Skip to content

Commit

Permalink
admin: malware refactor and small features (pypi#16047)
Browse files Browse the repository at this point in the history
  • Loading branch information
miketheman authored Jun 4, 2024
1 parent 3accdda commit 750693f
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 39 deletions.
2 changes: 1 addition & 1 deletion warehouse/admin/templates/admin/base.html
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@
<img src="{{ gravatar(request, request.user.email, size=160) }}" class="img-circle elevation-2" alt="User Image">
</div>
<div class="info">
<a class="d-block">{{ request.user.name|default(request.user.username, true) }}</a>
<a class="d-block" href="{{ request.route_path('admin.user.detail', username=request.user.username) }}">{{ request.user.name|default(request.user.username, true) }}</a>
</div>
</div>

Expand Down
3 changes: 3 additions & 0 deletions warehouse/admin/templates/admin/projects/detail.html
Original file line number Diff line number Diff line change
Expand Up @@ -255,6 +255,9 @@ <h4 class="modal-title" id="exampleModalLabel">Remove role for {{ role.user.user
<div class="card-header">
<h3 class="card-title">Project Observations</h3>
<div class="card-tools">
{% if observations %}
<span class="badge badge-warning">{{ observations|length }}</span>
{% endif %}
<button type="button" class="btn btn-tool" data-card-widget="collapse"><i class="fas fa-plus"></i>
</button>
</div>
Expand Down
40 changes: 3 additions & 37 deletions warehouse/admin/views/prohibited_project_names.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
)
from warehouse.utils.http import is_safe_url
from warehouse.utils.paginate import paginate_url_factory
from warehouse.utils.project import remove_project
from warehouse.utils.project import prohibit_and_remove_project


@view_config(
Expand Down Expand Up @@ -250,23 +250,7 @@ def add_prohibited_project_names(request):
)
return HTTPSeeOther(request.route_path("admin.prohibited_project_names.list"))

# Add our requested prohibition.
request.db.add(
ProhibitedProjectName(
name=project_name, comment=comment, prohibited_by=request.user
)
)

# Go through and delete the project and everything related to it so that
# our prohibition actually blocks things and isn't ignored (since the
# prohibition only takes effect on new project registration).
project = (
request.db.query(Project)
.filter(Project.normalized_name == func.normalize_pep426_name(project_name))
.first()
)
if project is not None:
remove_project(project, request)
prohibit_and_remove_project(project_name, request, comment)

request.session.flash(f"Prohibited Project Name {project_name!r}", queue="success")

Expand Down Expand Up @@ -334,25 +318,7 @@ def bulk_add_prohibited_project_names(request):
):
continue

# Add our requested prohibition.
request.db.add(
ProhibitedProjectName(
name=project_name, comment=comment, prohibited_by=request.user
)
)

# Go through and delete the project and everything related to it so that
# our prohibition actually blocks things and isn't ignored (since the
# prohibition only takes effect on new project registration).
project = (
request.db.query(Project)
.filter(
Project.normalized_name == func.normalize_pep426_name(project_name)
)
.first()
)
if project is not None:
remove_project(project, request, flash=False)
prohibit_and_remove_project(project_name, request, comment, flash=False)

request.session.flash(
f"Prohibited {len(project_names)!r} projects", queue="success"
Expand Down
29 changes: 28 additions & 1 deletion warehouse/utils/project.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,10 @@
import re

from pyramid.httpexceptions import HTTPSeeOther
from sqlalchemy.sql import func

from warehouse.packaging.interfaces import IDocsStorage
from warehouse.packaging.models import JournalEntry
from warehouse.packaging.models import JournalEntry, ProhibitedProjectName, Project
from warehouse.tasks import task


Expand Down Expand Up @@ -65,6 +66,32 @@ def confirm_project(
)


def prohibit_and_remove_project(
project: Project | str, request, comment: str, flash: bool = True
):
"""
View helper to prohibit and remove a project.
"""
# TODO: See if we can constrain `project` to be a `Project` only.
project_name = project.name if isinstance(project, Project) else project
# Add our requested prohibition.
request.db.add(
ProhibitedProjectName(
name=project_name, comment=comment, prohibited_by=request.user
)
)
# Go through and delete the project and everything related to it so that
# our prohibition actually blocks things and isn't ignored (since the
# prohibition only takes effect on new project registration).
project = (
request.db.query(Project)
.filter(Project.normalized_name == func.normalize_pep426_name(project_name))
.first()
)
if project is not None:
remove_project(project, request, flash=flash)


def remove_project(project, request, flash=True):
# TODO: We don't actually delete files from the data store. We should add
# some kind of garbage collection at some point.
Expand Down

0 comments on commit 750693f

Please sign in to comment.