Update project role journal entries and events #11779
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
divbzero
commented
Jul 8, 2022
divbzero
commented
- Standardize journal entry action to be "add {role_name} {username}"
- Standardize project event tag to be "project:role:create"
- Standardize user event tag to be "account:role:create"
- Relates to Catalog and enforce ProjectEvent and UserEvent tags #7119.
divbzero
added a commit
to divbzero/warehouse
that referenced
this pull request
Jul 8, 2022
This reverts commit 2264221. The change will be included in separate pull request pypi#11779.
divbzero
force-pushed
the
fix/inconsistent-project-role-events
branch
from
6a78649 to
358e1dd
Compare
ewdurbin
pushed a commit
to divbzero/warehouse
that referenced
this pull request
Jul 19, 2022
This reverts commit 2264221. The change will be included in separate pull request pypi#11779.
divbzero
added a commit
to divbzero/warehouse
that referenced
this pull request
Jul 20, 2022
This reverts commit 2264221. The change will be included in separate pull request pypi#11779.
ewdurbin
added a commit
that referenced
this pull request
Jul 26, 2022
* Create initial models for Teams
* Add services for Teams to do all the things
* Add tests for the Teams services
* Add "Teams" to manage organization menu
* Template for manage organization "Teams"
* Grant "manage:team" permissions to org Owner
* Relax Team name constraint and add normalized_name
Organization and project names correspond to public URLs and require
stricter naming constraints. In contrast, team names are used internally
within organizations so we can relax the constraint to allow non-ASCII
international names.
* `find_teamid` by organization ID and team name
* View and form for manage organization "Teams"
* .team-snippet style
* sitemap.{png,svg}
SVG of `fa-sitemap` from Font Awesome 5.13.0:
https://github.com/FortAwesome/Font-Awesome/blob/4e6402443679e0a9d12c7401ac8783ef4646657f/js-packages/%40fortawesome/free-solid-svg-icons/faSitemap.js
Resized, recolored light gray, and converted to PNG.
* Tests for manage organization "Teams"
* Emails for manage organization "Teams"
* Base template for manage team pages
* Switch icons for organizations and teams
- `fa-sitemap` for organizations
- `fa-users` for teams
- `fa-user` for collaborators/members/people
* Template for manage team "Projects"
* View for manage team "Projects"
* Tests for manage team "Projects"
* `TeamRoleType` and `TeamProjectRoleType` enums
* Template for manage team "Members"
* View and form for manage team "Members"
* Tests for manage team "Members"
* Template for manage team "Settings"
* View and form for manage team "Settings"
* Tests for manage team "Settings"
* Fix typo in "added-as-organization-member" email
* Fix typo in "organization-member-removed" email
* Emails for manage team "Members"
* Emails for manage team "Settings"
* Update Alembic revisions after merge branch 'main'
* Update template for internal project collaborators
* Views and forms for internal project collaborators
* Update project role journal entries and events
- Standardize journal entry action to be "add {role_name} {username}"
- Standardize project event tag to be "project:role:create"
- Standardize user event tag to be "account:role:create"
* Tests for internal project collaborators
* Emails for internal project collaborators
* List org owners as internal project collaborators
* Restore 2FA column for project collaborators
* Fix redirect after removing team member
* Fix redirect after renaming team
* Enable events for `Team`
* Record events for `Team`
* Rename {Team.users => Team.members}
* Fix tests after merge branch 'main'
* Fix SQLAlchemy warnings for `Team`
Similar to fixes in #11378.
* Revert "Update project role journal entries and events"
This reverts commit 2264221.
The change will be included in separate pull request #11779.
* Update Alembic revisions after rebase 'main'
* Revert renaming of roles for individual users
- {Admin => Owner}
- {Upload => Maintainer}
As @ewdurbin described in #11665 we want to keep the original project
roles "Owner" and "Maintainer" for individual users in projects, and use
the new permissions "Administer" and "Upload" for teams in projects.
* Rename permissions for teams {Admin => Administer}
* Clarify in emails that teams have "permissions"
* Clarify in templates that teams have "permissions"
* Include team projects in user's list of projects
- Add team projects to list of user projects
- Add team projects with Administer permissions to projects owned
* Fix left align in "People" and "Members" tables
* Tweak navigation for organizations and teams
- Add links to organization for projects in organizations
- Add links to organization for teams in organizations
- Add display name to organization snippets
- Add member count to team snippets
These tweaks should make navigation easier and more intuitive.
* Grant project permissions to team members
* re-order migrations
Co-authored-by: sterbo <[email protected]>
Co-authored-by: Ee Durbin <[email protected]>
woodruffw
pushed a commit
to trail-of-forks/warehouse
that referenced
this pull request
Jul 27, 2022
* Create initial models for Teams
* Add services for Teams to do all the things
* Add tests for the Teams services
* Add "Teams" to manage organization menu
* Template for manage organization "Teams"
* Grant "manage:team" permissions to org Owner
* Relax Team name constraint and add normalized_name
Organization and project names correspond to public URLs and require
stricter naming constraints. In contrast, team names are used internally
within organizations so we can relax the constraint to allow non-ASCII
international names.
* `find_teamid` by organization ID and team name
* View and form for manage organization "Teams"
* .team-snippet style
* sitemap.{png,svg}
SVG of `fa-sitemap` from Font Awesome 5.13.0:
https://github.com/FortAwesome/Font-Awesome/blob/4e6402443679e0a9d12c7401ac8783ef4646657f/js-packages/%40fortawesome/free-solid-svg-icons/faSitemap.js
Resized, recolored light gray, and converted to PNG.
* Tests for manage organization "Teams"
* Emails for manage organization "Teams"
* Base template for manage team pages
* Switch icons for organizations and teams
- `fa-sitemap` for organizations
- `fa-users` for teams
- `fa-user` for collaborators/members/people
* Template for manage team "Projects"
* View for manage team "Projects"
* Tests for manage team "Projects"
* `TeamRoleType` and `TeamProjectRoleType` enums
* Template for manage team "Members"
* View and form for manage team "Members"
* Tests for manage team "Members"
* Template for manage team "Settings"
* View and form for manage team "Settings"
* Tests for manage team "Settings"
* Fix typo in "added-as-organization-member" email
* Fix typo in "organization-member-removed" email
* Emails for manage team "Members"
* Emails for manage team "Settings"
* Update Alembic revisions after merge branch 'main'
* Update template for internal project collaborators
* Views and forms for internal project collaborators
* Update project role journal entries and events
- Standardize journal entry action to be "add {role_name} {username}"
- Standardize project event tag to be "project:role:create"
- Standardize user event tag to be "account:role:create"
* Tests for internal project collaborators
* Emails for internal project collaborators
* List org owners as internal project collaborators
* Restore 2FA column for project collaborators
* Fix redirect after removing team member
* Fix redirect after renaming team
* Enable events for `Team`
* Record events for `Team`
* Rename {Team.users => Team.members}
* Fix tests after merge branch 'main'
* Fix SQLAlchemy warnings for `Team`
Similar to fixes in pypi#11378.
* Revert "Update project role journal entries and events"
This reverts commit 2264221.
The change will be included in separate pull request pypi#11779.
* Update Alembic revisions after rebase 'main'
* Revert renaming of roles for individual users
- {Admin => Owner}
- {Upload => Maintainer}
As @ewdurbin described in pypi#11665 we want to keep the original project
roles "Owner" and "Maintainer" for individual users in projects, and use
the new permissions "Administer" and "Upload" for teams in projects.
* Rename permissions for teams {Admin => Administer}
* Clarify in emails that teams have "permissions"
* Clarify in templates that teams have "permissions"
* Include team projects in user's list of projects
- Add team projects to list of user projects
- Add team projects with Administer permissions to projects owned
* Fix left align in "People" and "Members" tables
* Tweak navigation for organizations and teams
- Add links to organization for projects in organizations
- Add links to organization for teams in organizations
- Add display name to organization snippets
- Add member count to team snippets
These tweaks should make navigation easier and more intuitive.
* Grant project permissions to team members
* re-order migrations
Co-authored-by: sterbo <[email protected]>
Co-authored-by: Ee Durbin <[email protected]>
- Standardize journal entry action to be "add {role_name} {username}"
- Standardize project event tag to be "project:role:create"
- Standardize user event tag to be "account:role:create"
- Relates to pypi#7119.
divbzero
force-pushed
the
fix/inconsistent-project-role-events
branch
from
614bbeb to
1b0ff20
Compare
SamirPS
pushed a commit
to SamirPS/warehouse
that referenced
this pull request
Aug 30, 2022
* Create initial models for Teams
* Add services for Teams to do all the things
* Add tests for the Teams services
* Add "Teams" to manage organization menu
* Template for manage organization "Teams"
* Grant "manage:team" permissions to org Owner
* Relax Team name constraint and add normalized_name
Organization and project names correspond to public URLs and require
stricter naming constraints. In contrast, team names are used internally
within organizations so we can relax the constraint to allow non-ASCII
international names.
* `find_teamid` by organization ID and team name
* View and form for manage organization "Teams"
* .team-snippet style
* sitemap.{png,svg}
SVG of `fa-sitemap` from Font Awesome 5.13.0:
https://github.com/FortAwesome/Font-Awesome/blob/4e6402443679e0a9d12c7401ac8783ef4646657f/js-packages/%40fortawesome/free-solid-svg-icons/faSitemap.js
Resized, recolored light gray, and converted to PNG.
* Tests for manage organization "Teams"
* Emails for manage organization "Teams"
* Base template for manage team pages
* Switch icons for organizations and teams
- `fa-sitemap` for organizations
- `fa-users` for teams
- `fa-user` for collaborators/members/people
* Template for manage team "Projects"
* View for manage team "Projects"
* Tests for manage team "Projects"
* `TeamRoleType` and `TeamProjectRoleType` enums
* Template for manage team "Members"
* View and form for manage team "Members"
* Tests for manage team "Members"
* Template for manage team "Settings"
* View and form for manage team "Settings"
* Tests for manage team "Settings"
* Fix typo in "added-as-organization-member" email
* Fix typo in "organization-member-removed" email
* Emails for manage team "Members"
* Emails for manage team "Settings"
* Update Alembic revisions after merge branch 'main'
* Update template for internal project collaborators
* Views and forms for internal project collaborators
* Update project role journal entries and events
- Standardize journal entry action to be "add {role_name} {username}"
- Standardize project event tag to be "project:role:create"
- Standardize user event tag to be "account:role:create"
* Tests for internal project collaborators
* Emails for internal project collaborators
* List org owners as internal project collaborators
* Restore 2FA column for project collaborators
* Fix redirect after removing team member
* Fix redirect after renaming team
* Enable events for `Team`
* Record events for `Team`
* Rename {Team.users => Team.members}
* Fix tests after merge branch 'main'
* Fix SQLAlchemy warnings for `Team`
Similar to fixes in pypi#11378.
* Revert "Update project role journal entries and events"
This reverts commit 2264221.
The change will be included in separate pull request pypi#11779.
* Update Alembic revisions after rebase 'main'
* Revert renaming of roles for individual users
- {Admin => Owner}
- {Upload => Maintainer}
As @ewdurbin described in pypi#11665 we want to keep the original project
roles "Owner" and "Maintainer" for individual users in projects, and use
the new permissions "Administer" and "Upload" for teams in projects.
* Rename permissions for teams {Admin => Administer}
* Clarify in emails that teams have "permissions"
* Clarify in templates that teams have "permissions"
* Include team projects in user's list of projects
- Add team projects to list of user projects
- Add team projects with Administer permissions to projects owned
* Fix left align in "People" and "Members" tables
* Tweak navigation for organizations and teams
- Add links to organization for projects in organizations
- Add links to organization for teams in organizations
- Add display name to organization snippets
- Add member count to team snippets
These tweaks should make navigation easier and more intuitive.
* Grant project permissions to team members
* re-order migrations
Co-authored-by: sterbo <[email protected]>
Co-authored-by: Ee Durbin <[email protected]>
divbzero
added
the
developer experience
Merged
divbzero
added a commit
to divbzero/warehouse
that referenced
this pull request
Oct 12, 2022
- Standardize journal entry action to be "add {role_name} {username}"
- Standardize project event tag to be "project:role:create"
- Standardize user event tag to be "account:role:create"
- Relates to pypi#7119.
Cherry-picked commit 1b0ff20 from pypi#11779.
|
These changes have been incorporated into pull request #12351. |
divbzero
added a commit
to divbzero/warehouse
that referenced
this pull request
Oct 14, 2022
- Standardize journal entry action to be "add {role_name} {username}"
- Standardize project event tag to be "project:role:create"
- Standardize user event tag to be "account:role:create"
- Relates to pypi#7119.
Cherry-picked commit 1b0ff20 from pypi#11779.
ewdurbin
added a commit
that referenced
this pull request
Oct 19, 2022
* Update project role journal entries and events
- Standardize journal entry action to be "add {role_name} {username}"
- Standardize project event tag to be "project:role:create"
- Standardize user event tag to be "account:role:create"
- Relates to #7119.
Cherry-picked commit 1b0ff20 from #11779.
* `EventTagEnum` for enumerating tag values
* Enumerate "project:*" event tags
Replaced "project:*" strings with EventTag.Project.* values:
rg -l '"project:api_token:added"' | xargs -n 1 sed -i '' 's/"project:api_token:added"/EventTag.Project.APITokenAdded/g'
rg -l '"project:api_token:removed"' | xargs -n 1 sed -i '' 's/"project:api_token:removed"/EventTag.Project.APITokenRemoved/g'
rg -l '"project:oidc:provider-added"' | xargs -n 1 sed -i '' 's/"project:oidc:provider-added"/EventTag.Project.OIDCProviderAdded/g'
rg -l '"project:oidc:provider-removed"' | xargs -n 1 sed -i '' 's/"project:oidc:provider-removed"/EventTag.Project.OIDCProviderRemoved/g'
rg -l '"project:organization_project:add"' | xargs -n 1 sed -i '' 's/"project:organization_project:add"/EventTag.Project.OrganizationProjectAdd/g'
rg -l '"project:organization_project:remove"' | xargs -n 1 sed -i '' 's/"project:organization_project:remove"/EventTag.Project.OrganizationProjectRemove/g'
rg -l '"project:owners_require_2fa:disabled"' | xargs -n 1 sed -i '' 's/"project:owners_require_2fa:disabled"/EventTag.Project.OwnersRequire2FADisabled/g'
rg -l '"project:owners_require_2fa:enabled"' | xargs -n 1 sed -i '' 's/"project:owners_require_2fa:enabled"/EventTag.Project.OwnersRequire2FAEnabled/g'
rg -l '"project:create"' | xargs -n 1 sed -i '' 's/"project:create"/EventTag.Project.ProjectCreate/g'
rg -l '"project:release:add"' | xargs -n 1 sed -i '' 's/"project:release:add"/EventTag.Project.ReleaseAdd/g'
rg -l '"project:release:file:remove"' | xargs -n 1 sed -i '' 's/"project:release:file:remove"/EventTag.Project.ReleaseFileRemove/g'
rg -l '"project:release:remove"' | xargs -n 1 sed -i '' 's/"project:release:remove"/EventTag.Project.ReleaseRemove/g'
rg -l '"project:release:unyank"' | xargs -n 1 sed -i '' 's/"project:release:unyank"/EventTag.Project.ReleaseUnyank/g'
rg -l '"project:release:yank"' | xargs -n 1 sed -i '' 's/"project:release:yank"/EventTag.Project.ReleaseYank/g'
rg -l '"project:role:change"' | xargs -n 1 sed -i '' 's/"project:role:change"/EventTag.Project.RoleChange/g'
rg -l '"project:role:create"' | xargs -n 1 sed -i '' 's/"project:role:create"/EventTag.Project.RoleCreate/g'
rg -l '"project:role:delete"' | xargs -n 1 sed -i '' 's/"project:role:delete"/EventTag.Project.RoleDelete/g'
rg -l '"project:role:invite"' | xargs -n 1 sed -i '' 's/"project:role:invite"/EventTag.Project.RoleInvite/g'
rg -l '"project:role:revoke_invite"' | xargs -n 1 sed -i '' 's/"project:role:revoke_invite"/EventTag.Project.RoleRevokeInvite/g'
rg -l '"project:team_project_role:change"' | xargs -n 1 sed -i '' 's/"project:team_project_role:change"/EventTag.Project.TeamProjectRoleChange/g'
rg -l '"project:team_project_role:create"' | xargs -n 1 sed -i '' 's/"project:team_project_role:create"/EventTag.Project.TeamProjectRoleCreate/g'
rg -l '"project:team_project_role:delete"' | xargs -n 1 sed -i '' 's/"project:team_project_role:delete"/EventTag.Project.TeamProjectRoleDelete/g'
(Remove empty quotes '' if using GNU sed instead of BSD sed.)
Two legacy "project:*" tags are no longer used when recording events:
- "project:role:accepted"
- "project:role:add"
* Enumerate "account:*" event tags
Replaced "account:*" strings with EventTag.Account.* values:
rg -l '"account:api_token:added"' | xargs -n 1 sed -i '' 's/"account:api_token:added"/EventTag.Account.APITokenAdded/g'
rg -l '"account:api_token:removed"' | xargs -n 1 sed -i '' 's/"account:api_token:removed"/EventTag.Account.APITokenRemoved/g'
rg -l '"account:api_token:removed_leak"' | xargs -n 1 sed -i '' 's/"account:api_token:removed_leak"/EventTag.Account.APITokenRemovedLeak/g'
rg -l '"account:create"' | xargs -n 1 sed -i '' 's/"account:create"/EventTag.Account.AccountCreate/g'
rg -l '"account:email:add"' | xargs -n 1 sed -i '' 's/"account:email:add"/EventTag.Account.EmailAdd/g'
rg -l '"account:email:primary:change"' | xargs -n 1 sed -i '' 's/"account:email:primary:change"/EventTag.Account.EmailPrimaryChange/g'
rg -l '"account:email:remove"' | xargs -n 1 sed -i '' 's/"account:email:remove"/EventTag.Account.EmailRemove/g'
rg -l '"account:email:reverify"' | xargs -n 1 sed -i '' 's/"account:email:reverify"/EventTag.Account.EmailReverify/g'
rg -l '"account:email:verified"' | xargs -n 1 sed -i '' 's/"account:email:verified"/EventTag.Account.EmailVerified/g'
rg -l '"account:login:failure"' | xargs -n 1 sed -i '' 's/"account:login:failure"/EventTag.Account.LoginFailure/g'
rg -l '"account:login:success"' | xargs -n 1 sed -i '' 's/"account:login:success"/EventTag.Account.LoginSuccess/g'
rg -l '"account:organization_role:accepted"' | xargs -n 1 sed -i '' 's/"account:organization_role:accepted"/EventTag.Account.OrganizationRoleAccepted/g'
rg -l '"account:organization_role:change"' | xargs -n 1 sed -i '' 's/"account:organization_role:change"/EventTag.Account.OrganizationRoleChange/g'
rg -l '"account:organization_role:declined"' | xargs -n 1 sed -i '' 's/"account:organization_role:declined"/EventTag.Account.OrganizationRoleDeclined/g'
rg -l '"account:organization_role:delete"' | xargs -n 1 sed -i '' 's/"account:organization_role:delete"/EventTag.Account.OrganizationRoleDelete/g'
rg -l '"account:password:change"' | xargs -n 1 sed -i '' 's/"account:password:change"/EventTag.Account.PasswordChange/g'
rg -l '"account:password:reset"' | xargs -n 1 sed -i '' 's/"account:password:reset"/EventTag.Account.PasswordReset/g'
rg -l '"account:password:reset:attempt"' | xargs -n 1 sed -i '' 's/"account:password:reset:attempt"/EventTag.Account.PasswordResetAttempt/g'
rg -l '"account:password:reset:request"' | xargs -n 1 sed -i '' 's/"account:password:reset:request"/EventTag.Account.PasswordResetRequest/g'
rg -l '"account:recovery_codes:generated"' | xargs -n 1 sed -i '' 's/"account:recovery_codes:generated"/EventTag.Account.RecoveryCodesGenerated/g'
rg -l '"account:recovery_codes:regenerated"' | xargs -n 1 sed -i '' 's/"account:recovery_codes:regenerated"/EventTag.Account.RecoveryCodesRegenerated/g'
rg -l '"account:recovery_codes:used"' | xargs -n 1 sed -i '' 's/"account:recovery_codes:used"/EventTag.Account.RecoveryCodesUsed/g'
rg -l '"account:role:create"' | xargs -n 1 sed -i '' 's/"account:role:create"/EventTag.Account.RoleCreate/g'
rg -l '"account:role:invite"' | xargs -n 1 sed -i '' 's/"account:role:invite"/EventTag.Account.RoleInvite/g'
rg -l '"account:team_role:add"' | xargs -n 1 sed -i '' 's/"account:team_role:add"/EventTag.Account.TeamRoleAdd/g'
rg -l '"account:team_role:delete"' | xargs -n 1 sed -i '' 's/"account:team_role:delete"/EventTag.Account.TeamRoleDelete/g'
rg -l '"account:two_factor:method_added"' | xargs -n 1 sed -i '' 's/"account:two_factor:method_added"/EventTag.Account.TwoFactorMethodAdded/g'
rg -l '"account:two_factor:method_removed"' | xargs -n 1 sed -i ''
's/"account:two_factor:method_removed"/EventTag.Account.TwoFactorMethodRemoved/g'
(Remove empty quotes '' if using GNU sed instead of BSD sed.)
Three legacy "account:*" tags are no longer used when recording events:
- "account:email:sent"
- "account:reauthenticate:failure"
- "account:role:accepted"
* Enumerate "organization:*" event tags
Replaced "organization:*" strings with EventTag.Organization.* values:
rg -l '"organization:catalog_entry:add"' | xargs -n 1 sed -i '' 's/"organization:catalog_entry:add"/EventTag.Organization.CatalogEntryAdd/g'
rg -l '"organization:approve"' | xargs -n 1 sed -i '' 's/"organization:approve"/EventTag.Organization.OrganizationApprove/g'
rg -l '"organization:create"' | xargs -n 1 sed -i '' 's/"organization:create"/EventTag.Organization.OrganizationCreate/g'
rg -l '"organization:decline"' | xargs -n 1 sed -i '' 's/"organization:decline"/EventTag.Organization.OrganizationDecline/g'
rg -l '"organization:delete"' | xargs -n 1 sed -i '' 's/"organization:delete"/EventTag.Organization.OrganizationDelete/g'
rg -l '"organization:rename"' | xargs -n 1 sed -i '' 's/"organization:rename"/EventTag.Organization.OrganizationRename/g'
rg -l '"organization:organization_project:add"' | xargs -n 1 sed -i '' 's/"organization:organization_project:add"/EventTag.Organization.OrganizationProjectAdd/g'
rg -l '"organization:organization_project:remove"' | xargs -n 1 sed -i '' 's/"organization:organization_project:remove"/EventTag.Organization.OrganizationProjectRemove/g'
rg -l '"organization:organization_role:accepted"' | xargs -n 1 sed -i '' 's/"organization:organization_role:accepted"/EventTag.Organization.OrganizationRoleAccepted/g'
rg -l '"organization:organization_role:change"' | xargs -n 1 sed -i '' 's/"organization:organization_role:change"/EventTag.Organization.OrganizationRoleChange/g'
rg -l '"organization:organization_role:declined"' | xargs -n 1 sed -i '' 's/"organization:organization_role:declined"/EventTag.Organization.OrganizationRoleDeclined/g'
rg -l '"organization:organization_role:delete"' | xargs -n 1 sed -i '' 's/"organization:organization_role:delete"/EventTag.Organization.OrganizationRoleDelete/g'
rg -l '"organization:organization_role:invite"' | xargs -n 1 sed -i '' 's/"organization:organization_role:invite"/EventTag.Organization.OrganizationRoleInvite/g'
rg -l '"organization:organization_role:revoke_invite"' | xargs -n 1 sed -i '' 's/"organization:organization_role:revoke_invite"/EventTag.Organization.OrganizationRoleRevokeInvite/g'
rg -l '"organization:team:create"' | xargs -n 1 sed -i '' 's/"organization:team:create"/EventTag.Organization.TeamCreate/g'
rg -l '"organization:team:delete"' | xargs -n 1 sed -i '' 's/"organization:team:delete"/EventTag.Organization.TeamDelete/g'
rg -l '"organization:team_project_role:change"' | xargs -n 1 sed -i '' 's/"organization:team_project_role:change"/EventTag.Organization.TeamProjectRoleChange/g'
rg -l '"organization:team_project_role:create"' | xargs -n 1 sed -i '' 's/"organization:team_project_role:create"/EventTag.Organization.TeamProjectRoleCreate/g'
rg -l '"organization:team_project_role:delete"' | xargs -n 1 sed -i '' 's/"organization:team_project_role:delete"/EventTag.Organization.TeamProjectRoleDelete/g'
rg -l '"organization:team_role:add"' | xargs -n 1 sed -i '' 's/"organization:team_role:add"/EventTag.Organization.TeamRoleAdd/g'
rg -l '"organization:team_role:delete"' | xargs -n 1 sed -i '' 's/"organization:team_role:delete"/EventTag.Organization.TeamRoleDelete/g'
(Remove empty quotes '' if using GNU sed instead of BSD sed.)
* Enumerate "team:*" event tags
Replaced "team:*" strings with EventTag.Team.* values:
rg -l '"team:create"' | xargs -n 1 sed -i '' 's/"team:create"/EventTag.Team.TeamCreate/g'
rg -l '"team:delete"' | xargs -n 1 sed -i '' 's/"team:delete"/EventTag.Team.TeamDelete/g'
rg -l '"team:team_project_role:change"' | xargs -n 1 sed -i '' 's/"team:team_project_role:change"/EventTag.Team.TeamProjectRoleChange/g'
rg -l '"team:team_project_role:create"' | xargs -n 1 sed -i '' 's/"team:team_project_role:create"/EventTag.Team.TeamProjectRoleCreate/g'
rg -l '"team:team_project_role:delete"' | xargs -n 1 sed -i '' 's/"team:team_project_role:delete"/EventTag.Team.TeamProjectRoleDelete/g'
rg -l '"team:team_role:add"' | xargs -n 1 sed -i '' 's/"team:team_role:add"/EventTag.Team.TeamRoleAdd/g'
rg -l '"team:team_role:delete"' | xargs -n 1 sed -i '' 's/"team:team_role:delete"/EventTag.Team.TeamRoleDelete/g'
(Remove empty quotes '' if using GNU sed instead of BSD sed.)
* Standardize use of "*:add" and "*:remove" for role events
"*:add" was already being used in "project:role:add" but there was also
inconsistent use of "project:role:accepted". Standardizing role events
to "*:add" and "*:remove" seemed to fit best with other events.
rg -l RoleAccepted | xargs -n 1 sed -i '' 's/RoleAccepted/RoleAdd/g'
rg -l RoleCreate | xargs -n 1 sed -i '' 's/RoleCreate/RoleAdd/g'
rg -l RoleDelete | xargs -n 1 sed -i '' 's/RoleDelete/RoleRemove/g'
(Remove empty quotes '' if using GNU sed instead of BSD sed.)
* Standardize use of "*:decline_invite" for role events
"*:decline_invite" seems to fit better with existing "*:revoke_invite"
tags for role events.
rg -l RoleDeclined | xargs -n 1 sed -i '' 's/RoleDeclined/RoleDeclineInvite/g'
(Remove empty quotes '' if using GNU sed instead of BSD sed.)
* Record missing role events
There were several missing tags for role events:
- "account:organization_role:invite"
- "account:organization_role:revoke_invite"
- "account:role:change"
- "account:role:decline_invite"
- "account:role:remove"
- "account:role:revoke_invite"
- "project:role:decline_invite"
`Role` and `OrganizationRole` should have the following 6 event tags:
- "*:invite"
- "*:decline_invite"
- "*:revoke_invite"
- "*:add"
- "*:change"
- "*:remove"
`TeamProjectRole` should only have the following 3 event tags because
there are no invitations with for `TeamProjectRole`:
- "*:add"
- "*:change"
- "*:remove"
`TeamRole` should only have the following 2 event tags because there are
no invitations for `TeamRole` and only one `TeamRoleType`:
- "*:add"
- "*:remove"
* Record missing rename events
There were a couple missing rename events:
- "organization:team:rename"
- "team:rename"
* Do not record owner invite event when creating org
* Update warehouse/accounts/views.py
Co-authored-by: Ee Durbin <[email protected]>
ewdurbin
added a commit
that referenced
this pull request
Oct 19, 2022
* Update project role journal entries and events
- Standardize journal entry action to be "add {role_name} {username}"
- Standardize project event tag to be "project:role:create"
- Standardize user event tag to be "account:role:create"
- Relates to #7119.
Cherry-picked commit 1b0ff20 from #11779.
* `EventTagEnum` for enumerating tag values
* Enumerate "project:*" event tags
Replaced "project:*" strings with EventTag.Project.* values:
rg -l '"project:api_token:added"' | xargs -n 1 sed -i '' 's/"project:api_token:added"/EventTag.Project.APITokenAdded/g'
rg -l '"project:api_token:removed"' | xargs -n 1 sed -i '' 's/"project:api_token:removed"/EventTag.Project.APITokenRemoved/g'
rg -l '"project:oidc:provider-added"' | xargs -n 1 sed -i '' 's/"project:oidc:provider-added"/EventTag.Project.OIDCProviderAdded/g'
rg -l '"project:oidc:provider-removed"' | xargs -n 1 sed -i '' 's/"project:oidc:provider-removed"/EventTag.Project.OIDCProviderRemoved/g'
rg -l '"project:organization_project:add"' | xargs -n 1 sed -i '' 's/"project:organization_project:add"/EventTag.Project.OrganizationProjectAdd/g'
rg -l '"project:organization_project:remove"' | xargs -n 1 sed -i '' 's/"project:organization_project:remove"/EventTag.Project.OrganizationProjectRemove/g'
rg -l '"project:owners_require_2fa:disabled"' | xargs -n 1 sed -i '' 's/"project:owners_require_2fa:disabled"/EventTag.Project.OwnersRequire2FADisabled/g'
rg -l '"project:owners_require_2fa:enabled"' | xargs -n 1 sed -i '' 's/"project:owners_require_2fa:enabled"/EventTag.Project.OwnersRequire2FAEnabled/g'
rg -l '"project:create"' | xargs -n 1 sed -i '' 's/"project:create"/EventTag.Project.ProjectCreate/g'
rg -l '"project:release:add"' | xargs -n 1 sed -i '' 's/"project:release:add"/EventTag.Project.ReleaseAdd/g'
rg -l '"project:release:file:remove"' | xargs -n 1 sed -i '' 's/"project:release:file:remove"/EventTag.Project.ReleaseFileRemove/g'
rg -l '"project:release:remove"' | xargs -n 1 sed -i '' 's/"project:release:remove"/EventTag.Project.ReleaseRemove/g'
rg -l '"project:release:unyank"' | xargs -n 1 sed -i '' 's/"project:release:unyank"/EventTag.Project.ReleaseUnyank/g'
rg -l '"project:release:yank"' | xargs -n 1 sed -i '' 's/"project:release:yank"/EventTag.Project.ReleaseYank/g'
rg -l '"project:role:change"' | xargs -n 1 sed -i '' 's/"project:role:change"/EventTag.Project.RoleChange/g'
rg -l '"project:role:create"' | xargs -n 1 sed -i '' 's/"project:role:create"/EventTag.Project.RoleCreate/g'
rg -l '"project:role:delete"' | xargs -n 1 sed -i '' 's/"project:role:delete"/EventTag.Project.RoleDelete/g'
rg -l '"project:role:invite"' | xargs -n 1 sed -i '' 's/"project:role:invite"/EventTag.Project.RoleInvite/g'
rg -l '"project:role:revoke_invite"' | xargs -n 1 sed -i '' 's/"project:role:revoke_invite"/EventTag.Project.RoleRevokeInvite/g'
rg -l '"project:team_project_role:change"' | xargs -n 1 sed -i '' 's/"project:team_project_role:change"/EventTag.Project.TeamProjectRoleChange/g'
rg -l '"project:team_project_role:create"' | xargs -n 1 sed -i '' 's/"project:team_project_role:create"/EventTag.Project.TeamProjectRoleCreate/g'
rg -l '"project:team_project_role:delete"' | xargs -n 1 sed -i '' 's/"project:team_project_role:delete"/EventTag.Project.TeamProjectRoleDelete/g'
(Remove empty quotes '' if using GNU sed instead of BSD sed.)
Two legacy "project:*" tags are no longer used when recording events:
- "project:role:accepted"
- "project:role:add"
* Enumerate "account:*" event tags
Replaced "account:*" strings with EventTag.Account.* values:
rg -l '"account:api_token:added"' | xargs -n 1 sed -i '' 's/"account:api_token:added"/EventTag.Account.APITokenAdded/g'
rg -l '"account:api_token:removed"' | xargs -n 1 sed -i '' 's/"account:api_token:removed"/EventTag.Account.APITokenRemoved/g'
rg -l '"account:api_token:removed_leak"' | xargs -n 1 sed -i '' 's/"account:api_token:removed_leak"/EventTag.Account.APITokenRemovedLeak/g'
rg -l '"account:create"' | xargs -n 1 sed -i '' 's/"account:create"/EventTag.Account.AccountCreate/g'
rg -l '"account:email:add"' | xargs -n 1 sed -i '' 's/"account:email:add"/EventTag.Account.EmailAdd/g'
rg -l '"account:email:primary:change"' | xargs -n 1 sed -i '' 's/"account:email:primary:change"/EventTag.Account.EmailPrimaryChange/g'
rg -l '"account:email:remove"' | xargs -n 1 sed -i '' 's/"account:email:remove"/EventTag.Account.EmailRemove/g'
rg -l '"account:email:reverify"' | xargs -n 1 sed -i '' 's/"account:email:reverify"/EventTag.Account.EmailReverify/g'
rg -l '"account:email:verified"' | xargs -n 1 sed -i '' 's/"account:email:verified"/EventTag.Account.EmailVerified/g'
rg -l '"account:login:failure"' | xargs -n 1 sed -i '' 's/"account:login:failure"/EventTag.Account.LoginFailure/g'
rg -l '"account:login:success"' | xargs -n 1 sed -i '' 's/"account:login:success"/EventTag.Account.LoginSuccess/g'
rg -l '"account:organization_role:accepted"' | xargs -n 1 sed -i '' 's/"account:organization_role:accepted"/EventTag.Account.OrganizationRoleAccepted/g'
rg -l '"account:organization_role:change"' | xargs -n 1 sed -i '' 's/"account:organization_role:change"/EventTag.Account.OrganizationRoleChange/g'
rg -l '"account:organization_role:declined"' | xargs -n 1 sed -i '' 's/"account:organization_role:declined"/EventTag.Account.OrganizationRoleDeclined/g'
rg -l '"account:organization_role:delete"' | xargs -n 1 sed -i '' 's/"account:organization_role:delete"/EventTag.Account.OrganizationRoleDelete/g'
rg -l '"account:password:change"' | xargs -n 1 sed -i '' 's/"account:password:change"/EventTag.Account.PasswordChange/g'
rg -l '"account:password:reset"' | xargs -n 1 sed -i '' 's/"account:password:reset"/EventTag.Account.PasswordReset/g'
rg -l '"account:password:reset:attempt"' | xargs -n 1 sed -i '' 's/"account:password:reset:attempt"/EventTag.Account.PasswordResetAttempt/g'
rg -l '"account:password:reset:request"' | xargs -n 1 sed -i '' 's/"account:password:reset:request"/EventTag.Account.PasswordResetRequest/g'
rg -l '"account:recovery_codes:generated"' | xargs -n 1 sed -i '' 's/"account:recovery_codes:generated"/EventTag.Account.RecoveryCodesGenerated/g'
rg -l '"account:recovery_codes:regenerated"' | xargs -n 1 sed -i '' 's/"account:recovery_codes:regenerated"/EventTag.Account.RecoveryCodesRegenerated/g'
rg -l '"account:recovery_codes:used"' | xargs -n 1 sed -i '' 's/"account:recovery_codes:used"/EventTag.Account.RecoveryCodesUsed/g'
rg -l '"account:role:create"' | xargs -n 1 sed -i '' 's/"account:role:create"/EventTag.Account.RoleCreate/g'
rg -l '"account:role:invite"' | xargs -n 1 sed -i '' 's/"account:role:invite"/EventTag.Account.RoleInvite/g'
rg -l '"account:team_role:add"' | xargs -n 1 sed -i '' 's/"account:team_role:add"/EventTag.Account.TeamRoleAdd/g'
rg -l '"account:team_role:delete"' | xargs -n 1 sed -i '' 's/"account:team_role:delete"/EventTag.Account.TeamRoleDelete/g'
rg -l '"account:two_factor:method_added"' | xargs -n 1 sed -i '' 's/"account:two_factor:method_added"/EventTag.Account.TwoFactorMethodAdded/g'
rg -l '"account:two_factor:method_removed"' | xargs -n 1 sed -i ''
's/"account:two_factor:method_removed"/EventTag.Account.TwoFactorMethodRemoved/g'
(Remove empty quotes '' if using GNU sed instead of BSD sed.)
Three legacy "account:*" tags are no longer used when recording events:
- "account:email:sent"
- "account:reauthenticate:failure"
- "account:role:accepted"
* Enumerate "organization:*" event tags
Replaced "organization:*" strings with EventTag.Organization.* values:
rg -l '"organization:catalog_entry:add"' | xargs -n 1 sed -i '' 's/"organization:catalog_entry:add"/EventTag.Organization.CatalogEntryAdd/g'
rg -l '"organization:approve"' | xargs -n 1 sed -i '' 's/"organization:approve"/EventTag.Organization.OrganizationApprove/g'
rg -l '"organization:create"' | xargs -n 1 sed -i '' 's/"organization:create"/EventTag.Organization.OrganizationCreate/g'
rg -l '"organization:decline"' | xargs -n 1 sed -i '' 's/"organization:decline"/EventTag.Organization.OrganizationDecline/g'
rg -l '"organization:delete"' | xargs -n 1 sed -i '' 's/"organization:delete"/EventTag.Organization.OrganizationDelete/g'
rg -l '"organization:rename"' | xargs -n 1 sed -i '' 's/"organization:rename"/EventTag.Organization.OrganizationRename/g'
rg -l '"organization:organization_project:add"' | xargs -n 1 sed -i '' 's/"organization:organization_project:add"/EventTag.Organization.OrganizationProjectAdd/g'
rg -l '"organization:organization_project:remove"' | xargs -n 1 sed -i '' 's/"organization:organization_project:remove"/EventTag.Organization.OrganizationProjectRemove/g'
rg -l '"organization:organization_role:accepted"' | xargs -n 1 sed -i '' 's/"organization:organization_role:accepted"/EventTag.Organization.OrganizationRoleAccepted/g'
rg -l '"organization:organization_role:change"' | xargs -n 1 sed -i '' 's/"organization:organization_role:change"/EventTag.Organization.OrganizationRoleChange/g'
rg -l '"organization:organization_role:declined"' | xargs -n 1 sed -i '' 's/"organization:organization_role:declined"/EventTag.Organization.OrganizationRoleDeclined/g'
rg -l '"organization:organization_role:delete"' | xargs -n 1 sed -i '' 's/"organization:organization_role:delete"/EventTag.Organization.OrganizationRoleDelete/g'
rg -l '"organization:organization_role:invite"' | xargs -n 1 sed -i '' 's/"organization:organization_role:invite"/EventTag.Organization.OrganizationRoleInvite/g'
rg -l '"organization:organization_role:revoke_invite"' | xargs -n 1 sed -i '' 's/"organization:organization_role:revoke_invite"/EventTag.Organization.OrganizationRoleRevokeInvite/g'
rg -l '"organization:team:create"' | xargs -n 1 sed -i '' 's/"organization:team:create"/EventTag.Organization.TeamCreate/g'
rg -l '"organization:team:delete"' | xargs -n 1 sed -i '' 's/"organization:team:delete"/EventTag.Organization.TeamDelete/g'
rg -l '"organization:team_project_role:change"' | xargs -n 1 sed -i '' 's/"organization:team_project_role:change"/EventTag.Organization.TeamProjectRoleChange/g'
rg -l '"organization:team_project_role:create"' | xargs -n 1 sed -i '' 's/"organization:team_project_role:create"/EventTag.Organization.TeamProjectRoleCreate/g'
rg -l '"organization:team_project_role:delete"' | xargs -n 1 sed -i '' 's/"organization:team_project_role:delete"/EventTag.Organization.TeamProjectRoleDelete/g'
rg -l '"organization:team_role:add"' | xargs -n 1 sed -i '' 's/"organization:team_role:add"/EventTag.Organization.TeamRoleAdd/g'
rg -l '"organization:team_role:delete"' | xargs -n 1 sed -i '' 's/"organization:team_role:delete"/EventTag.Organization.TeamRoleDelete/g'
(Remove empty quotes '' if using GNU sed instead of BSD sed.)
* Enumerate "team:*" event tags
Replaced "team:*" strings with EventTag.Team.* values:
rg -l '"team:create"' | xargs -n 1 sed -i '' 's/"team:create"/EventTag.Team.TeamCreate/g'
rg -l '"team:delete"' | xargs -n 1 sed -i '' 's/"team:delete"/EventTag.Team.TeamDelete/g'
rg -l '"team:team_project_role:change"' | xargs -n 1 sed -i '' 's/"team:team_project_role:change"/EventTag.Team.TeamProjectRoleChange/g'
rg -l '"team:team_project_role:create"' | xargs -n 1 sed -i '' 's/"team:team_project_role:create"/EventTag.Team.TeamProjectRoleCreate/g'
rg -l '"team:team_project_role:delete"' | xargs -n 1 sed -i '' 's/"team:team_project_role:delete"/EventTag.Team.TeamProjectRoleDelete/g'
rg -l '"team:team_role:add"' | xargs -n 1 sed -i '' 's/"team:team_role:add"/EventTag.Team.TeamRoleAdd/g'
rg -l '"team:team_role:delete"' | xargs -n 1 sed -i '' 's/"team:team_role:delete"/EventTag.Team.TeamRoleDelete/g'
(Remove empty quotes '' if using GNU sed instead of BSD sed.)
* Standardize use of "*:add" and "*:remove" for role events
"*:add" was already being used in "project:role:add" but there was also
inconsistent use of "project:role:accepted". Standardizing role events
to "*:add" and "*:remove" seemed to fit best with other events.
rg -l RoleAccepted | xargs -n 1 sed -i '' 's/RoleAccepted/RoleAdd/g'
rg -l RoleCreate | xargs -n 1 sed -i '' 's/RoleCreate/RoleAdd/g'
rg -l RoleDelete | xargs -n 1 sed -i '' 's/RoleDelete/RoleRemove/g'
(Remove empty quotes '' if using GNU sed instead of BSD sed.)
* Standardize use of "*:decline_invite" for role events
"*:decline_invite" seems to fit better with existing "*:revoke_invite"
tags for role events.
rg -l RoleDeclined | xargs -n 1 sed -i '' 's/RoleDeclined/RoleDeclineInvite/g'
(Remove empty quotes '' if using GNU sed instead of BSD sed.)
* Record missing role events
There were several missing tags for role events:
- "account:organization_role:invite"
- "account:organization_role:revoke_invite"
- "account:role:change"
- "account:role:decline_invite"
- "account:role:remove"
- "account:role:revoke_invite"
- "project:role:decline_invite"
`Role` and `OrganizationRole` should have the following 6 event tags:
- "*:invite"
- "*:decline_invite"
- "*:revoke_invite"
- "*:add"
- "*:change"
- "*:remove"
`TeamProjectRole` should only have the following 3 event tags because
there are no invitations with for `TeamProjectRole`:
- "*:add"
- "*:change"
- "*:remove"
`TeamRole` should only have the following 2 event tags because there are
no invitations for `TeamRole` and only one `TeamRoleType`:
- "*:add"
- "*:remove"
* Record missing rename events
There were a couple missing rename events:
- "organization:team:rename"
- "team:rename"
* Do not record owner invite event when creating org
* NFC: {<br> => display: block} in security logs
* Add "Security history" for organizations
* Align left <th> in security logs
* Add "Security history" for teams
* Graceful fail if additional event field is missing
Allowing `user_service.get_user` to accept `None` as input results in an
empty string instead of a hard error in the Jinja template.
* Update "Security history" for projects
Added missing event formatters for:
- "project:release:unyank"
- "project:role:invite"
- "project:role:decline_invite"
- "project:role:revoke_invite"
- "project:team_project_role:add"
- "project:team_project_role:remove"
- "project:team_project_role:change"
- "project:organization_project:add"
- "project:organization_project:remove"
- "project:oidc_provider:added"
- "project:oidc_provider:removed"
Also added links to release versions for all release events.
* NFC: Comments reminding us to keep tags in sync
* Update warehouse/accounts/views.py
Co-authored-by: Ee Durbin <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.