diff --git a/fas/fas.cfg b/fas/fas.cfg index 2bb9e44..a297ef0 100644 --- a/fas/fas.cfg +++ b/fas/fas.cfg @@ -34,7 +34,7 @@ openssl_ou = "Upload Files" # Groups that automatically grant membership to other groups # Format: 'group1:a,b,c|group2:d,e,f' -auto_approve_groups = 'cvsextras:fedorabugs|cla_dell:cla_done|cla_fedora:cla_done|cla_redhat:cla_done|cla_ibm:cla_done' +auto_approve_groups = 'cvsextras:fedorabugs|cla_fedora:cla_done|cla_redhat:cla_done|cla_dell:cla_done|cla_ibm:cla_done' # This is where all of your settings go for your development environment # Settings that are the same for both development and production # (such as template engine, encodings, etc.) all go in diff --git a/fas/fas/auth.py b/fas/fas/auth.py index 9963b4a..6f1f622 100644 --- a/fas/fas/auth.py +++ b/fas/fas/auth.py @@ -60,14 +60,19 @@ def canSponsorGroup(person, group): return False except: return False + def isApproved(person, group): ''' Returns True if the user is an approved member of a group ''' - if group in person.approved_memberships: - return True - else: + try: + if person.group_roles[group.name].role_status == 'approved': + return True + else: + return False + except KeyError: return False + return False def CLADone(person): ''' diff --git a/fas/fas/cla.py b/fas/fas/cla.py index e7f5785..a4aea00 100644 --- a/fas/fas/cla.py +++ b/fas/fas/cla.py @@ -49,21 +49,8 @@ class CLA(controllers.Controller): if not person.telephone or \ not person.postal_address or \ not person.gpg_keyid: - turbogears.flash(_('To sign the CLA we must have your telephone number, postal address and gpg key id. Please ensure they have been filled out')) + turbogears.flash(_('To sign the CLA we must have your telephone number, postal address and GPG key ID. Please ensure they have been filled out.')) turbogears.redirect('/user/edit/%s' % username) - - # Disable click-through CLA for now - #if type == 'click': - # if signedCLAPrivs(person): - # turbogears.flash(_('You have already signed the CLA, so it is unnecessary to complete the Click-through CLA.')) - # turbogears.redirect('/cla/') - # return dict() - # if clickedCLAPrivs(person): - # turbogears.flash(_('You have already completed the Click-through CLA.')) - # turbogears.redirect('/cla/') - # return dict() - # turbogears.redirect('/cla/') - # return dict() if type == 'sign': if CLADone(person): turbogears.flash(_('You have already signed the CLA.')) @@ -156,13 +143,11 @@ class CLA(controllers.Controller): turbogears.flash(_('The text "I agree" was not found in the CLA.')) turbogears.redirect('/cla/view/sign') return dict() - - # Everything is correct. try: + # Everything is correct. person.apply(group, person) # Apply... session.flush() - person.sponsor(group, person) # Approve... - session.flush() + person.sponsor(group, person) # Sponsor! except: # TODO: If apply succeeds and sponsor fails, the user has # to remove themselves from the CLA group before they can @@ -171,11 +156,6 @@ class CLA(controllers.Controller): turbogears.redirect('/cla/view/sign') return dict() else: - try: - clickgroup = Groups.by_name(config.get('cla_click_group')) - person.remove(cilckgroup, person) - except: - pass message = turbomail.Message(config.get('accounts_email'), config.get('legal_cla_email'), 'Fedora ICLA completed') message.plain = ''' Fedora user %(username)s has signed a completed ICLA using their published GPG key, ID %(gpg_keyid)s, diff --git a/fas/fas/group.py b/fas/fas/group.py index d32c6b3..acb84e8 100644 --- a/fas/fas/group.py +++ b/fas/fas/group.py @@ -328,6 +328,7 @@ Please go to %(url)s to take action. turbogears.redirect('/group/view/%s' % group.name) return dict() else: + target.sponsor(group, person) try: target.sponsor(group, person) except fas.SponsorError, e: diff --git a/fas/fas/model.py b/fas/fas/model.py index b3ecb85..e36d373 100644 --- a/fas/fas/model.py +++ b/fas/fas/model.py @@ -39,9 +39,11 @@ from sqlalchemy.orm.collections import column_mapped_collection, attribute_mappe from sqlalchemy.ext.associationproxy import association_proxy from sqlalchemy import select, and_ +from sqlalchemy.exceptions import InvalidRequestError + from turbogears.database import session -from turbogears import identity +from turbogears import identity, config import turbogears @@ -174,6 +176,39 @@ class People(SABase): role.role_status = 'approved' role.sponsor_id = requester.id role.approval = datetime.now(pytz.utc) + cls._handle_auto_add(group, requester) + + def _handle_auto_add(cls, group, requester): + """ + Handle automatic group approvals + """ + auto_approve_groups = config.get('auto_approve_groups') + associations = auto_approve_groups.split('|') + approve_group_queue = [] + for association in associations: + (groupname, approve_groups) = association.split(':', 1) + if groupname == group.name: + approve_group_queue.extend(approve_groups.split(',')) + for groupname in approve_group_queue: + approve_group = Groups.by_name(groupname) + cls._auto_add(approve_group, requester) + + def _auto_add(cls, group, requester): + """ + Ensure that a person is approved in a group + """ + try: + role = PersonRoles.query.filter_by(member=cls, group=group).one() + if role.role_status != 'approved': + role.role_status = 'approved' + role.sponsor_id = requester.id + role.approval = datetime.now(pytz.utc) + except InvalidRequestError: + role = PersonRoles() + role.role_status = 'approved' + role.role_type = 'user' + role.member = cls + role.group = group def remove(cls, group, requester): if not group in cls.memberships: diff --git a/fas/fas/user.py b/fas/fas/user.py index 9a2f265..8e7e75a 100644 --- a/fas/fas/user.py +++ b/fas/fas/user.py @@ -469,6 +469,7 @@ forward to working with you! person.password = newpass['hash'] Log(author_id=person.id, description='Password changed') turbogears.flash(_("Your password has been changed.")) + turbogears.redirect('/user/view/%s' % turbogears.identity.current.user_name) except: Log(author_id=person.id, description='Password change failed!') turbogears.flash(_("Your password could not be changed."))