def delete_signature(uid):
'''Delete a signature from a signoff step.
'''
logger.info('Removing signature from step %s', uid)
try:
step = get_step_by_uid(uid)
except NoResultFound:
logger.error('No such step found %s', uid)
abort(404)
method = step.policy_data['method']
email = get_logged_in_email()
claim_group = request.json['group']
if not is_user_in_group(claim_group, method):
logger.error(
'User %s is not in the group %s when deleting signature %s', email,
claim_group, uid)
abort(403)
policy_definition = step.policy_data['definition']
if method == 'balrog':
balrog_endpoint = make_signoffs_uri(policy_definition)
return redirect(balrog_endpoint, code=307)
else:
existing_signatures = step.signatures
if not existing_signatures:
logger.error('No signatures on step %s when trying to remove %s',
uid, email)
abort(409)
try:
check_whether_policy_can_be_unsigned(email, claim_group,
policy_definition,
existing_signatures)
except UnauthorizedUserError as e:
logger.error(
'User %s not permitted to remove signature from step %s',
email, uid)
abort(403, str(e))
except NoSignaturePresentError as e:
logger.error(
'User %s attempting to remove missing signature from step %s',
email, uid)
abort(409, str(e))
except NoChangingCompletedPolicyError as e:
logger.error(
'User %s unable to modify completed policy in step %s', email,
uid)
abort(409, str(e))
delete_existing_signature(step, email, claim_group)
if not is_sign_off_policy_met(policy_definition, step.signatures):
step.state == SigningStatus.running
db.session.commit()
logger.info('Step %s state changed to running.', uid)
return {}
def sign_off(uid):
logger.info('Signing off step %s', uid)
try:
step = get_step_by_uid(uid)
except NoResultFound:
abort(404)
method = step.policy_data['method']
claim_group = request.json['group']
if not is_user_in_group(claim_group, method):
abort(403)
policy_definition = step.policy_data['definition']
if method == 'balrog':
balrog_endpoint = make_signoffs_uri(policy_definition)
return redirect(balrog_endpoint, code=307)
else:
existing_signatures = step.signatures
email = get_logged_in_email()
try:
check_whether_policy_can_be_signed(email, claim_group,
policy_definition,
existing_signatures)
except UnauthorizedUserError as e:
logger.error('User %s (%s) not allowed to sign step %s', email,
claim_group, uid)
abort(403, str(e))
except NoSignoffLeftError as e:
logger.error(
'Step %s already fully signed-off (user %s attempting)', uid,
email)
abort(409, str(e))
insert_new_signature(step, email, claim_group)
all_signatures = step.signatures
if is_sign_off_policy_met(policy_definition, all_signatures):
step.state == SigningStatus.completed
db.session.commit()
logger.info('Step %s fully signed off!', uid)
return {}