def get_latest_logs_query(performer=None, repository=None, namespace=None, ignore=None, model=LogEntry3, size=None): """ Returns the latest logs matching the given filters. """ Performer = User.alias() Account = User.alias() selections = [model, Performer] if namespace is None and repository is None: selections.append(Account) query = _latest_logs_query(selections, performer, repository, namespace, ignore, model=model, size=size) query = (query.switch(model).join( Performer, JOIN.LEFT_OUTER, on=(model.performer == Performer.id).alias('performer'))) if namespace is None and repository is None: query = (query.switch(model).join( Account, JOIN.LEFT_OUTER, on=(model.account == Account.id).alias('account'))) return query
def list_notifications(user, kind_name=None, id_filter=None, include_dismissed=False, page=None, limit=None): base_query = Notification.select( Notification.id, Notification.uuid, Notification.kind, Notification.metadata_json, Notification.dismissed, Notification.lookup_path, Notification.created, Notification.created.alias("cd"), Notification.target, ).join(NotificationKind) if kind_name is not None: base_query = base_query.where(NotificationKind.name == kind_name) if id_filter is not None: base_query = base_query.where(Notification.uuid == id_filter) if not include_dismissed: base_query = base_query.where(Notification.dismissed == False) # Lookup directly for the user. user_direct = base_query.clone().where(Notification.target == user) # Lookup via organizations admined by the user. Org = User.alias() AdminTeam = Team.alias() AdminTeamMember = TeamMember.alias() AdminUser = User.alias() via_orgs = (base_query.clone().join( Org, on=(Org.id == Notification.target)).join( AdminTeam, on=(Org.id == AdminTeam.organization)).join( TeamRole, on=(AdminTeam.role == TeamRole.id)).switch(AdminTeam).join( AdminTeamMember, on=(AdminTeam.id == AdminTeamMember.team)).join( AdminUser, on=(AdminTeamMember.user == AdminUser.id )).where((AdminUser.id == user) & (TeamRole.name == "admin"))) query = user_direct | via_orgs if page: query = query.paginate(page, limit) elif limit: query = query.limit(limit) return query.order_by(SQL("cd desc"))
def get_prototype_permissions(org): ActivatingUser = User.alias() DelegateUser = User.alias() query = (PermissionPrototype .select() .where(PermissionPrototype.org == org) .join(ActivatingUser, JOIN.LEFT_OUTER, on=(ActivatingUser.id == PermissionPrototype.activating_user)) .join(DelegateUser, JOIN.LEFT_OUTER, on=(DelegateUser.id == PermissionPrototype.delegate_user)) .join(Team, JOIN.LEFT_OUTER, on=(Team.id == PermissionPrototype.delegate_team)) .join(Role, JOIN.LEFT_OUTER, on=(Role.id == PermissionPrototype.role))) return query
def get_organization_member_set(org, include_robots=False, users_filter=None): """ Returns the set of all member usernames under the given organization, with optional filtering by robots and/or by a specific set of User objects. """ Org = User.alias() org_users = ( User.select(User.username) .join(TeamMember) .join(Team) .where(Team.organization == org) .distinct() ) if not include_robots: org_users = org_users.where(User.robot == False) if users_filter is not None: ids_list = [u.id for u in users_filter if u is not None] if not ids_list: return set() org_users = org_users.where(User.id << ids_list) return {user.username for user in org_users}
def _get_user_repo_permissions(user, limit_to_repository_obj=None, limit_namespace=None, limit_repo_name=None): UserThroughTeam = User.alias() base_query = (RepositoryPermission.select( RepositoryPermission, Role, Repository, Namespace).join(Role).switch(RepositoryPermission).join( Repository).join(Namespace, on=(Repository.namespace_user == Namespace.id )).switch(RepositoryPermission)) if limit_to_repository_obj is not None: base_query = base_query.where( RepositoryPermission.repository == limit_to_repository_obj) elif limit_namespace and limit_repo_name: base_query = base_query.where(Repository.name == limit_repo_name, Namespace.username == limit_namespace) direct = base_query.clone().join(User).where(User.id == user) team = (base_query.clone().join(Team).join(TeamMember).join( UserThroughTeam, on=(UserThroughTeam.id == TeamMember.user)).where( UserThroughTeam.id == user)) return direct | team
def get_logs_query( start_time=None, end_time=None, performer=None, repository=None, namespace=None, namespace_id=None, ignore=None, model=LogEntry3, id_range=None, ): """ Returns the logs matching the given filters. """ Performer = User.alias() Account = User.alias() selections = [model, Performer] if namespace is None and repository is None and namespace_id is None: selections.append(Account) query = _logs_query( selections, start_time, end_time, performer, repository, namespace, ignore, model=model, id_range=id_range, namespace_id=namespace_id, ) query = query.switch(model).join( Performer, JOIN.LEFT_OUTER, on=(model.performer == Performer.id).alias("performer")) if namespace is None and repository is None and namespace_id is None: query = query.switch(model).join( Account, JOIN.LEFT_OUTER, on=(model.account == Account.id).alias("account")) return query
def __get_user_admin_teams(org_name, username): Org = User.alias() user_teams = Team.select().join(TeamMember).join(User) with_org = user_teams.switch(Team).join(Org, on=(Org.id == Team.organization)) with_role = with_org.switch(Team).join(TeamRole) admin_teams = with_role.where(User.username == username, Org.username == org_name, TeamRole.name == "admin") return admin_teams
def get_org_wide_permissions(user, org_filter=None): Org = User.alias() team_with_role = Team.select(Team, Org, TeamRole).join(TeamRole) with_org = team_with_role.switch(Team).join( Org, on=(Team.organization == Org.id)) with_user = with_org.switch(Team).join(TeamMember).join(User) if org_filter: with_user.where(Org.username == org_filter) return with_user.where(User.id == user, Org.organization == True)
def remove_user_from_team(org_name, team_name, username, removed_by_username): Org = User.alias() joined = TeamMember.select().join(User).switch(TeamMember).join(Team) with_role = joined.join(TeamRole) with_org = with_role.switch(Team).join(Org, on=(Org.id == Team.organization)) found = list( with_org.where(User.username == username, Org.username == org_name, Team.name == team_name)) if not found: raise DataModelException("User %s does not belong to team %s" % (username, team_name)) if username == removed_by_username: admin_team_query = __get_user_admin_teams(org_name, username) admin_team_names = {team.name for team in admin_team_query} if team_name in admin_team_names and len(admin_team_names) <= 1: msg = "User cannot remove themselves from their only admin team." raise DataModelException(msg) user_in_team = found[0] user_in_team.delete_instance()
def get_user_organizations(username): UserAlias = User.alias() return (User.select().distinct().join(Team).join(TeamMember).join( UserAlias, on=(UserAlias.id == TeamMember.user)).where( User.organization == True, UserAlias.username == username))