opendev/storyboard
Code Issues Proposed changes

Merge "Allow permissions to be set for teams in worklists and boards"

Browse Source
This commit is contained in:
Zuul 2019-06-09 15:42:47 +00:00 committed by Gerrit Code Review
commit cb42ebd1cb
8 changed files with 183 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
storyboard/api/v1/boards.py
View File

@ -33,6 +33,7 @@ from storyboard.common import exception as exc
from storyboard.db.api import boards as boards_api from storyboard.db.api import boards as boards_api
from storyboard.db.api import stories as stories_api from storyboard.db.api import stories as stories_api
from storyboard.db.api import tasks as tasks_api from storyboard.db.api import tasks as tasks_api
from storyboard.db.api import teams as teams_api
from storyboard.db.api import timeline_events as events_api from storyboard.db.api import timeline_events as events_api
from storyboard.db.api import users as users_api from storyboard.db.api import users as users_api
from storyboard.db.api import worklists as worklists_api from storyboard.db.api import worklists as worklists_api
@ -159,11 +160,13 @@ class PermissionsController(rest.RestController):
created = boards_api.create_permission(board_id, permission) created = boards_api.create_permission(board_id, permission)
users = [{user.id: user.full_name} for user in created.users] users = [{user.id: user.full_name} for user in created.users]
teams = [{team.id: team.name} for team in created.teams]
events_api.board_permission_created_event(board_id, events_api.board_permission_created_event(board_id,
user_id, user_id,
created.id, created.id,
created.codename, created.codename,
users) users,
teams)
return created return created
else: else:
@ -193,15 +196,22 @@ class PermissionsController(rest.RestController):
% permission['codename']) % permission['codename'])
old_users = {user.id: user.full_name for user in old.users} old_users = {user.id: user.full_name for user in old.users}
old_teams = {team.id: team.name for team in old.teams}
if boards_api.editable(board, user_id): if boards_api.editable(board, user_id):
updated = boards_api.update_permission(board_id, permission) updated = boards_api.update_permission(board_id, permission)
new_users = {user.id: user.full_name for user in updated.users} new_users = {user.id: user.full_name for user in updated.users}
new_teams = {team.id: team.name for team in updated.teams}
added = [{id: name} for id, name in six.iteritems(new_users) added = [{id: name} for id, name in six.iteritems(new_users)
if id not in old_users] if id not in old_users]
added.extend([{id: name} for id, name in six.iteritems(new_teams)
if id not in old_teams])
removed = [{id: name} for id, name in six.iteritems(old_users) removed = [{id: name} for id, name in six.iteritems(old_users)
if id not in new_users] if id not in new_users]
removed.extend([{id: name}
for id, name in six.iteritems(old_teams)
if id not in new_teams])
if added or removed: if added or removed:
events_api.board_permissions_changed_event(board.id, events_api.board_permissions_changed_event(board.id,
@ -210,6 +220,7 @@ class PermissionsController(rest.RestController):
updated.codename, updated.codename,
added, added,
removed) removed)
return updated.codename
else: else:
raise exc.NotFound(_("Board %s not found") % board_id) raise exc.NotFound(_("Board %s not found") % board_id)
@ -328,10 +339,18 @@ class BoardsController(rest.RestController):
lanes = board_dict.pop('lanes') or [] lanes = board_dict.pop('lanes') or []
owners = board_dict.pop('owners') owners = board_dict.pop('owners')
users = board_dict.pop('users') users = board_dict.pop('users')
if not owners: team_owners = board_dict.pop('team_owners')
team_users = board_dict.pop('team_users')
if not owners and not team_owners:
owners = [user_id] owners = [user_id]
if not owners and team_owners:
owners = []
if not users: if not users:
users = [] users = []
if not team_owners:
team_owners = []
if not team_users:
team_users = []
# We can't set due dates when creating boards at the moment. # We can't set due dates when creating boards at the moment.
if 'due_dates' in board_dict: if 'due_dates' in board_dict:
@ -352,29 +371,37 @@ class BoardsController(rest.RestController):
edit_permission = { edit_permission = {
'name': 'edit_board_%d' % created_board.id, 'name': 'edit_board_%d' % created_board.id,
'codename': 'edit_board', 'codename': 'edit_board',
'users': owners 'users': owners,
'teams': team_owners
} }
move_permission = { move_permission = {
'name': 'move_cards_%d' % created_board.id, 'name': 'move_cards_%d' % created_board.id,
'codename': 'move_cards', 'codename': 'move_cards',
'users': users 'users': users,
'teams': team_users
} }
edit = boards_api.create_permission(created_board.id, edit_permission) edit = boards_api.create_permission(created_board.id, edit_permission)
move = boards_api.create_permission(created_board.id, move_permission) move = boards_api.create_permission(created_board.id, move_permission)
event_owners = [{id: users_api.user_get(id).full_name} event_owners = [{id: users_api.user_get(id).full_name}
for id in owners] for id in owners]
event_team_owners = [{id: teams_api.team_get(id).name}
for id in owners]
event_users = [{id: users_api.user_get(id).full_name} event_users = [{id: users_api.user_get(id).full_name}
for id in users] for id in users]
event_team_users = [{id: teams_api.team_get(id).name}
for id in users]
events_api.board_permission_created_event(created_board.id, events_api.board_permission_created_event(created_board.id,
user_id, user_id,
edit.id, edit.id,
edit.codename, edit.codename,
event_owners) event_owners,
event_team_owners)
events_api.board_permission_created_event(created_board.id, events_api.board_permission_created_event(created_board.id,
user_id, user_id,
move.id, move.id,
move.codename, move.codename,
event_users) event_users,
event_team_users)
return wmodels.Board.from_db_model(created_board) return wmodels.Board.from_db_model(created_board)

28
storyboard/api/v1/wmodels.py
View File

@ -801,6 +801,12 @@ class Worklist(base.APIBase):
users = wtypes.ArrayType(int) users = wtypes.ArrayType(int)
"""A list of the IDs of the users who can move items in the worklist.""" """A list of the IDs of the users who can move items in the worklist."""
team_owners = wtypes.ArrayType(int)
"""A list of the IDs of the teams who have full permissions."""
team_users = wtypes.ArrayType(int)
"""A list of the IDs of the teams who can move items in the worklist."""
items = wtypes.ArrayType(WorklistItem) items = wtypes.ArrayType(WorklistItem)
"""The items in the worklist.""" """The items in the worklist."""
@ -857,8 +863,10 @@ class Worklist(base.APIBase):
@nodoc @nodoc
def resolve_permissions(self, worklist): def resolve_permissions(self, worklist):
self.owners = worklists_api.get_owners(worklist) self.owners = worklists_api.get_user_owners(worklist)
self.users = worklists_api.get_users(worklist) self.users = worklists_api.get_user_users(worklist)
self.team_owners = worklists_api.get_team_owners(worklist)
self.team_users = worklists_api.get_team_users(worklist)
@nodoc @nodoc
def resolve_filters(self, worklist): def resolve_filters(self, worklist):
@ -955,6 +963,12 @@ class Board(base.APIBase):
users = wtypes.ArrayType(int) users = wtypes.ArrayType(int)
"""A list of the IDs of the users who can move cards in the board.""" """A list of the IDs of the users who can move cards in the board."""
team_owners = wtypes.ArrayType(int)
"""A list of the IDs of the teams who have full permissions."""
team_users = wtypes.ArrayType(int)
"""A list of the IDs of the teams who can move cards in the board."""
@classmethod @classmethod
def sample(cls): def sample(cls):
return cls( return cls(
@ -982,7 +996,9 @@ class Board(base.APIBase):
items=[]))], items=[]))],
due_dates=[], due_dates=[],
owners=[1], owners=[1],
users=[]) users=[],
team_owners=[1, 2],
team_users=[])
@nodoc @nodoc
def resolve_lanes(self, board, story_cache={}, task_cache={}, def resolve_lanes(self, board, story_cache={}, task_cache={},
@ -1011,5 +1027,7 @@ class Board(base.APIBase):
@nodoc @nodoc
def resolve_permissions(self, board): def resolve_permissions(self, board):
"""Resolve the permissions groups of the board.""" """Resolve the permissions groups of the board."""
self.owners = boards_api.get_owners(board) self.owners = boards_api.get_user_owners(board)
self.users = boards_api.get_users(board) self.users = boards_api.get_user_users(board)
self.team_owners = boards_api.get_team_owners(board)
self.team_users = boards_api.get_team_users(board)

43
storyboard/api/v1/worklists.py
View File

@ -32,6 +32,7 @@ from storyboard.common import decorators
from storyboard.common import exception as exc from storyboard.common import exception as exc
from storyboard.db.api import stories as stories_api from storyboard.db.api import stories as stories_api
from storyboard.db.api import tasks as tasks_api from storyboard.db.api import tasks as tasks_api
from storyboard.db.api import teams as teams_api
from storyboard.db.api import timeline_events as events_api from storyboard.db.api import timeline_events as events_api
from storyboard.db.api import users as users_api from storyboard.db.api import users as users_api
from storyboard.db.api import worklists as worklists_api from storyboard.db.api import worklists as worklists_api
@ -137,11 +138,13 @@ class PermissionsController(rest.RestController):
created = worklists_api.create_permission(worklist_id, permission) created = worklists_api.create_permission(worklist_id, permission)
users = [{user.id: user.full_name} for user in created.users] users = [{user.id: user.full_name} for user in created.users]
teams = [{team.id: team.name} for team in created.teams]
events_api.worklist_permission_created_event(worklist_id, events_api.worklist_permission_created_event(worklist_id,
user_id, user_id,
created.id, created.id,
created.codename, created.codename,
users) users,
teams)
return created.codename return created.codename
else: else:
@ -166,6 +169,10 @@ class PermissionsController(rest.RestController):
1, 1,
2, 2,
3 3
],
"teams": [
1,
6
] ]
} }
@ -189,16 +196,23 @@ class PermissionsController(rest.RestController):
% permission['codename']) % permission['codename'])
old_users = {user.id: user.full_name for user in old.users} old_users = {user.id: user.full_name for user in old.users}
old_teams = {team.id: team.name for team in old.teams}
if worklists_api.editable(worklist, user_id): if worklists_api.editable(worklist, user_id):
updated = worklists_api.update_permission( updated = worklists_api.update_permission(
worklist_id, permission) worklist_id, permission)
new_users = {user.id: user.full_name for user in updated.users} new_users = {user.id: user.full_name for user in updated.users}
new_teams = {team.id: team.name for team in updated.teams}
added = [{id: name} for id, name in six.iteritems(new_users) added = [{id: name} for id, name in six.iteritems(new_users)
if id not in old_users] if id not in old_users]
added.extend([{id: name} for id, name in six.iteritems(new_teams)
if id not in old_teams])
removed = [{id: name} for id, name in six.iteritems(old_users) removed = [{id: name} for id, name in six.iteritems(old_users)
if id not in new_users] if id not in new_users]
removed.extend([{id: name}
for id, name in six.iteritems(old_teams)
if id not in new_teams])
if added or removed: if added or removed:
events_api.worklist_permissions_changed_event( events_api.worklist_permissions_changed_event(
@ -746,10 +760,18 @@ class WorklistsController(rest.RestController):
filters = worklist_dict.pop('filters') or [] filters = worklist_dict.pop('filters') or []
owners = worklist_dict.pop('owners') owners = worklist_dict.pop('owners')
users = worklist_dict.pop('users') users = worklist_dict.pop('users')
if not owners: team_owners = worklist_dict.pop('team_owners')
team_users = worklist_dict.pop('team_users')
if not owners and not team_owners:
owners = [user_id] owners = [user_id]
if not owners and team_owners:
owners = []
if not users: if not users:
users = [] users = []
if not team_owners:
team_owners = []
if not team_users:
team_users = []
created_worklist = worklists_api.create(worklist_dict) created_worklist = worklists_api.create(worklist_dict)
events_api.worklist_created_event(created_worklist.id, events_api.worklist_created_event(created_worklist.id,
@ -759,12 +781,14 @@ class WorklistsController(rest.RestController):
edit_permission = { edit_permission = {
'name': 'edit_worklist_%d' % created_worklist.id, 'name': 'edit_worklist_%d' % created_worklist.id,
'codename': 'edit_worklist', 'codename': 'edit_worklist',
'users': owners 'users': owners,
'teams': team_owners
} }
move_permission = { move_permission = {
'name': 'move_items_%d' % created_worklist.id, 'name': 'move_items_%d' % created_worklist.id,
'codename': 'move_items', 'codename': 'move_items',
'users': users 'users': users,
'teams': team_users
} }
edit = worklists_api.create_permission( edit = worklists_api.create_permission(
created_worklist.id, edit_permission) created_worklist.id, edit_permission)
@ -773,19 +797,24 @@ class WorklistsController(rest.RestController):
event_owners = [{id: users_api.user_get(id).full_name} event_owners = [{id: users_api.user_get(id).full_name}
for id in owners] for id in owners]
event_team_owners = [{id: teams_api.team_get(id).name}
for id in owners]
event_users = [{id: users_api.user_get(id).full_name} event_users = [{id: users_api.user_get(id).full_name}
for id in users] for id in users]
event_team_users = [{id: teams_api.team_get(id).name}
for id in users]
events_api.worklist_permission_created_event(created_worklist.id, events_api.worklist_permission_created_event(created_worklist.id,
user_id, user_id,
edit.id, edit.id,
edit.codename, edit.codename,
event_owners) event_owners,
event_team_owners)
events_api.worklist_permission_created_event(created_worklist.id, events_api.worklist_permission_created_event(created_worklist.id,
user_id, user_id,
move.id, move.id,
move.codename, move.codename,
event_users) event_users,
event_team_users)
if worklist_dict['automatic']: if worklist_dict['automatic']:
for filter in filters: for filter in filters:

21
storyboard/db/api/base.py
View File

@ -464,6 +464,13 @@ def filter_private_worklists(query, current_user, hide_lanes=True):
models.User.id == current_user models.User.id == current_user
) )
), ),
models.Board.permissions.any(
models.Permission.teams.any(
models.Team.users.any(
models.User.id == current_user
)
)
),
models.Board.private == false(), models.Board.private == false(),
models.Board.id.is_(None) models.Board.id.is_(None)
) )
@ -476,6 +483,13 @@ def filter_private_worklists(query, current_user, hide_lanes=True):
models.User.id == current_user models.User.id == current_user
) )
), ),
models.Worklist.permissions.any(
models.Permission.teams.any(
models.Team.users.any(
models.User.id == current_user
)
)
),
models.Worklist.private == false(), models.Worklist.private == false(),
models.Worklist.id.is_(None) models.Worklist.id.is_(None)
) )
@ -519,6 +533,13 @@ def filter_private_boards(query, current_user):
models.User.id == current_user models.User.id == current_user
) )
), ),
models.Board.permissions.any(
models.Permission.teams.any(
models.Team.users.any(
models.User.id == current_user
)
)
),
models.Board.private == false(), models.Board.private == false(),
models.Board.id.is_(None) models.Board.id.is_(None)
) )

39
storyboard/db/api/boards.py
View File

@ -18,6 +18,7 @@ from wsme.exc import ClientSideError
from storyboard._i18n import _ from storyboard._i18n import _
from storyboard.db.api import base as api_base from storyboard.db.api import base as api_base
from storyboard.db.api import teams as teams_api
from storyboard.db.api import users as users_api from storyboard.db.api import users as users_api
from storyboard.db import models from storyboard.db import models
@ -212,35 +213,54 @@ def has_card(board, item_type, item_id):
return False return False
def get_owners(board): def get_user_owners(board):
for permission in board.permissions: for permission in board.permissions:
if permission.codename == 'edit_board': if permission.codename == 'edit_board':
return [user.id for user in permission.users] return [user.id for user in permission.users]
def get_users(board): def get_user_users(board):
for permission in board.permissions: for permission in board.permissions:
if permission.codename == 'move_cards': if permission.codename == 'move_cards':
return [user.id for user in permission.users] return [user.id for user in permission.users]
def get_team_owners(board):
for permission in board.permissions:
if permission.codename == 'edit_board':
return [team.id for team in permission.teams]
def get_team_users(board):
for permission in board.permissions:
if permission.codename == 'move_cards':
return [team.id for team in permission.teams]
def get_permissions(board, user_id): def get_permissions(board, user_id):
user = users_api.user_get(user_id) user = users_api.user_get(user_id)
if user is not None: if user is not None:
valid_permissions = set(user.permissions)
for team in user.teams:
valid_permissions.update(team.permissions)
return [permission.codename for permission in board.permissions return [permission.codename for permission in board.permissions
if permission in user.permissions] if permission in valid_permissions]
return [] return []
def create_permission(board_id, permission_dict, session=None): def create_permission(board_id, permission_dict, session=None):
board = _board_get(board_id, session=session) board = _board_get(board_id, session=session)
users = permission_dict.pop('users') users = permission_dict.pop('users')
teams = permission_dict.pop('teams')
permission = api_base.entity_create( permission = api_base.entity_create(
models.Permission, permission_dict, session=session) models.Permission, permission_dict, session=session)
board.permissions.append(permission) board.permissions.append(permission)
for user_id in users: for user_id in users:
user = users_api.user_get(user_id, session=session) user = users_api.user_get(user_id, session=session)
user.permissions.append(permission) user.permissions.append(permission)
for team_id in teams:
team = teams_api.team_get(team_id, session=session)
team.permissions.append(permission)
return permission return permission
@ -250,11 +270,14 @@ def update_permission(board_id, permission_dict):
for permission in board.permissions: for permission in board.permissions:
if permission.codename == permission_dict['codename']: if permission.codename == permission_dict['codename']:
id = permission.id id = permission.id
users = permission_dict.pop('users') users = permission_dict.pop('users', None)
permission_dict['users'] = [] teams = permission_dict.pop('teams', None)
for user_id in users: if users is not None:
user = users_api.user_get(user_id) permission_dict['users'] = [users_api.user_get(user_id)
permission_dict['users'].append(user) for user_id in users]
if teams is not None:
permission_dict['teams'] = [teams_api.team_get(team_id)
for team_id in teams]
if id is None: if id is None:
raise ClientSideError(_("Permission %s does not exist") raise ClientSideError(_("Permission %s does not exist")

10
storyboard/db/api/timeline_events.py
View File

@ -339,13 +339,14 @@ def worklist_details_changed_event(worklist_id, author_id, updated, old, new):
def worklist_permission_created_event(worklist_id, author_id, permission_id, def worklist_permission_created_event(worklist_id, author_id, permission_id,
codename, users): codename, users, teams):
event_info = { event_info = {
"worklist_id": worklist_id, "worklist_id": worklist_id,
"permission_id": permission_id, "permission_id": permission_id,
"author_id": author_id, "author_id": author_id,
"codename": codename, "codename": codename,
"users": users "users": users,
"teams": teams
} }
return event_create({ return event_create({
@ -445,13 +446,14 @@ def board_details_changed_event(board_id, author_id, updated, old, new):
def board_permission_created_event(board_id, author_id, permission_id, def board_permission_created_event(board_id, author_id, permission_id,
codename, users): codename, users, teams):
event_info = { event_info = {
"board_id": board_id, "board_id": board_id,
"permission_id": permission_id, "permission_id": permission_id,
"author_id": author_id, "author_id": author_id,
"codename": codename, "codename": codename,
"users": users "users": users,
"teams": teams
} }
return event_create({ return event_create({

39
storyboard/db/api/worklists.py
View File

@ -23,6 +23,7 @@ from storyboard.db.api import base as api_base
from storyboard.db.api import boards from storyboard.db.api import boards
from storyboard.db.api import stories as stories_api from storyboard.db.api import stories as stories_api
from storyboard.db.api import tasks as tasks_api from storyboard.db.api import tasks as tasks_api
from storyboard.db.api import teams as teams_api
from storyboard.db.api import users as users_api from storyboard.db.api import users as users_api
from storyboard.db import models from storyboard.db import models
@ -365,35 +366,54 @@ def is_lane(worklist):
return False return False
def get_owners(worklist): def get_user_owners(worklist):
for permission in worklist.permissions: for permission in worklist.permissions:
if permission.codename == 'edit_worklist': if permission.codename == 'edit_worklist':
return [user.id for user in permission.users] return [user.id for user in permission.users]
def get_users(worklist): def get_user_users(worklist):
for permission in worklist.permissions: for permission in worklist.permissions:
if permission.codename == 'move_items': if permission.codename == 'move_items':
return [user.id for user in permission.users] return [user.id for user in permission.users]
def get_team_owners(worklist):
for permission in worklist.permissions:
if permission.codename == 'edit_worklist':
return [team.id for team in permission.teams]
def get_team_users(worklist):
for permission in worklist.permissions:
if permission.codename == 'move_items':
return [team.id for team in permission.teams]
def get_permissions(worklist, user_id): def get_permissions(worklist, user_id):
user = users_api.user_get(user_id) user = users_api.user_get(user_id)
if user is not None: if user is not None:
valid_permissions = set(user.permissions)
for team in user.teams:
valid_permissions.update(team.permissions)
return [permission.codename for permission in worklist.permissions return [permission.codename for permission in worklist.permissions
if permission in user.permissions] if permission in valid_permissions]
return [] return []
def create_permission(worklist_id, permission_dict, session=None): def create_permission(worklist_id, permission_dict, session=None):
worklist = _worklist_get(worklist_id, session=session) worklist = _worklist_get(worklist_id, session=session)
users = permission_dict.pop('users') users = permission_dict.pop('users')
teams = permission_dict.pop('teams')
permission = api_base.entity_create( permission = api_base.entity_create(
models.Permission, permission_dict, session=session) models.Permission, permission_dict, session=session)
worklist.permissions.append(permission) worklist.permissions.append(permission)
for user_id in users: for user_id in users:
user = users_api.user_get(user_id, session=session) user = users_api.user_get(user_id, session=session)
user.permissions.append(permission) user.permissions.append(permission)
for team_id in teams:
team = teams_api.team_get(team_id, session=session)
team.permissions.append(permission)
return permission return permission
@ -403,11 +423,14 @@ def update_permission(worklist_id, permission_dict):
for permission in worklist.permissions: for permission in worklist.permissions:
if permission.codename == permission_dict['codename']: if permission.codename == permission_dict['codename']:
id = permission.id id = permission.id
users = permission_dict.pop('users') users = permission_dict.pop('users', None)
permission_dict['users'] = [] teams = permission_dict.pop('teams', None)
for user_id in users: if users is not None:
user = users_api.user_get(user_id) permission_dict['users'] = [users_api.user_get(user_id)
permission_dict['users'].append(user) for user_id in users]
if teams is not None:
permission_dict['teams'] = [teams_api.team_get(team_id)
for team_id in teams]
if id is None: if id is None:
raise ClientSideError(_("Permission %s does not exist") raise ClientSideError(_("Permission %s does not exist")

3
storyboard/db/models.py
View File

@ -643,7 +643,8 @@ class Board(FullText, ModelBuilder, Base):
private = Column(Boolean, default=False) private = Column(Boolean, default=False)
archived = Column(Boolean, default=False) archived = Column(Boolean, default=False)
lanes = relationship(BoardWorklist, backref='board') lanes = relationship(BoardWorklist, backref='board')
permissions = relationship("Permission", secondary="board_permissions") permissions = relationship("Permission", secondary="board_permissions",
backref="boards")
_public_fields = ["id", "title", "description", "creator_id", _public_fields = ["id", "title", "description", "creator_id",
"project_id", "permission_id", "private", "archived"] "project_id", "permission_id", "private", "archived"]