From 7814a5711f86ffe49a30b97c05826173571f0974 Mon Sep 17 00:00:00 2001
From: Michael McGrath <mmcgrath@desktop.mmcgrath.net>
Date: Sun, 9 Mar 2008 19:32:35 -0500
Subject: [PATCH 1/5] Added aliases template

---
 fas/client/fas.conf | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fas/client/fas.conf b/fas/client/fas.conf
index 58e06a6..d878c7a 100644
--- a/fas/client/fas.conf
+++ b/fas/client/fas.conf
@@ -28,6 +28,10 @@ restricted_groups = sysadmin
 ; security meaning
 ssh_restricted_groups = sysadmin-web
 
+; aliases_template: Gets prepended to the aliases file when it is generated by
+; fasClient
+aliases_template = /tmp/template.txt
+
 [users]
 ; default shell given to people in [host] groups
 shell = /bin/bash
@@ -44,7 +48,7 @@ home_backup_dir = /tmp/fedora
 ; is a powerfull way to restrict access to a machine.  An alternative example
 ; could be given to people who should only have cvs access on the machine. 
 ; setting this value to "/usr/bin/cvs server" would do this.
-ssh_restricted_app = /usr/local/bin/restricted-shell
+ssh_restricted_app = "/usr/bin/cvs server"
 
 ; restricted_shell - The shell given to users in the ssh_restricted_groups
 restricted_shell = /sbin/nologin

From cc05a811efad9d064943de936190d68e3c1912e6 Mon Sep 17 00:00:00 2001
From: Michael McGrath <mmcgrath@desktop.mmcgrath.net>
Date: Sun, 9 Mar 2008 19:38:35 -0500
Subject: [PATCH 2/5] added word

---
 fas/fas/templates/home.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fas/fas/templates/home.html b/fas/fas/templates/home.html
index cad0c93..40c6c9a 100644
--- a/fas/fas/templates/home.html
+++ b/fas/fas/templates/home.html
@@ -29,7 +29,7 @@
         <li py:if="cla == None">
           ${_('CLA Not Signed.  To become a full Fedora Contributor please ')}<a href="${tg.url('/cla/')}">${_('sign the CLA')}</a>.
         </li>
-        <li py:if="not person.ssh_key">You have not submitted an SSH key, some Fedora resources require an ssh.  Please submit yours by editing <a href="${tg.url('/user/edit')}">My Account</a></li>
+        <li py:if="not person.ssh_key">You have not submitted an SSH key, some Fedora resources require an ssh key.  Please submit yours by editing <a href="${tg.url('/user/edit')}">My Account</a></li>
       </ul>
   </body>
 </html>

From 9c26237a97630507466cc69423ae53a865ecdd79 Mon Sep 17 00:00:00 2001
From: Ricky Zhou <ricky@fedoraproject.org>
Date: Mon, 10 Mar 2008 11:03:45 -0400
Subject: [PATCH 3/5] Disable lazy loading on group.roles - this should
 drastically cut the number of selects on large groups.

---
 fas/fas/model.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fas/fas/model.py b/fas/fas/model.py
index 2b277bb..2bc43c6 100644
--- a/fas/fas/model.py
+++ b/fas/fas/model.py
@@ -436,7 +436,7 @@ mapper(EmailPurposes, EmailPurposesTable, properties = {
         primaryjoin = PersonEmailsTable.c.id==EmailPurposesTable.c.email_id)
     })
 mapper(PersonRoles, PersonRolesTable, properties = {
-    'member': relation(People, backref = 'roles',
+    'member': relation(People, backref = 'roles', lazy = False,
         primaryjoin=PersonRolesTable.c.person_id==PeopleTable.c.id),
     'group': relation(Groups, backref='roles'),
     'sponsor': relation(People, uselist=False,

From 3f94ff13d77e38574a2b0ef2fc1e22eba55665d2 Mon Sep 17 00:00:00 2001
From: Michael McGrath <mmcgrath@desktop.mmcgrath.net>
Date: Mon, 10 Mar 2008 11:17:32 -0500
Subject: [PATCH 4/5] username sorted views.  This page is still quite slow

---
 fas/fas/templates/group/view.html | 36 +++++++++++++++----------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/fas/fas/templates/group/view.html b/fas/fas/templates/group/view.html
index 8b52457..bbfd22f 100644
--- a/fas/fas/templates/group/view.html
+++ b/fas/fas/templates/group/view.html
@@ -81,38 +81,38 @@
           <th py:if="can_sponsor">${_('Action')}</th>
         </tr>
       </thead>
-      <tr py:for="role in group.roles">
-        <td><a href="${tg.url('/user/view/%s' % role.member.username)}">${role.member.username}</a></td>
-        <td py:if='role.sponsor'><a href="${tg.url('/user/view/%s' % role.sponsor.username)}">${role.sponsor.username}</a></td>
-        <td py:if='not role.sponsor'>${_('None')}</td>
-        <td>${role.creation.astimezone(timezone).strftime('%Y-%m-%d %H:%M:%S %Z')}</td>
-        <td py:if='role.approval'>${role.approval.astimezone(timezone).strftime('%Y-%m-%d %H:%M:%S %Z')}</td>
-        <td py:if='not role.approval'>${_('None')}</td>
-        <td>${role.role_status}</td>
-        <td>${role.role_type}</td>
+      <tr py:for="role in sorted([(role.member.username, role) for role in group.roles ])">
+        <td><a href="${tg.url('/user/view/%s' % role[1].member.username)}">${role[1].member.username}</a></td>
+        <td py:if='role[1].sponsor'><a href="${tg.url('/user/view/%s' % role[1].sponsor.username)}">${role.sponsor.username}</a></td>
+        <td py:if='not role[1].sponsor'>${_('None')}</td>
+        <td>${role[1].creation.astimezone(timezone).strftime('%Y-%m-%d %H:%M:%S %Z')}</td>
+        <td py:if='role[1].approval'>${role[1].approval.astimezone(timezone).strftime('%Y-%m-%d %H:%M:%S %Z')}</td>
+        <td py:if='not role[1].approval'>${_('None')}</td>
+        <td>${role[1].role_status}</td>
+        <td>${role[1].role_type}</td>
         <!-- This section includes all action items -->
         <td py:if="can_sponsor">
           <ul class="actions">
-            <li py:if="role.role_status == 'unapproved'">
+            <li py:if="role[1].role_status == 'unapproved'">
             <py:if test="group.needs_sponsor">
-            <a href="${tg.url('/group/sponsor/%s/%s' % (group.name, role.member.username))}">${_('Sponsor')}</a>
+            <a href="${tg.url('/group/sponsor/%s/%s' % (group.name, role[1].member.username))}">${_('Sponsor')}</a>
             <script type="text/javascript">var hb1 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/group_sponsor')}'});</script>
             </py:if>
             <py:if test="not group.needs_sponsor">
-            <a href="${tg.url('/group/sponsor/%s/%s' % (group.name, role.member.username))}">${_('Approve')}</a>
+            <a href="${tg.url('/group/sponsor/%s/%s' % (group.name, role[1].member.username))}">${_('Approve')}</a>
             <script type="text/javascript">var hb2 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/group_approve')}'});</script>
             </py:if>
             </li>
-            <li py:if="auth.canRemoveUser(person, group, role.member)">
-            <a href="${tg.url('/group/remove/%s/%s' % (group.name, role.member.username))}">${_('Remove')}</a>
+            <li py:if="auth.canRemoveUser(person, group, role[1].member)">
+            <a href="${tg.url('/group/remove/%s/%s' % (group.name, role[1].member.username))}">${_('Remove')}</a>
             <script type="text/javascript">var hb3 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/group_remove')}'});</script>
             </li>
-            <li py:if="auth.canUpgradeUser(person, group, role.member)">
-            <a href="${tg.url('/group/upgrade/%s/%s' % (group.name, role.member.username))}">${_('Upgrade')}</a>
+            <li py:if="auth.canUpgradeUser(person, group, role[1].member)">
+            <a href="${tg.url('/group/upgrade/%s/%s' % (group.name, role[1].member.username))}">${_('Upgrade')}</a>
             <script type="text/javascript">var hb4 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/group_upgrade')}'});</script>
             </li>
-            <li py:if="auth.canDowngradeUser(person, group, role.member)">
-            <a href="${tg.url('/group/downgrade/%s/%s' % (group.name, role.member.username))}">${_('Downgrade')}</a>
+            <li py:if="auth.canDowngradeUser(person, group, role[1].member)">
+            <a href="${tg.url('/group/downgrade/%s/%s' % (group.name, role[1].member.username))}">${_('Downgrade')}</a>
             <script type="text/javascript">var hb5 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/group_downgrade')}'});</script>
             </li>
           </ul>

From dbdf0325ab07f3097d76cf73438ebd3a273cf814 Mon Sep 17 00:00:00 2001
From: Ricky Zhou <ricky@fedoraproject.org>
Date: Mon, 10 Mar 2008 14:18:08 -0400
Subject: [PATCH 5/5] Not very thoroughly tested.  Attempt to trade off memory
 for number of selects (?)

---
 fas/fas/auth.py  | 38 +++++++++++++++++---------------------
 fas/fas/model.py | 14 ++++++++++----
 2 files changed, 27 insertions(+), 25 deletions(-)

diff --git a/fas/fas/auth.py b/fas/fas/auth.py
index 551e062..fad4a96 100644
--- a/fas/fas/auth.py
+++ b/fas/fas/auth.py
@@ -15,14 +15,13 @@ def isAdmin(person):
     '''
     admingroup = config.get('admingroup')
     try:
-        group = Groups.by_name(admingroup)
-    except InvalidRequestError:
+        if person.group_roles[admingroup].role_status == 'approved':
+            return True
+        else:
+            return False
+    except KeyError:
         print '%s - Your admin group could not be found!' % admingroup
         return False
-    if group in person.approved_memberships:
-        return True
-    else:
-        return False
     
 def canAdminGroup(person, group):
     '''
@@ -74,29 +73,26 @@ def signedCLAPrivs(person):
     '''
     Returns True if the user has completed the GPG-signed CLA
     '''
+    cla_sign_group =config.get('cla_sign_group')
     try:
-        cla_sign_group = Groups.by_name(config.get('cla_sign_group'))
-    except InvalidRequestError:
-        turbogears.flash(_("cla_sign_group Does not exist!  Please create it!"))
-        return False
-    if isApproved(person, cla_sign_group):
-        return True
-    else:
+        if person.group_roles[cla_sign_group].role_status == 'approved':
+            return True
+        else:
+            return False
+    except KeyError:
         return False
 
 def clickedCLAPrivs(person):
     '''
     Returns True if the user has completed the click-through CLA
     '''
+    cla_click_group = config.get('cla_click_group')
     try:
-        cla_click_group = Groups.by_name(config.get('cla_click_group'))
-    except InvalidRequestError:
-        turbogears.flash(_("cla_click_group Does not exist!  Please create it!"))
-        return False 
-    if signedCLAPrivs(person) or \
-        isApproved(person, cla_click_group):
-        return True
-    else:
+        if person.group_roles[cla_click_group].role_status == 'approved':
+            return True
+        else:
+            return False
+    except KeyError:
         return False
 
 def canEditUser(person, target):
diff --git a/fas/fas/model.py b/fas/fas/model.py
index 2bc43c6..4664b5c 100644
--- a/fas/fas/model.py
+++ b/fas/fas/model.py
@@ -34,7 +34,7 @@ from sqlalchemy.orm import relation
 from sqlalchemy import String, Unicode, Integer, DateTime
 # A few sqlalchemy tricks:
 # Allow viewing foreign key relations as a dictionary
-from sqlalchemy.orm.collections import column_mapped_collection
+from sqlalchemy.orm.collections import column_mapped_collection, attribute_mapped_collection
 # Allow us to reference the remote table of a many:many as a simple list
 from sqlalchemy.ext.associationproxy import association_proxy
 from sqlalchemy import select, and_
@@ -294,6 +294,7 @@ class PersonRoles(SABase):
     '''Record people that are members of groups.'''
     def __repr__(cls):
         return "PersonRole(%s,%s,%s,%s)" % (cls.member.username, cls.group.name, cls.role_type, cls.role_status)
+    groupname = association_proxy('group', 'name')
 
 class Configs(SABase):
     '''Configs for applications that a Fedora Contributor uses.'''
@@ -412,10 +413,10 @@ class VisitIdentity(SABase):
 # mappers for filtering roles
 #
 mapper(ApprovedRoles, ApprovedRolesSelect, properties = {
-    'group': relation(Groups, backref='approved_roles')
+    'group': relation(Groups, backref='approved_roles', lazy = False)
     })
 mapper(UnApprovedRoles, UnApprovedRolesSelect, properties = {
-    'group': relation(Groups, backref='unapproved_roles')
+    'group': relation(Groups, backref='unapproved_roles', lazy = False)
     })
 
 mapper(People, PeopleTable, properties = {
@@ -425,6 +426,10 @@ mapper(People, PeopleTable, properties = {
     'person_emails': relation(PersonEmails, backref = 'person',
         collection_class = column_mapped_collection(
             PersonEmailsTable.c.email)),
+    # This name is kind of confusing.  It's to allow person.group_roles['groupname'] in order to make auth.py (hopefully) slightly faster.  
+    'group_roles': relation(PersonRoles,
+        collection_class = attribute_mapped_collection('groupname'),
+        primaryjoin = PeopleTable.c.id==PersonRolesTable.c.person_id),
     'approved_roles': relation(ApprovedRoles, backref='member',
         primaryjoin = PeopleTable.c.id==ApprovedRoles.c.person_id),
     'unapproved_roles': relation(UnApprovedRoles, backref='member',
@@ -438,7 +443,8 @@ mapper(EmailPurposes, EmailPurposesTable, properties = {
 mapper(PersonRoles, PersonRolesTable, properties = {
     'member': relation(People, backref = 'roles', lazy = False,
         primaryjoin=PersonRolesTable.c.person_id==PeopleTable.c.id),
-    'group': relation(Groups, backref='roles'),
+    'group': relation(Groups, backref='roles', lazy = False,
+        primaryjoin=PersonRolesTable.c.group_id==GroupsTable.c.id),
     'sponsor': relation(People, uselist=False,
         primaryjoin = PersonRolesTable.c.sponsor_id==PeopleTable.c.id)
     })