From c2d2de721a756fc2a63a83f9225723c6250234a5 Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Sat, 27 Jan 2018 14:30:17 -0500 Subject: [PATCH] Add access grant management web flow --- .../versions/ce3a03ec34a5_add_access_table.py | 28 ++++++ gitsrht/blueprints/manage.py | 52 +++++++++++ gitsrht/templates/settings_access.html | 86 ++++++++++++++++++- gitsrht/types/__init__.py | 1 + gitsrht/types/access.py | 24 ++++++ 5 files changed, 189 insertions(+), 2 deletions(-) create mode 100644 gitsrht/alembic/versions/ce3a03ec34a5_add_access_table.py create mode 100644 gitsrht/types/access.py diff --git a/gitsrht/alembic/versions/ce3a03ec34a5_add_access_table.py b/gitsrht/alembic/versions/ce3a03ec34a5_add_access_table.py new file mode 100644 index 0000000..8f82a93 --- /dev/null +++ b/gitsrht/alembic/versions/ce3a03ec34a5_add_access_table.py @@ -0,0 +1,28 @@ +"""Add access table + +Revision ID: ce3a03ec34a5 +Revises: f81294e9c2cf +Create Date: 2018-01-27 11:17:49.944381 + +""" + +# revision identifiers, used by Alembic. +revision = 'ce3a03ec34a5' +down_revision = 'f81294e9c2cf' + +from alembic import op +import sqlalchemy as sa + + +def upgrade(): + op.create_table('access', + sa.Column('id', sa.Integer, primary_key=True), + sa.Column('created', sa.DateTime, nullable=False), + sa.Column('updated', sa.DateTime, nullable=False), + sa.Column('repo_id', sa.Integer, sa.ForeignKey('repository.id'), nullable=False), + sa.Column('user_id', sa.Integer, sa.ForeignKey('user.id'), nullable=False), + sa.Column('mode', sa.String(), nullable=False, default='ro')) + + +def downgrade(): + op.drop_table('access') diff --git a/gitsrht/blueprints/manage.py b/gitsrht/blueprints/manage.py index 2ca1aef..da2357b 100644 --- a/gitsrht/blueprints/manage.py +++ b/gitsrht/blueprints/manage.py @@ -5,6 +5,7 @@ from srht.config import cfg from srht.database import db from srht.validation import Validation from gitsrht.types import Repository, RepoVisibility, Redirect +from gitsrht.types import Access, AccessMode, User from gitsrht.decorators import loginrequired from gitsrht.access import check_access, UserAccess from gitsrht.repos import create_repo, rename_repo, delete_repo @@ -86,6 +87,57 @@ def settings_access(owner_name, repo_name): owner_name=owner_name, repo_name=repo.new_repo.name)) return render_template("settings_access.html", owner=owner, repo=repo) +@manage.route("///settings/access", methods=["POST"]) +@loginrequired +def settings_access_POST(owner_name, repo_name): + owner, repo = check_access(owner_name, repo_name, UserAccess.manage) + if isinstance(repo, Redirect): + repo = repo.new_repo + valid = Validation(request) + user = valid.require("user", friendly_name="User") + mode = valid.optional("access", cls=AccessMode, default=AccessMode.ro) + if not valid.ok: + return render_template("settings_access.html", + owner=owner, repo=repo, **valid.kwargs) + # TODO: Group access + if user[0] == "~": + user = user[1:] + user = User.query.filter(User.username == user).first() + valid.expect(user, + "I don't know this user. Have they logged into git.sr.ht before?", + field="user") + if not valid.ok: + return render_template("settings_access.html", + owner=owner, repo=repo, **valid.kwargs) + grant = (Access.query + .filter(Access.repo_id == repo.id, Access.user_id == user.id) + ).first() + if not grant: + grant = Access() + grant.repo_id = repo.id + grant.user_id = user.id + db.session.add(grant) + grant.mode = mode + db.session.commit() + return redirect("/{}/{}/settings/access".format( + owner.canonical_name, repo.name)) + +@manage.route("///settings/access/revoke/", methods=["POST"]) +@loginrequired +def settings_access_revoke_POST(owner_name, repo_name, grant_id): + owner, repo = check_access(owner_name, repo_name, UserAccess.manage) + if isinstance(repo, Redirect): + repo = repo.new_repo + grant = (Access.query + .filter(Access.repo_id == repo.id, Access.id == grant_id) + ).first() + if not grant: + abort(404) + db.session.delete(grant) + db.session.commit() + return redirect("/{}/{}/settings/access".format( + owner.canonical_name, repo.name)) + @manage.route("///settings/delete") @loginrequired def settings_delete(owner_name, repo_name): diff --git a/gitsrht/templates/settings_access.html b/gitsrht/templates/settings_access.html index dcccc27..84ddea3 100644 --- a/gitsrht/templates/settings_access.html +++ b/gitsrht/templates/settings_access.html @@ -1,8 +1,90 @@ {% extends "settings.html" %} {% block content %}
-
- TODO +
+ {% if len(repo.access_grants) > 0 %} + + + + + + + + + + + + {% for grant in repo.access_grants %} + + + + + + + + {% endfor %} + +
usergrantedlast usedaccess
+ ~{{grant.user.username}} + {{ grant.created | date }}{{ grant.created | date }}{{ grant.mode.value }} +
+ +
+
+

Grant Access

+ {% endif %} +
+
+ + + {{valid.summary("user")}} +
+
+ Access + + +
+ +
+
+ +
+
+
{% endblock %} diff --git a/gitsrht/types/__init__.py b/gitsrht/types/__init__.py index 6be339a..8b4c79e 100644 --- a/gitsrht/types/__init__.py +++ b/gitsrht/types/__init__.py @@ -3,3 +3,4 @@ from .repository import Repository, RepoVisibility from .oauthtoken import OAuthToken from .webhook import Webhook from .redirect import Redirect +from .access import Access, AccessMode diff --git a/gitsrht/types/access.py b/gitsrht/types/access.py new file mode 100644 index 0000000..cce8525 --- /dev/null +++ b/gitsrht/types/access.py @@ -0,0 +1,24 @@ +import sqlalchemy as sa +import sqlalchemy_utils as sau +from srht.database import Base +from enum import Enum + +class AccessMode(Enum): + ro = 'ro' + rw = 'rw' + +class Access(Base): + __tablename__ = 'access' + id = sa.Column(sa.Integer, primary_key=True) + created = sa.Column(sa.DateTime, nullable=False) + updated = sa.Column(sa.DateTime, nullable=False) + repo_id = sa.Column(sa.Integer, sa.ForeignKey('repository.id'), nullable=False) + repo = sa.orm.relationship('Repository', backref='access_grants') + user_id = sa.Column(sa.Integer, sa.ForeignKey('user.id'), nullable=False) + user = sa.orm.relationship('User', backref='access_grants') + mode = sa.Column(sau.ChoiceType(AccessMode, impl=sa.String()), + nullable=False, default=AccessMode.ro) + + def __repr__(self): + return '{}:{}>'.format( + self.id, self.user_id, self.repo_id, self.mode) -- 2.38.4