Пример #1
0
def _delete_user_linked_data(user):
  if user.organization:
    # Delete the organization's teams.
    with db_transaction():
      for team in Team.select().where(Team.organization == user):
        team.delete_instance(recursive=True)

    # Delete any OAuth approvals and tokens associated with the user.
    with db_transaction():
      for app in OAuthApplication.select().where(OAuthApplication.organization == user):
        app.delete_instance(recursive=True)
  else:
    # Remove the user from any teams in which they are a member.
    TeamMember.delete().where(TeamMember.user == user).execute()

  # Delete any repository buildtriggers where the user is the connected user.
  with db_transaction():
    triggers = RepositoryBuildTrigger.select().where(RepositoryBuildTrigger.connected_user == user)
    for trigger in triggers:
      trigger.delete_instance(recursive=True, delete_nullable=False)

  # Delete any mirrors with robots owned by this user.
  with db_transaction():
    robots = list(list_namespace_robots(user.username))
    RepoMirrorConfig.delete().where(RepoMirrorConfig.internal_robot << robots).execute()

  # Delete any robots owned by this user.
  with db_transaction():
    robots = list(list_namespace_robots(user.username))
    for robot in robots:
      robot.delete_instance(recursive=True, delete_nullable=True)

  # Null out any service key approvals. We technically lose information here, but its better than
  # falling and only occurs if a superuser is being deleted.
  ServiceKeyApproval.update(approver=None).where(ServiceKeyApproval.approver == user).execute()
Пример #2
0
def get_matching_user_teams(team_prefix, user_obj, limit=10):
    team_prefix_search = prefix_search(Team.name, team_prefix)
    query = (Team.select(Team.id.distinct(),
                         Team).join(User).switch(Team).join(TeamMember).where(
                             TeamMember.user == user_obj,
                             team_prefix_search).limit(limit))

    return query
Пример #3
0
def add_user_as_admin(user_obj, org_obj):
    try:
        admin_role = TeamRole.get(name="admin")
        admin_team = (Team.select().where(Team.role == admin_role,
                                          Team.organization == org_obj).get())
        team.add_user_to_team(user_obj, admin_team)
    except team.UserAlreadyInTeam:
        pass
Пример #4
0
def filter_to_repos_for_user(query,
                             user_id=None,
                             namespace=None,
                             repo_kind="image",
                             include_public=True,
                             start_id=None):
    if not include_public and not user_id:
        return Repository.select().where(Repository.id == "-1")

    # Filter on the type of repository.
    if repo_kind is not None:
        try:
            query = query.where(
                Repository.kind == Repository.kind.get_id(repo_kind))
        except RepositoryKind.DoesNotExist:
            raise DataModelException("Unknown repository kind")

    # Add the start ID if necessary.
    if start_id is not None:
        query = query.where(Repository.id >= start_id)

    # Add a namespace filter if necessary.
    if namespace:
        query = query.where(Namespace.username == namespace)

    # Build a set of queries that, when unioned together, return the full set of visible repositories
    # for the filters specified.
    queries = []

    if include_public:
        queries.append(
            query.where(Repository.visibility == get_public_repo_visibility()))

    if user_id is not None:
        AdminTeam = Team.alias()
        AdminTeamMember = TeamMember.alias()

        # Add repositories in which the user has permission.
        queries.append(
            query.switch(RepositoryPermission).where(
                RepositoryPermission.user == user_id))

        # Add repositories in which the user is a member of a team that has permission.
        queries.append(
            query.switch(RepositoryPermission).join(Team).join(
                TeamMember).where(TeamMember.user == user_id))

        # Add repositories under namespaces in which the user is the org admin.
        queries.append(
            query.switch(Repository).join(
                AdminTeam,
                on=(Repository.namespace_user == AdminTeam.organization)).join(
                    AdminTeamMember,
                    on=(AdminTeam.id == AdminTeamMember.team)).where(
                        AdminTeam.role == _lookup_team_role("admin")).where(
                            AdminTeamMember.user == user_id))

    return reduce(lambda l, r: l | r, queries)
Пример #5
0
def admin_toggle_eligibility(tid):
    team = Team.get(Team.id == tid)
    if team.eligibility is None:
        team.eligibility = False
    else:
        team.eligibility = not team.eligibility
    team.save()
    flash("Eligibility set to {}".format(team.eligible))
    return redirect(url_for(".admin_show_team", tid=tid))
Пример #6
0
def list_notifications(user,
                       kind_name=None,
                       id_filter=None,
                       include_dismissed=False,
                       page=None,
                       limit=None):

    base_query = Notification.select(
        Notification.id,
        Notification.uuid,
        Notification.kind,
        Notification.metadata_json,
        Notification.dismissed,
        Notification.lookup_path,
        Notification.created,
        Notification.created.alias("cd"),
        Notification.target,
    ).join(NotificationKind)

    if kind_name is not None:
        base_query = base_query.where(NotificationKind.name == kind_name)

    if id_filter is not None:
        base_query = base_query.where(Notification.uuid == id_filter)

    if not include_dismissed:
        base_query = base_query.where(Notification.dismissed == False)

    # Lookup directly for the user.
    user_direct = base_query.clone().where(Notification.target == user)

    # Lookup via organizations admined by the user.
    Org = User.alias()
    AdminTeam = Team.alias()
    AdminTeamMember = TeamMember.alias()
    AdminUser = User.alias()

    via_orgs = (base_query.clone().join(
        Org, on=(Org.id == Notification.target)).join(
            AdminTeam, on=(Org.id == AdminTeam.organization)).join(
                TeamRole,
                on=(AdminTeam.role == TeamRole.id)).switch(AdminTeam).join(
                    AdminTeamMember,
                    on=(AdminTeam.id == AdminTeamMember.team)).join(
                        AdminUser, on=(AdminTeamMember.user == AdminUser.id
                                       )).where((AdminUser.id == user)
                                                & (TeamRole.name == "admin")))

    query = user_direct | via_orgs

    if page:
        query = query.paginate(page, limit)
    elif limit:
        query = query.limit(limit)

    return query.order_by(SQL("cd desc"))
Пример #7
0
def get_organization_team(orgname, teamname):
    joined = Team.select().join(User)
    query = joined.where(Team.name == teamname, User.organization == True,
                         User.username == orgname).limit(1)
    result = list(query)
    if not result:
        raise InvalidTeamException("Team does not exist: %s/%s", orgname,
                                   teamname)

    return result[0]
Пример #8
0
def __get_user_admin_teams(org_name, username):
    Org = User.alias()
    user_teams = Team.select().join(TeamMember).join(User)
    with_org = user_teams.switch(Team).join(Org,
                                            on=(Org.id == Team.organization))
    with_role = with_org.switch(Team).join(TeamRole)
    admin_teams = with_role.where(User.username == username,
                                  Org.username == org_name,
                                  TeamRole.name == "admin")
    return admin_teams
Пример #9
0
def admin_score_adjust(tid):
    value = int(request.form["value"])
    reason = request.form["reason"]

    team = Team.get(Team.id == tid)

    ScoreAdjustment.create(team=team, value=value, reason=reason)
    flash("Score adjusted.")

    return redirect(url_for(".admin_show_team", tid=tid))
Пример #10
0
def _user_teams(user, resource):
    changed = False
    p_exact_teams = resource["exact_teams"]
    p_add_teams = resource["add_teams"]
    p_remove_teams = resource["remove_teams"]

    team_names = p_exact_teams or p_add_teams or p_remove_teams
    if team_names is None:
        return False

    teams = []
    for name in team_names:
        try:
            teams.append(Team.get(Team.name == name))
        except model.InvalidTeamException:
            abort(400, message="Team '%s' does not exist" % name)
    teams = set(teams)

    current_teams = set(Team.select().join(TeamMember).join(User)).where(
        User.username == user.username)

    teams_to_add = teams - current_teams
    teams_to_remove = current_teams - teams
    if p_add_teams:
        teams_to_remove = []
    elif p_remove_teams:
        teams_to_add = []

    for team in teams_to_add:
        changed = True
        model.team.add_user_to_team(user, team)

    query = TeamMember.select().join(User).switch(TeamMember).join(Team).join(
        TeamRole)
    for team in teams_to_remove:
        changed = True
        found = list(
            query.where(User.username == user.username,
                        Team.name == team.name))
        found[0].delete_instance()

    return changed
Пример #11
0
def set_team_repo_permission(team_name, namespace_name, repository_name,
                             role_name):
    try:
        team = (Team.select().join(User).where(
            Team.name == team_name, User.username == namespace_name).get())
    except Team.DoesNotExist:
        raise DataModelException("No team %s in organization %s" %
                                 (team_name, namespace_name))

    return __set_entity_repo_permission(team, "team", namespace_name,
                                        repository_name, role_name)
Пример #12
0
def get_org_wide_permissions(user, org_filter=None):
    Org = User.alias()
    team_with_role = Team.select(Team, Org, TeamRole).join(TeamRole)
    with_org = team_with_role.switch(Team).join(
        Org, on=(Team.organization == Org.id))
    with_user = with_org.switch(Team).join(TeamMember).join(User)

    if org_filter:
        with_user.where(Org.username == org_filter)

    return with_user.where(User.id == user, Org.organization == True)
Пример #13
0
def get_matching_admined_teams(team_prefix, user_obj, limit=10):
    team_prefix_search = prefix_search(Team.name, team_prefix)
    admined_orgs = (_basequery.get_user_organizations(
        user_obj.username).switch(Team).join(TeamRole).where(
            TeamRole.name == "admin"))

    query = (Team.select(Team.id.distinct(),
                         Team).join(User).switch(Team).join(TeamMember).where(
                             team_prefix_search, Team.organization <<
                             (admined_orgs)).limit(limit))

    return query
Пример #14
0
def admin_dashboard():
    teams = Team.select()
    solves = ChallengeSolve.select(ChallengeSolve, Challenge).join(Challenge)
    adjustments = ScoreAdjustment.select()
    scoredata = scoreboard.get_all_scores(teams, solves, adjustments)
    lastsolvedata = scoreboard.get_last_solves(teams, solves)
    tickets = list(TroubleTicket.select().where(TroubleTicket.active == True))
    return render_template("admin/dashboard.html",
                           teams=teams,
                           scoredata=scoredata,
                           lastsolvedata=lastsolvedata,
                           tickets=tickets)
Пример #15
0
def get_teams_within_org(organization, has_external_auth=False):
    """
    Returns a AttrDict of team info (id, name, description), its role under the org, the number of
    repositories on which it has permission, and the number of members.
    """
    query = Team.select().where(
        Team.organization == organization).join(TeamRole)

    def _team_view(team):
        return {
            "id": team.id,
            "name": team.name,
            "description": team.description,
            "role_name": Team.role.get_name(team.role_id),
            "repo_count": 0,
            "member_count": 0,
            "is_synced": False,
        }

    teams = {team.id: _team_view(team) for team in query}
    if not teams:
        # Just in case. Should ideally never happen.
        return []

    # Add repository permissions count.
    permission_tuples = (RepositoryPermission.select(
        RepositoryPermission.team, fn.Count(RepositoryPermission.id)).where(
            RepositoryPermission.team << list(teams.keys())).group_by(
                RepositoryPermission.team).tuples())

    for perm_tuple in permission_tuples:
        teams[perm_tuple[0]]["repo_count"] = perm_tuple[1]

    # Add the member count.
    members_tuples = (TeamMember.select(TeamMember.team, fn.Count(
        TeamMember.id)).where(TeamMember.team << list(teams.keys())).group_by(
            TeamMember.team).tuples())

    for member_tuple in members_tuples:
        teams[member_tuple[0]]["member_count"] = member_tuple[1]

    # Add syncing information.
    if has_external_auth:
        sync_query = TeamSync.select(
            TeamSync.team).where(TeamSync.team << list(teams.keys()))
        for team_sync in sync_query:
            teams[team_sync.team_id]["is_synced"] = True

    return [AttrDict(team_info) for team_info in list(teams.values())]
Пример #16
0
def create_team(name, org_obj, team_role_name, description=""):
    (teamname_valid, teamname_issue) = validate_team_name(name)
    if not teamname_valid:
        raise InvalidTeamException("Invalid team name %s: %s" %
                                   (name, teamname_issue))

    if not org_obj.organization:
        raise InvalidTeamException(
            "Specified organization %s was not an organization" %
            org_obj.username)

    team_role = TeamRole.get(TeamRole.name == team_role_name)
    return Team.create(name=name,
                       organization=org_obj,
                       role=team_role,
                       description=description)
Пример #17
0
def remove_team(org_name, team_name, removed_by_username):
    joined = Team.select(Team, TeamRole).join(User).switch(Team).join(TeamRole)

    found = list(
        joined.where(User.organization == True, User.username == org_name,
                     Team.name == team_name))
    if not found:
        raise InvalidTeamException("Team '%s' is not a team in org '%s'" %
                                   (team_name, org_name))

    team = found[0]
    if team.role.name == "admin":
        admin_teams = list(
            __get_user_admin_teams(org_name, removed_by_username))
        if len(admin_teams) <= 1:
            # The team we are trying to remove is the only admin team containing this user.
            msg = "Deleting team '%s' would remove admin ability for user '%s' in organization '%s'"
            raise DataModelException(
                msg % (team_name, removed_by_username, org_name))

    team.delete_instance(recursive=True, delete_nullable=True)
Пример #18
0
def get_matching_teams(team_prefix, organization):
    team_prefix_search = prefix_search(Team.name, team_prefix)
    query = Team.select().where(team_prefix_search,
                                Team.organization == organization)
    return query.limit(10)
Пример #19
0
def admin_show_team(tid):
    team = Team.get(Team.id == tid)
    return render_template("admin/team.html", team=team)
Пример #20
0
def get_user_teams_within_org(username, organization):
    joined = Team.select().join(TeamMember).join(User)
    return joined.where(Team.organization == organization,
                        User.username == username)