Skip to content

Commit

Permalink
Merge pull request #540 from ubclaunchpad/temp-fix/permissions
Browse files Browse the repository at this point in the history 
temporary fix: disable deletion of existing permissions
  • Loading branch information
@bobheadxi
bobheadxi authored Oct 5, 2020
2 parents ca02676 + 47d3b3a commit 4394c76
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 33 deletions.
18 changes: 0 additions & 18 deletions app/controller/command/commands/team.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -786,23 +786,5 @@ def refresh_all_drive_permissions(self):
return

all_teams: List[Team] = self.facade.query(Team)
leads_team: Team = None
admin_team: Team = None
for t in all_teams:
if t.github_team_name == self.config.github_team_leads:
leads_team = t
continue
if t.github_team_name == self.config.github_team_admin:
admin_team = t
continue
sync_team_email_perms(self.gcp, self.facade, t)

# Workaround for https://github.com/ubclaunchpad/rocket2/issues/497:
# We sort the teams such that special-permissions teams are sync'd
# last, so that inherited permissions are not overwritten in child
# folders.
#
# TODO: If a proper fix is implemented, remove this and related code
for t in [leads_team, admin_team]:
if t is not None:
sync_team_email_perms(self.gcp, self.facade, t)
40 changes: 26 additions & 14 deletions interface/gcp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,11 @@
from googleapiclient.discovery import Resource
import logging

# Set to False to resolve https://github.com/ubclaunchpad/rocket2/issues/510
# temporarily. Longer-term fix is being tracked in the actual problem,
# https://github.com/ubclaunchpad/rocket2/issues/497
DELETE_OLD_DRIVE_PERMISSIONS = False


class GCPInterface:
"""Utility class for calling Google Cloud Platform (GCP) APIs."""
Expand All @@ -12,7 +17,11 @@ def __init__(self, drive_client: Resource, subject=None):
self.drive = drive_client
self.subject = subject

def set_drive_permissions(self, scope, drive_id, emails: List[str]):
def set_drive_permissions(self,
scope,
drive_id,
emails: List[str],
delete_permissions=DELETE_OLD_DRIVE_PERMISSIONS):
"""
Creates permissions for the given emails, and removes everyone not
on the list.
Expand Down Expand Up @@ -79,19 +88,22 @@ def set_drive_permissions(self, scope, drive_id, emails: List[str]):

# Delete old permissions
# See http://googleapis.github.io/google-api-python-client/docs/dyn/drive_v3.permissions.html#delete # noqa
deleted_shares = 0
for p_id in to_delete:
try:
self.drive.permissions()\
.delete(fileId=drive_id,
permissionId=p_id,
supportsAllDrives=True)\
.execute()
deleted_shares += 1
except Exception as e:
logging.error(f"Failed to delete permission {p_id} for drive "
+ f"item ({scope}, {drive_id}): {e}")
logging.info(f"Deleted {deleted_shares} permissions for {scope}")
if delete_permissions is True:
deleted_shares = 0
for p_id in to_delete:
try:
self.drive.permissions()\
.delete(fileId=drive_id,
permissionId=p_id,
supportsAllDrives=True)\
.execute()
deleted_shares += 1
except Exception as e:
logging.error(f"Failed to delete permission {p_id} for "
+ f"drive item ({scope}, {drive_id}): {e}")
logging.info(f"Deleted {deleted_shares} permissions for {scope}")
else:
logging.info("DELETE_OLD_DRIVE_PERMISSIONS is set to false")


def new_share_message(scope):
Expand Down
2 changes: 1 addition & 1 deletion tests/interface/gcp_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ def test_set_drive_permissions(self):
self.gcp.set_drive_permissions('team', 'abcde', [
'[email protected]',
'[email protected]',
])
], delete_permissions=True)

# initial list
mock_perms.list.assert_called()
Expand Down

0 comments on commit 4394c76

Please sign in to comment.