def _get_visible_repositories_for_user(user, repo_kind="image", include_public=False, namespace=None): """ Returns all repositories directly visible to the given user, by either repo permission, or the user being the admin of a namespace. """ for repo in Repository.select(): if repo_kind is not None and repo.kind.name != repo_kind: continue if namespace is not None and repo.namespace_user.username != namespace: continue if include_public and repo.visibility.name == "public": yield repo continue # Direct repo permission. try: RepositoryPermission.get(repository=repo, user=user).get() yield repo continue except RepositoryPermission.DoesNotExist: pass # Team permission. found_in_team = False for perm in RepositoryPermission.select().where( RepositoryPermission.repository == repo): if perm.team and _is_team_member(perm.team, user): found_in_team = True break if found_in_team: yield repo continue # Org namespace admin permission. if user in get_admin_users(repo.namespace_user): yield repo continue
def __set_entity_repo_permission(entity, permission_entity_property, namespace_name, repository_name, role_name): repo = _basequery.get_existing_repository(namespace_name, repository_name) new_role = Role.get(Role.name == role_name) # Fetch any existing permission for this entity on the repo try: entity_attr = getattr(RepositoryPermission, permission_entity_property) perm = RepositoryPermission.get(entity_attr == entity, RepositoryPermission.repository == repo) perm.role = new_role perm.save() return perm except RepositoryPermission.DoesNotExist: set_entity_kwargs = {permission_entity_property: entity} new_perm = RepositoryPermission.create(repository=repo, role=new_role, **set_entity_kwargs) return new_perm