def add_blacklist(request):
project_name = request.POST.get("project")
if project_name is None:
raise HTTPBadRequest("Have a project to confirm.")
comment = request.POST.get("comment", "")
# Verify that the user has confirmed the request to blacklist.
confirm = request.POST.get("confirm")
if not confirm:
request.session.flash("Confirm the blacklist request", queue="error")
return HTTPSeeOther(request.current_route_path())
elif canonicalize_name(confirm) != canonicalize_name(project_name):
request.session.flash(
f"{confirm!r} is not the same as {project_name!r}", queue="error")
return HTTPSeeOther(request.current_route_path())
# Add our requested blacklist.
request.db.add(
BlacklistedProject(name=project_name,
comment=comment,
blacklisted_by=request.user))
# Go through and delete the project and everything related to it so that
# our blacklist actually blocks things and isn't ignored (since the
# blacklist only takes effect on new project registration).
project = (request.db.query(Project).filter(
Project.normalized_name == func.normalize_pep426_name(
project_name)).first())
if project is not None:
remove_project(project, request)
request.session.flash(f"Blacklisted {project_name!r}", queue="success")
return HTTPSeeOther(request.route_path("admin.blacklist.list"))
def add_prohibited_project_names(request):
project_name = request.POST.get("project")
if project_name is None:
raise HTTPBadRequest("Have a project to confirm.")
comment = request.POST.get("comment", "")
# Verify that the user has confirmed the request to prohibit.
confirm = request.POST.get("confirm")
if not confirm:
request.session.flash(
"Confirm the prohibited project name request", queue="error"
)
return HTTPSeeOther(request.current_route_path())
elif canonicalize_name(confirm) != canonicalize_name(project_name):
request.session.flash(
f"{confirm!r} is not the same as {project_name!r}", queue="error"
)
return HTTPSeeOther(request.current_route_path())
# Check to make sure the object doesn't already exist.
if (
request.db.query(literal(True))
.filter(
request.db.query(ProhibitedProjectName)
.filter(ProhibitedProjectName.name == project_name)
.exists()
)
.scalar()
):
request.session.flash(
f"{project_name!r} has already been prohibited.", queue="error"
)
return HTTPSeeOther(request.route_path("admin.prohibited_project_names.list"))
# Add our requested prohibition.
request.db.add(
ProhibitedProjectName(
name=project_name, comment=comment, prohibited_by=request.user
)
)
# Go through and delete the project and everything related to it so that
# our prohibition actually blocks things and isn't ignored (since the
# prohibition only takes effect on new project registration).
project = (
request.db.query(Project)
.filter(Project.normalized_name == func.normalize_pep426_name(project_name))
.first()
)
if project is not None:
remove_project(project, request)
request.session.flash(f"Prohibited Project Name {project_name!r}", queue="success")
return HTTPSeeOther(request.route_path("admin.prohibited_project_names.list"))
def add_blacklist(request):
project_name = request.POST.get("project")
if project_name is None:
raise HTTPBadRequest("Have a project to confirm.")
comment = request.POST.get("comment", "")
# Verify that the user has confirmed the request to blacklist.
confirm = request.POST.get("confirm")
if not confirm:
request.session.flash("Confirm the blacklist request", queue="error")
return HTTPSeeOther(request.current_route_path())
elif canonicalize_name(confirm) != canonicalize_name(project_name):
request.session.flash(
f"{confirm!r} is not the same as {project_name!r}", queue="error"
)
return HTTPSeeOther(request.current_route_path())
# Check to make sure the object doesn't already exist.
if (
request.db.query(literal(True))
.filter(
request.db.query(BlacklistedProject)
.filter(BlacklistedProject.name == project_name)
.exists()
)
.scalar()
):
request.session.flash(
f"{project_name!r} has already been blacklisted.", queue="error"
)
return HTTPSeeOther(request.route_path("admin.blacklist.list"))
# Add our requested blacklist.
request.db.add(
BlacklistedProject(
name=project_name, comment=comment, blacklisted_by=request.user
)
)
# Go through and delete the project and everything related to it so that
# our blacklist actually blocks things and isn't ignored (since the
# blacklist only takes effect on new project registration).
project = (
request.db.query(Project)
.filter(Project.normalized_name == func.normalize_pep426_name(project_name))
.first()
)
if project is not None:
remove_project(project, request)
request.session.flash(f"Blacklisted {project_name!r}", queue="success")
return HTTPSeeOther(request.route_path("admin.blacklist.list"))
def test_remove_project(db_request, flash):
user = UserFactory.create()
project = ProjectFactory.create(name="foo")
release = ReleaseFactory.create(project=project)
FileFactory.create(release=release, filename="who cares")
RoleFactory.create(user=user, project=project)
DependencyFactory.create(release=release)
db_request.user = user
db_request.remote_addr = "192.168.1.1"
db_request.session = stub(flash=call_recorder(lambda *a, **kw: stub()))
remove_project(project, db_request, flash=flash)
if flash:
assert db_request.session.flash.calls == [
call("Deleted the project 'foo'", queue="success")
]
else:
assert db_request.session.flash.calls == []
assert not (db_request.db.query(Role).filter(Role.project == project).count())
assert not (
db_request.db.query(File)
.join(Release)
.join(Project)
.filter(Release.project == project)
.count()
)
assert not (
db_request.db.query(Dependency)
.join(Release)
.filter(Release.project == project)
.count()
)
assert not (db_request.db.query(Release).filter(Release.project == project).count())
assert not (
db_request.db.query(Project).filter(Project.name == project.name).count()
)
journal_entry = (
db_request.db.query(JournalEntry)
.options(joinedload("submitted_by"))
.filter(JournalEntry.name == "foo")
.one()
)
assert journal_entry.action == "remove project"
assert journal_entry.submitted_by == db_request.user
assert journal_entry.submitted_from == db_request.remote_addr
def delete_project(project, request):
if request.flags.enabled(AdminFlagValue.DISALLOW_DELETION):
request.session.flash(
("Project deletion temporarily disabled. "
"See https://pypi.org/help#admin-intervention for details."),
queue="error",
)
return HTTPSeeOther(
request.route_path("manage.project.settings",
project_name=project.name))
confirm_project(project, request, fail_route="manage.project.settings")
remove_project(project, request)
return HTTPSeeOther(request.route_path("manage.projects"))
def test_remove_project(db_request, flash):
user = UserFactory.create()
project = ProjectFactory.create(name="foo")
release = ReleaseFactory.create(project=project)
FileFactory.create(release=release, filename="who cares")
RoleFactory.create(user=user, project=project)
DependencyFactory.create(release=release)
db_request.user = user
db_request.session = stub(flash=call_recorder(lambda *a, **kw: stub()))
remove_project(project, db_request, flash=flash)
if flash:
assert db_request.session.flash.calls == [
call("Deleted the project 'foo'", queue="success")
]
else:
assert db_request.session.flash.calls == []
assert not (db_request.db.query(Role).filter(Role.project == project).count())
assert not (
db_request.db.query(File)
.join(Release)
.join(Project)
.filter(Release.project == project)
.count()
)
assert not (
db_request.db.query(Dependency)
.join(Release)
.filter(Release.project == project)
.count()
)
assert not (db_request.db.query(Release).filter(Release.project == project).count())
assert not (
db_request.db.query(Project).filter(Project.name == project.name).count()
)
journal_entry = (
db_request.db.query(JournalEntry)
.options(joinedload("submitted_by"))
.filter(JournalEntry.name == "foo")
.one()
)
assert journal_entry.action == "remove project"
assert journal_entry.submitted_by == db_request.user
assert journal_entry.submitted_from == db_request.remote_addr
def bulk_add_prohibited_project_names(request):
if request.method == "POST":
project_names = request.POST.get("projects", "").split()
comment = request.POST.get("comment", "")
for project_name in project_names:
# Check to make sure the object doesn't already exist.
if (
request.db.query(literal(True))
.filter(
request.db.query(ProhibitedProjectName)
.filter(ProhibitedProjectName.name == project_name)
.exists()
)
.scalar()
):
continue
# Add our requested prohibition.
request.db.add(
ProhibitedProjectName(
name=project_name, comment=comment, prohibited_by=request.user
)
)
# Go through and delete the project and everything related to it so that
# our prohibition actually blocks things and isn't ignored (since the
# prohibition only takes effect on new project registration).
project = (
request.db.query(Project)
.filter(
Project.normalized_name == func.normalize_pep426_name(project_name)
)
.first()
)
if project is not None:
remove_project(project, request, flash=False)
request.session.flash(
f"Prohibited {len(project_names)!r} projects", queue="success"
)
return HTTPSeeOther(
request.route_path("admin.prohibited_project_names.bulk_add")
)
return {}
def test_remove_project(db_request, flash):
user = UserFactory.create()
project = ProjectFactory.create(name="foo")
release = ReleaseFactory.create(project=project)
FileFactory.create(
name=project.name,
version=release.version,
filename="who cares",
)
RoleFactory.create(user=user, project=project)
DependencyFactory.create(name=project.name, version=release.version)
db_request.user = user
db_request.remote_addr = "192.168.1.1"
db_request.session = stub(flash=call_recorder(lambda *a, **kw: stub()))
remove_project(project, db_request, flash=flash)
if flash:
assert db_request.session.flash.calls == [
call(
"Successfully deleted the project 'foo'.",
queue="success"
),
]
else:
assert db_request.session.flash.calls == []
assert not (db_request.db.query(Role)
.filter(Role.project == project).count())
assert not (db_request.db.query(File)
.filter(File.name == project.name).count())
assert not (db_request.db.query(Dependency)
.filter(Dependency.name == project.name).count())
assert not (db_request.db.query(Release)
.filter(Release.name == project.name).count())
assert not (db_request.db.query(Project)
.filter(Project.name == project.name).count())
journal_entry = (
db_request.db.query(JournalEntry)
.filter(JournalEntry.name == "foo")
.one()
)
assert journal_entry.action == "remove"
assert journal_entry.submitted_by == db_request.user
assert journal_entry.submitted_from == db_request.remote_addr
def user_delete(request):
user = request.db.query(User).get(request.matchdict['user_id'])
if user.username != request.params.get('username'):
print(user.username)
print(request.params.get('username'))
request.session.flash(f'Wrong confirmation input.', queue='error')
return HTTPSeeOther(
request.route_path('admin.user.detail', user_id=user.id)
)
# Delete projects one by one so they are purged from the cache
for project in user.projects:
remove_project(project, request, flash=False)
# Update all journals to point to `deleted-user` instead
deleted_user = (
request.db.query(User)
.filter(User.username == 'deleted-user')
.one()
)
journals = (
request.db.query(JournalEntry)
.filter(JournalEntry.submitted_by == user)
.all()
)
for journal in journals:
journal.submitted_by = deleted_user
# Delete the user
request.db.delete(user)
request.db.add(
JournalEntry(
name=f'user:{user.username}',
action=f'nuke user',
submitted_by=request.user,
submitted_from=request.remote_addr,
)
)
request.session.flash(f'Nuked user {user.username!r}.', queue='success')
return HTTPSeeOther(request.route_path('admin.user.list'))
def delete_project(project, request):
confirm_project(project, request, fail_route="admin.project.detail")
remove_project(project, request)
return HTTPSeeOther(request.route_path("admin.project.list"))
def delete_project(project, request):
confirm_project(project, request, fail_route="manage.project.settings")
remove_project(project, request)
return HTTPSeeOther(request.route_path("manage.projects"))
def delete_project(project, request):
confirm_project(project, request, fail_route="manage.project.settings")
remove_project(project, request)
return HTTPSeeOther(request.route_path("manage.projects"))
def delete_project(project, request):
confirm_project(project, request, fail_route="admin.project.detail")
remove_project(project, request)
return HTTPSeeOther(request.route_path('admin.project.list'))
