def get_latest_logs_query(performer=None,
repository=None,
namespace=None,
ignore=None,
model=LogEntry3,
size=None):
""" Returns the latest logs matching the given filters. """
Performer = User.alias()
Account = User.alias()
selections = [model, Performer]
if namespace is None and repository is None:
selections.append(Account)
query = _latest_logs_query(selections,
performer,
repository,
namespace,
ignore,
model=model,
size=size)
query = (query.switch(model).join(
Performer,
JOIN.LEFT_OUTER,
on=(model.performer == Performer.id).alias('performer')))
if namespace is None and repository is None:
query = (query.switch(model).join(
Account,
JOIN.LEFT_OUTER,
on=(model.account == Account.id).alias('account')))
return query
def list_notifications(user,
kind_name=None,
id_filter=None,
include_dismissed=False,
page=None,
limit=None):
base_query = Notification.select(
Notification.id,
Notification.uuid,
Notification.kind,
Notification.metadata_json,
Notification.dismissed,
Notification.lookup_path,
Notification.created,
Notification.created.alias("cd"),
Notification.target,
).join(NotificationKind)
if kind_name is not None:
base_query = base_query.where(NotificationKind.name == kind_name)
if id_filter is not None:
base_query = base_query.where(Notification.uuid == id_filter)
if not include_dismissed:
base_query = base_query.where(Notification.dismissed == False)
# Lookup directly for the user.
user_direct = base_query.clone().where(Notification.target == user)
# Lookup via organizations admined by the user.
Org = User.alias()
AdminTeam = Team.alias()
AdminTeamMember = TeamMember.alias()
AdminUser = User.alias()
via_orgs = (base_query.clone().join(
Org, on=(Org.id == Notification.target)).join(
AdminTeam, on=(Org.id == AdminTeam.organization)).join(
TeamRole,
on=(AdminTeam.role == TeamRole.id)).switch(AdminTeam).join(
AdminTeamMember,
on=(AdminTeam.id == AdminTeamMember.team)).join(
AdminUser, on=(AdminTeamMember.user == AdminUser.id
)).where((AdminUser.id == user)
& (TeamRole.name == "admin")))
query = user_direct | via_orgs
if page:
query = query.paginate(page, limit)
elif limit:
query = query.limit(limit)
return query.order_by(SQL("cd desc"))
def get_prototype_permissions(org):
ActivatingUser = User.alias()
DelegateUser = User.alias()
query = (PermissionPrototype
.select()
.where(PermissionPrototype.org == org)
.join(ActivatingUser, JOIN.LEFT_OUTER,
on=(ActivatingUser.id == PermissionPrototype.activating_user))
.join(DelegateUser, JOIN.LEFT_OUTER,
on=(DelegateUser.id == PermissionPrototype.delegate_user))
.join(Team, JOIN.LEFT_OUTER,
on=(Team.id == PermissionPrototype.delegate_team))
.join(Role, JOIN.LEFT_OUTER, on=(Role.id == PermissionPrototype.role)))
return query
def get_organization_member_set(org, include_robots=False, users_filter=None):
"""
Returns the set of all member usernames under the given organization, with optional filtering by
robots and/or by a specific set of User objects.
"""
Org = User.alias()
org_users = (
User.select(User.username)
.join(TeamMember)
.join(Team)
.where(Team.organization == org)
.distinct()
)
if not include_robots:
org_users = org_users.where(User.robot == False)
if users_filter is not None:
ids_list = [u.id for u in users_filter if u is not None]
if not ids_list:
return set()
org_users = org_users.where(User.id << ids_list)
return {user.username for user in org_users}
def _get_user_repo_permissions(user,
limit_to_repository_obj=None,
limit_namespace=None,
limit_repo_name=None):
UserThroughTeam = User.alias()
base_query = (RepositoryPermission.select(
RepositoryPermission, Role, Repository,
Namespace).join(Role).switch(RepositoryPermission).join(
Repository).join(Namespace,
on=(Repository.namespace_user == Namespace.id
)).switch(RepositoryPermission))
if limit_to_repository_obj is not None:
base_query = base_query.where(
RepositoryPermission.repository == limit_to_repository_obj)
elif limit_namespace and limit_repo_name:
base_query = base_query.where(Repository.name == limit_repo_name,
Namespace.username == limit_namespace)
direct = base_query.clone().join(User).where(User.id == user)
team = (base_query.clone().join(Team).join(TeamMember).join(
UserThroughTeam, on=(UserThroughTeam.id == TeamMember.user)).where(
UserThroughTeam.id == user))
return direct | team
def get_logs_query(
start_time=None,
end_time=None,
performer=None,
repository=None,
namespace=None,
namespace_id=None,
ignore=None,
model=LogEntry3,
id_range=None,
):
"""
Returns the logs matching the given filters.
"""
Performer = User.alias()
Account = User.alias()
selections = [model, Performer]
if namespace is None and repository is None and namespace_id is None:
selections.append(Account)
query = _logs_query(
selections,
start_time,
end_time,
performer,
repository,
namespace,
ignore,
model=model,
id_range=id_range,
namespace_id=namespace_id,
)
query = query.switch(model).join(
Performer,
JOIN.LEFT_OUTER,
on=(model.performer == Performer.id).alias("performer"))
if namespace is None and repository is None and namespace_id is None:
query = query.switch(model).join(
Account,
JOIN.LEFT_OUTER,
on=(model.account == Account.id).alias("account"))
return query
def __get_user_admin_teams(org_name, username):
Org = User.alias()
user_teams = Team.select().join(TeamMember).join(User)
with_org = user_teams.switch(Team).join(Org,
on=(Org.id == Team.organization))
with_role = with_org.switch(Team).join(TeamRole)
admin_teams = with_role.where(User.username == username,
Org.username == org_name,
TeamRole.name == "admin")
return admin_teams
def get_org_wide_permissions(user, org_filter=None):
Org = User.alias()
team_with_role = Team.select(Team, Org, TeamRole).join(TeamRole)
with_org = team_with_role.switch(Team).join(
Org, on=(Team.organization == Org.id))
with_user = with_org.switch(Team).join(TeamMember).join(User)
if org_filter:
with_user.where(Org.username == org_filter)
return with_user.where(User.id == user, Org.organization == True)
def remove_user_from_team(org_name, team_name, username, removed_by_username):
Org = User.alias()
joined = TeamMember.select().join(User).switch(TeamMember).join(Team)
with_role = joined.join(TeamRole)
with_org = with_role.switch(Team).join(Org,
on=(Org.id == Team.organization))
found = list(
with_org.where(User.username == username, Org.username == org_name,
Team.name == team_name))
if not found:
raise DataModelException("User %s does not belong to team %s" %
(username, team_name))
if username == removed_by_username:
admin_team_query = __get_user_admin_teams(org_name, username)
admin_team_names = {team.name for team in admin_team_query}
if team_name in admin_team_names and len(admin_team_names) <= 1:
msg = "User cannot remove themselves from their only admin team."
raise DataModelException(msg)
user_in_team = found[0]
user_in_team.delete_instance()
def get_user_organizations(username):
UserAlias = User.alias()
return (User.select().distinct().join(Team).join(TeamMember).join(
UserAlias, on=(UserAlias.id == TeamMember.user)).where(
User.organization == True, UserAlias.username == username))
