docker/quay
1
0
Fork 0
mirror of https://github.com/quay/quay.git synced 2026-01-26 06:21:37 +03:00
Code Activity
Files
ready-v3.16.0
quay/endpoints/api
History
OpenShift Cherrypick Robot 4ddab2b6be [redhat-3.16] fix(ui): Enable organization/user visibility for read-only superusers (PROJQUAY-6882) (#4584) 
* fix(ui): Enable organization/user visibility for read-only superusers (PROJQUAY-6882)

Users listed under GLOBAL_READONLY_SUPER_USERS can now see all
organizations and users in the UI, matching regular superuser visibility
with read-only restrictions on actions.

- Update UseCurrentUser to include global_readonly_super_user in isSuperUser check
- Add Cypress tests for read-only superuser visibility and action restrictions
- Settings column actions correctly hidden via existing canModify permission

Co-authored-by: Claude <noreply@anthropic.com>

* fix(ui): Add global_readonly_super_user field to API responses (PROJQUAY-6882)

- Add global_readonly_super_user field to user API response in endpoints/api/user.py
- Allow read-only superusers to view organization teams in endpoints/api/organization.py
- Allow read-only superusers to view robot permissions in endpoints/api/robot.py

* fix(ui): Prevent read-only superusers from deleting orgs/users

Security fix: Read-only superusers should not be able to delete
orgs or users they don't own, even though they can view them.

* Fix inline import + incorrect assert + add codecov tests

---------

Co-authored-by: harishsurf <hgovinda@redhat.com>
Co-authored-by: Claude <noreply@anthropic.com>
2025-11-20 08:10:45 +00:00
..
test
[redhat-3.16] fix(ui): Enable organization/user visibility for read-only superusers (PROJQUAY-6882) (#4584)
2025-11-20 08:10:45 +00:00
__init__.py
[redhat-3.16] fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4512)
2025-11-13 16:50:32 +00:00
__init__models_interface.py
[PROJQUAY-1021] task: Update "Black" to version 20.8b1
2020-11-30 18:48:19 -05:00
__init__models_pre_oci.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
appspecifictokens.py
feat(api v1): global readonly superuser support and app token visibility (PROJQUAY-8279) (#4276)
2025-10-21 15:00:59 -04:00
billing.py
feat(api v1): global readonly superuser support and app token visibility (PROJQUAY-8279) (#4276)
2025-10-21 15:00:59 -04:00
build.py
[redhat-3.16] fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4512)
2025-11-13 16:50:32 +00:00
discovery.py
ui: Expand support for customized footer links (PROJQUAY-5648) (#3556)
2025-02-07 10:07:55 -05:00
error.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
globalmessages_models_interface.py
[PROJQUAY-1021] task: Update "Black" to version 20.8b1
2020-11-30 18:48:19 -05:00
globalmessages_models_pre_oci.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
globalmessages.py
feat(api v1): global readonly superuser support and app token visibility (PROJQUAY-8279) (#4276)
2025-10-21 15:00:59 -04:00
logs.py
[redhat-3.16] fix: allow global readonly superusers to access all organization data without FULL_ACCESS (PROJQUAY-9798) (#4557)
2025-11-18 17:22:22 -05:00
manifest.py
feat: Add image pull statistics API endpoints and UI integration (PROJQUAY-7176) (#4382)
2025-10-27 15:19:52 -04:00
mirror.py
mirror: Add job timeout to mirror configurations (PROJQUAY-7249) (#3723)
2025-06-12 19:09:51 +02:00
namespacequota.py
[redhat-3.16] fix: allow global readonly superusers to access quota limit endpoints (PROJQUAY-9804) (#4574)
2025-11-20 03:39:19 +00:00
organization.py
[redhat-3.16] fix(ui): Enable organization/user visibility for read-only superusers (PROJQUAY-6882) (#4584)
2025-11-20 08:10:45 +00:00
permission_models_interface.py
[PROJQUAY-1021] task: Update "Black" to version 20.8b1
2020-11-30 18:48:19 -05:00
permission_models_pre_oci.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
permission.py
api: adding permissions for global readonly superuser (PROJQUAY-7177) (#2993)
2024-07-09 13:17:26 -04:00
policy.py
[redhat-3.16] fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4512)
2025-11-13 16:50:32 +00:00
prototype.py
[redhat-3.16] fix: allow global readonly superusers to access all organization data without FULL_ACCESS (PROJQUAY-9798) (#4557)
2025-11-18 17:22:22 -05:00
repoemail_models_interface.py
[PROJQUAY-1021] task: Update "Black" to version 20.8b1
2020-11-30 18:48:19 -05:00
repoemail_models_pre_oci.py
fix all the docstrings
2020-02-05 19:55:07 -08:00
repoemail.py
feat(api v1): global readonly superuser support and app token visibility (PROJQUAY-8279) (#4276)
2025-10-21 15:00:59 -04:00
repository_models_interface.py
api: reducing db calls in repo list endpoints with quota enabled (PROJQUAY-6895) (#2770)
2024-03-26 10:33:24 -04:00
repository_models_pre_oci.py
[redhat-3.16] fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4512)
2025-11-13 16:50:32 +00:00
repository.py
[redhat-3.16] fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4512)
2025-11-13 16:50:32 +00:00
repositorynotification_models_interface.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
repositorynotification_models_pre_oci.py
'make black' results
2019-12-02 12:23:08 -05:00
repositorynotification.py
api: adding permissions for global readonly superuser (PROJQUAY-7177) (#2993)
2024-07-09 13:17:26 -04:00
repotoken.py
feat(api v1): global readonly superuser support and app token visibility (PROJQUAY-8279) (#4276)
2025-10-21 15:00:59 -04:00
robot_models_interface.py
[PROJQUAY-1021] task: Update "Black" to version 20.8b1
2020-11-30 18:48:19 -05:00
robot_models_pre_oci.py
api: fix duplicate robot accounts (PROJQUAY-5931) (#2192)
2023-09-01 12:03:33 -04:00
robot.py
[redhat-3.16] fix(ui): Enable organization/user visibility for read-only superusers (PROJQUAY-6882) (#4584)
2025-11-20 08:10:45 +00:00
search.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
secscan.py
api: add missing read permissions for readonly superuser (PROJQUAY-9156) (#4132)
2025-07-23 10:01:20 -04:00
signing_models_interface.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
signing_models_pre_oci.py
fix all the docstrings
2020-02-05 19:55:07 -08:00
signing.py
api: add missing read permissions for readonly superuser (PROJQUAY-9156) (#4132)
2025-07-23 10:01:20 -04:00
subscribe_models_interface.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
subscribe_models_pre_oci.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
subscribe.py
billing: apply free trial to stripe checkout sessions (PROJQUAY-6405) (#2491)
2023-11-15 16:38:55 -05:00
suconfig_models_interface.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
suconfig_models_pre_oci.py
'make black' results
2019-12-02 12:23:08 -05:00
suconfig.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
superuser_models_interface.py
quota: feature flagging quota edit/view/enforce (PROJQUAY-6734) (#2709)
2024-03-05 13:10:18 -05:00
superuser_models_pre_oci.py
quota: feature flagging quota edit/view/enforce (PROJQUAY-6734) (#2709)
2024-03-05 13:10:18 -05:00
superuser.py
[redhat-3.16] fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4512)
2025-11-13 16:50:32 +00:00
tag.py
feat: Add image pull statistics API endpoints and UI integration (PROJQUAY-7176) (#4382)
2025-10-27 15:19:52 -04:00
team.py
[redhat-3.16] fix: allow global readonly superusers to access all organization data without FULL_ACCESS (PROJQUAY-9798) (#4557)
2025-11-18 17:22:22 -05:00
trigger_analyzer.py
trigger_analyzer: fix confusing print (PROJQUAY-1995) (#1073)
2022-01-27 16:43:32 -06:00
trigger.py
[redhat-3.16] fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4512)
2025-11-13 16:50:32 +00:00
user.py
[redhat-3.16] fix(ui): Enable organization/user visibility for read-only superusers (PROJQUAY-6882) (#4584)
2025-11-20 08:10:45 +00:00