def _delete_user_linked_data(user): if user.organization: # Delete the organization's teams. with db_transaction(): for team in Team.select().where(Team.organization == user): team.delete_instance(recursive=True) # Delete any OAuth approvals and tokens associated with the user. with db_transaction(): for app in OAuthApplication.select().where(OAuthApplication.organization == user): app.delete_instance(recursive=True) else: # Remove the user from any teams in which they are a member. TeamMember.delete().where(TeamMember.user == user).execute() # Delete any repository buildtriggers where the user is the connected user. with db_transaction(): triggers = RepositoryBuildTrigger.select().where(RepositoryBuildTrigger.connected_user == user) for trigger in triggers: trigger.delete_instance(recursive=True, delete_nullable=False) # Delete any mirrors with robots owned by this user. with db_transaction(): robots = list(list_namespace_robots(user.username)) RepoMirrorConfig.delete().where(RepoMirrorConfig.internal_robot << robots).execute() # Delete any robots owned by this user. with db_transaction(): robots = list(list_namespace_robots(user.username)) for robot in robots: robot.delete_instance(recursive=True, delete_nullable=True) # Null out any service key approvals. We technically lose information here, but its better than # falling and only occurs if a superuser is being deleted. ServiceKeyApproval.update(approver=None).where(ServiceKeyApproval.approver == user).execute()
def get_matching_user_teams(team_prefix, user_obj, limit=10): team_prefix_search = prefix_search(Team.name, team_prefix) query = (Team.select(Team.id.distinct(), Team).join(User).switch(Team).join(TeamMember).where( TeamMember.user == user_obj, team_prefix_search).limit(limit)) return query
def add_user_as_admin(user_obj, org_obj): try: admin_role = TeamRole.get(name="admin") admin_team = (Team.select().where(Team.role == admin_role, Team.organization == org_obj).get()) team.add_user_to_team(user_obj, admin_team) except team.UserAlreadyInTeam: pass
def get_organization_team(orgname, teamname): joined = Team.select().join(User) query = joined.where(Team.name == teamname, User.organization == True, User.username == orgname).limit(1) result = list(query) if not result: raise InvalidTeamException("Team does not exist: %s/%s", orgname, teamname) return result[0]
def __get_user_admin_teams(org_name, username): Org = User.alias() user_teams = Team.select().join(TeamMember).join(User) with_org = user_teams.switch(Team).join(Org, on=(Org.id == Team.organization)) with_role = with_org.switch(Team).join(TeamRole) admin_teams = with_role.where(User.username == username, Org.username == org_name, TeamRole.name == "admin") return admin_teams
def set_team_repo_permission(team_name, namespace_name, repository_name, role_name): try: team = (Team.select().join(User).where( Team.name == team_name, User.username == namespace_name).get()) except Team.DoesNotExist: raise DataModelException("No team %s in organization %s" % (team_name, namespace_name)) return __set_entity_repo_permission(team, "team", namespace_name, repository_name, role_name)
def get_org_wide_permissions(user, org_filter=None): Org = User.alias() team_with_role = Team.select(Team, Org, TeamRole).join(TeamRole) with_org = team_with_role.switch(Team).join( Org, on=(Team.organization == Org.id)) with_user = with_org.switch(Team).join(TeamMember).join(User) if org_filter: with_user.where(Org.username == org_filter) return with_user.where(User.id == user, Org.organization == True)
def get_matching_admined_teams(team_prefix, user_obj, limit=10): team_prefix_search = prefix_search(Team.name, team_prefix) admined_orgs = (_basequery.get_user_organizations( user_obj.username).switch(Team).join(TeamRole).where( TeamRole.name == "admin")) query = (Team.select(Team.id.distinct(), Team).join(User).switch(Team).join(TeamMember).where( team_prefix_search, Team.organization << (admined_orgs)).limit(limit)) return query
def admin_dashboard(): teams = Team.select() solves = ChallengeSolve.select(ChallengeSolve, Challenge).join(Challenge) adjustments = ScoreAdjustment.select() scoredata = scoreboard.get_all_scores(teams, solves, adjustments) lastsolvedata = scoreboard.get_last_solves(teams, solves) tickets = list(TroubleTicket.select().where(TroubleTicket.active == True)) return render_template("admin/dashboard.html", teams=teams, scoredata=scoredata, lastsolvedata=lastsolvedata, tickets=tickets)
def get_teams_within_org(organization, has_external_auth=False): """ Returns a AttrDict of team info (id, name, description), its role under the org, the number of repositories on which it has permission, and the number of members. """ query = Team.select().where( Team.organization == organization).join(TeamRole) def _team_view(team): return { "id": team.id, "name": team.name, "description": team.description, "role_name": Team.role.get_name(team.role_id), "repo_count": 0, "member_count": 0, "is_synced": False, } teams = {team.id: _team_view(team) for team in query} if not teams: # Just in case. Should ideally never happen. return [] # Add repository permissions count. permission_tuples = (RepositoryPermission.select( RepositoryPermission.team, fn.Count(RepositoryPermission.id)).where( RepositoryPermission.team << list(teams.keys())).group_by( RepositoryPermission.team).tuples()) for perm_tuple in permission_tuples: teams[perm_tuple[0]]["repo_count"] = perm_tuple[1] # Add the member count. members_tuples = (TeamMember.select(TeamMember.team, fn.Count( TeamMember.id)).where(TeamMember.team << list(teams.keys())).group_by( TeamMember.team).tuples()) for member_tuple in members_tuples: teams[member_tuple[0]]["member_count"] = member_tuple[1] # Add syncing information. if has_external_auth: sync_query = TeamSync.select( TeamSync.team).where(TeamSync.team << list(teams.keys())) for team_sync in sync_query: teams[team_sync.team_id]["is_synced"] = True return [AttrDict(team_info) for team_info in list(teams.values())]
def _user_teams(user, resource): changed = False p_exact_teams = resource["exact_teams"] p_add_teams = resource["add_teams"] p_remove_teams = resource["remove_teams"] team_names = p_exact_teams or p_add_teams or p_remove_teams if team_names is None: return False teams = [] for name in team_names: try: teams.append(Team.get(Team.name == name)) except model.InvalidTeamException: abort(400, message="Team '%s' does not exist" % name) teams = set(teams) current_teams = set(Team.select().join(TeamMember).join(User)).where( User.username == user.username) teams_to_add = teams - current_teams teams_to_remove = current_teams - teams if p_add_teams: teams_to_remove = [] elif p_remove_teams: teams_to_add = [] for team in teams_to_add: changed = True model.team.add_user_to_team(user, team) query = TeamMember.select().join(User).switch(TeamMember).join(Team).join( TeamRole) for team in teams_to_remove: changed = True found = list( query.where(User.username == user.username, Team.name == team.name)) found[0].delete_instance() return changed
def remove_team(org_name, team_name, removed_by_username): joined = Team.select(Team, TeamRole).join(User).switch(Team).join(TeamRole) found = list( joined.where(User.organization == True, User.username == org_name, Team.name == team_name)) if not found: raise InvalidTeamException("Team '%s' is not a team in org '%s'" % (team_name, org_name)) team = found[0] if team.role.name == "admin": admin_teams = list( __get_user_admin_teams(org_name, removed_by_username)) if len(admin_teams) <= 1: # The team we are trying to remove is the only admin team containing this user. msg = "Deleting team '%s' would remove admin ability for user '%s' in organization '%s'" raise DataModelException( msg % (team_name, removed_by_username, org_name)) team.delete_instance(recursive=True, delete_nullable=True)
def get_user_teams_within_org(username, organization): joined = Team.select().join(TeamMember).join(User) return joined.where(Team.organization == organization, User.username == username)
def get_matching_teams(team_prefix, organization): team_prefix_search = prefix_search(Team.name, team_prefix) query = Team.select().where(team_prefix_search, Team.organization == organization) return query.limit(10)