def test_is_pkgdb_admin(self): """ Test the is_pkgdb_admin function of pkgdb2. """ user = FakeFasUser() out = pkgdb2.is_pkgdb_admin(user) self.assertEqual(out, False) user.groups = [] out = pkgdb2.is_pkgdb_admin(user) self.assertEqual(out, False) user = FakeFasUser() out = pkgdb2.is_pkgdb_admin(None) self.assertEqual(out, False) user = FakeFasUserAdmin() out = pkgdb2.is_pkgdb_admin(user) self.assertEqual(out, True) pkgdb2.APP.config['ADMIN_GROUP'] = 'sysadmin-main' out = pkgdb2.is_pkgdb_admin(user) self.assertEqual(out, False) # Reset the ADMIN_GROUP for the other tests pkgdb2.APP.config['ADMIN_GROUP'] = ('sysadmin-main', 'sysadmin-cvs')
def package_retire(package, full=True): ''' Gives the possibility to orphan or take a package. ''' if not bool(full) or str(full) in ['0', 'False']: full = False try: package_acl = pkgdblib.get_acl_package(SESSION, package) package = pkgdblib.search_package(SESSION, package, limit=1)[0] except (NoResultFound, IndexError): SESSION.rollback() flask.flash('No package of this name found.', 'errors') return flask.render_template('msg.html') if not is_pkgdb_admin(flask.g.fas_user): flask.flash( 'Only Admins are allowed to retire package here, ' 'you should use `fedpkg retire`.', 'errors') return flask.redirect( flask.url_for('.package_info', package=package.name)) collections = [ acl.collection.branchname for acl in package_acl if acl.collection.status in ['Active', 'Under Development'] and acl.status == 'Orphaned' ] form = pkgdb2.forms.BranchForm(collections=collections) if form.validate_on_submit(): for acl in package_acl: if acl.collection.branchname in form.branches.data: if acl.point_of_contact == 'orphan': try: pkgdblib.update_pkg_status( session=SESSION, pkg_name=package.name, pkg_branch=acl.collection.branchname, status='Retired', user=flask.g.fas_user) flask.flash( 'This package has been retired on branch: %s' % acl.collection.branchname) except pkgdblib.PkgdbException, err: # pragma: no cover # We should never hit this flask.flash(str(err), 'error') SESSION.rollback() APP.logger.exception(err) else: # pragma: no cover flask.flash('This package has not been orphaned on ' 'branch: %s' % acl.collection.branchname) try: SESSION.commit() # Keep it in, but normally we shouldn't hit this except pkgdblib.PkgdbException, err: # pragma: no cover # We should never hit this SESSION.rollback() APP.logger.exception(err) flask.flash(str(err), 'error')
def package_orphan(namespace, package, full=True): ''' Gives the possibility to orphan or take a package. ''' if not bool(full) or str(full) in ['0', 'False']: full = False try: package_acl = pkgdblib.get_acl_package( SESSION, namespace, package) package = pkgdblib.search_package( SESSION, namespace, package, limit=1)[0] except (NoResultFound, IndexError): SESSION.rollback() flask.flash('No package of this name found.', 'errors') return flask.render_template('msg.html') collections = [ acl.collection.branchname for acl in package_acl if acl.collection.status in ['Active', 'Under Development'] and acl.status == 'Approved' and ( is_pkgdb_admin(flask.g.fas_user) or acl.point_of_contact == flask.g.fas_user.username or ( acl.point_of_contact.startswith('group::') and is_pkg_admin( SESSION, flask.g.fas_user, namespace, package.name) ) ) ] form = pkgdb2.forms.BranchForm(collections=collections) if form.validate_on_submit(): for branch in form.branches.data: try: pkgdblib.update_pkg_poc( session=SESSION, namespace=namespace, pkg_name=package.name, pkg_branch=branch, pkg_poc='orphan', user=flask.g.fas_user ) flask.flash( 'You are no longer point of contact on branch: %s' % branch) except pkgdblib.PkgdbBugzillaException, err: # pragma: no cover APP.logger.exception(err) flask.flash(str(err), 'error') SESSION.rollback() except pkgdblib.PkgdbException, err: # pragma: no cover flask.flash(str(err), 'error') SESSION.rollback()
def inject_is_admin(): """ Inject whether the user is a pkgdb2 admin or not in every page (every template). """ justlogedin = flask.session.get('_justlogedin', False) if justlogedin: # pragma: no cover flask.g.pending_acls = pkgdblib.get_pending_acl_user( SESSION, flask.g.fas_user.username) flask.session['_justlogedin'] = None return dict(is_admin=is_pkgdb_admin(flask.g.fas_user), version=__version__)
def inject_is_admin(): """ Inject whether the user is a pkgdb2 admin or not in every page (every template). """ justlogedin = flask.session.get('_justlogedin', False) if justlogedin: flask.g.pending_acls = pkgdblib.get_pending_acl_user( SESSION, flask.g.fas_user.username) flask.session['_justlogedin'] = None return dict(is_admin=is_pkgdb_admin(flask.g.fas_user), version=__version__)
def package_orphan(namespace, package, full=True): ''' Gives the possibility to orphan or take a package. ''' if not bool(full) or str(full) in ['0', 'False']: full = False try: package_acl = pkgdblib.get_acl_package(SESSION, namespace, package) package = pkgdblib.search_package(SESSION, namespace, package, limit=1)[0] except (NoResultFound, IndexError): SESSION.rollback() flask.flash('No package of this name found.', 'errors') return flask.render_template('msg.html') collections = [ acl.collection.branchname for acl in package_acl if acl.collection.status in ['Active', 'Under Development'] and acl.status == 'Approved' and ( is_pkgdb_admin(flask.g.fas_user) or acl.point_of_contact == flask.g.fas_user.username or (acl.point_of_contact.startswith('group::') and is_pkg_admin( SESSION, flask.g.fas_user, namespace, package.name))) ] form = pkgdb2.forms.BranchForm(collections=collections) if form.validate_on_submit(): for branch in form.branches.data: try: pkgdblib.update_pkg_poc(session=SESSION, namespace=namespace, pkg_name=package.name, pkg_branch=branch, pkg_poc='orphan', user=flask.g.fas_user) flask.flash( 'You are no longer point of contact on branch: %s' % branch) except pkgdblib.PkgdbBugzillaException, err: # pragma: no cover APP.logger.exception(err) flask.flash(str(err), 'error') SESSION.rollback() except pkgdblib.PkgdbException, err: # pragma: no cover flask.flash(str(err), 'error') SESSION.rollback()
def inject_is_admin(): """ Inject whether the user is a pkgdb2 admin or not in every page (every template). """ justlogedin = flask.session.get('_justloggedin', False) if justlogedin: # pragma: no cover flask.g.pending_acls = pkgdblib.get_pending_acl_user( SESSION, flask.g.fas_user.username) flask.session['_justloggedin'] = None justlogedout = flask.session.get('_justloggedout', False) if justlogedout: flask.session['_justloggedout'] = None namespaces = pkgdblib.get_status(SESSION, 'namespaces')['namespaces'] return dict( is_admin=is_pkgdb_admin(flask.g.fas_user), version=__version__, namespaces=namespaces, )
def package_give(package, full=True): ''' Gives the PoC of a package to someone else. ''' if not bool(full) or str(full) in ['0', 'False']: full = False packagename = package package = None try: package_acl = pkgdblib.get_acl_package(SESSION, packagename) package = pkgdblib.search_package(SESSION, packagename, limit=1)[0] except (NoResultFound, IndexError): SESSION.rollback() flask.flash('No package of this name found.', 'errors') return flask.render_template('msg.html') # Restrict the branch to the one current user is PoC of (unless admin # or group) collect_name = [] for acl in package_acl: if acl.point_of_contact != flask.g.fas_user.username and \ not is_pkgdb_admin(flask.g.fas_user) and \ not acl.point_of_contact.startswith('group::'): pass else: if acl.point_of_contact.startswith('group::'): group = acl.point_of_contact.split('group::')[0] if group not in flask.g.fas_user.groups: pass elif acl.collection.status != 'EOL': collect_name.append(acl.collection.branchname) form = pkgdb2.forms.GivePoCForm(collections=collect_name) acls = ['commit', 'watchbugzilla', 'watchcommits', 'approveacls'] if form.validate_on_submit(): collections = form.branches.data pkg_poc = form.poc.data if pkg_poc.startswith('group::'): acls = ['commit', 'watchbugzilla', 'watchcommits'] try: for pkg_collection in collections: message = pkgdblib.update_pkg_poc( SESSION, pkg_name=packagename, pkg_branch=pkg_collection, pkg_poc=pkg_poc, user=flask.g.fas_user, ) flask.flash(message) for acl in acls: pkgdblib.set_acl_package(SESSION, pkg_name=packagename, pkg_branch=pkg_collection, pkg_user=pkg_poc, acl=acl, status='Approved', user=flask.g.fas_user) SESSION.commit() except pkgdblib.PkgdbBugzillaException, err: # pragma: no cover APP.logger.exception(err) flask.flash(str(err), 'error') SESSION.rollback() except pkgdblib.PkgdbException, err: SESSION.rollback() flask.flash(str(err), 'error')
def package_request_edit(action_id): """ Edit an Admin Action status """ admin_action = pkgdblib.get_admin_action(SESSION, action_id) if not admin_action: flask.flash('No action found with this identifier.', 'errors') return flask.render_template('msg.html') package = None if admin_action.package: package = admin_action.package.name if admin_action.status in ['Accepted', 'Blocked', 'Denied']: return flask.render_template( 'actions_update_ro.html', admin_action=admin_action, action_id=action_id, ) if not is_authenticated() or not 'packager' in flask.g.fas_user.groups: return flask.render_template( 'actions_update_ro.html', admin_action=admin_action, action_id=action_id, ) # Check user is the pkg/pkgdb admin pkg_admin = pkgdblib.has_acls(SESSION, flask.g.fas_user.username, package, 'approveacls') if not is_pkgdb_admin(flask.g.fas_user) \ and not pkg_admin \ and not admin_action.user == flask.g.fas_user.username: flask.flash( 'Only package adminitrators (`approveacls`) and the requester ' 'can review pending branch requests', 'errors') if package: return flask.redirect( flask.url_for('.package_info', package=package)) else: return flask.redirect( flask.url_for('.packager_requests', packager=flask.g.fas_user.username)) action_status = ['Pending', 'Awaiting Review', 'Blocked'] if admin_action.user == flask.g.fas_user.username: action_status = ['Pending', 'Obsolete'] if pkg_admin or admin_action.action == 'request.package': action_status.append('Awaiting Review') form = pkgdb2.forms.EditActionStatusForm(status=action_status, obj=admin_action) form.id.data = action_id if form.validate_on_submit(): try: message = pkgdblib.edit_action_status( SESSION, admin_action, action_status=form.status.data, user=flask.g.fas_user, message=form.message.data, ) SESSION.commit() flask.flash(message) except pkgdblib.PkgdbException, err: # pragma: no cover # We can only reach here in two cases: # 1) the user is not an admin, but that's taken care of # by the decorator # 2) we have a SQLAlchemy problem when storing the info # in the DB which we cannot test SESSION.rollback() flask.flash(err, 'errors') return flask.render_template('msg.html') if package: return flask.redirect( flask.url_for('.package_info', package=package)) else: return flask.redirect( flask.url_for('.packager_requests', packager=flask.g.fas_user.username))
def inject_is_admin(): """ Inject whether the user is a nuancier admin or not in every page (every template). """ return dict(is_admin=is_pkgdb_admin(flask.g.fas_user), version=__version__)
def package_retire(namespace, package, full=True): ''' Gives the possibility to orphan or take a package. ''' if not bool(full) or str(full) in ['0', 'False']: full = False try: package_acl = pkgdblib.get_acl_package( SESSION, namespace, package) package = pkgdblib.search_package( SESSION, namespace, package, limit=1)[0] except (NoResultFound, IndexError): SESSION.rollback() flask.flash('No package of this name found.', 'errors') return flask.render_template('msg.html') if not is_pkgdb_admin(flask.g.fas_user): flask.flash( 'Only Admins are allowed to retire package here, ' 'you should use `fedpkg retire`.', 'errors') return flask.redirect(flask.url_for( '.package_info', namespace=package.namespace, package=package.name) ) collections = [ acl.collection.branchname for acl in package_acl if acl.collection.status in ['Active', 'Under Development'] and acl.status == 'Orphaned' ] form = pkgdb2.forms.BranchForm(collections=collections) if form.validate_on_submit(): for acl in package_acl: if acl.collection.branchname in form.branches.data: if acl.point_of_contact == 'orphan': try: pkgdblib.update_pkg_status( session=SESSION, namespace=namespace, pkg_name=package.name, pkg_branch=acl.collection.branchname, status='Retired', user=flask.g.fas_user ) flask.flash( 'This package has been retired on branch: %s' % acl.collection.branchname) except PkgdbException as err: # pragma: no cover # We should never hit this flask.flash(str(err), 'error') SESSION.rollback() APP.logger.exception(err) else: # pragma: no cover flask.flash( 'This package has not been orphaned on ' 'branch: %s' % acl.collection.branchname) try: SESSION.commit() # Keep it in, but normally we shouldn't hit this except PkgdbException as err: # pragma: no cover # We should never hit this SESSION.rollback() APP.logger.exception(err) flask.flash(str(err), 'error') return flask.redirect(flask.url_for( '.package_info', namespace=package.namespace, package=package.name) ) return flask.render_template( 'branch_selection.html', full=full, package=package, form=form, action='retire', )
def package_give(namespace, package, full=True): ''' Gives the PoC of a package to someone else. ''' if not bool(full) or str(full) in ['0', 'False']: full = False packagename = package package = None try: package_acl = pkgdblib.get_acl_package( SESSION, namespace, packagename) package = pkgdblib.search_package( SESSION, namespace, packagename, limit=1)[0] except (NoResultFound, IndexError): SESSION.rollback() flask.flash('No package of this name found.', 'errors') return flask.render_template('msg.html') # Restrict the branch to the one current user is PoC of (unless admin # or group) collect_name = [] for acl in package_acl: if acl.point_of_contact != flask.g.fas_user.username and \ not is_pkgdb_admin(flask.g.fas_user) and \ not acl.point_of_contact.startswith('group::'): pass else: if acl.point_of_contact.startswith('group::'): group = acl.point_of_contact.split('group::')[0] if group not in flask.g.fas_user.groups: pass elif acl.collection.status != 'EOL': collect_name.append(acl.collection.branchname) form = pkgdb2.forms.GivePoCForm(collections=collect_name) acls = ['commit', 'watchbugzilla', 'watchcommits', 'approveacls'] if form.validate_on_submit(): collections = form.branches.data pkg_poc = form.poc.data if pkg_poc.startswith('group::'): acls = ['commit', 'watchbugzilla', 'watchcommits'] try: for pkg_collection in collections: message = pkgdblib.update_pkg_poc( SESSION, namespace=namespace, pkg_name=packagename, pkg_branch=pkg_collection, pkg_poc=pkg_poc, user=flask.g.fas_user, ) flask.flash(message) for acl in acls: pkgdblib.set_acl_package( SESSION, namespace=namespace, pkg_name=packagename, pkg_branch=pkg_collection, pkg_user=pkg_poc, acl=acl, status='Approved', user=flask.g.fas_user ) SESSION.commit() except pkgdblib.exceptions.PkgdbBugzillaException as err: # pragma: no cover APP.logger.exception(err) flask.flash(str(err), 'error') SESSION.rollback() except PkgdbException as err: SESSION.rollback() flask.flash(str(err), 'error') return flask.redirect(flask.url_for( '.package_info', namespace=namespace, package=packagename) ) return flask.render_template( 'package_give.html', full=full, form=form, packagename=packagename, namespace=namespace, )
def package_request_edit(action_id): """ Edit an Admin Action status """ admin_action = pkgdblib.get_admin_action(SESSION, action_id) if not admin_action: flask.flash('No action found with this identifier.', 'errors') return flask.render_template('msg.html') package = None namespace = None if admin_action.package: package = admin_action.package.name namespace = admin_action.package.namespace if admin_action.status in ['Accepted', 'Blocked', 'Denied']: return flask.render_template( 'actions_update_ro.html', admin_action=admin_action, action_id=action_id, ) pkger_grp = APP.config.get('PKGER_GROUP', 'packager') if not is_authenticated() or not pkger_grp in flask.g.fas_user.groups: return flask.render_template( 'actions_update_ro.html', admin_action=admin_action, action_id=action_id, ) # Check user is the pkg/pkgdb admin pkg_admin = pkgdblib.has_acls( SESSION, flask.g.fas_user.username, namespace, package, 'approveacls') if not is_pkgdb_admin(flask.g.fas_user) \ and not pkg_admin \ and not admin_action.user == flask.g.fas_user.username: flask.flash( 'Only package adminitrators (`approveacls`) and the requester ' 'can review pending branch requests', 'errors') if package: return flask.redirect(flask.url_for( '.package_info', namespace=namespace, package=package) ) else: return flask.redirect( flask.url_for( '.packager_requests', packager=flask.g.fas_user.username) ) action_status = ['Pending', 'Awaiting Review', 'Blocked'] if admin_action.user == flask.g.fas_user.username: action_status = ['Pending', 'Obsolete'] if pkg_admin or admin_action.action in [ 'request.package', 'request.unretire']: action_status.append('Awaiting Review') form = pkgdb2.forms.EditActionStatusForm( status=action_status, obj=admin_action ) form.id.data = action_id if form.validate_on_submit(): try: message = pkgdblib.edit_action_status( SESSION, admin_action, action_status=form.status.data, user=flask.g.fas_user, message=form.message.data, ) SESSION.commit() flask.flash(message) except PkgdbException as err: # pragma: no cover # We can only reach here in two cases: # 1) the user is not an admin, but that's taken care of # by the decorator # 2) we have a SQLAlchemy problem when storing the info # in the DB which we cannot test SESSION.rollback() flask.flash(err, 'errors') return flask.render_template('msg.html') if package: return flask.redirect(flask.url_for( '.package_info', namespace=namespace, package=package) ) else: return flask.redirect( flask.url_for( '.packager_requests', packager=flask.g.fas_user.username) ) return flask.render_template( 'actions_update.html', admin_action=admin_action, action_id=action_id, form=form, package=package, tag='packages', )
def update_acl(namespace, package, update_acl): ''' Update the acls of a package. ''' packagename = package package = None try: package_acl = pkgdblib.get_acl_package( SESSION, namespace, packagename) package = pkgdblib.search_package( SESSION, namespace, packagename, limit=1)[0] except (NoResultFound, IndexError): SESSION.rollback() flask.flash('No package of this name found.', 'errors') return flask.render_template('msg.html') statues = pkgdblib.get_status(SESSION) planned_acls = set(statues['pkg_acl']) acl_status = list(set(statues['acl_status'])) acl_status.insert(0, '') if update_acl not in planned_acls: flask.flash('Invalid ACL to update.', 'errors') return flask.redirect(flask.url_for( '.package_info', namespace=package.namespace, package=package.name) ) branches = {} branches_inv = {} commit_acls = {} admins = {} committers = [] for pkg in package_acl: if pkg.collection.status == 'EOL': # pragma: no cover continue collection_name = '%s %s' % ( pkg.collection.name, pkg.collection.version) if collection_name not in branches: branches[collection_name] = pkg.collection.branchname if pkg.collection.branchname not in branches_inv: branches_inv[pkg.collection.branchname] = collection_name for acl in pkg.acls: if acl.acl == 'approveacls' and acl.status == 'Approved': if acl.fas_name not in admins: admins[acl.fas_name] = set() admins[acl.fas_name].add(collection_name) if acl.acl != update_acl: continue committers.append(acl.fas_name) if acl.fas_name not in commit_acls: commit_acls[acl.fas_name] = {} if collection_name not in commit_acls[acl.fas_name]: commit_acls[acl.fas_name][collection_name] = {} commit_acls[acl.fas_name][collection_name][acl.acl] = \ acl.status for aclname in planned_acls: for user in commit_acls: if collection_name in commit_acls[user] and \ aclname not in commit_acls[user][collection_name]: commit_acls[user][collection_name][aclname] = None # If the user is not an admin, he/she can only access his/her ACLs username = flask.g.fas_user.username if username not in admins and not is_pkgdb_admin(flask.g.fas_user): tmp = {username: []} if username in commit_acls: tmp = {username: commit_acls[username]} commit_acls = tmp form = pkgdb2.forms.ConfirmationForm() if form.validate_on_submit(): sub_acls = flask.request.values.getlist('acls') sub_users = flask.request.values.getlist('user') sub_branches = flask.request.values.getlist('branch') changed = False if sub_acls and len(sub_acls) == (len(sub_users) * len(sub_branches)): cnt = 0 for cnt_u in range(len(sub_users)): for cnt_b in range(len(sub_branches)): lcl_acl = sub_acls[cnt] lcl_user = sub_users[cnt_u] lcl_branch = sub_branches[cnt_b] if lcl_acl not in acl_status: flask.flash('Invalid ACL: %s' % lcl_acl, 'error') cnt += 1 continue if lcl_user not in commit_acls: flask.flash('Invalid user: %s' % lcl_user, 'error') cnt += 1 continue if lcl_branch not in branches_inv or ( branches_inv[lcl_branch] in commit_acls[lcl_user] and commit_acls[lcl_user][ branches_inv[lcl_branch]][ update_acl] == lcl_acl): cnt += 1 continue if not lcl_acl: if branches_inv[lcl_branch] \ not in commit_acls[lcl_user]: cnt += 1 continue elif branches_inv[lcl_branch] \ in commit_acls[lcl_user] \ and username != lcl_user: flask.flash( 'Only the user can remove his/her ACL', 'error') cnt += 1 continue try: pkgdblib.set_acl_package( SESSION, namespace=namespace, pkg_name=package.name, pkg_branch=lcl_branch, pkg_user=lcl_user, acl=update_acl, status=lcl_acl, user=flask.g.fas_user, ) SESSION.commit() flask.flash("%s's %s ACL updated on %s" % ( lcl_user, update_acl, lcl_branch)) changed = True except PkgdbException as err: SESSION.rollback() flask.flash(str(err), 'error') cnt += 1 SESSION.commit() if not changed: flask.flash('Nothing to update') return flask.redirect(flask.url_for( '.package_info', namespace=package.namespace, package=package.name) ) else: flask.flash('Invalid input submitted', 'error') return flask.render_template( 'acl_update.html', acl=update_acl, acl_status=acl_status, package=package, form=form, branches=branches, commit_acls=commit_acls, admins=admins, committers=committers, )
def update_acl(package, update_acl): ''' Update the acls of a package. ''' packagename = package package = None try: package_acl = pkgdblib.get_acl_package(SESSION, packagename) package = pkgdblib.search_package(SESSION, packagename, limit=1)[0] except (NoResultFound, IndexError): SESSION.rollback() flask.flash('No package of this name found.', 'errors') return flask.render_template('msg.html') statues = pkgdblib.get_status(SESSION) planned_acls = set(statues['pkg_acl']) acl_status = list(set(statues['acl_status'])) acl_status.insert(0, '') if update_acl not in planned_acls: flask.flash('Invalid ACL to update.', 'errors') return flask.redirect( flask.url_for('.package_info', package=package.name)) branches = {} branches_inv = {} commit_acls = {} admins = {} committers = [] for pkg in package_acl: if pkg.collection.status == 'EOL': # pragma: no cover continue collection_name = '%s %s' % (pkg.collection.name, pkg.collection.version) if collection_name not in branches: branches[collection_name] = pkg.collection.branchname if pkg.collection.branchname not in branches_inv: branches_inv[pkg.collection.branchname] = collection_name for acl in pkg.acls: if acl.acl == 'approveacls' and acl.status == 'Approved': if acl.fas_name not in admins: admins[acl.fas_name] = set() admins[acl.fas_name].add(collection_name) if acl.acl != update_acl: continue committers.append(acl.fas_name) if acl.fas_name not in commit_acls: commit_acls[acl.fas_name] = {} if collection_name not in commit_acls[acl.fas_name]: commit_acls[acl.fas_name][collection_name] = {} commit_acls[acl.fas_name][collection_name][acl.acl] = \ acl.status for aclname in planned_acls: for user in commit_acls: if collection_name in commit_acls[user] and \ aclname not in commit_acls[user][collection_name]: commit_acls[user][collection_name][aclname] = None # If the user is not an admin, he/she can only access his/her ACLs username = flask.g.fas_user.username if username not in admins and not is_pkgdb_admin(flask.g.fas_user): tmp = {username: []} if username in commit_acls: tmp = {username: commit_acls[username]} commit_acls = tmp form = pkgdb2.forms.ConfirmationForm() if form.validate_on_submit(): sub_acls = flask.request.values.getlist('acls') sub_users = flask.request.values.getlist('user') sub_branches = flask.request.values.getlist('branch') changed = False if sub_acls and len(sub_acls) == (len(sub_users) * len(sub_branches)): cnt = 0 for cnt_u in range(len(sub_users)): for cnt_b in range(len(sub_branches)): lcl_acl = sub_acls[cnt] lcl_user = sub_users[cnt_u] lcl_branch = sub_branches[cnt_b] if lcl_acl not in acl_status: flask.flash('Invalid ACL: %s' % lcl_acl, 'error') cnt += 1 continue if lcl_user not in commit_acls: flask.flash('Invalid user: %s' % lcl_user, 'error') cnt += 1 continue if lcl_branch not in branches_inv or ( branches_inv[lcl_branch] in commit_acls[lcl_user] and commit_acls[lcl_user][branches_inv[lcl_branch]] [update_acl] == lcl_acl): cnt += 1 continue if not lcl_acl: if branches_inv[lcl_branch] \ not in commit_acls[lcl_user]: cnt += 1 continue elif branches_inv[lcl_branch] \ in commit_acls[lcl_user] \ and username != lcl_user: flask.flash('Only the user can remove his/her ACL', 'error') cnt += 1 continue try: pkgdblib.set_acl_package( SESSION, pkg_name=package.name, pkg_branch=lcl_branch, pkg_user=lcl_user, acl=update_acl, status=lcl_acl, user=flask.g.fas_user, ) SESSION.commit() flask.flash("%s's %s ACL updated on %s" % (lcl_user, update_acl, lcl_branch)) changed = True except pkgdblib.PkgdbException, err: SESSION.rollback() flask.flash(str(err), 'error') cnt += 1 SESSION.commit() if not changed: flask.flash('Nothing to update') return flask.redirect( flask.url_for('.package_info', package=package.name)) else: flask.flash('Invalid input submitted', 'error')
def inject_is_admin(): """ Inject whether the user is a pkgdb2 admin or not in every page (every template). """ return dict(is_admin=is_pkgdb_admin(flask.g.fas_user), version=__version__)