def get(self, orgname, teamname, parsed_args): """ Retrieve the list of members for the specified team. """ view_permission = ViewTeamPermission(orgname, teamname) edit_permission = AdministerOrganizationPermission(orgname) if view_permission.can(): team = None try: team = model.team.get_organization_team(orgname, teamname) except model.InvalidTeamException: raise NotFound() members = model.organization.get_organization_team_members(team.id) invites = [] if parsed_args["includePending"] and edit_permission.can(): invites = model.team.get_organization_team_member_invites( team.id) data = { "name": teamname, "members": [member_view(m) for m in members] + [invite_view(i) for i in invites], "can_edit": edit_permission.can(), } if features.TEAM_SYNCING and authentication.federated_service: if _syncing_setup_allowed(orgname): data["can_sync"] = { "service": authentication.federated_service, } data["can_sync"].update(authentication.service_metadata()) sync_info = model.team.get_team_sync_information( orgname, teamname) if sync_info is not None: data["synced"] = { "service": sync_info.service.name, } if SuperUserPermission().can(): data["synced"].update({ "last_updated": format_date(sync_info.last_updated), "config": json.loads(sync_info.config), }) return data raise Unauthorized()
def put(self, orgname, prototypeid): """ Update the role of an existing permission prototype. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): try: org = model.organization.get_organization(orgname) except model.InvalidOrganizationException: raise NotFound() existing = model.permission.get_prototype_permission(org, prototypeid) if not existing: raise NotFound() details = request.get_json() role_name = details["role"] prototype = model.permission.update_prototype_permission(org, prototypeid, role_name) if not prototype: raise NotFound() log_prototype_action( "modify_prototype_permission", orgname, prototype, original_role=existing.role.name ) users_filter = {prototype.activating_user, prototype.delegate_user} org_members = model.organization.get_organization_member_set( org, users_filter=users_filter ) return prototype_view(prototype, org_members) raise Unauthorized()
def post(self, orgname): permission = AdministerOrganizationPermission(orgname) if not permission.can(): raise Unauthorized() try: model.proxy_cache.get_proxy_cache_config_for_org(orgname) request_error("Proxy Cache Configuration already exists") except model.InvalidProxyCacheConfigException: pass data = request.get_json() # filter None values data = {k: v for k, v in data.items() if v is not None} try: config = ProxyCacheConfig(**data) existing = model.organization.get_organization(orgname) config.organization = existing proxy = Proxy(config, "something-totally-fake", True) response = proxy.get(f"{proxy.base_url}/v2/") if response.status_code == 200: return "Valid", 202 except UpstreamRegistryError as e: raise request_error( message= "Failed login to remote registry. Please verify entered details and try again." ) raise request_error( message="Failed to validate Proxy cache configuration")
def post(self, orgname): """ Creates a new application under this organization. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): try: org = model.organization.get_organization(orgname) except model.InvalidOrganizationException: raise NotFound() app_data = request.get_json() application = model.oauth.create_application( org, app_data["name"], app_data.get("application_uri", ""), app_data.get("redirect_uri", ""), description=app_data.get("description", ""), avatar_email=app_data.get("avatar_email", None), ) app_data.update({ "application_name": application.name, "client_id": application.client_id }) log_action("create_application", orgname, app_data) return app_view(application) raise Unauthorized()
def delete(self, orgname, client_id): """ Deletes the application under this organization. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): try: org = model.organization.get_organization(orgname) except model.InvalidOrganizationException: raise NotFound() application = model.oauth.delete_application(org, client_id) if not application: raise NotFound() log_action( "delete_application", orgname, { "application_name": application.name, "client_id": client_id }, ) return "", 204 raise Unauthorized()
def put(self, orgname, client_id): """ Updates an application under this organization. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): try: org = model.organization.get_organization(orgname) except model.InvalidOrganizationException: raise NotFound() application = model.oauth.lookup_application(org, client_id) if not application: raise NotFound() app_data = request.get_json() application.name = app_data["name"] application.application_uri = app_data["application_uri"] application.redirect_uri = app_data["redirect_uri"] application.description = app_data.get("description", "") application.avatar_email = app_data.get("avatar_email", None) application.save() app_data.update({ "application_name": application.name, "client_id": application.client_id }) log_action("update_application", orgname, app_data) return app_view(application) raise Unauthorized()
def delete(self, orgname, teamname, email): """ Delete an invite of an email address to join a team. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): team = None # Find the team. try: team = model.team.get_organization_team(orgname, teamname) except model.InvalidTeamException: raise NotFound() # Delete the invite. if not model.team.delete_team_email_invite(team, email): raise NotFound() log_action( "org_delete_team_member_invite", orgname, { "email": email, "team": teamname, "member": email }, ) return "", 204 raise Unauthorized()
def post(self, orgname): """ Creates proxy cache configuration for the organization. """ permission = AdministerOrganizationPermission(orgname) if not permission.can(): raise Unauthorized() try: model.proxy_cache.get_proxy_cache_config_for_org(orgname) raise request_error("Proxy Cache Configuration already exists") except model.InvalidProxyCacheConfigException: pass data = request.get_json() # filter None values data = {k: v for k, v in data.items() if (v is not None or not "")} try: config = model.proxy_cache.create_proxy_cache_config(**data) if config is not None: return "Created", 201 except model.DataModelException as e: logger.error( "Error while creating Proxy cache configuration as: %s", str(e)) return request_error("Error while creating Proxy cache configuration")
def get(self, orgname): """ List the existing prototypes for this organization. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): try: org = model.organization.get_organization(orgname) except model.InvalidOrganizationException: raise NotFound() permissions = model.permission.get_prototype_permissions(org) users_filter = {p.activating_user for p in permissions } | {p.delegate_user for p in permissions} org_members = model.organization.get_organization_member_set( org, users_filter=users_filter) return { "prototypes": [prototype_view(p, org_members) for p in permissions] } raise Unauthorized()
def put(self, orgname, teamname, email): """ Invites an email address to an existing team. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): team = None # Find the team. try: team = model.team.get_organization_team(orgname, teamname) except model.InvalidTeamException: raise NotFound() # Invite the email to the team. inviter = get_authenticated_user() invite = handle_addinvite_team(inviter, team, email=email) log_action( "org_invite_team_member", orgname, { "email": email, "team": teamname, "member": email }, ) return invite_view(invite) raise Unauthorized()
def post(self, orgname, client_id): """ Resets the client secret of the application. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): try: org = model.organization.get_organization(orgname) except model.InvalidOrganizationException: raise NotFound() application = model.oauth.lookup_application(org, client_id) if not application: raise NotFound() application = model.oauth.reset_client_secret(application) log_action( "reset_application_client_secret", orgname, { "application_name": application.name, "client_id": client_id }, ) return app_view(application) raise Unauthorized()
def post(self, orgname): """ Creates a new application under this organization. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): try: org = model.organization.get_organization(orgname) except model.InvalidOrganizationException: raise NotFound() app_data = request.get_json() application = model.oauth.create_application( org, app_data['name'], app_data.get('application_uri', ''), app_data.get('redirect_uri', ''), description=app_data.get('description', ''), avatar_email=app_data.get('avatar_email', None)) app_data.update({ 'application_name': application.name, 'client_id': application.client_id }) log_action('create_application', orgname, app_data) return app_view(application) raise Unauthorized()
def put(self, orgname, robot_shortname): """ Create a new robot in the organization. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): create_data = request.get_json() or {} robot = model.create_org_robot( robot_shortname, orgname, create_data.get("description"), create_data.get("unstructured_metadata"), ) log_action( "create_robot", orgname, { "robot": robot_shortname, "description": create_data.get("description"), "unstructured_metadata": create_data.get("unstructured_metadata"), }, ) return robot.to_dict(include_metadata=True, include_token=True), 201 raise Unauthorized()
def get(self, orgname): """ Fetch any existing subscription for the org. """ cus = None permission = AdministerOrganizationPermission(orgname) if permission.can(): private_repos = model.user.get_private_repo_count(orgname) organization = model.organization.get_organization(orgname) if organization.stripe_id: try: cus = billing.Customer.retrieve(organization.stripe_id) except stripe.error.APIConnectionError as e: abort(503, message="Cannot contact Stripe") if cus.subscription: return subscription_view(cus.subscription, private_repos) return { "hasSubscription": False, "isExistingCustomer": cus is not None, "plan": "free", "usedPrivateRepos": private_repos, } raise Unauthorized()
def get(self, orgname): """ List outside collaborators of the specified organization. """ permission = AdministerOrganizationPermission(orgname) if not permission.can(): raise Unauthorized() try: org = model.organization.get_organization(orgname) except model.InvalidOrganizationException: raise NotFound() all_perms = model.permission.list_organization_member_permissions(org) membership = model.team.list_organization_members_by_teams(org) org_members = set(m.user.username for m in membership) collaborators = {} for perm in all_perms: username = perm.user.username # Only interested in non-member permissions. if username in org_members: continue if username not in collaborators: collaborators[username] = { "kind": "user", "name": username, "avatar": avatar.get_data_for_user(perm.user), "repositories": [], } collaborators[username]["repositories"].append(perm.repository.name) return {"collaborators": collaborators.values()}
def receipt(): if not current_user.is_authenticated: abort(401) return invoice_id = request.args.get('id') if invoice_id: invoice = stripe.Invoice.retrieve(invoice_id) if invoice: user_or_org = model.user.get_user_or_org_by_customer_id(invoice.customer) if user_or_org: if user_or_org.organization: admin_org = AdministerOrganizationPermission(user_or_org.username) if not admin_org.can(): abort(404) return else: if not user_or_org.username == current_user.db_user().username: abort(404) return def format_date(timestamp): return datetime.fromtimestamp(timestamp).strftime('%Y-%m-%d') file_data = renderInvoiceToPdf(invoice, user_or_org) receipt_filename = 'quay-receipt-%s.pdf' % (format_date(invoice.date)) return Response(file_data, mimetype="application/pdf", headers={"Content-Disposition": "attachment;filename=" + receipt_filename}) abort(404)
def get(self, orgname, robot_shortname): """ Returns the organization's robot with the specified name. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): robot = model.get_org_robot(robot_shortname, orgname) return robot.to_dict(include_metadata=True, include_token=True) raise Unauthorized()
def get(self, orgname): """ Get the organization's credit card. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): organization = model.organization.get_organization(orgname) return get_card(organization) raise Unauthorized()
def post(self, orgname, robot_shortname): """ Regenerates the token for an organization robot. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): robot = model.regenerate_org_robot_token(robot_shortname, orgname) log_action("regenerate_robot_token", orgname, {"robot": robot_shortname}) return robot.to_dict(include_token=True) raise Unauthorized()
def delete(self, orgname, robot_shortname): """ Delete an existing organization robot. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): model.delete_robot(format_robot_username(orgname, robot_shortname)) log_action("delete_robot", orgname, {"robot": robot_shortname}) return "", 204 raise Unauthorized()
def post(self, orgname): """ Create a new permission prototype. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): try: org = model.organization.get_organization(orgname) except model.InvalidOrganizationException: raise NotFound() details = request.get_json() activating_username = None if ( "activating_user" in details and details["activating_user"] and "name" in details["activating_user"] ): activating_username = details["activating_user"]["name"] delegate = details["delegate"] if "delegate" in details else {} delegate_kind = delegate.get("kind", None) delegate_name = delegate.get("name", None) delegate_username = delegate_name if delegate_kind == "user" else None delegate_teamname = delegate_name if delegate_kind == "team" else None activating_user = ( model.user.get_user(activating_username) if activating_username else None ) delegate_user = model.user.get_user(delegate_username) if delegate_username else None delegate_team = ( model.team.get_organization_team(orgname, delegate_teamname) if delegate_teamname else None ) if activating_username and not activating_user: raise request_error(message="Unknown activating user") if not delegate_user and not delegate_team: raise request_error(message="Missing delegate user or team") role_name = details["role"] prototype = model.permission.add_prototype_permission( org, role_name, activating_user, delegate_user, delegate_team ) log_prototype_action("create_prototype_permission", orgname, prototype) users_filter = {prototype.activating_user, prototype.delegate_user} org_members = model.organization.get_organization_member_set( org, users_filter=users_filter ) return prototype_view(prototype, org_members) raise Unauthorized()
def get(self, orgname, robot_shortname): """ Returns the list of repository permissions for the org's robot. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): robot = model.get_org_robot(robot_shortname, orgname) permissions = model.list_robot_permissions(robot.name) return {"permissions": [permission.to_dict() for permission in permissions]} abort(403)
def delete(self, orgname, teamname): """ Delete the specified team. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): model.team.remove_team(orgname, teamname, get_authenticated_user().username) log_action("org_delete_team", orgname, {"team": teamname}) return "", 204 raise Unauthorized()
def put(self, orgname, teamname): """ Update the org-wide permission for the specified team. """ edit_permission = AdministerOrganizationPermission(orgname) if edit_permission.can(): team = None details = request.get_json() is_existing = False try: team = model.team.get_organization_team(orgname, teamname) is_existing = True except model.InvalidTeamException: # Create the new team. description = details[ "description"] if "description" in details else "" role = details["role"] if "role" in details else "member" org = model.organization.get_organization(orgname) team = model.team.create_team(teamname, org, role, description) log_action("org_create_team", orgname, {"team": teamname}) if is_existing: if "description" in details and team.description != details[ "description"]: team.description = details["description"] team.save() log_action( "org_set_team_description", orgname, { "team": teamname, "description": team.description }, ) if "role" in details: role = Team.role.get_name(team.role_id) if role != details["role"]: team = model.team.set_team_org_permission( team, details["role"], get_authenticated_user().username) log_action( "org_set_team_role", orgname, { "team": teamname, "role": details["role"] }, ) return team_view(orgname, team, is_new_team=not is_existing), 200 raise Unauthorized()
def post(self, orgname): """ Update the orgnaization's credit card. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): organization = model.organization.get_organization(orgname) token = request.get_json()['token'] response = set_card(organization, token) log_action('account_change_cc', orgname) return response raise Unauthorized()
def get(self, orgname): """ List the invoices for the specified orgnaization. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): organization = model.organization.get_organization(orgname) if not organization.stripe_id: raise NotFound() return get_invoices(organization.stripe_id) raise Unauthorized()
def get(self, orgname): """ List the invoice fields for the organization. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): organization = model.organization.get_organization(orgname) if not organization.stripe_id: raise NotFound() return {'fields': get_invoice_fields(organization)[0]} abort(403)
def put(self, orgname): """ Create or update the org's subscription. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): request_data = request.get_json() plan = request_data['plan'] token = request_data['token'] if 'token' in request_data else None organization = model.organization.get_organization(orgname) return subscribe(organization, plan, token, True) # Business plan required raise Unauthorized()
def get(self, orgname, membername): """ Retrieves the details of a member of the organization. """ permission = AdministerOrganizationPermission(orgname) if permission.can(): # Lookup the user. member = model.user.get_user(membername) if not member: raise NotFound() organization = model.user.get_user_or_org(orgname) if not organization: raise NotFound() # Lookup the user's information in the organization. teams = list( model.team.get_user_teams_within_org(membername, organization)) if not teams: # 404 if the user is not a robot under the organization, as that means the referenced # user or robot is not a member of this organization. if not member.robot: raise NotFound() namespace, _ = parse_robot_username(member.username) if namespace != orgname: raise NotFound() repo_permissions = model.permission.list_organization_member_permissions( organization, member) def local_team_view(team): return { "name": team.name, "avatar": avatar.get_data_for_team(team), } return { "name": member.username, "kind": "robot" if member.robot else "user", "avatar": avatar.get_data_for_user(member), "teams": [local_team_view(team) for team in teams], "repositories": [ permission.repository.name for permission in repo_permissions ], } raise Unauthorized()
def get(self, orgname): """ List the applications for the specified organization """ permission = AdministerOrganizationPermission(orgname) if permission.can(): try: org = model.organization.get_organization(orgname) except model.InvalidOrganizationException: raise NotFound() applications = model.oauth.list_applications_for_org(org) return {"applications": [app_view(application) for application in applications]} raise Unauthorized()