select(Repository.id, Repository.name, Namespace.username).join(Namespace).where( Namespace.username == namespace)) def has_admin(user, repo): perms = get_user_repo_permissions(user, repo) return any(p.role == ADMIN for p in perms) def get_users(all_users=False, users_list=None): if all_users:
from app import app from data.database import Namespace, Repository, RepositoryPermission, Role from data.model.permission import get_user_repo_permissions from data.model.user import get_active_users, get_nonrobot_user DESCRIPTION = ''' Fix user repositories missing admin permissions for owning user. ''' parser = argparse.ArgumentParser(description=DESCRIPTION) parser.add_argument('users', nargs='*', help='Users to check') parser.add_argument('-a', '--all', action='store_true', help='Check all users') parser.add_argument('-n', '--dry-run', action='store_true', help="Don't act") ADMIN = Role.get(name='admin') def repos_for_namespace(namespace): return (Repository.select(Repository.id, Repository.name, Namespace.username).join(Namespace).where( Namespace.username == namespace)) def has_admin(user, repo): perms = get_user_repo_permissions(user, repo) return any(p.role == ADMIN for p in perms) def get_users(all_users=False, users_list=None): if all_users: