Python OrganizationMemberPermission примеры использования

Пример #1

Файл: namespacequota.py Проект: jonathankingfc/quay

    def get(self, orgname, quota_id):
        orgperm = OrganizationMemberPermission(orgname)
        if not orgperm.can() and not SuperUserPermission().can():
            raise Unauthorized()

        quota = get_quota(orgname, quota_id)

        return quota_view(quota)

Пример #2

Файл: namespacequota.py Проект: jonathankingfc/quay

    def get(self, orgname, quota_id):
        orgperm = OrganizationMemberPermission(orgname)
        if not orgperm.can():
            raise Unauthorized()

        quota = get_quota(orgname, quota_id)
        return [
            limit_view(limit) for limit in
            model.namespacequota.get_namespace_quota_limit_list(quota)
        ]

Пример #3

Файл: namespacequota.py Проект: jonathankingfc/quay

    def get(self, orgname, quota_id, limit_id):
        orgperm = OrganizationMemberPermission(orgname)
        if not orgperm.can():
            raise Unauthorized()

        quota = get_quota(orgname, quota_id)
        quota_limit = model.namespacequota.get_namespace_quota_limit(
            quota, limit_id)
        if quota_limit is None:
            raise NotFound()

        return limit_view(quota_limit)

Пример #4

Файл: robot.py Проект: xtechinfra/quay

  def get(self, orgname, parsed_args):
    """ List the organization's robots. """
    permission = OrganizationMemberPermission(orgname)
    if permission.can():
      include_token = (AdministerOrganizationPermission(orgname).can() and
                       parsed_args.get('token', True))
      include_permissions = (AdministerOrganizationPermission(orgname).can() and
                             parsed_args.get('permissions', False))
      return robots_list(orgname, include_permissions=include_permissions,
                         include_token=include_token,
                         limit=parsed_args.get('limit'))

    raise Unauthorized()

Пример #5

Файл: organization.py Проект: jonathankingfc/quay

    def get(self, orgname):
        """
        Retrieves the proxy cache configuration of the organization.
        """
        permission = OrganizationMemberPermission(orgname)
        if not permission.can():
            raise Unauthorized()

        try:
            config = model.proxy_cache.get_proxy_cache_config_for_org(orgname)
        except model.InvalidProxyCacheConfigException:
            return proxy_cache_view(None)

        return proxy_cache_view(config)

Пример #6

Файл: organization.py Проект: jonathankingfc/quay

def org_view(o, teams):
    is_admin = AdministerOrganizationPermission(o.username).can()
    is_member = OrganizationMemberPermission(o.username).can()

    view = {
        "name": o.username,
        "email": o.email if is_admin else "",
        "avatar": avatar.get_data_for_user(o),
        "is_admin": is_admin,
        "is_member": is_member,
    }

    if teams is not None:
        teams = sorted(teams, key=lambda team: team.id)
        view["teams"] = {t.name: team_view(o.username, t) for t in teams}
        view["ordered_teams"] = [team.name for team in teams]

    if is_admin:
        view["invoice_email"] = o.invoice_email
        view["invoice_email_address"] = o.invoice_email_address
        view["tag_expiration_s"] = o.removed_tag_expiration_s
        view["is_free_account"] = o.stripe_id is None

        if features.QUOTA_MANAGEMENT:
            quotas = model.namespacequota.get_namespace_quota_list(o.username)
            view["quotas"] = [quota_view(quota)
                              for quota in quotas] if quotas else []
            view["quota_report"] = model.namespacequota.get_quota_for_view(
                o.username)

    return view

Пример #7

Файл: namespacequota.py Проект: jonathankingfc/quay

    def get(self, orgname):
        orgperm = OrganizationMemberPermission(orgname)
        if not orgperm.can() and not SuperUserPermission().can():
            raise Unauthorized()

        try:
            org = model.organization.get_organization(orgname)
        except model.InvalidOrganizationException:
            raise NotFound()

        default_config = False
        quotas = model.namespacequota.get_namespace_quota_list(orgname)

        # If no quota is defined for the org, return systems default quota
        if not quotas and config.app_config.get(
                "DEFAULT_SYSTEM_REJECT_QUOTA_BYTES") != 0:
            quotas = [model.namespacequota.get_system_default_quota(orgname)]
            default_config = True

        return [quota_view(quota, default_config) for quota in quotas]

Пример #8

Файл: organization.py Проект: zhill/quay

    def get(self, orgname):
        """ Get the details for the specified organization """
        try:
            org = model.organization.get_organization(orgname)
        except model.InvalidOrganizationException:
            raise NotFound()

        teams = None
        if OrganizationMemberPermission(orgname).can():
            has_syncing = features.TEAM_SYNCING and bool(authentication.federated_service)
            teams = model.team.get_teams_within_org(org, has_syncing)

        return org_view(org, teams)

Пример #9

def redirect_to_repository(namespace_name, repo_name, tag_name):
    # Always return 200 for ac-discovery, to ensure that rkt and other ACI-compliant clients can
    # find the metadata they need. Permissions will be checked in the registry API.
    if request.args.get("ac-discovery", 0) == 1:
        return index("")

    # Redirect to the repository page if the user can see the repository.
    is_public = model.repository.repository_is_public(namespace_name,
                                                      repo_name)
    permission = ReadRepositoryPermission(namespace_name, repo_name)
    repo = model.repository.get_repository(namespace_name, repo_name)

    if repo and (permission.can() or is_public):
        repo_path = "/".join([namespace_name, repo_name])
        if repo.kind.name == "application":
            return redirect(url_for("web.application", path=repo_path))
        else:
            return redirect(
                url_for("web.repository",
                        path=repo_path,
                        tab="tags",
                        tag=tag_name))

    namespace_exists = bool(model.user.get_user_or_org(namespace_name))
    namespace_permission = OrganizationMemberPermission(namespace_name).can()
    if get_authenticated_user() and get_authenticated_user(
    ).username == namespace_name:
        namespace_permission = True

    # Otherwise, we display an error for the user. Which error we display depends on permissions:
    # > If the namespace doesn't exist, 404.
    # > If the user is a member of the namespace:
    #   - If the repository doesn't exist, 404
    #   - If the repository does exist (no access), 403
    # > If the user is not a member of the namespace: 403
    error_info = {
        "reason": "notfound",
        "for_repo": True,
        "namespace_exists": namespace_exists,
        "namespace": namespace_name,
        "repo_name": repo_name,
    }

    if not namespace_exists or (namespace_permission and repo is None):
        resp = index("", error_code=404, error_info=json.dumps(error_info))
        resp.status_code = 404
        return resp
    else:
        resp = index("", error_code=403, error_info=json.dumps(error_info))
        resp.status_code = 403
        return resp

Пример #10

def org_view(o, teams):
    is_admin = AdministerOrganizationPermission(o.username).can()
    is_member = OrganizationMemberPermission(o.username).can()

    view = {
        "name": o.username,
        "email": o.email if is_admin else "",
        "avatar": avatar.get_data_for_user(o),
        "is_admin": is_admin,
        "is_member": is_member,
    }

    if teams is not None:
        teams = sorted(teams, key=lambda team: team.id)
        view["teams"] = {t.name: team_view(o.username, t) for t in teams}
        view["ordered_teams"] = [team.name for team in teams]

    if is_admin:
        view["invoice_email"] = o.invoice_email
        view["invoice_email_address"] = o.invoice_email_address
        view["tag_expiration_s"] = o.removed_tag_expiration_s
        view["is_free_account"] = o.stripe_id is None

    return view

Пример #11

def org_view(o, teams):
    is_admin = AdministerOrganizationPermission(o.username).can()
    is_member = OrganizationMemberPermission(o.username).can()

    view = {
        'name': o.username,
        'email': o.email if is_admin else '',
        'avatar': avatar.get_data_for_user(o),
        'is_admin': is_admin,
        'is_member': is_member
    }

    if teams is not None:
        teams = sorted(teams, key=lambda team: team.id)
        view['teams'] = {t.name: team_view(o.username, t) for t in teams}
        view['ordered_teams'] = [team.name for team in teams]

    if is_admin:
        view['invoice_email'] = o.invoice_email
        view['invoice_email_address'] = o.invoice_email_address
        view['tag_expiration_s'] = o.removed_tag_expiration_s
        view['is_free_account'] = o.stripe_id is None

    return view

Пример #12

    def get(self, prefix, parsed_args):
        """
        Get a list of entities that match the specified prefix.
        """

        # Ensure we don't have any unicode characters in the search, as it breaks the search. Nothing
        # being searched can have unicode in it anyway, so this is a safe operation.
        prefix = prefix.encode("unidecode", "ignore").replace(" ", "").lower()

        teams = []
        org_data = []

        namespace_name = parsed_args["namespace"]
        robot_namespace = None
        organization = None

        try:
            organization = model.organization.get_organization(namespace_name)

            # namespace name was an org
            permission = OrganizationMemberPermission(namespace_name)
            if permission.can():
                robot_namespace = namespace_name

                if parsed_args["includeTeams"]:
                    teams = model.team.get_matching_teams(prefix, organization)

                if (parsed_args["includeOrgs"]
                        and AdministerOrganizationPermission(namespace_name)
                        and namespace_name.startswith(prefix)):
                    org_data = [{
                        "name":
                        namespace_name,
                        "kind":
                        "org",
                        "is_org_member":
                        True,
                        "avatar":
                        avatar.get_data_for_org(organization),
                    }]

        except model.organization.InvalidOrganizationException:
            # namespace name was a user
            user = get_authenticated_user()
            if user and user.username == namespace_name:
                # Check if there is admin user permissions (login only)
                admin_permission = UserAdminPermission(user.username)
                if admin_permission.can():
                    robot_namespace = namespace_name

        # Lookup users in the database for the prefix query.
        users = model.user.get_matching_users(
            prefix,
            robot_namespace,
            organization,
            limit=10,
            exact_matches_only=not features.PARTIAL_USER_AUTOCOMPLETE,
        )

        # Lookup users via the user system for the prefix query. We'll filter out any users that
        # already exist in the database.
        external_users, federated_id, _ = authentication.query_users(prefix,
                                                                     limit=10)
        filtered_external_users = []
        if external_users and federated_id is not None:
            users = list(users)
            user_ids = [user.id for user in users]

            # Filter the users if any are already found via the database. We do so by looking up all
            # the found users in the federated user system.
            federated_query = model.user.get_federated_logins(
                user_ids, federated_id)
            found = {result.service_ident for result in federated_query}
            filtered_external_users = [
                user for user in external_users if not user.username in found
            ]

        def entity_team_view(team):
            result = {
                "name": team.name,
                "kind": "team",
                "is_org_member": True,
                "avatar": avatar.get_data_for_team(team),
            }
            return result

        def user_view(user):
            user_json = {
                "name": user.username,
                "kind": "user",
                "is_robot": user.robot,
                "avatar": avatar.get_data_for_user(user),
            }

            if organization is not None:
                user_json["is_org_member"] = user.robot or user.is_org_member

            return user_json

        def external_view(user):
            result = {
                "name": user.username,
                "kind": "external",
                "title": user.email or "",
                "avatar": avatar.get_data_for_external_user(user),
            }
            return result

        team_data = [entity_team_view(team) for team in teams]
        user_data = [user_view(user) for user in users]
        external_data = [
            external_view(user) for user in filtered_external_users
        ]

        return {"results": team_data + user_data + org_data + external_data}