def search_entity_view(username, entity, get_short_name=None):
kind = "user"
title = "user"
avatar_data = avatar.get_data_for_user(entity)
href = "/user/" + entity.username
if entity.organization:
kind = "organization"
title = "org"
avatar_data = avatar.get_data_for_org(entity)
href = "/organization/" + entity.username
elif entity.robot:
parts = parse_robot_username(entity.username)
if parts[0] == username:
href = "/user/" + username + "?tab=robots&showRobot=" + entity.username
else:
href = "/organization/" + parts[0] + "?tab=robots&showRobot=" + entity.username
kind = "robot"
title = "robot"
avatar_data = None
data = {
"title": title,
"kind": kind,
"avatar": avatar_data,
"name": entity.username,
"score": ENTITY_SEARCH_SCORE,
"href": href,
}
if get_short_name:
data["short_name"] = get_short_name(entity.username)
return data
def request_authorization_code():
provider = FlaskAuthorizationProvider()
response_type = request.args.get("response_type", "code")
client_id = request.args.get("client_id", None)
redirect_uri = request.args.get("redirect_uri", None)
scope = request.args.get("scope", None)
if not current_user.is_authenticated or not provider.validate_has_scopes(
client_id, current_user.db_user().username, scope
):
if not provider.validate_redirect_uri(client_id, redirect_uri):
current_app = provider.get_application_for_client_id(client_id)
if not current_app:
abort(404)
return provider._make_redirect_error_response(
current_app.redirect_uri, "redirect_uri_mismatch"
)
# Load the scope information.
scope_info = scopes.get_scope_information(scope)
if not scope_info:
abort(404)
return
# Load the application information.
oauth_app = provider.get_application_for_client_id(client_id)
app_email = oauth_app.avatar_email or oauth_app.organization.email
oauth_app_view = {
"name": oauth_app.name,
"description": oauth_app.description,
"url": oauth_app.application_uri,
"avatar": json.dumps(avatar.get_data(oauth_app.name, app_email, "app")),
"organization": {
"name": oauth_app.organization.username,
"avatar": json.dumps(avatar.get_data_for_org(oauth_app.organization)),
},
}
# Show the authorization page.
has_dangerous_scopes = any([check_scope["dangerous"] for check_scope in scope_info])
return render_page_template_with_routedata(
"oauthorize.html",
scopes=scope_info,
has_dangerous_scopes=has_dangerous_scopes,
application=oauth_app_view,
enumerate=enumerate,
client_id=client_id,
redirect_uri=redirect_uri,
scope=scope,
csrf_token_val=generate_csrf_token(),
)
if response_type == "token":
return provider.get_token_response(response_type, client_id, redirect_uri, scope=scope)
else:
return provider.get_authorization_code(response_type, client_id, redirect_uri, scope=scope)
def request_authorization_code():
provider = FlaskAuthorizationProvider()
response_type = request.args.get('response_type', 'code')
client_id = request.args.get('client_id', None)
redirect_uri = request.args.get('redirect_uri', None)
scope = request.args.get('scope', None)
if (not current_user.is_authenticated or
not provider.validate_has_scopes(client_id, current_user.db_user().username, scope)):
if not provider.validate_redirect_uri(client_id, redirect_uri):
current_app = provider.get_application_for_client_id(client_id)
if not current_app:
abort(404)
return provider._make_redirect_error_response(current_app.redirect_uri,
'redirect_uri_mismatch')
# Load the scope information.
scope_info = scopes.get_scope_information(scope)
if not scope_info:
abort(404)
return
# Load the application information.
oauth_app = provider.get_application_for_client_id(client_id)
app_email = oauth_app.avatar_email or oauth_app.organization.email
oauth_app_view = {
'name': oauth_app.name,
'description': oauth_app.description,
'url': oauth_app.application_uri,
'avatar': json.dumps(avatar.get_data(oauth_app.name, app_email, 'app')),
'organization': {
'name': oauth_app.organization.username,
'avatar': json.dumps(avatar.get_data_for_org(oauth_app.organization))
}
}
# Show the authorization page.
has_dangerous_scopes = any([check_scope['dangerous'] for check_scope in scope_info])
return render_page_template_with_routedata('oauthorize.html', scopes=scope_info,
has_dangerous_scopes=has_dangerous_scopes,
application=oauth_app_view,
enumerate=enumerate, client_id=client_id,
redirect_uri=redirect_uri, scope=scope,
csrf_token_val=generate_csrf_token())
if response_type == 'token':
return provider.get_token_response(response_type, client_id, redirect_uri, scope=scope)
else:
return provider.get_authorization_code(response_type, client_id, redirect_uri, scope=scope)
def to_dict(self):
d = {
"name": self.username,
"email": self.email,
"avatar": avatar.get_data_for_org(self),
}
if features.QUOTA_MANAGEMENT and self.quotas is not None:
d["quotas"] = [quota_view(quota)
for quota in self.quotas] if self.quotas else []
d["quota_report"] = model.namespacequota.get_quota_for_view(
self.username)
return d
def org_view(o, user_admin=True):
admin_org = AdministerOrganizationPermission(o.username)
org_response = {
"name": o.username,
"avatar": avatar.get_data_for_org(o),
"can_create_repo": CreateRepositoryPermission(o.username).can(),
"public": o.username in app.config.get("PUBLIC_NAMESPACES", []),
}
if user_admin:
org_response.update(
{"is_org_admin": admin_org.can(), "preferred_namespace": not (o.stripe_id is None),}
)
return org_response
def authorization_view(access_token):
oauth_app = access_token.application
app_email = oauth_app.avatar_email or oauth_app.organization.email
return {
"application": {
"name": oauth_app.name,
"description": oauth_app.description,
"url": oauth_app.application_uri,
"avatar": avatar.get_data(oauth_app.name, app_email, "app"),
"organization": {
"name": oauth_app.organization.username,
"avatar": avatar.get_data_for_org(oauth_app.organization),
},
},
"scopes": scopes.get_scope_information(access_token.scope),
"uuid": access_token.uuid,
}
def authorization_view(access_token):
oauth_app = access_token.application
app_email = oauth_app.avatar_email or oauth_app.organization.email
return {
'application': {
'name': oauth_app.name,
'description': oauth_app.description,
'url': oauth_app.application_uri,
'avatar': avatar.get_data(oauth_app.name, app_email, 'app'),
'organization': {
'name': oauth_app.organization.username,
'avatar': avatar.get_data_for_org(oauth_app.organization)
}
},
'scopes': scopes.get_scope_information(access_token.scope),
'uuid': access_token.uuid
}
def org_view(o, user_admin=True):
admin_org = AdministerOrganizationPermission(o.username)
org_response = {
'name': o.username,
'avatar': avatar.get_data_for_org(o),
'can_create_repo': CreateRepositoryPermission(o.username).can(),
'public': o.username in app.config.get('PUBLIC_NAMESPACES', []),
}
if user_admin:
org_response.update({
'is_org_admin':
admin_org.can(),
'preferred_namespace':
not (o.stripe_id is None),
})
return org_response
def search_entity_view(username, entity, get_short_name=None):
kind = 'user'
title = 'user'
avatar_data = avatar.get_data_for_user(entity)
href = '/user/' + entity.username
if entity.organization:
kind = 'organization'
title = 'org'
avatar_data = avatar.get_data_for_org(entity)
href = '/organization/' + entity.username
elif entity.robot:
parts = parse_robot_username(entity.username)
if parts[0] == username:
href = '/user/' + username + '?tab=robots&showRobot=' + entity.username
else:
href = '/organization/' + parts[
0] + '?tab=robots&showRobot=' + entity.username
kind = 'robot'
title = 'robot'
avatar_data = None
data = {
'title': title,
'kind': kind,
'avatar': avatar_data,
'name': entity.username,
'score': ENTITY_SEARCH_SCORE,
'href': href
}
if get_short_name:
data['short_name'] = get_short_name(entity.username)
return data
def get(self, prefix, parsed_args):
"""
Get a list of entities that match the specified prefix.
"""
# Ensure we don't have any unicode characters in the search, as it breaks the search. Nothing
# being searched can have unicode in it anyway, so this is a safe operation.
prefix = prefix.encode("unidecode", "ignore").replace(" ", "").lower()
teams = []
org_data = []
namespace_name = parsed_args["namespace"]
robot_namespace = None
organization = None
try:
organization = model.organization.get_organization(namespace_name)
# namespace name was an org
permission = OrganizationMemberPermission(namespace_name)
if permission.can():
robot_namespace = namespace_name
if parsed_args["includeTeams"]:
teams = model.team.get_matching_teams(prefix, organization)
if (parsed_args["includeOrgs"]
and AdministerOrganizationPermission(namespace_name)
and namespace_name.startswith(prefix)):
org_data = [{
"name":
namespace_name,
"kind":
"org",
"is_org_member":
True,
"avatar":
avatar.get_data_for_org(organization),
}]
except model.organization.InvalidOrganizationException:
# namespace name was a user
user = get_authenticated_user()
if user and user.username == namespace_name:
# Check if there is admin user permissions (login only)
admin_permission = UserAdminPermission(user.username)
if admin_permission.can():
robot_namespace = namespace_name
# Lookup users in the database for the prefix query.
users = model.user.get_matching_users(
prefix,
robot_namespace,
organization,
limit=10,
exact_matches_only=not features.PARTIAL_USER_AUTOCOMPLETE,
)
# Lookup users via the user system for the prefix query. We'll filter out any users that
# already exist in the database.
external_users, federated_id, _ = authentication.query_users(prefix,
limit=10)
filtered_external_users = []
if external_users and federated_id is not None:
users = list(users)
user_ids = [user.id for user in users]
# Filter the users if any are already found via the database. We do so by looking up all
# the found users in the federated user system.
federated_query = model.user.get_federated_logins(
user_ids, federated_id)
found = {result.service_ident for result in federated_query}
filtered_external_users = [
user for user in external_users if not user.username in found
]
def entity_team_view(team):
result = {
"name": team.name,
"kind": "team",
"is_org_member": True,
"avatar": avatar.get_data_for_team(team),
}
return result
def user_view(user):
user_json = {
"name": user.username,
"kind": "user",
"is_robot": user.robot,
"avatar": avatar.get_data_for_user(user),
}
if organization is not None:
user_json["is_org_member"] = user.robot or user.is_org_member
return user_json
def external_view(user):
result = {
"name": user.username,
"kind": "external",
"title": user.email or "",
"avatar": avatar.get_data_for_external_user(user),
}
return result
team_data = [entity_team_view(team) for team in teams]
user_data = [user_view(user) for user in users]
external_data = [
external_view(user) for user in filtered_external_users
]
return {"results": team_data + user_data + org_data + external_data}
def org_view(org):
return {
"name": org.username,
"email": org.email,
"avatar": avatar.get_data_for_org(org),
}
def to_dict(self):
return {
"name": self.username,
"email": self.email,
"avatar": avatar.get_data_for_org(self),
}
def to_dict(self):
return {
'name': self.username,
'email': self.email,
'avatar': avatar.get_data_for_org(self),
}
def org_view(org):
return {
'name': org.username,
'email': org.email,
'avatar': avatar.get_data_for_org(org),
}
