def add_blacklist(request): project_name = request.POST.get("project") if project_name is None: raise HTTPBadRequest("Have a project to confirm.") comment = request.POST.get("comment", "") # Verify that the user has confirmed the request to blacklist. confirm = request.POST.get("confirm") if not confirm: request.session.flash("Confirm the blacklist request", queue="error") return HTTPSeeOther(request.current_route_path()) elif canonicalize_name(confirm) != canonicalize_name(project_name): request.session.flash( f"{confirm!r} is not the same as {project_name!r}", queue="error") return HTTPSeeOther(request.current_route_path()) # Add our requested blacklist. request.db.add( BlacklistedProject(name=project_name, comment=comment, blacklisted_by=request.user)) # Go through and delete the project and everything related to it so that # our blacklist actually blocks things and isn't ignored (since the # blacklist only takes effect on new project registration). project = (request.db.query(Project).filter( Project.normalized_name == func.normalize_pep426_name( project_name)).first()) if project is not None: remove_project(project, request) request.session.flash(f"Blacklisted {project_name!r}", queue="success") return HTTPSeeOther(request.route_path("admin.blacklist.list"))
def add_prohibited_project_names(request): project_name = request.POST.get("project") if project_name is None: raise HTTPBadRequest("Have a project to confirm.") comment = request.POST.get("comment", "") # Verify that the user has confirmed the request to prohibit. confirm = request.POST.get("confirm") if not confirm: request.session.flash( "Confirm the prohibited project name request", queue="error" ) return HTTPSeeOther(request.current_route_path()) elif canonicalize_name(confirm) != canonicalize_name(project_name): request.session.flash( f"{confirm!r} is not the same as {project_name!r}", queue="error" ) return HTTPSeeOther(request.current_route_path()) # Check to make sure the object doesn't already exist. if ( request.db.query(literal(True)) .filter( request.db.query(ProhibitedProjectName) .filter(ProhibitedProjectName.name == project_name) .exists() ) .scalar() ): request.session.flash( f"{project_name!r} has already been prohibited.", queue="error" ) return HTTPSeeOther(request.route_path("admin.prohibited_project_names.list")) # Add our requested prohibition. request.db.add( ProhibitedProjectName( name=project_name, comment=comment, prohibited_by=request.user ) ) # Go through and delete the project and everything related to it so that # our prohibition actually blocks things and isn't ignored (since the # prohibition only takes effect on new project registration). project = ( request.db.query(Project) .filter(Project.normalized_name == func.normalize_pep426_name(project_name)) .first() ) if project is not None: remove_project(project, request) request.session.flash(f"Prohibited Project Name {project_name!r}", queue="success") return HTTPSeeOther(request.route_path("admin.prohibited_project_names.list"))
def add_blacklist(request): project_name = request.POST.get("project") if project_name is None: raise HTTPBadRequest("Have a project to confirm.") comment = request.POST.get("comment", "") # Verify that the user has confirmed the request to blacklist. confirm = request.POST.get("confirm") if not confirm: request.session.flash("Confirm the blacklist request", queue="error") return HTTPSeeOther(request.current_route_path()) elif canonicalize_name(confirm) != canonicalize_name(project_name): request.session.flash( f"{confirm!r} is not the same as {project_name!r}", queue="error" ) return HTTPSeeOther(request.current_route_path()) # Check to make sure the object doesn't already exist. if ( request.db.query(literal(True)) .filter( request.db.query(BlacklistedProject) .filter(BlacklistedProject.name == project_name) .exists() ) .scalar() ): request.session.flash( f"{project_name!r} has already been blacklisted.", queue="error" ) return HTTPSeeOther(request.route_path("admin.blacklist.list")) # Add our requested blacklist. request.db.add( BlacklistedProject( name=project_name, comment=comment, blacklisted_by=request.user ) ) # Go through and delete the project and everything related to it so that # our blacklist actually blocks things and isn't ignored (since the # blacklist only takes effect on new project registration). project = ( request.db.query(Project) .filter(Project.normalized_name == func.normalize_pep426_name(project_name)) .first() ) if project is not None: remove_project(project, request) request.session.flash(f"Blacklisted {project_name!r}", queue="success") return HTTPSeeOther(request.route_path("admin.blacklist.list"))
def test_remove_project(db_request, flash): user = UserFactory.create() project = ProjectFactory.create(name="foo") release = ReleaseFactory.create(project=project) FileFactory.create(release=release, filename="who cares") RoleFactory.create(user=user, project=project) DependencyFactory.create(release=release) db_request.user = user db_request.remote_addr = "192.168.1.1" db_request.session = stub(flash=call_recorder(lambda *a, **kw: stub())) remove_project(project, db_request, flash=flash) if flash: assert db_request.session.flash.calls == [ call("Deleted the project 'foo'", queue="success") ] else: assert db_request.session.flash.calls == [] assert not (db_request.db.query(Role).filter(Role.project == project).count()) assert not ( db_request.db.query(File) .join(Release) .join(Project) .filter(Release.project == project) .count() ) assert not ( db_request.db.query(Dependency) .join(Release) .filter(Release.project == project) .count() ) assert not (db_request.db.query(Release).filter(Release.project == project).count()) assert not ( db_request.db.query(Project).filter(Project.name == project.name).count() ) journal_entry = ( db_request.db.query(JournalEntry) .options(joinedload("submitted_by")) .filter(JournalEntry.name == "foo") .one() ) assert journal_entry.action == "remove project" assert journal_entry.submitted_by == db_request.user assert journal_entry.submitted_from == db_request.remote_addr
def delete_project(project, request): if request.flags.enabled(AdminFlagValue.DISALLOW_DELETION): request.session.flash( ("Project deletion temporarily disabled. " "See https://pypi.org/help#admin-intervention for details."), queue="error", ) return HTTPSeeOther( request.route_path("manage.project.settings", project_name=project.name)) confirm_project(project, request, fail_route="manage.project.settings") remove_project(project, request) return HTTPSeeOther(request.route_path("manage.projects"))
def test_remove_project(db_request, flash): user = UserFactory.create() project = ProjectFactory.create(name="foo") release = ReleaseFactory.create(project=project) FileFactory.create(release=release, filename="who cares") RoleFactory.create(user=user, project=project) DependencyFactory.create(release=release) db_request.user = user db_request.session = stub(flash=call_recorder(lambda *a, **kw: stub())) remove_project(project, db_request, flash=flash) if flash: assert db_request.session.flash.calls == [ call("Deleted the project 'foo'", queue="success") ] else: assert db_request.session.flash.calls == [] assert not (db_request.db.query(Role).filter(Role.project == project).count()) assert not ( db_request.db.query(File) .join(Release) .join(Project) .filter(Release.project == project) .count() ) assert not ( db_request.db.query(Dependency) .join(Release) .filter(Release.project == project) .count() ) assert not (db_request.db.query(Release).filter(Release.project == project).count()) assert not ( db_request.db.query(Project).filter(Project.name == project.name).count() ) journal_entry = ( db_request.db.query(JournalEntry) .options(joinedload("submitted_by")) .filter(JournalEntry.name == "foo") .one() ) assert journal_entry.action == "remove project" assert journal_entry.submitted_by == db_request.user assert journal_entry.submitted_from == db_request.remote_addr
def bulk_add_prohibited_project_names(request): if request.method == "POST": project_names = request.POST.get("projects", "").split() comment = request.POST.get("comment", "") for project_name in project_names: # Check to make sure the object doesn't already exist. if ( request.db.query(literal(True)) .filter( request.db.query(ProhibitedProjectName) .filter(ProhibitedProjectName.name == project_name) .exists() ) .scalar() ): continue # Add our requested prohibition. request.db.add( ProhibitedProjectName( name=project_name, comment=comment, prohibited_by=request.user ) ) # Go through and delete the project and everything related to it so that # our prohibition actually blocks things and isn't ignored (since the # prohibition only takes effect on new project registration). project = ( request.db.query(Project) .filter( Project.normalized_name == func.normalize_pep426_name(project_name) ) .first() ) if project is not None: remove_project(project, request, flash=False) request.session.flash( f"Prohibited {len(project_names)!r} projects", queue="success" ) return HTTPSeeOther( request.route_path("admin.prohibited_project_names.bulk_add") ) return {}
def test_remove_project(db_request, flash): user = UserFactory.create() project = ProjectFactory.create(name="foo") release = ReleaseFactory.create(project=project) FileFactory.create( name=project.name, version=release.version, filename="who cares", ) RoleFactory.create(user=user, project=project) DependencyFactory.create(name=project.name, version=release.version) db_request.user = user db_request.remote_addr = "192.168.1.1" db_request.session = stub(flash=call_recorder(lambda *a, **kw: stub())) remove_project(project, db_request, flash=flash) if flash: assert db_request.session.flash.calls == [ call( "Successfully deleted the project 'foo'.", queue="success" ), ] else: assert db_request.session.flash.calls == [] assert not (db_request.db.query(Role) .filter(Role.project == project).count()) assert not (db_request.db.query(File) .filter(File.name == project.name).count()) assert not (db_request.db.query(Dependency) .filter(Dependency.name == project.name).count()) assert not (db_request.db.query(Release) .filter(Release.name == project.name).count()) assert not (db_request.db.query(Project) .filter(Project.name == project.name).count()) journal_entry = ( db_request.db.query(JournalEntry) .filter(JournalEntry.name == "foo") .one() ) assert journal_entry.action == "remove" assert journal_entry.submitted_by == db_request.user assert journal_entry.submitted_from == db_request.remote_addr
def user_delete(request): user = request.db.query(User).get(request.matchdict['user_id']) if user.username != request.params.get('username'): print(user.username) print(request.params.get('username')) request.session.flash(f'Wrong confirmation input.', queue='error') return HTTPSeeOther( request.route_path('admin.user.detail', user_id=user.id) ) # Delete projects one by one so they are purged from the cache for project in user.projects: remove_project(project, request, flash=False) # Update all journals to point to `deleted-user` instead deleted_user = ( request.db.query(User) .filter(User.username == 'deleted-user') .one() ) journals = ( request.db.query(JournalEntry) .filter(JournalEntry.submitted_by == user) .all() ) for journal in journals: journal.submitted_by = deleted_user # Delete the user request.db.delete(user) request.db.add( JournalEntry( name=f'user:{user.username}', action=f'nuke user', submitted_by=request.user, submitted_from=request.remote_addr, ) ) request.session.flash(f'Nuked user {user.username!r}.', queue='success') return HTTPSeeOther(request.route_path('admin.user.list'))
def delete_project(project, request): confirm_project(project, request, fail_route="admin.project.detail") remove_project(project, request) return HTTPSeeOther(request.route_path("admin.project.list"))
def delete_project(project, request): confirm_project(project, request, fail_route="manage.project.settings") remove_project(project, request) return HTTPSeeOther(request.route_path("manage.projects"))
def delete_project(project, request): confirm_project(project, request, fail_route="manage.project.settings") remove_project(project, request) return HTTPSeeOther(request.route_path("manage.projects"))
def delete_project(project, request): confirm_project(project, request, fail_route="admin.project.detail") remove_project(project, request) return HTTPSeeOther(request.route_path('admin.project.list'))