quay/util/fixuseradmin.py

import argparse
import sys

from app import app
from data.database import Namespace, Repository, RepositoryPermission, Role
from data.model.permission import get_user_repo_permissions
from data.model.user import get_active_users, get_nonrobot_user

DESCRIPTION = """
Fix user repositories missing admin permissions for owning user.
"""

parser = argparse.ArgumentParser(description=DESCRIPTION)
parser.add_argument("users", nargs="*", help="Users to check")
parser.add_argument("-a", "--all", action="store_true", help="Check all users")
parser.add_argument("-n", "--dry-run", action="store_true", help="Don't act")

ADMIN = Role.get(name="admin")


def repos_for_namespace(namespace):
    return (
        Repository.select(Repository.id, Repository.name, Namespace.username)
        .join(Namespace)
        .where(Namespace.username == namespace)
    )


def has_admin(user, repo):
    perms = get_user_repo_permissions(user, repo)
    return any(p.role == ADMIN for p in perms)


def get_users(all_users=False, users_list=None):
    if all_users:
        return get_active_users(disabled=False)

    return list(map(get_nonrobot_user, users_list))


def ensure_admin(user, repos, dry_run=False):
    repos = [repo for repo in repos if not has_admin(user, repo)]

    for repo in repos:
        print(("User {} missing admin on: {}".format(user.username, repo.name)))

        if not dry_run:
            RepositoryPermission.create(user=user, repository=repo, role=ADMIN)
            print(("Granted {} admin on: {}".format(user.username, repo.name)))

    return len(repos)


def main():
    args = parser.parse_args()
    found = 0

    if not args.all and len(args.users) == 0:
        sys.exit("Need a list of users or --all")

    for user in get_users(all_users=args.all, users_list=args.users):
        if user is not None:
            repos = repos_for_namespace(user.username)
            found += ensure_admin(user, repos, dry_run=args.dry_run)

    print(("\nFound {} user repos missing admin" " permissions for owner.".format(found)))


if __name__ == "__main__":
    main()