I've just committed this change to the fas git repo that fixes a change
in the dump format from fas1 to fas2. In fas1, the role_type was
accurate when dumped from the account system. In fas2, role_type was
always "user" even if the person was a sponsor or administrator.
I'd like to have this applied to the production FAS so that the Package
Status Scripts can be run again.
Changes:
* Correct information which has been inaccurate since migration to FAS2.
* No longer check if the user is in the group their trying to dump as
they can retrieve the information by retrieving the list of all users
anyway.
* Speed up dumping when a groupname is specified (probably
significantly on app5) by making a single database query per call
instead of one db query per user in the group.
Risk:
* FAS is a major service. Many third-party apps consume this
particular page as it's an easy way for them to get username=>email
mappings.
* This adds a field to the data as retrieved via json. It adds a
field for role_type of the user to each record.
Mitigation:
* The format of the page isn't changing, just the accuracy of one of
the fields.
* The patch is very small and limited to this single method and one
line in its template.
* Tested when group name is unspecified, group name is specified, and
whether retrieving json or plain text.
Benefits:
* Allows Package Status Scripts to run once again
* Speedier
-Toshio
diff --git a/fas/group.py b/fas/group.py
index 86c52d3..a81a749 100644
--- a/fas/group.py
+++ b/fas/group.py
@@ -498,27 +498,28 @@ into the e-mail aliases within an hour.
@identity.require(turbogears.identity.not_anonymous())
@error_handler(error)
- @expose(template="genshi-text:fas.templates.group.dump", format="text", content_type='text/plain; charset=utf-8')
+ @expose(template="genshi-text:fas.templates.group.dump", format="text",
+ content_type='text/plain; charset=utf-8')
@expose(allow_json=True)
def dump(self, groupname=None):
- username = turbogears.identity.current.user_name
- person = People.by_username(username)
if not groupname:
-# groupname = config.get('cla_done_group')
- people = People.query.order_by('username').all()
+ people = People.query.order_by('username').add_column(
+ sqlalchemy.sql.literal_column("'user'").label(
+ 'role_type')).all()
else:
people = []
- groups = Groups.by_name(groupname)
- for role in groups.approved_roles:
- people.append(role.member)
- if not canViewGroup(person, groups):
- turbogears.flash(_("You cannot view '%s'") % group.name)
- turbogears.redirect('/group/list')
- return dict()
+
+ # Retrieve necessary info about the users who are approved in
+ # this group
+ people = People.query.join('roles').filter(
+ PersonRoles.role_status=='approved').join(
+ PersonRoles.group).add_column(
+ PersonRoles.role_type).filter(
+ Groups.name==groupname).order_by('username')
# We filter this so that sending information via json is quick(er)
- filteredPeople = sorted([(p.username, p.email, p.human_name)
- for p in people])
+ filteredPeople = sorted([(p[0].username, p[0].email,
+ p[0].human_name, p[1]) for p in people])
return dict(people=filteredPeople)
diff --git a/fas/templates/group/dump.txt b/fas/templates/group/dump.txt
index cbc989a..fa27452 100644
--- a/fas/templates/group/dump.txt
+++ b/fas/templates/group/dump.txt
@@ -1,3 +1,3 @@
#for person in people
-${person[0]},${person[1]},${person[2]},user,0
+${person[0]},${person[1]},${person[2]},${person[3]},0
#end
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
