Infrastructure/fedora-infrastructure
1
0
Fork 0
Code Issues 70 Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of ssh://git.fedorahosted.org/git/fedora-infrastructure

Browse source
This commit is contained in:
Toshio Kuratomi 2008-03-10 11:43:43 -07:00
commit 05e503a3a7
5 changed files with 52 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

6
fas/client/fas.conf
View file

@ -28,6 +28,10 @@ restricted_groups = sysadmin
; security meaning
ssh_restricted_groups = sysadmin-web
; aliases_template: Gets prepended to the aliases file when it is generated by
; fasClient
aliases_template = /tmp/template.txt
[users]
; default shell given to people in [host] groups
shell = /bin/bash
@ -44,7 +48,7 @@ home_backup_dir = /tmp/fedora
; is a powerfull way to restrict access to a machine. An alternative example
; could be given to people who should only have cvs access on the machine.
; setting this value to "/usr/bin/cvs server" would do this.
ssh_restricted_app = /usr/local/bin/restricted-shell
ssh_restricted_app = "/usr/bin/cvs server"
; restricted_shell - The shell given to users in the ssh_restricted_groups
restricted_shell = /sbin/nologin

38
fas/fas/auth.py
View file

@ -15,14 +15,13 @@ def isAdmin(person):
'''
admingroup = config.get('admingroup')
try:
group = Groups.by_name(admingroup)
except InvalidRequestError:
if person.group_roles[admingroup].role_status == 'approved':
return True
else:
return False
except KeyError:
print '%s - Your admin group could not be found!' % admingroup
return False
if group in person.approved_memberships:
return True
else:
return False
def canAdminGroup(person, group):
'''
@ -74,29 +73,26 @@ def signedCLAPrivs(person):
'''
Returns True if the user has completed the GPG-signed CLA
'''
cla_sign_group =config.get('cla_sign_group')
try:
cla_sign_group = Groups.by_name(config.get('cla_sign_group'))
except InvalidRequestError:
turbogears.flash(_("cla_sign_group Does not exist! Please create it!"))
return False
if isApproved(person, cla_sign_group):
return True
else:
if person.group_roles[cla_sign_group].role_status == 'approved':
return True
else:
return False
except KeyError:
return False
def clickedCLAPrivs(person):
'''
Returns True if the user has completed the click-through CLA
'''
cla_click_group = config.get('cla_click_group')
try:
cla_click_group = Groups.by_name(config.get('cla_click_group'))
except InvalidRequestError:
turbogears.flash(_("cla_click_group Does not exist! Please create it!"))
return False
if signedCLAPrivs(person) or \
isApproved(person, cla_click_group):
return True
else:
if person.group_roles[cla_click_group].role_status == 'approved':
return True
else:
return False
except KeyError:
return False
def canEditUser(person, target):

16
fas/fas/model.py
View file

@ -34,7 +34,7 @@ from sqlalchemy.orm import relation
from sqlalchemy import String, Unicode, Integer, DateTime
# A few sqlalchemy tricks:
# Allow viewing foreign key relations as a dictionary
from sqlalchemy.orm.collections import column_mapped_collection
from sqlalchemy.orm.collections import column_mapped_collection, attribute_mapped_collection
# Allow us to reference the remote table of a many:many as a simple list
from sqlalchemy.ext.associationproxy import association_proxy
from sqlalchemy import select, and_
@ -294,6 +294,7 @@ class PersonRoles(SABase):
'''Record people that are members of groups.'''
def __repr__(cls):
return "PersonRole(%s,%s,%s,%s)" % (cls.member.username, cls.group.name, cls.role_type, cls.role_status)
groupname = association_proxy('group', 'name')
class Configs(SABase):
'''Configs for applications that a Fedora Contributor uses.'''
@ -412,10 +413,10 @@ class VisitIdentity(SABase):
# mappers for filtering roles
#
mapper(ApprovedRoles, ApprovedRolesSelect, properties = {
'group': relation(Groups, backref='approved_roles')
'group': relation(Groups, backref='approved_roles', lazy = False)
})
mapper(UnApprovedRoles, UnApprovedRolesSelect, properties = {
'group': relation(Groups, backref='unapproved_roles')
'group': relation(Groups, backref='unapproved_roles', lazy = False)
})
mapper(People, PeopleTable, properties = {
@ -425,6 +426,10 @@ mapper(People, PeopleTable, properties = {
'person_emails': relation(PersonEmails, backref = 'person',
collection_class = column_mapped_collection(
PersonEmailsTable.c.email)),
# This name is kind of confusing. It's to allow person.group_roles['groupname'] in order to make auth.py (hopefully) slightly faster.
'group_roles': relation(PersonRoles,
collection_class = attribute_mapped_collection('groupname'),
primaryjoin = PeopleTable.c.id==PersonRolesTable.c.person_id),
'approved_roles': relation(ApprovedRoles, backref='member',
primaryjoin = PeopleTable.c.id==ApprovedRoles.c.person_id),
'unapproved_roles': relation(UnApprovedRoles, backref='member',
@ -436,9 +441,10 @@ mapper(EmailPurposes, EmailPurposesTable, properties = {
primaryjoin = PersonEmailsTable.c.id==EmailPurposesTable.c.email_id)
})
mapper(PersonRoles, PersonRolesTable, properties = {
'member': relation(People, backref = 'roles',
'member': relation(People, backref = 'roles', lazy = False,
primaryjoin=PersonRolesTable.c.person_id==PeopleTable.c.id),
'group': relation(Groups, backref='roles'),
'group': relation(Groups, backref='roles', lazy = False,
primaryjoin=PersonRolesTable.c.group_id==GroupsTable.c.id),
'sponsor': relation(People, uselist=False,
primaryjoin = PersonRolesTable.c.sponsor_id==PeopleTable.c.id)
})

36
fas/fas/templates/group/view.html
View file

@ -81,38 +81,38 @@
<th py:if="can_sponsor">${_('Action')}</th>
</tr>
</thead>
<tr py:for="role in group.roles">
<td><a href="${tg.url('/user/view/%s' % role.member.username)}">${role.member.username}</a></td>
<td py:if='role.sponsor'><a href="${tg.url('/user/view/%s' % role.sponsor.username)}">${role.sponsor.username}</a></td>
<td py:if='not role.sponsor'>${_('None')}</td>
<td>${role.creation.astimezone(timezone).strftime('%Y-%m-%d %H:%M:%S %Z')}</td>
<td py:if='role.approval'>${role.approval.astimezone(timezone).strftime('%Y-%m-%d %H:%M:%S %Z')}</td>
<td py:if='not role.approval'>${_('None')}</td>
<td>${role.role_status}</td>
<td>${role.role_type}</td>
<tr py:for="role in sorted([(role.member.username, role) for role in group.roles ])">
<td><a href="${tg.url('/user/view/%s' % role[1].member.username)}">${role[1].member.username}</a></td>
<td py:if='role[1].sponsor'><a href="${tg.url('/user/view/%s' % role[1].sponsor.username)}">${role.sponsor.username}</a></td>
<td py:if='not role[1].sponsor'>${_('None')}</td>
<td>${role[1].creation.astimezone(timezone).strftime('%Y-%m-%d %H:%M:%S %Z')}</td>
<td py:if='role[1].approval'>${role[1].approval.astimezone(timezone).strftime('%Y-%m-%d %H:%M:%S %Z')}</td>
<td py:if='not role[1].approval'>${_('None')}</td>
<td>${role[1].role_status}</td>
<td>${role[1].role_type}</td>
<!-- This section includes all action items -->
<td py:if="can_sponsor">
<ul class="actions">
<li py:if="role.role_status == 'unapproved'">
<li py:if="role[1].role_status == 'unapproved'">
<py:if test="group.needs_sponsor">
<a href="${tg.url('/group/sponsor/%s/%s' % (group.name, role.member.username))}">${_('Sponsor')}</a>
<a href="${tg.url('/group/sponsor/%s/%s' % (group.name, role[1].member.username))}">${_('Sponsor')}</a>
<script type="text/javascript">var hb1 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/group_sponsor')}'});</script>
</py:if>
<py:if test="not group.needs_sponsor">
<a href="${tg.url('/group/sponsor/%s/%s' % (group.name, role.member.username))}">${_('Approve')}</a>
<a href="${tg.url('/group/sponsor/%s/%s' % (group.name, role[1].member.username))}">${_('Approve')}</a>
<script type="text/javascript">var hb2 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/group_approve')}'});</script>
</py:if>
</li>
<li py:if="auth.canRemoveUser(person, group, role.member)">
<a href="${tg.url('/group/remove/%s/%s' % (group.name, role.member.username))}">${_('Remove')}</a>
<li py:if="auth.canRemoveUser(person, group, role[1].member)">
<a href="${tg.url('/group/remove/%s/%s' % (group.name, role[1].member.username))}">${_('Remove')}</a>
<script type="text/javascript">var hb3 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/group_remove')}'});</script>
</li>
<li py:if="auth.canUpgradeUser(person, group, role.member)">
<a href="${tg.url('/group/upgrade/%s/%s' % (group.name, role.member.username))}">${_('Upgrade')}</a>
<li py:if="auth.canUpgradeUser(person, group, role[1].member)">
<a href="${tg.url('/group/upgrade/%s/%s' % (group.name, role[1].member.username))}">${_('Upgrade')}</a>
<script type="text/javascript">var hb4 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/group_upgrade')}'});</script>
</li>
<li py:if="auth.canDowngradeUser(person, group, role.member)">
<a href="${tg.url('/group/downgrade/%s/%s' % (group.name, role.member.username))}">${_('Downgrade')}</a>
<li py:if="auth.canDowngradeUser(person, group, role[1].member)">
<a href="${tg.url('/group/downgrade/%s/%s' % (group.name, role[1].member.username))}">${_('Downgrade')}</a>
<script type="text/javascript">var hb5 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/group_downgrade')}'});</script>
</li>
</ul>

2
fas/fas/templates/home.html
View file

@ -29,7 +29,7 @@
<li py:if="cla == None">
${_('CLA Not Signed. To become a full Fedora Contributor please ')}<a href="${tg.url('/cla/')}">${_('sign the CLA')}</a>.
</li>
<li py:if="not person.ssh_key">You have not submitted an SSH key, some Fedora resources require an ssh. Please submit yours by editing <a href="${tg.url('/user/edit')}">My Account</a></li>
<li py:if="not person.ssh_key">You have not submitted an SSH key, some Fedora resources require an ssh key. Please submit yours by editing <a href="${tg.url('/user/edit')}">My Account</a></li>
</ul>
</body>
</html>