You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kibble.apache.org by hu...@apache.org on 2017/10/20 13:35:26 UTC
[kibble] 02/12: Add script for modifying org membership
This is an automated email from the ASF dual-hosted git repository.
humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kibble.git
commit c2b0595cb12c5c6dfbe0ca7985628e93adcf440e
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Fri Oct 20 15:06:37 2017 +0200
Add script for modifying org membership
UI for this to come later.
---
api/pages/org/members.py | 260 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 260 insertions(+)
diff --git a/api/pages/org/members.py b/api/pages/org/members.py
new file mode 100644
index 0000000..e2d09d8
--- /dev/null
+++ b/api/pages/org/members.py
@@ -0,0 +1,260 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+########################################################################
+# OPENAPI-URI: /api/org/members
+########################################################################
+# get:
+# responses:
+# '200':
+# content:
+# application/json:
+# schema:
+# $ref: '#/components/schemas/OrgMembers'
+# description: 200 Response
+# default:
+# content:
+# application/json:
+# schema:
+# $ref: '#/components/schemas/Error'
+# description: unexpected error
+# security:
+# - cookieAuth: []
+# summary: Lists the members of an organisation
+# post:
+# requestBody:
+# content:
+# application/json:
+# schema:
+# $ref: '#/components/schemas/defaultWidgetArgs'
+# description: Nothing...
+# required: true
+# responses:
+# '200':
+# content:
+# application/json:
+# schema:
+# type: array
+# items:
+# $ref: '#/components/schemas/OrgMembers'
+# description: 200 Response
+# default:
+# content:
+# application/json:
+# schema:
+# $ref: '#/components/schemas/Error'
+# description: unexpected error
+# security:
+# - cookieAuth: []
+# summary: Lists the members of an organisation
+# put:
+# requestBody:
+# content:
+# application/json:
+# schema:
+# $ref: '#/components/schemas/UserAccountEdit'
+# required: true
+# responses:
+# '200':
+# content:
+# application/json:
+# schema:
+# $ref: '#/components/schemas/ActionCompleted'
+# description: 200 Response
+# default:
+# content:
+# application/json:
+# schema:
+# $ref: '#/components/schemas/Error'
+# description: unexpected error
+# security:
+# - cookieAuth: []
+# summary: Invite a person to an organisation
+# delete:
+# requestBody:
+# content:
+# application/json:
+# schema:
+# $ref: '#/components/schemas/UserAccountEdit'
+# required: true
+# responses:
+# '200':
+# content:
+# application/json:
+# schema:
+# $ref: '#/components/schemas/ActionCompleted'
+# description: 200 Response
+# default:
+# content:
+# application/json:
+# schema:
+# $ref: '#/components/schemas/Error'
+# description: unexpected error
+# security:
+# - cookieAuth: []
+# summary: Remove a person from an organisation
+#
+########################################################################
+
+
+
+
+
+"""
+This is the Org list renderer for Kibble
+"""
+
+import json
+import time
+import hashlib
+
+def canInvite(session):
+ """ Determine if the user can edit sources in this org """
+ if session.user['userlevel'] == 'admin':
+ return True
+
+ dOrg = session.user['defaultOrganisation'] or "apache"
+ if session.DB.ES.exists(index=session.DB.dbname, doc_type="org", id= dOrg):
+ xorg = session.DB.ES.get(index=session.DB.dbname, doc_type="org", id= dOrg)['_source']
+ if session.user['email'] in xorg['admins']:
+ return True
+
+
+def run(API, environ, indata, session):
+ now = time.time()
+ # We need to be logged in for this!
+ if not session.user:
+ raise API.exception(403, "You must be logged in to use this API endpoint!")
+
+ method = environ['REQUEST_METHOD']
+
+ #################################################
+ # Inviting a new member? #
+ #################################################
+ if method == "PUT":
+ if canInvite(session):
+ newmember = indata.get('email')
+ isadmin = indata.get('admin', False)
+ orgid = session.user['defaultOrganisation'] or "apache"
+ # Make sure the org exists
+ if not session.DB.ES.exists(index=session.DB.dbname, doc_type='organisation', id = orgid):
+ raise API.exception(403, "No such organisation!")
+
+ # make sure the user account exists
+ if not session.DB.ES.exists(index=session.DB.dbname, doc_type='useraccount', id = newmember):
+ raise API.exception(403, "No such user!")
+
+ # Modify user account
+ doc = session.DB.ES.get(index=session.DB.dbname, doc_type='useraccount', id = newmember)
+ if orgid not in doc['_source']['organisations']: # No duplicates, please
+ doc['_source']['organisations'].append(orgid)
+ session.DB.ES.index(index=session.DB.dbname, doc_type='useraccount', id = newmember, body = doc['_source'])
+
+ # If adding as admin, we have to get the org doc and modify it
+ if isadmin:
+ # Get org doc from ES
+ doc = session.DB.ES.get(index=session.DB.dbname, doc_type='organisation', id = orgid)
+ if newmember not in doc['_source']['admins']:
+ doc['_source']['admins'].append(newmember)
+ # Override old doc
+ session.DB.ES.index(index=session.DB.dbname, doc_type='organisation', id = orgid, body = doc['_source'])
+ time.sleep(1) # Bleh!!
+
+ yield json.dumps({"okay": True, "message": "Member invited!!"})
+
+ return
+ else:
+ raise API.exception(403, "Only administrators or organisation owners can invite new members.")
+
+ #################################################
+ # DELETE: Remove a member #
+ #################################################
+ if method == "DELETE":
+ if canInvite(session):
+ memberid = indata.get('email')
+ isadmin = indata.get('admin', False)
+ orgid = session.user['defaultOrganisation'] or "apache"
+
+ # Make sure the org exists
+ if not session.DB.ES.exists(index=session.DB.dbname, doc_type='organisation', id = orgid):
+ raise API.exception(403, "No such organisation!")
+
+ # make sure the user account exists
+ if not session.DB.ES.exists(index=session.DB.dbname, doc_type='useraccount', id = memberid):
+ raise API.exception(403, "No such user!")
+
+ # Modify user account
+ doc = session.DB.ES.get(index=session.DB.dbname, doc_type='useraccount', id = memberid)
+ if orgid in doc['_source']['organisations']: # No duplicates, please
+ doc['_source']['organisations'].remove(orgid)
+ session.DB.ES.index(index=session.DB.dbname, doc_type='useraccount', id = memberid, body = doc['_source'])
+
+ # Check is user is admin and remove if so
+ # Get org doc from ES
+ doc = session.DB.ES.get(index=session.DB.dbname, doc_type='organisation', id = orgid)
+ if memberid in doc['_source']['admins']:
+ doc['_source']['admins'].remove(memberid)
+ # Override old doc
+ session.DB.ES.index(index=session.DB.dbname, doc_type='organisation', id = orgid, body = doc['_source'])
+ time.sleep(1) # Bleh!!
+
+ yield json.dumps({"okay": True, "message": "Member removed!"})
+ return
+ else:
+ raise API.exception(403, "Only administrators or organisation owners can invite new members.")
+
+
+ #################################################
+ # GET/POST: Display members #
+ #################################################
+ if method in ["GET", "POST"]:
+ orgid = session.user['defaultOrganisation'] or "apache"
+ if not session.DB.ES.exists(index=session.DB.dbname, doc_type='organisation', id = orgid):
+ raise API.exception(403, "No such organisation!")
+
+ # Find everyone affiliated with this org
+ query = {
+ 'query': {
+ 'bool': {
+ 'must': [
+ {
+ 'term': {
+ 'organisations': orgid
+ }
+ }
+ ]
+ }
+ }
+ }
+ res = session.DB.ES.search(
+ index=session.DB.dbname,
+ doc_type="useraccount",
+ size = 5000, # TO-DO: make this a scroll??
+ body = query
+ )
+ members = []
+ for doc in res['hits']['hits']:
+ members.append(doc['_id'])
+
+ # Get org doc from ES
+ doc = session.DB.ES.get(index=session.DB.dbname, doc_type='organisation', id = orgid)
+ JSON_OUT = {
+ 'members': members,
+ 'admins': doc['_source']['admins'],
+ 'okay': True,
+ 'responseTime': time.time() - now
+ }
+ yield json.dumps(JSON_OUT)
--
To stop receiving notification emails like this one, please contact
"commits@kibble.apache.org" <co...@kibble.apache.org>.