Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Full access for staff members #602

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions galaxy/api/access.py
Original file line number Diff line number Diff line change
Expand Up @@ -278,13 +278,13 @@ def can_read(self, obj):
return True

def can_add(self, data):
return self.user.is_authenticated()
return self.user.is_authenticated() and self.user.is_staff

def can_change(self, obj, data):
return self.user.is_authenticated()

def can_delete(self, data):
return False
return self.user.is_authenticated() and self.user.is_staff


class ProviderNamespaceAccess(BaseAccess):
Expand Down
4 changes: 2 additions & 2 deletions galaxy/api/serializers/repository.py
Original file line number Diff line number Diff line change
Expand Up @@ -120,8 +120,8 @@ def get_summary_fields(self, instance):
latest_import['created'] = import_tasks[0].created
latest_import['modified'] = import_tasks[0].modified

content_objects = [{'id': c.id, 'name': c.name, 'content_type': c.content_type.name}
for c in instance.content_objects.all()]
content_objects = [{'id': c.id, 'name': c.name, 'content_type': c.content_type.name,
'description': c.description} for c in instance.content_objects.all()]

content_counts = {c['content_type__name']: c['count'] for c in instance.content_counts}

Expand Down
34 changes: 21 additions & 13 deletions galaxy/api/views/namespace.py
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
from ..filters import FieldLookupBackend, OrderByBackend

from rest_framework import status
from rest_framework.exceptions import ValidationError, APIException
from rest_framework.exceptions import ValidationError, APIException, PermissionDenied
from rest_framework.response import Response

from galaxy.accounts.models import CustomUser as User
Expand Down Expand Up @@ -54,11 +54,11 @@ def check_basic(data, errors):


def check_owners(data_owners):
owners = []
if not isinstance(owners, list):
if not isinstance(data_owners, list):
errors = 'Invalid type. Expected list'
return errors, owners
return errors, []

owners = []
errors = {}
for i in range(0, len(data_owners)):
owner = data_owners[i]
Expand Down Expand Up @@ -190,12 +190,13 @@ def post(self, request, *args, **kwargs):
except ObjectDoesNotExist:
pass

if not data.get('provider_namespaces'):
errors['provider_namespaces'] = 'A minimum of one provider namespace is required'
else:
provider_errors = check_providers(data['provider_namespaces'])
if provider_errors:
errors['provider_namespaces'] = provider_errors
if not request.user.is_staff:
if not data.get('provider_namespaces'):
errors['provider_namespaces'] = 'A minimum of one provider namespace is required'
else:
provider_errors = check_providers(data['provider_namespaces'])
if provider_errors:
errors['provider_namespaces'] = provider_errors

if data.get('owners'):
owner_errors, owners = check_owners(data['owners'])
Expand All @@ -205,7 +206,7 @@ def post(self, request, *args, **kwargs):
if errors:
raise ValidationError(detail=errors)

if request.user.id not in owners:
if not request.user.is_staff and request.user.pk not in owners:
owners.append(request.user.id)

namespace_attributes = {
Expand Down Expand Up @@ -253,9 +254,11 @@ def update(self, request, *args, **kwargs):
if errors:
raise ValidationError(detail=errors)

if not request.user.is_staff and request.user.pk not in owners:
raise PermissionDenied("User does not have access to Namespace {0}".format(
data.get('name', '')))

if data.get('owners'):
if request.user.pk not in owners:
owners.append(request.user.pk)
update_owners(instance, owners)

for item in ('name', 'description', 'avatar_url', 'location', 'company', 'email',
Expand All @@ -270,6 +273,11 @@ def update(self, request, *args, **kwargs):
serializer = self.get_serializer(instance=instance)
return Response(serializer.data)

def destroy(self, request, *args, **kwargs):
instance = self.get_object()
self.perform_destroy(instance)
return Response(status=status.HTTP_204_NO_CONTENT)


class NamespaceProviderNamespacesList(base_views.SubListAPIView):
view_name = "Namespace Provider Namespaces"
Expand Down
40 changes: 21 additions & 19 deletions galaxy/api/views/repository.py
Original file line number Diff line number Diff line change
Expand Up @@ -112,13 +112,14 @@ def post(self, request, *args, **kwargs):

data['name'] = data['name'].lower()

repo = get_repo(provider_namespace, request.user, original_name)
if not repo:
raise PermissionDenied(
"User does not have access to {0}/{1} in "
"GitHub".format(provider_namespace.name, original_name))
for field in GITHUB_REPO_FIELDS:
data[field] = repo[field]
if not request.user.is_staff:
repo = get_repo(provider_namespace, request.user, original_name)
if not repo:
raise PermissionDenied(
"User does not have access to {0}/{1} in "
"GitHub".format(provider_namespace.name, original_name))
for field in GITHUB_REPO_FIELDS:
data[field] = repo[field]

if not data.get('original_name'):
data['original_name'] = original_name
Expand Down Expand Up @@ -176,14 +177,14 @@ def update(self, request, *args, **kwargs):

original_name = data.get('original_name', instance.original_name)

repo = get_repo(provider_namespace, request.user, original_name)
if not repo:
raise PermissionDenied(
"User does not have access to {0}/{1} in "
"GitHub".format(provider_namespace.name, original_name))

for field in GITHUB_REPO_FIELDS:
data[field] = repo[field]
if not request.user.is_staff:
repo = get_repo(provider_namespace, request.user, original_name)
if not repo:
raise PermissionDenied(
"User does not have access to {0}/{1} in "
"GitHub".format(provider_namespace.name, original_name))
for field in GITHUB_REPO_FIELDS:
data[field] = repo[field]

serializer = self.get_serializer(instance, data=data)
serializer.is_valid(raise_exception=True)
Expand Down Expand Up @@ -219,10 +220,11 @@ def update(self, request, *args, **kwargs):

def destroy(self, request, *args, **kwargs):
instance = self.get_object()
try:
instance.provider_namespace.namespace.owners.get(pk=request.user.pk)
except ObjectDoesNotExist:
raise PermissionDenied()
if not request.user.is_staff:
try:
instance.provider_namespace.namespace.owners.get(pk=request.user.pk)
except ObjectDoesNotExist:
raise PermissionDenied()
self.perform_destroy(instance)
return Response(status=status.HTTP_204_NO_CONTENT)

Expand Down