def sync_team_email_perms(gcp: Optional[GCPInterface],
db: DBFacade,
team: Team):
"""
Refresh Google Drive permissions for provided team. If no GCP client
is provided, this function is a no-op.
"""
if gcp is None:
logging.debug("GCP not enabled, skipping drive permissions")
return
if len(team.folder) == 0:
return
# Generate who to share with
team_members = get_team_members(db, team)
emails: List[str] = []
for user in team_members:
if len(user.email) > 0:
emails.append(user.email)
# Sync permissions
if len(emails) > 0:
logging.info("Synchronizing permissions for "
+ f"{team.github_team_name}'s folder ({team.folder}) "
+ f"to {emails}")
gcp.set_drive_permissions(
team.github_team_name, team.folder, emails)
def refresh_all_rocket_permissions(self):
"""
Refresh Rocket permissions for members in teams like
GITHUB_ADMIN_TEAM_NAME and GITHUB_LEADS_TEAM_NAME.
It only ever promotes users, and does not demote users.
"""
# provide teams from low permissions level to high
teams = [
{
'name': self.config.github_team_leads,
'permission': Permissions.team_lead,
},
{
'name': self.config.github_team_admin,
'permission': Permissions.admin,
},
]
logging.info(f'refreshing Rocket permissions for teams {teams}')
for t in teams:
team_name = t['name']
if len(team_name) == 0:
continue
team = None
try:
team = get_team_by_name(self.facade, team_name)
except LookupError:
t_id = str(self.gh.org_create_team(team_name))
logging.info(f'team {team_name} created')
self.facade.store(Team(t_id, team_name, team_name))
if team is not None:
team_members = get_team_members(self.facade, team)
updated = []
for user in team_members:
if user.permissions_level < t['permission']:
user.permissions_level = t['permission']
updated.append(user)
self.facade.store(user)
if len(updated) > 0:
logging.info(f'updated users {updated}')
else:
logging.info('no users updated')
def sync_team_email_perms(gcp: Optional[GCPInterface], db: DBFacade,
team: Team):
"""
Refresh Google Drive permissions for provided team. If no GCP client
is provided, this function is a no-op.
:param gcp: the interface to do this from; can be `None` to function as
no-op
:param db: the database facade interface
:param team: refresh Google Drive permissions based on team model; if there
is no folder for the team model, functions as no-op
"""
if gcp is None:
logging.debug("GCP not enabled, skipping drive permissions")
return
if len(team.folder) == 0:
return
# Generate who to share with
team_members = get_team_members(db, team)
emails: List[str] = []
for user in team_members:
if len(user.email) > 0:
try:
emails.append(standardize_email(user.email))
except Exception as e:
logging.warning(
f'Found malformed email {user.email} for user ' +
f'{user.github_username}: {e}')
# Sync permissions
if len(emails) > 0:
logging.info("Synchronizing permissions for " +
f"{team.github_team_name}'s folder ({team.folder})")
gcp.ensure_drive_permissions(team.github_team_name, team.folder,
emails)
def test_get_team_members(self):
self.assertCountEqual(get_team_members(self.db, self.t0),
[self.u0, self.u1])
def get_team_users(self, team_name):
team = get_team_by_name(self.facade, team_name)
return get_team_members(self.facade, team)