def filter_to_repos_for_user(query,
user_id=None,
namespace=None,
repo_kind="image",
include_public=True,
start_id=None):
if not include_public and not user_id:
return Repository.select().where(Repository.id == "-1")
# Filter on the type of repository.
if repo_kind is not None:
try:
query = query.where(
Repository.kind == Repository.kind.get_id(repo_kind))
except RepositoryKind.DoesNotExist:
raise DataModelException("Unknown repository kind")
# Add the start ID if necessary.
if start_id is not None:
query = query.where(Repository.id >= start_id)
# Add a namespace filter if necessary.
if namespace:
query = query.where(Namespace.username == namespace)
# Build a set of queries that, when unioned together, return the full set of visible repositories
# for the filters specified.
queries = []
if include_public:
queries.append(
query.where(Repository.visibility == get_public_repo_visibility()))
if user_id is not None:
AdminTeam = Team.alias()
AdminTeamMember = TeamMember.alias()
# Add repositories in which the user has permission.
queries.append(
query.switch(RepositoryPermission).where(
RepositoryPermission.user == user_id))
# Add repositories in which the user is a member of a team that has permission.
queries.append(
query.switch(RepositoryPermission).join(Team).join(
TeamMember).where(TeamMember.user == user_id))
# Add repositories under namespaces in which the user is the org admin.
queries.append(
query.switch(Repository).join(
AdminTeam,
on=(Repository.namespace_user == AdminTeam.organization)).join(
AdminTeamMember,
on=(AdminTeam.id == AdminTeamMember.team)).where(
AdminTeam.role == _lookup_team_role("admin")).where(
AdminTeamMember.user == user_id))
return reduce(lambda l, r: l | r, queries)
def list_notifications(user,
kind_name=None,
id_filter=None,
include_dismissed=False,
page=None,
limit=None):
base_query = Notification.select(
Notification.id,
Notification.uuid,
Notification.kind,
Notification.metadata_json,
Notification.dismissed,
Notification.lookup_path,
Notification.created,
Notification.created.alias("cd"),
Notification.target,
).join(NotificationKind)
if kind_name is not None:
base_query = base_query.where(NotificationKind.name == kind_name)
if id_filter is not None:
base_query = base_query.where(Notification.uuid == id_filter)
if not include_dismissed:
base_query = base_query.where(Notification.dismissed == False)
# Lookup directly for the user.
user_direct = base_query.clone().where(Notification.target == user)
# Lookup via organizations admined by the user.
Org = User.alias()
AdminTeam = Team.alias()
AdminTeamMember = TeamMember.alias()
AdminUser = User.alias()
via_orgs = (base_query.clone().join(
Org, on=(Org.id == Notification.target)).join(
AdminTeam, on=(Org.id == AdminTeam.organization)).join(
TeamRole,
on=(AdminTeam.role == TeamRole.id)).switch(AdminTeam).join(
AdminTeamMember,
on=(AdminTeam.id == AdminTeamMember.team)).join(
AdminUser, on=(AdminTeamMember.user == AdminUser.id
)).where((AdminUser.id == user)
& (TeamRole.name == "admin")))
query = user_direct | via_orgs
if page:
query = query.paginate(page, limit)
elif limit:
query = query.limit(limit)
return query.order_by(SQL("cd desc"))