def _user_permission(self, permission_obj, has_org, is_org_member):
return UserPermission(role_name=permission_obj.role.name,
username=permission_obj.user.username,
is_robot=permission_obj.user.robot,
avatar=avatar.get_data_for_user(permission_obj.user),
is_org_member=is_org_member,
has_org=has_org)
def org_view(o, teams):
is_admin = AdministerOrganizationPermission(o.username).can()
is_member = OrganizationMemberPermission(o.username).can()
view = {
"name": o.username,
"email": o.email if is_admin else "",
"avatar": avatar.get_data_for_user(o),
"is_admin": is_admin,
"is_member": is_member,
}
if teams is not None:
teams = sorted(teams, key=lambda team: team.id)
view["teams"] = {t.name: team_view(o.username, t) for t in teams}
view["ordered_teams"] = [team.name for team in teams]
if is_admin:
view["invoice_email"] = o.invoice_email
view["invoice_email_address"] = o.invoice_email_address
view["tag_expiration_s"] = o.removed_tag_expiration_s
view["is_free_account"] = o.stripe_id is None
if features.QUOTA_MANAGEMENT:
quotas = model.namespacequota.get_namespace_quota_list(o.username)
view["quotas"] = [quota_view(quota)
for quota in quotas] if quotas else []
view["quota_report"] = model.namespacequota.get_quota_for_view(
o.username)
return view
def get(self, orgname):
""" List outside collaborators of the specified organization. """
permission = AdministerOrganizationPermission(orgname)
if not permission.can():
raise Unauthorized()
try:
org = model.organization.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
all_perms = model.permission.list_organization_member_permissions(org)
membership = model.team.list_organization_members_by_teams(org)
org_members = set(m.user.username for m in membership)
collaborators = {}
for perm in all_perms:
username = perm.user.username
# Only interested in non-member permissions.
if username in org_members:
continue
if username not in collaborators:
collaborators[username] = {
"kind": "user",
"name": username,
"avatar": avatar.get_data_for_user(perm.user),
"repositories": [],
}
collaborators[username]["repositories"].append(perm.repository.name)
return {"collaborators": collaborators.values()}
def search_entity_view(username, entity, get_short_name=None):
kind = "user"
title = "user"
avatar_data = avatar.get_data_for_user(entity)
href = "/user/" + entity.username
if entity.organization:
kind = "organization"
title = "org"
avatar_data = avatar.get_data_for_org(entity)
href = "/organization/" + entity.username
elif entity.robot:
parts = parse_robot_username(entity.username)
if parts[0] == username:
href = "/user/" + username + "?tab=robots&showRobot=" + entity.username
else:
href = "/organization/" + parts[0] + "?tab=robots&showRobot=" + entity.username
kind = "robot"
title = "robot"
avatar_data = None
data = {
"title": title,
"kind": kind,
"avatar": avatar_data,
"name": entity.username,
"score": ENTITY_SEARCH_SCORE,
"href": href,
}
if get_short_name:
data["short_name"] = get_short_name(entity.username)
return data
def prototype_user_view(user):
return {
'name': user.username,
'is_robot': user.robot,
'kind': 'user',
'is_org_member': user.robot or user.username in org_members,
'avatar': avatar.get_data_for_user(user)
}
def prototype_user_view(user):
return {
"name": user.username,
"is_robot": user.robot,
"kind": "user",
"is_org_member": user.robot or user.username in org_members,
"avatar": avatar.get_data_for_user(user),
}
def member_view(member, invited=False):
return {
'name': member.username,
'kind': 'user',
'is_robot': member.robot,
'avatar': avatar.get_data_for_user(member),
'invited': invited,
}
def member_view(member, invited=False):
return {
"name": member.username,
"kind": "user",
"is_robot": member.robot,
"avatar": avatar.get_data_for_user(member),
"invited": invited,
}
def user_view(user):
user_json = {
'name': user.username,
'kind': 'user',
'is_robot': user.robot,
'avatar': avatar.get_data_for_user(user)
}
if organization is not None:
user_json['is_org_member'] = user.robot or user.is_org_member
return user_json
def user_view(user):
user_json = {
"name": user.username,
"kind": "user",
"is_robot": user.robot,
"avatar": avatar.get_data_for_user(user),
}
if organization is not None:
user_json["is_org_member"] = user.robot or user.is_org_member
return user_json
def get(self, orgname, membername):
"""
Retrieves the details of a member of the organization.
"""
permission = AdministerOrganizationPermission(orgname)
if permission.can():
# Lookup the user.
member = model.user.get_user(membername)
if not member:
raise NotFound()
organization = model.user.get_user_or_org(orgname)
if not organization:
raise NotFound()
# Lookup the user's information in the organization.
teams = list(
model.team.get_user_teams_within_org(membername, organization))
if not teams:
# 404 if the user is not a robot under the organization, as that means the referenced
# user or robot is not a member of this organization.
if not member.robot:
raise NotFound()
namespace, _ = parse_robot_username(member.username)
if namespace != orgname:
raise NotFound()
repo_permissions = model.permission.list_organization_member_permissions(
organization, member)
def local_team_view(team):
return {
"name": team.name,
"avatar": avatar.get_data_for_team(team),
}
return {
"name":
member.username,
"kind":
"robot" if member.robot else "user",
"avatar":
avatar.get_data_for_user(member),
"teams": [local_team_view(team) for team in teams],
"repositories": [
permission.repository.name
for permission in repo_permissions
],
}
raise Unauthorized()
def to_dict(self):
user_data = {
'kind': 'user',
'name': self.username,
'username': self.username,
'email': self.email,
'verified': self.verified,
'avatar': avatar.get_data_for_user(self),
'super_user': superusers.is_superuser(self.username),
'enabled': self.enabled,
}
return user_data
def to_dict(self):
user_data = {
"kind": "user",
"name": self.username,
"username": self.username,
"email": self.email,
"verified": self.verified,
"avatar": avatar.get_data_for_user(self),
"super_user": superusers.is_superuser(self.username),
"enabled": self.enabled,
}
return user_data
def get(self, orgname):
"""
List the human members of the specified organization.
"""
permission = AdministerOrganizationPermission(orgname)
if permission.can():
try:
org = model.organization.get_organization(orgname)
except model.InvalidOrganizationException:
raise NotFound()
# Loop to create the members dictionary. Note that the members collection
# will return an entry for *every team* a member is on, so we will have
# duplicate keys (which is why we pre-build the dictionary).
members_dict = {}
members = model.team.list_organization_members_by_teams(org)
for member in members:
if member.user.robot:
continue
if not member.user.username in members_dict:
member_data = {
"name": member.user.username,
"kind": "user",
"avatar": avatar.get_data_for_user(member.user),
"teams": [],
"repositories": [],
}
members_dict[member.user.username] = member_data
members_dict[member.user.username]["teams"].append({
"name":
member.team.name,
"avatar":
avatar.get_data_for_team(member.team),
})
# Loop to add direct repository permissions.
for permission in model.permission.list_organization_member_permissions(
org):
username = permission.user.username
if not username in members_dict:
continue
members_dict[username]["repositories"].append(
permission.repository.name)
return {"members": members_dict.values()}
raise Unauthorized()
def user_view(user, password=None):
user_data = {
"kind": "user",
"name": user.username,
"username": user.username,
"email": user.email,
"verified": user.verified,
"avatar": avatar.get_data_for_user(user),
"super_user": superusers.is_superuser(user.username),
"enabled": user.enabled,
}
if password is not None:
user_data["encrypted_password"] = authentication.encrypt_user_password(password)
return user_data
def user_view(user, password=None):
user_data = {
'kind': 'user',
'name': user.username,
'username': user.username,
'email': user.email,
'verified': user.verified,
'avatar': avatar.get_data_for_user(user),
'super_user': superusers.is_superuser(user.username),
'enabled': user.enabled,
}
if password is not None:
user_data['encrypted_password'] = authentication.encrypt_user_password(
password)
return user_data
def to_dict(self):
user_data = {
"kind": "user",
"name": self.username,
"username": self.username,
"email": self.email,
"verified": self.verified,
"avatar": avatar.get_data_for_user(self),
"super_user": superusers.is_superuser(self.username),
"enabled": self.enabled,
}
if features.QUOTA_MANAGEMENT and self.quotas is not None:
user_data["quotas"] = (
[quota_view(quota)
for quota in self.quotas] if self.quotas else [])
user_data[
"quota_report"] = model.namespacequota.get_quota_for_view(
self.username)
return user_data
def post(self, username):
if not authentication.federated_service:
abort(404)
# Only allowed if there is a logged in user.
if not get_authenticated_user():
raise Unauthorized()
# Try to link the user with the given *external* username, to an internal record.
(user, err_msg) = authentication.link_user(username)
if user is None:
raise InvalidRequest(err_msg, payload={"username": username})
return {
"entity": {
"name": user.username,
"kind": "user",
"is_robot": False,
"avatar": avatar.get_data_for_user(user),
}
}
def post(self, username):
if not authentication.federated_service:
abort(404)
# Only allowed if there is a logged in user.
if not get_authenticated_user():
raise Unauthorized()
# Try to link the user with the given *external* username, to an internal record.
(user, err_msg) = authentication.link_user(username)
if user is None:
raise InvalidRequest(err_msg, payload={'username': username})
return {
'entity': {
'name': user.username,
'kind': 'user',
'is_robot': False,
'avatar': avatar.get_data_for_user(user)
}
}
def org_view(o, teams):
is_admin = AdministerOrganizationPermission(o.username).can()
is_member = OrganizationMemberPermission(o.username).can()
view = {
'name': o.username,
'email': o.email if is_admin else '',
'avatar': avatar.get_data_for_user(o),
'is_admin': is_admin,
'is_member': is_member
}
if teams is not None:
teams = sorted(teams, key=lambda team: team.id)
view['teams'] = {t.name: team_view(o.username, t) for t in teams}
view['ordered_teams'] = [team.name for team in teams]
if is_admin:
view['invoice_email'] = o.invoice_email
view['invoice_email_address'] = o.invoice_email_address
view['tag_expiration_s'] = o.removed_tag_expiration_s
view['is_free_account'] = o.stripe_id is None
return view
def search_entity_view(username, entity, get_short_name=None):
kind = 'user'
title = 'user'
avatar_data = avatar.get_data_for_user(entity)
href = '/user/' + entity.username
if entity.organization:
kind = 'organization'
title = 'org'
avatar_data = avatar.get_data_for_org(entity)
href = '/organization/' + entity.username
elif entity.robot:
parts = parse_robot_username(entity.username)
if parts[0] == username:
href = '/user/' + username + '?tab=robots&showRobot=' + entity.username
else:
href = '/organization/' + parts[
0] + '?tab=robots&showRobot=' + entity.username
kind = 'robot'
title = 'robot'
avatar_data = None
data = {
'title': title,
'kind': kind,
'avatar': avatar_data,
'name': entity.username,
'score': ENTITY_SEARCH_SCORE,
'href': href
}
if get_short_name:
data['short_name'] = get_short_name(entity.username)
return data
def org_view(o, teams):
is_admin = AdministerOrganizationPermission(o.username).can()
is_member = OrganizationMemberPermission(o.username).can()
view = {
"name": o.username,
"email": o.email if is_admin else "",
"avatar": avatar.get_data_for_user(o),
"is_admin": is_admin,
"is_member": is_member,
}
if teams is not None:
teams = sorted(teams, key=lambda team: team.id)
view["teams"] = {t.name: team_view(o.username, t) for t in teams}
view["ordered_teams"] = [team.name for team in teams]
if is_admin:
view["invoice_email"] = o.invoice_email
view["invoice_email_address"] = o.invoice_email_address
view["tag_expiration_s"] = o.removed_tag_expiration_s
view["is_free_account"] = o.stripe_id is None
return view
def user_view(user, previous_username=None):
def org_view(o, user_admin=True):
admin_org = AdministerOrganizationPermission(o.username)
org_response = {
'name': o.username,
'avatar': avatar.get_data_for_org(o),
'can_create_repo': CreateRepositoryPermission(o.username).can(),
'public': o.username in app.config.get('PUBLIC_NAMESPACES', []),
}
if user_admin:
org_response.update({
'is_org_admin':
admin_org.can(),
'preferred_namespace':
not (o.stripe_id is None),
})
return org_response
# Retrieve the organizations for the user.
organizations = {
o.username: o
for o in model.organization.get_user_organizations(user.username)
}
# Add any public namespaces.
public_namespaces = app.config.get('PUBLIC_NAMESPACES', [])
if public_namespaces:
organizations.update({
ns: model.user.get_namespace_user(ns)
for ns in public_namespaces
})
def login_view(login):
try:
metadata = json.loads(login.metadata_json)
except:
metadata = {}
return {
'service': login.service.name,
'service_identifier': login.service_ident,
'metadata': metadata
}
logins = model.user.list_federated_logins(user)
user_response = {
'anonymous': False,
'username': user.username,
'avatar': avatar.get_data_for_user(user),
}
user_admin = UserAdminPermission(
previous_username if previous_username else user.username)
if user_admin.can():
user_response.update({
'can_create_repo':
True,
'is_me':
True,
'verified':
user.verified,
'email':
user.email,
'logins': [login_view(login) for login in logins],
'invoice_email':
user.invoice_email,
'invoice_email_address':
user.invoice_email_address,
'preferred_namespace':
not (user.stripe_id is None),
'tag_expiration_s':
user.removed_tag_expiration_s,
'prompts':
model.user.get_user_prompts(user),
'company':
user.company,
'family_name':
user.family_name,
'given_name':
user.given_name,
'location':
user.location,
'is_free_account':
user.stripe_id is None,
'has_password_set':
authentication.has_password_set(user.username),
})
analytics_metadata = user_analytics.get_user_analytics_metadata(user)
# This is a sync call, but goes through the async wrapper interface and
# returns a Future. By calling with timeout 0 immediately after the method
# call, we ensure that if it ever accidentally becomes async it will raise
# a TimeoutError.
user_response.update(analytics_metadata.result(timeout=0))
user_view_perm = UserReadPermission(user.username)
if user_view_perm.can():
user_response.update({
'organizations': [
org_view(o, user_admin=user_admin.can())
for o in organizations.values()
],
})
if features.SUPER_USERS and SuperUserPermission().can():
user_response.update({
'super_user':
user and user == get_authenticated_user()
and SuperUserPermission().can()
})
return user_response
def user_view(user, previous_username=None):
def org_view(o, user_admin=True):
admin_org = AdministerOrganizationPermission(o.username)
org_response = {
"name": o.username,
"avatar": avatar.get_data_for_org(o),
"can_create_repo": CreateRepositoryPermission(o.username).can(),
"public": o.username in app.config.get("PUBLIC_NAMESPACES", []),
}
if user_admin:
org_response.update(
{
"is_org_admin": admin_org.can(),
"preferred_namespace": not (o.stripe_id is None),
}
)
return org_response
# Retrieve the organizations for the user.
organizations = {
o.username: o for o in model.organization.get_user_organizations(user.username)
}
# Add any public namespaces.
public_namespaces = app.config.get("PUBLIC_NAMESPACES", [])
if public_namespaces:
organizations.update({ns: model.user.get_namespace_user(ns) for ns in public_namespaces})
def login_view(login):
try:
metadata = json.loads(login.metadata_json)
except:
metadata = {}
return {
"service": login.service.name,
"service_identifier": login.service_ident,
"metadata": metadata,
}
logins = model.user.list_federated_logins(user)
user_response = {
"anonymous": False,
"username": user.username,
"avatar": avatar.get_data_for_user(user),
}
user_admin = UserAdminPermission(previous_username if previous_username else user.username)
if user_admin.can():
user_response.update(
{
"can_create_repo": True,
"is_me": True,
"verified": user.verified,
"email": user.email,
"logins": [login_view(login) for login in logins],
"invoice_email": user.invoice_email,
"invoice_email_address": user.invoice_email_address,
"preferred_namespace": not (user.stripe_id is None),
"tag_expiration_s": user.removed_tag_expiration_s,
"prompts": model.user.get_user_prompts(user),
"company": user.company,
"family_name": user.family_name,
"given_name": user.given_name,
"location": user.location,
"is_free_account": user.stripe_id is None,
"has_password_set": authentication.has_password_set(user.username),
}
)
if features.QUOTA_MANAGEMENT:
quotas = model.namespacequota.get_namespace_quota_list(user.username)
user_response["quotas"] = [quota_view(quota) for quota in quotas] if quotas else []
user_response["quota_report"] = model.namespacequota.get_quota_for_view(user.username)
user_view_perm = UserReadPermission(user.username)
if user_view_perm.can():
user_response.update(
{
"organizations": [
org_view(o, user_admin=user_admin.can()) for o in list(organizations.values())
],
}
)
if features.SUPER_USERS and SuperUserPermission().can():
user_response.update(
{
"super_user": user
and user == get_authenticated_user()
and SuperUserPermission().can()
}
)
return user_response