Skip to content

Update project role journal entries and events #11779

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed

Conversation

divbzero
Copy link
Contributor

@divbzero divbzero commented Jul 8, 2022

@divbzero divbzero requested a review from a team as a code owner July 8, 2022 07:04
divbzero added a commit to divbzero/warehouse that referenced this pull request Jul 8, 2022
This reverts commit 2264221.
The change will be included in separate pull request pypi#11779.
@divbzero divbzero force-pushed the fix/inconsistent-project-role-events branch from 6a78649 to 358e1dd Compare July 8, 2022 07:15
ewdurbin pushed a commit to divbzero/warehouse that referenced this pull request Jul 19, 2022
This reverts commit 2264221.
The change will be included in separate pull request pypi#11779.
divbzero added a commit to divbzero/warehouse that referenced this pull request Jul 20, 2022
This reverts commit 2264221.
The change will be included in separate pull request pypi#11779.
ewdurbin added a commit that referenced this pull request Jul 26, 2022
* Create initial models for Teams

* Add services for Teams to do all the things

* Add tests for the Teams services

* Add "Teams" to manage organization menu

* Template for manage organization "Teams"

* Grant "manage:team" permissions to org Owner

* Relax Team name constraint and add normalized_name

Organization and project names correspond to public URLs and require
stricter naming constraints. In contrast, team names are used internally
within organizations so we can relax the constraint to allow non-ASCII
international names.

* `find_teamid` by organization ID and team name

* View and form for manage organization "Teams"

* .team-snippet style

* sitemap.{png,svg}

SVG of `fa-sitemap` from Font Awesome 5.13.0:

https://github.com/FortAwesome/Font-Awesome/blob/4e6402443679e0a9d12c7401ac8783ef4646657f/js-packages/%40fortawesome/free-solid-svg-icons/faSitemap.js

Resized, recolored light gray, and converted to PNG.

* Tests for manage organization "Teams"

* Emails for manage organization "Teams"

* Base template for manage team pages

* Switch icons for organizations and teams

- `fa-sitemap` for organizations
- `fa-users` for teams
- `fa-user` for collaborators/members/people

* Template for manage team "Projects"

* View for manage team "Projects"

* Tests for manage team "Projects"

* `TeamRoleType` and `TeamProjectRoleType` enums

* Template for manage team "Members"

* View and form for manage team "Members"

* Tests for manage team "Members"

* Template for manage team "Settings"

* View and form for manage team "Settings"

* Tests for manage team "Settings"

* Fix typo in "added-as-organization-member" email

* Fix typo in "organization-member-removed" email

* Emails for manage team "Members"

* Emails for manage team "Settings"

* Update Alembic revisions after merge branch 'main'

* Update template for internal project collaborators

* Views and forms for internal project collaborators

* Update project role journal entries and events

- Standardize journal entry action to be "add {role_name} {username}"
- Standardize project event tag to be "project:role:create"
- Standardize user event tag to be "account:role:create"

* Tests for internal project collaborators

* Emails for internal project collaborators

* List org owners as internal project collaborators

* Restore 2FA column for project collaborators

* Fix redirect after removing team member

* Fix redirect after renaming team

* Enable events for `Team`

* Record events for `Team`

* Rename {Team.users => Team.members}

* Fix tests after merge branch 'main'

* Fix SQLAlchemy warnings for `Team`

Similar to fixes in #11378.

* Revert "Update project role journal entries and events"

This reverts commit 2264221.
The change will be included in separate pull request #11779.

* Update Alembic revisions after rebase 'main'

* Revert renaming of roles for individual users

- {Admin => Owner}
- {Upload => Maintainer}

As @ewdurbin described in #11665 we want to keep the original project
roles "Owner" and "Maintainer" for individual users in projects, and use
the new permissions "Administer" and "Upload" for teams in projects.

* Rename permissions for teams {Admin => Administer}

* Clarify in emails that teams have "permissions"

* Clarify in templates that teams have "permissions"

* Include team projects in user's list of projects

- Add team projects to list of user projects
- Add team projects with Administer permissions to projects owned

* Fix left align in "People" and "Members" tables

* Tweak navigation for organizations and teams

- Add links to organization for projects in organizations
- Add links to organization for teams in organizations
- Add display name to organization snippets
- Add member count to team snippets

These tweaks should make navigation easier and more intuitive.

* Grant project permissions to team members

* re-order migrations

Co-authored-by: sterbo <[email protected]>
Co-authored-by: Ee Durbin <[email protected]>
woodruffw pushed a commit to trail-of-forks/warehouse that referenced this pull request Jul 27, 2022
* Create initial models for Teams

* Add services for Teams to do all the things

* Add tests for the Teams services

* Add "Teams" to manage organization menu

* Template for manage organization "Teams"

* Grant "manage:team" permissions to org Owner

* Relax Team name constraint and add normalized_name

Organization and project names correspond to public URLs and require
stricter naming constraints. In contrast, team names are used internally
within organizations so we can relax the constraint to allow non-ASCII
international names.

* `find_teamid` by organization ID and team name

* View and form for manage organization "Teams"

* .team-snippet style

* sitemap.{png,svg}

SVG of `fa-sitemap` from Font Awesome 5.13.0:

https://github.com/FortAwesome/Font-Awesome/blob/4e6402443679e0a9d12c7401ac8783ef4646657f/js-packages/%40fortawesome/free-solid-svg-icons/faSitemap.js

Resized, recolored light gray, and converted to PNG.

* Tests for manage organization "Teams"

* Emails for manage organization "Teams"

* Base template for manage team pages

* Switch icons for organizations and teams

- `fa-sitemap` for organizations
- `fa-users` for teams
- `fa-user` for collaborators/members/people

* Template for manage team "Projects"

* View for manage team "Projects"

* Tests for manage team "Projects"

* `TeamRoleType` and `TeamProjectRoleType` enums

* Template for manage team "Members"

* View and form for manage team "Members"

* Tests for manage team "Members"

* Template for manage team "Settings"

* View and form for manage team "Settings"

* Tests for manage team "Settings"

* Fix typo in "added-as-organization-member" email

* Fix typo in "organization-member-removed" email

* Emails for manage team "Members"

* Emails for manage team "Settings"

* Update Alembic revisions after merge branch 'main'

* Update template for internal project collaborators

* Views and forms for internal project collaborators

* Update project role journal entries and events

- Standardize journal entry action to be "add {role_name} {username}"
- Standardize project event tag to be "project:role:create"
- Standardize user event tag to be "account:role:create"

* Tests for internal project collaborators

* Emails for internal project collaborators

* List org owners as internal project collaborators

* Restore 2FA column for project collaborators

* Fix redirect after removing team member

* Fix redirect after renaming team

* Enable events for `Team`

* Record events for `Team`

* Rename {Team.users => Team.members}

* Fix tests after merge branch 'main'

* Fix SQLAlchemy warnings for `Team`

Similar to fixes in pypi#11378.

* Revert "Update project role journal entries and events"

This reverts commit 2264221.
The change will be included in separate pull request pypi#11779.

* Update Alembic revisions after rebase 'main'

* Revert renaming of roles for individual users

- {Admin => Owner}
- {Upload => Maintainer}

As @ewdurbin described in pypi#11665 we want to keep the original project
roles "Owner" and "Maintainer" for individual users in projects, and use
the new permissions "Administer" and "Upload" for teams in projects.

* Rename permissions for teams {Admin => Administer}

* Clarify in emails that teams have "permissions"

* Clarify in templates that teams have "permissions"

* Include team projects in user's list of projects

- Add team projects to list of user projects
- Add team projects with Administer permissions to projects owned

* Fix left align in "People" and "Members" tables

* Tweak navigation for organizations and teams

- Add links to organization for projects in organizations
- Add links to organization for teams in organizations
- Add display name to organization snippets
- Add member count to team snippets

These tweaks should make navigation easier and more intuitive.

* Grant project permissions to team members

* re-order migrations

Co-authored-by: sterbo <[email protected]>
Co-authored-by: Ee Durbin <[email protected]>
- Standardize journal entry action to be "add {role_name} {username}"
- Standardize project event tag to be "project:role:create"
- Standardize user event tag to be "account:role:create"
- Relates to pypi#7119.
@divbzero divbzero force-pushed the fix/inconsistent-project-role-events branch from 614bbeb to 1b0ff20 Compare July 31, 2022 06:47
SamirPS pushed a commit to SamirPS/warehouse that referenced this pull request Aug 30, 2022
* Create initial models for Teams

* Add services for Teams to do all the things

* Add tests for the Teams services

* Add "Teams" to manage organization menu

* Template for manage organization "Teams"

* Grant "manage:team" permissions to org Owner

* Relax Team name constraint and add normalized_name

Organization and project names correspond to public URLs and require
stricter naming constraints. In contrast, team names are used internally
within organizations so we can relax the constraint to allow non-ASCII
international names.

* `find_teamid` by organization ID and team name

* View and form for manage organization "Teams"

* .team-snippet style

* sitemap.{png,svg}

SVG of `fa-sitemap` from Font Awesome 5.13.0:

https://github.com/FortAwesome/Font-Awesome/blob/4e6402443679e0a9d12c7401ac8783ef4646657f/js-packages/%40fortawesome/free-solid-svg-icons/faSitemap.js

Resized, recolored light gray, and converted to PNG.

* Tests for manage organization "Teams"

* Emails for manage organization "Teams"

* Base template for manage team pages

* Switch icons for organizations and teams

- `fa-sitemap` for organizations
- `fa-users` for teams
- `fa-user` for collaborators/members/people

* Template for manage team "Projects"

* View for manage team "Projects"

* Tests for manage team "Projects"

* `TeamRoleType` and `TeamProjectRoleType` enums

* Template for manage team "Members"

* View and form for manage team "Members"

* Tests for manage team "Members"

* Template for manage team "Settings"

* View and form for manage team "Settings"

* Tests for manage team "Settings"

* Fix typo in "added-as-organization-member" email

* Fix typo in "organization-member-removed" email

* Emails for manage team "Members"

* Emails for manage team "Settings"

* Update Alembic revisions after merge branch 'main'

* Update template for internal project collaborators

* Views and forms for internal project collaborators

* Update project role journal entries and events

- Standardize journal entry action to be "add {role_name} {username}"
- Standardize project event tag to be "project:role:create"
- Standardize user event tag to be "account:role:create"

* Tests for internal project collaborators

* Emails for internal project collaborators

* List org owners as internal project collaborators

* Restore 2FA column for project collaborators

* Fix redirect after removing team member

* Fix redirect after renaming team

* Enable events for `Team`

* Record events for `Team`

* Rename {Team.users => Team.members}

* Fix tests after merge branch 'main'

* Fix SQLAlchemy warnings for `Team`

Similar to fixes in pypi#11378.

* Revert "Update project role journal entries and events"

This reverts commit 2264221.
The change will be included in separate pull request pypi#11779.

* Update Alembic revisions after rebase 'main'

* Revert renaming of roles for individual users

- {Admin => Owner}
- {Upload => Maintainer}

As @ewdurbin described in pypi#11665 we want to keep the original project
roles "Owner" and "Maintainer" for individual users in projects, and use
the new permissions "Administer" and "Upload" for teams in projects.

* Rename permissions for teams {Admin => Administer}

* Clarify in emails that teams have "permissions"

* Clarify in templates that teams have "permissions"

* Include team projects in user's list of projects

- Add team projects to list of user projects
- Add team projects with Administer permissions to projects owned

* Fix left align in "People" and "Members" tables

* Tweak navigation for organizations and teams

- Add links to organization for projects in organizations
- Add links to organization for teams in organizations
- Add display name to organization snippets
- Add member count to team snippets

These tweaks should make navigation easier and more intuitive.

* Grant project permissions to team members

* re-order migrations

Co-authored-by: sterbo <[email protected]>
Co-authored-by: Ee Durbin <[email protected]>
@divbzero divbzero added the developer experience Anything that improves the experience for Warehouse devs label Oct 12, 2022
@divbzero divbzero mentioned this pull request Oct 12, 2022
divbzero added a commit to divbzero/warehouse that referenced this pull request Oct 12, 2022
- Standardize journal entry action to be "add {role_name} {username}"
- Standardize project event tag to be "project:role:create"
- Standardize user event tag to be "account:role:create"
- Relates to pypi#7119.

Cherry-picked commit 1b0ff20 from pypi#11779.
@divbzero
Copy link
Contributor Author

These changes have been incorporated into pull request #12351.

@divbzero divbzero closed this Oct 12, 2022
divbzero added a commit to divbzero/warehouse that referenced this pull request Oct 14, 2022
- Standardize journal entry action to be "add {role_name} {username}"
- Standardize project event tag to be "project:role:create"
- Standardize user event tag to be "account:role:create"
- Relates to pypi#7119.

Cherry-picked commit 1b0ff20 from pypi#11779.
ewdurbin added a commit that referenced this pull request Oct 19, 2022
* Update project role journal entries and events

- Standardize journal entry action to be "add {role_name} {username}"
- Standardize project event tag to be "project:role:create"
- Standardize user event tag to be "account:role:create"
- Relates to #7119.

Cherry-picked commit 1b0ff20 from #11779.

* `EventTagEnum` for enumerating tag values

* Enumerate "project:*" event tags

Replaced "project:*" strings with EventTag.Project.* values:

    rg -l '"project:api_token:added"' | xargs -n 1 sed -i '' 's/"project:api_token:added"/EventTag.Project.APITokenAdded/g'
    rg -l '"project:api_token:removed"' | xargs -n 1 sed -i '' 's/"project:api_token:removed"/EventTag.Project.APITokenRemoved/g'
    rg -l '"project:oidc:provider-added"' | xargs -n 1 sed -i '' 's/"project:oidc:provider-added"/EventTag.Project.OIDCProviderAdded/g'
    rg -l '"project:oidc:provider-removed"' | xargs -n 1 sed -i '' 's/"project:oidc:provider-removed"/EventTag.Project.OIDCProviderRemoved/g'
    rg -l '"project:organization_project:add"' | xargs -n 1 sed -i '' 's/"project:organization_project:add"/EventTag.Project.OrganizationProjectAdd/g'
    rg -l '"project:organization_project:remove"' | xargs -n 1 sed -i '' 's/"project:organization_project:remove"/EventTag.Project.OrganizationProjectRemove/g'
    rg -l '"project:owners_require_2fa:disabled"' | xargs -n 1 sed -i '' 's/"project:owners_require_2fa:disabled"/EventTag.Project.OwnersRequire2FADisabled/g'
    rg -l '"project:owners_require_2fa:enabled"' | xargs -n 1 sed -i '' 's/"project:owners_require_2fa:enabled"/EventTag.Project.OwnersRequire2FAEnabled/g'
    rg -l '"project:create"' | xargs -n 1 sed -i '' 's/"project:create"/EventTag.Project.ProjectCreate/g'
    rg -l '"project:release:add"' | xargs -n 1 sed -i '' 's/"project:release:add"/EventTag.Project.ReleaseAdd/g'
    rg -l '"project:release:file:remove"' | xargs -n 1 sed -i '' 's/"project:release:file:remove"/EventTag.Project.ReleaseFileRemove/g'
    rg -l '"project:release:remove"' | xargs -n 1 sed -i '' 's/"project:release:remove"/EventTag.Project.ReleaseRemove/g'
    rg -l '"project:release:unyank"' | xargs -n 1 sed -i '' 's/"project:release:unyank"/EventTag.Project.ReleaseUnyank/g'
    rg -l '"project:release:yank"' | xargs -n 1 sed -i '' 's/"project:release:yank"/EventTag.Project.ReleaseYank/g'
    rg -l '"project:role:change"' | xargs -n 1 sed -i '' 's/"project:role:change"/EventTag.Project.RoleChange/g'
    rg -l '"project:role:create"' | xargs -n 1 sed -i '' 's/"project:role:create"/EventTag.Project.RoleCreate/g'
    rg -l '"project:role:delete"' | xargs -n 1 sed -i '' 's/"project:role:delete"/EventTag.Project.RoleDelete/g'
    rg -l '"project:role:invite"' | xargs -n 1 sed -i '' 's/"project:role:invite"/EventTag.Project.RoleInvite/g'
    rg -l '"project:role:revoke_invite"' | xargs -n 1 sed -i '' 's/"project:role:revoke_invite"/EventTag.Project.RoleRevokeInvite/g'
    rg -l '"project:team_project_role:change"' | xargs -n 1 sed -i '' 's/"project:team_project_role:change"/EventTag.Project.TeamProjectRoleChange/g'
    rg -l '"project:team_project_role:create"' | xargs -n 1 sed -i '' 's/"project:team_project_role:create"/EventTag.Project.TeamProjectRoleCreate/g'
    rg -l '"project:team_project_role:delete"' | xargs -n 1 sed -i '' 's/"project:team_project_role:delete"/EventTag.Project.TeamProjectRoleDelete/g'

(Remove empty quotes '' if using GNU sed instead of BSD sed.)

Two legacy "project:*" tags are no longer used when recording events:

- "project:role:accepted"
- "project:role:add"

* Enumerate "account:*" event tags

Replaced "account:*" strings with EventTag.Account.* values:

    rg -l '"account:api_token:added"' | xargs -n 1 sed -i '' 's/"account:api_token:added"/EventTag.Account.APITokenAdded/g'
    rg -l '"account:api_token:removed"' | xargs -n 1 sed -i '' 's/"account:api_token:removed"/EventTag.Account.APITokenRemoved/g'
    rg -l '"account:api_token:removed_leak"' | xargs -n 1 sed -i '' 's/"account:api_token:removed_leak"/EventTag.Account.APITokenRemovedLeak/g'
    rg -l '"account:create"' | xargs -n 1 sed -i '' 's/"account:create"/EventTag.Account.AccountCreate/g'
    rg -l '"account:email:add"' | xargs -n 1 sed -i '' 's/"account:email:add"/EventTag.Account.EmailAdd/g'
    rg -l '"account:email:primary:change"' | xargs -n 1 sed -i '' 's/"account:email:primary:change"/EventTag.Account.EmailPrimaryChange/g'
    rg -l '"account:email:remove"' | xargs -n 1 sed -i '' 's/"account:email:remove"/EventTag.Account.EmailRemove/g'
    rg -l '"account:email:reverify"' | xargs -n 1 sed -i '' 's/"account:email:reverify"/EventTag.Account.EmailReverify/g'
    rg -l '"account:email:verified"' | xargs -n 1 sed -i '' 's/"account:email:verified"/EventTag.Account.EmailVerified/g'
    rg -l '"account:login:failure"' | xargs -n 1 sed -i '' 's/"account:login:failure"/EventTag.Account.LoginFailure/g'
    rg -l '"account:login:success"' | xargs -n 1 sed -i '' 's/"account:login:success"/EventTag.Account.LoginSuccess/g'
    rg -l '"account:organization_role:accepted"' | xargs -n 1 sed -i '' 's/"account:organization_role:accepted"/EventTag.Account.OrganizationRoleAccepted/g'
    rg -l '"account:organization_role:change"' | xargs -n 1 sed -i '' 's/"account:organization_role:change"/EventTag.Account.OrganizationRoleChange/g'
    rg -l '"account:organization_role:declined"' | xargs -n 1 sed -i '' 's/"account:organization_role:declined"/EventTag.Account.OrganizationRoleDeclined/g'
    rg -l '"account:organization_role:delete"' | xargs -n 1 sed -i '' 's/"account:organization_role:delete"/EventTag.Account.OrganizationRoleDelete/g'
    rg -l '"account:password:change"' | xargs -n 1 sed -i '' 's/"account:password:change"/EventTag.Account.PasswordChange/g'
    rg -l '"account:password:reset"' | xargs -n 1 sed -i '' 's/"account:password:reset"/EventTag.Account.PasswordReset/g'
    rg -l '"account:password:reset:attempt"' | xargs -n 1 sed -i '' 's/"account:password:reset:attempt"/EventTag.Account.PasswordResetAttempt/g'
    rg -l '"account:password:reset:request"' | xargs -n 1 sed -i '' 's/"account:password:reset:request"/EventTag.Account.PasswordResetRequest/g'
    rg -l '"account:recovery_codes:generated"' | xargs -n 1 sed -i '' 's/"account:recovery_codes:generated"/EventTag.Account.RecoveryCodesGenerated/g'
    rg -l '"account:recovery_codes:regenerated"' | xargs -n 1 sed -i '' 's/"account:recovery_codes:regenerated"/EventTag.Account.RecoveryCodesRegenerated/g'
    rg -l '"account:recovery_codes:used"' | xargs -n 1 sed -i '' 's/"account:recovery_codes:used"/EventTag.Account.RecoveryCodesUsed/g'
    rg -l '"account:role:create"' | xargs -n 1 sed -i '' 's/"account:role:create"/EventTag.Account.RoleCreate/g'
    rg -l '"account:role:invite"' | xargs -n 1 sed -i '' 's/"account:role:invite"/EventTag.Account.RoleInvite/g'
    rg -l '"account:team_role:add"' | xargs -n 1 sed -i '' 's/"account:team_role:add"/EventTag.Account.TeamRoleAdd/g'
    rg -l '"account:team_role:delete"' | xargs -n 1 sed -i '' 's/"account:team_role:delete"/EventTag.Account.TeamRoleDelete/g'
    rg -l '"account:two_factor:method_added"' | xargs -n 1 sed -i '' 's/"account:two_factor:method_added"/EventTag.Account.TwoFactorMethodAdded/g'
    rg -l '"account:two_factor:method_removed"' | xargs -n 1 sed -i ''
    's/"account:two_factor:method_removed"/EventTag.Account.TwoFactorMethodRemoved/g'

(Remove empty quotes '' if using GNU sed instead of BSD sed.)

Three legacy "account:*" tags are no longer used when recording events:

- "account:email:sent"
- "account:reauthenticate:failure"
- "account:role:accepted"

* Enumerate "organization:*" event tags

Replaced "organization:*" strings with EventTag.Organization.* values:

    rg -l '"organization:catalog_entry:add"' | xargs -n 1 sed -i '' 's/"organization:catalog_entry:add"/EventTag.Organization.CatalogEntryAdd/g'
    rg -l '"organization:approve"' | xargs -n 1 sed -i '' 's/"organization:approve"/EventTag.Organization.OrganizationApprove/g'
    rg -l '"organization:create"' | xargs -n 1 sed -i '' 's/"organization:create"/EventTag.Organization.OrganizationCreate/g'
    rg -l '"organization:decline"' | xargs -n 1 sed -i '' 's/"organization:decline"/EventTag.Organization.OrganizationDecline/g'
    rg -l '"organization:delete"' | xargs -n 1 sed -i '' 's/"organization:delete"/EventTag.Organization.OrganizationDelete/g'
    rg -l '"organization:rename"' | xargs -n 1 sed -i '' 's/"organization:rename"/EventTag.Organization.OrganizationRename/g'
    rg -l '"organization:organization_project:add"' | xargs -n 1 sed -i '' 's/"organization:organization_project:add"/EventTag.Organization.OrganizationProjectAdd/g'
    rg -l '"organization:organization_project:remove"' | xargs -n 1 sed -i '' 's/"organization:organization_project:remove"/EventTag.Organization.OrganizationProjectRemove/g'
    rg -l '"organization:organization_role:accepted"' | xargs -n 1 sed -i '' 's/"organization:organization_role:accepted"/EventTag.Organization.OrganizationRoleAccepted/g'
    rg -l '"organization:organization_role:change"' | xargs -n 1 sed -i '' 's/"organization:organization_role:change"/EventTag.Organization.OrganizationRoleChange/g'
    rg -l '"organization:organization_role:declined"' | xargs -n 1 sed -i '' 's/"organization:organization_role:declined"/EventTag.Organization.OrganizationRoleDeclined/g'
    rg -l '"organization:organization_role:delete"' | xargs -n 1 sed -i '' 's/"organization:organization_role:delete"/EventTag.Organization.OrganizationRoleDelete/g'
    rg -l '"organization:organization_role:invite"' | xargs -n 1 sed -i '' 's/"organization:organization_role:invite"/EventTag.Organization.OrganizationRoleInvite/g'
    rg -l '"organization:organization_role:revoke_invite"' | xargs -n 1 sed -i '' 's/"organization:organization_role:revoke_invite"/EventTag.Organization.OrganizationRoleRevokeInvite/g'
    rg -l '"organization:team:create"' | xargs -n 1 sed -i '' 's/"organization:team:create"/EventTag.Organization.TeamCreate/g'
    rg -l '"organization:team:delete"' | xargs -n 1 sed -i '' 's/"organization:team:delete"/EventTag.Organization.TeamDelete/g'
    rg -l '"organization:team_project_role:change"' | xargs -n 1 sed -i '' 's/"organization:team_project_role:change"/EventTag.Organization.TeamProjectRoleChange/g'
    rg -l '"organization:team_project_role:create"' | xargs -n 1 sed -i '' 's/"organization:team_project_role:create"/EventTag.Organization.TeamProjectRoleCreate/g'
    rg -l '"organization:team_project_role:delete"' | xargs -n 1 sed -i '' 's/"organization:team_project_role:delete"/EventTag.Organization.TeamProjectRoleDelete/g'
    rg -l '"organization:team_role:add"' | xargs -n 1 sed -i '' 's/"organization:team_role:add"/EventTag.Organization.TeamRoleAdd/g'
    rg -l '"organization:team_role:delete"' | xargs -n 1 sed -i '' 's/"organization:team_role:delete"/EventTag.Organization.TeamRoleDelete/g'

(Remove empty quotes '' if using GNU sed instead of BSD sed.)

* Enumerate "team:*" event tags

Replaced "team:*" strings with EventTag.Team.* values:

    rg -l '"team:create"' | xargs -n 1 sed -i '' 's/"team:create"/EventTag.Team.TeamCreate/g'
    rg -l '"team:delete"' | xargs -n 1 sed -i '' 's/"team:delete"/EventTag.Team.TeamDelete/g'
    rg -l '"team:team_project_role:change"' | xargs -n 1 sed -i '' 's/"team:team_project_role:change"/EventTag.Team.TeamProjectRoleChange/g'
    rg -l '"team:team_project_role:create"' | xargs -n 1 sed -i '' 's/"team:team_project_role:create"/EventTag.Team.TeamProjectRoleCreate/g'
    rg -l '"team:team_project_role:delete"' | xargs -n 1 sed -i '' 's/"team:team_project_role:delete"/EventTag.Team.TeamProjectRoleDelete/g'
    rg -l '"team:team_role:add"' | xargs -n 1 sed -i '' 's/"team:team_role:add"/EventTag.Team.TeamRoleAdd/g'
    rg -l '"team:team_role:delete"' | xargs -n 1 sed -i '' 's/"team:team_role:delete"/EventTag.Team.TeamRoleDelete/g'

(Remove empty quotes '' if using GNU sed instead of BSD sed.)

* Standardize use of "*:add" and "*:remove" for role events

"*:add" was already being used in "project:role:add" but there was also
inconsistent use of "project:role:accepted". Standardizing role events
to "*:add" and "*:remove" seemed to fit best with other events.

    rg -l RoleAccepted | xargs -n 1 sed -i '' 's/RoleAccepted/RoleAdd/g'
    rg -l RoleCreate | xargs -n 1 sed -i '' 's/RoleCreate/RoleAdd/g'
    rg -l RoleDelete | xargs -n 1 sed -i '' 's/RoleDelete/RoleRemove/g'

(Remove empty quotes '' if using GNU sed instead of BSD sed.)

* Standardize use of "*:decline_invite" for role events

"*:decline_invite" seems to fit better with existing "*:revoke_invite"
tags for role events.

    rg -l RoleDeclined | xargs -n 1 sed -i '' 's/RoleDeclined/RoleDeclineInvite/g'

(Remove empty quotes '' if using GNU sed instead of BSD sed.)

* Record missing role events

There were several missing tags for role events:

- "account:organization_role:invite"
- "account:organization_role:revoke_invite"
- "account:role:change"
- "account:role:decline_invite"
- "account:role:remove"
- "account:role:revoke_invite"
- "project:role:decline_invite"

`Role` and `OrganizationRole` should have the following 6 event tags:

- "*:invite"
- "*:decline_invite"
- "*:revoke_invite"
- "*:add"
- "*:change"
- "*:remove"

`TeamProjectRole` should only have the following 3 event tags because
there are no invitations with for `TeamProjectRole`:

- "*:add"
- "*:change"
- "*:remove"

`TeamRole` should only have the following 2 event tags because there are
no invitations for `TeamRole` and only one `TeamRoleType`:

- "*:add"
- "*:remove"

* Record missing rename events

There were a couple missing rename events:

- "organization:team:rename"
- "team:rename"

* Do not record owner invite event when creating org

* Update warehouse/accounts/views.py

Co-authored-by: Ee Durbin <[email protected]>
ewdurbin added a commit that referenced this pull request Oct 19, 2022
* Update project role journal entries and events

- Standardize journal entry action to be "add {role_name} {username}"
- Standardize project event tag to be "project:role:create"
- Standardize user event tag to be "account:role:create"
- Relates to #7119.

Cherry-picked commit 1b0ff20 from #11779.

* `EventTagEnum` for enumerating tag values

* Enumerate "project:*" event tags

Replaced "project:*" strings with EventTag.Project.* values:

    rg -l '"project:api_token:added"' | xargs -n 1 sed -i '' 's/"project:api_token:added"/EventTag.Project.APITokenAdded/g'
    rg -l '"project:api_token:removed"' | xargs -n 1 sed -i '' 's/"project:api_token:removed"/EventTag.Project.APITokenRemoved/g'
    rg -l '"project:oidc:provider-added"' | xargs -n 1 sed -i '' 's/"project:oidc:provider-added"/EventTag.Project.OIDCProviderAdded/g'
    rg -l '"project:oidc:provider-removed"' | xargs -n 1 sed -i '' 's/"project:oidc:provider-removed"/EventTag.Project.OIDCProviderRemoved/g'
    rg -l '"project:organization_project:add"' | xargs -n 1 sed -i '' 's/"project:organization_project:add"/EventTag.Project.OrganizationProjectAdd/g'
    rg -l '"project:organization_project:remove"' | xargs -n 1 sed -i '' 's/"project:organization_project:remove"/EventTag.Project.OrganizationProjectRemove/g'
    rg -l '"project:owners_require_2fa:disabled"' | xargs -n 1 sed -i '' 's/"project:owners_require_2fa:disabled"/EventTag.Project.OwnersRequire2FADisabled/g'
    rg -l '"project:owners_require_2fa:enabled"' | xargs -n 1 sed -i '' 's/"project:owners_require_2fa:enabled"/EventTag.Project.OwnersRequire2FAEnabled/g'
    rg -l '"project:create"' | xargs -n 1 sed -i '' 's/"project:create"/EventTag.Project.ProjectCreate/g'
    rg -l '"project:release:add"' | xargs -n 1 sed -i '' 's/"project:release:add"/EventTag.Project.ReleaseAdd/g'
    rg -l '"project:release:file:remove"' | xargs -n 1 sed -i '' 's/"project:release:file:remove"/EventTag.Project.ReleaseFileRemove/g'
    rg -l '"project:release:remove"' | xargs -n 1 sed -i '' 's/"project:release:remove"/EventTag.Project.ReleaseRemove/g'
    rg -l '"project:release:unyank"' | xargs -n 1 sed -i '' 's/"project:release:unyank"/EventTag.Project.ReleaseUnyank/g'
    rg -l '"project:release:yank"' | xargs -n 1 sed -i '' 's/"project:release:yank"/EventTag.Project.ReleaseYank/g'
    rg -l '"project:role:change"' | xargs -n 1 sed -i '' 's/"project:role:change"/EventTag.Project.RoleChange/g'
    rg -l '"project:role:create"' | xargs -n 1 sed -i '' 's/"project:role:create"/EventTag.Project.RoleCreate/g'
    rg -l '"project:role:delete"' | xargs -n 1 sed -i '' 's/"project:role:delete"/EventTag.Project.RoleDelete/g'
    rg -l '"project:role:invite"' | xargs -n 1 sed -i '' 's/"project:role:invite"/EventTag.Project.RoleInvite/g'
    rg -l '"project:role:revoke_invite"' | xargs -n 1 sed -i '' 's/"project:role:revoke_invite"/EventTag.Project.RoleRevokeInvite/g'
    rg -l '"project:team_project_role:change"' | xargs -n 1 sed -i '' 's/"project:team_project_role:change"/EventTag.Project.TeamProjectRoleChange/g'
    rg -l '"project:team_project_role:create"' | xargs -n 1 sed -i '' 's/"project:team_project_role:create"/EventTag.Project.TeamProjectRoleCreate/g'
    rg -l '"project:team_project_role:delete"' | xargs -n 1 sed -i '' 's/"project:team_project_role:delete"/EventTag.Project.TeamProjectRoleDelete/g'

(Remove empty quotes '' if using GNU sed instead of BSD sed.)

Two legacy "project:*" tags are no longer used when recording events:

- "project:role:accepted"
- "project:role:add"

* Enumerate "account:*" event tags

Replaced "account:*" strings with EventTag.Account.* values:

    rg -l '"account:api_token:added"' | xargs -n 1 sed -i '' 's/"account:api_token:added"/EventTag.Account.APITokenAdded/g'
    rg -l '"account:api_token:removed"' | xargs -n 1 sed -i '' 's/"account:api_token:removed"/EventTag.Account.APITokenRemoved/g'
    rg -l '"account:api_token:removed_leak"' | xargs -n 1 sed -i '' 's/"account:api_token:removed_leak"/EventTag.Account.APITokenRemovedLeak/g'
    rg -l '"account:create"' | xargs -n 1 sed -i '' 's/"account:create"/EventTag.Account.AccountCreate/g'
    rg -l '"account:email:add"' | xargs -n 1 sed -i '' 's/"account:email:add"/EventTag.Account.EmailAdd/g'
    rg -l '"account:email:primary:change"' | xargs -n 1 sed -i '' 's/"account:email:primary:change"/EventTag.Account.EmailPrimaryChange/g'
    rg -l '"account:email:remove"' | xargs -n 1 sed -i '' 's/"account:email:remove"/EventTag.Account.EmailRemove/g'
    rg -l '"account:email:reverify"' | xargs -n 1 sed -i '' 's/"account:email:reverify"/EventTag.Account.EmailReverify/g'
    rg -l '"account:email:verified"' | xargs -n 1 sed -i '' 's/"account:email:verified"/EventTag.Account.EmailVerified/g'
    rg -l '"account:login:failure"' | xargs -n 1 sed -i '' 's/"account:login:failure"/EventTag.Account.LoginFailure/g'
    rg -l '"account:login:success"' | xargs -n 1 sed -i '' 's/"account:login:success"/EventTag.Account.LoginSuccess/g'
    rg -l '"account:organization_role:accepted"' | xargs -n 1 sed -i '' 's/"account:organization_role:accepted"/EventTag.Account.OrganizationRoleAccepted/g'
    rg -l '"account:organization_role:change"' | xargs -n 1 sed -i '' 's/"account:organization_role:change"/EventTag.Account.OrganizationRoleChange/g'
    rg -l '"account:organization_role:declined"' | xargs -n 1 sed -i '' 's/"account:organization_role:declined"/EventTag.Account.OrganizationRoleDeclined/g'
    rg -l '"account:organization_role:delete"' | xargs -n 1 sed -i '' 's/"account:organization_role:delete"/EventTag.Account.OrganizationRoleDelete/g'
    rg -l '"account:password:change"' | xargs -n 1 sed -i '' 's/"account:password:change"/EventTag.Account.PasswordChange/g'
    rg -l '"account:password:reset"' | xargs -n 1 sed -i '' 's/"account:password:reset"/EventTag.Account.PasswordReset/g'
    rg -l '"account:password:reset:attempt"' | xargs -n 1 sed -i '' 's/"account:password:reset:attempt"/EventTag.Account.PasswordResetAttempt/g'
    rg -l '"account:password:reset:request"' | xargs -n 1 sed -i '' 's/"account:password:reset:request"/EventTag.Account.PasswordResetRequest/g'
    rg -l '"account:recovery_codes:generated"' | xargs -n 1 sed -i '' 's/"account:recovery_codes:generated"/EventTag.Account.RecoveryCodesGenerated/g'
    rg -l '"account:recovery_codes:regenerated"' | xargs -n 1 sed -i '' 's/"account:recovery_codes:regenerated"/EventTag.Account.RecoveryCodesRegenerated/g'
    rg -l '"account:recovery_codes:used"' | xargs -n 1 sed -i '' 's/"account:recovery_codes:used"/EventTag.Account.RecoveryCodesUsed/g'
    rg -l '"account:role:create"' | xargs -n 1 sed -i '' 's/"account:role:create"/EventTag.Account.RoleCreate/g'
    rg -l '"account:role:invite"' | xargs -n 1 sed -i '' 's/"account:role:invite"/EventTag.Account.RoleInvite/g'
    rg -l '"account:team_role:add"' | xargs -n 1 sed -i '' 's/"account:team_role:add"/EventTag.Account.TeamRoleAdd/g'
    rg -l '"account:team_role:delete"' | xargs -n 1 sed -i '' 's/"account:team_role:delete"/EventTag.Account.TeamRoleDelete/g'
    rg -l '"account:two_factor:method_added"' | xargs -n 1 sed -i '' 's/"account:two_factor:method_added"/EventTag.Account.TwoFactorMethodAdded/g'
    rg -l '"account:two_factor:method_removed"' | xargs -n 1 sed -i ''
    's/"account:two_factor:method_removed"/EventTag.Account.TwoFactorMethodRemoved/g'

(Remove empty quotes '' if using GNU sed instead of BSD sed.)

Three legacy "account:*" tags are no longer used when recording events:

- "account:email:sent"
- "account:reauthenticate:failure"
- "account:role:accepted"

* Enumerate "organization:*" event tags

Replaced "organization:*" strings with EventTag.Organization.* values:

    rg -l '"organization:catalog_entry:add"' | xargs -n 1 sed -i '' 's/"organization:catalog_entry:add"/EventTag.Organization.CatalogEntryAdd/g'
    rg -l '"organization:approve"' | xargs -n 1 sed -i '' 's/"organization:approve"/EventTag.Organization.OrganizationApprove/g'
    rg -l '"organization:create"' | xargs -n 1 sed -i '' 's/"organization:create"/EventTag.Organization.OrganizationCreate/g'
    rg -l '"organization:decline"' | xargs -n 1 sed -i '' 's/"organization:decline"/EventTag.Organization.OrganizationDecline/g'
    rg -l '"organization:delete"' | xargs -n 1 sed -i '' 's/"organization:delete"/EventTag.Organization.OrganizationDelete/g'
    rg -l '"organization:rename"' | xargs -n 1 sed -i '' 's/"organization:rename"/EventTag.Organization.OrganizationRename/g'
    rg -l '"organization:organization_project:add"' | xargs -n 1 sed -i '' 's/"organization:organization_project:add"/EventTag.Organization.OrganizationProjectAdd/g'
    rg -l '"organization:organization_project:remove"' | xargs -n 1 sed -i '' 's/"organization:organization_project:remove"/EventTag.Organization.OrganizationProjectRemove/g'
    rg -l '"organization:organization_role:accepted"' | xargs -n 1 sed -i '' 's/"organization:organization_role:accepted"/EventTag.Organization.OrganizationRoleAccepted/g'
    rg -l '"organization:organization_role:change"' | xargs -n 1 sed -i '' 's/"organization:organization_role:change"/EventTag.Organization.OrganizationRoleChange/g'
    rg -l '"organization:organization_role:declined"' | xargs -n 1 sed -i '' 's/"organization:organization_role:declined"/EventTag.Organization.OrganizationRoleDeclined/g'
    rg -l '"organization:organization_role:delete"' | xargs -n 1 sed -i '' 's/"organization:organization_role:delete"/EventTag.Organization.OrganizationRoleDelete/g'
    rg -l '"organization:organization_role:invite"' | xargs -n 1 sed -i '' 's/"organization:organization_role:invite"/EventTag.Organization.OrganizationRoleInvite/g'
    rg -l '"organization:organization_role:revoke_invite"' | xargs -n 1 sed -i '' 's/"organization:organization_role:revoke_invite"/EventTag.Organization.OrganizationRoleRevokeInvite/g'
    rg -l '"organization:team:create"' | xargs -n 1 sed -i '' 's/"organization:team:create"/EventTag.Organization.TeamCreate/g'
    rg -l '"organization:team:delete"' | xargs -n 1 sed -i '' 's/"organization:team:delete"/EventTag.Organization.TeamDelete/g'
    rg -l '"organization:team_project_role:change"' | xargs -n 1 sed -i '' 's/"organization:team_project_role:change"/EventTag.Organization.TeamProjectRoleChange/g'
    rg -l '"organization:team_project_role:create"' | xargs -n 1 sed -i '' 's/"organization:team_project_role:create"/EventTag.Organization.TeamProjectRoleCreate/g'
    rg -l '"organization:team_project_role:delete"' | xargs -n 1 sed -i '' 's/"organization:team_project_role:delete"/EventTag.Organization.TeamProjectRoleDelete/g'
    rg -l '"organization:team_role:add"' | xargs -n 1 sed -i '' 's/"organization:team_role:add"/EventTag.Organization.TeamRoleAdd/g'
    rg -l '"organization:team_role:delete"' | xargs -n 1 sed -i '' 's/"organization:team_role:delete"/EventTag.Organization.TeamRoleDelete/g'

(Remove empty quotes '' if using GNU sed instead of BSD sed.)

* Enumerate "team:*" event tags

Replaced "team:*" strings with EventTag.Team.* values:

    rg -l '"team:create"' | xargs -n 1 sed -i '' 's/"team:create"/EventTag.Team.TeamCreate/g'
    rg -l '"team:delete"' | xargs -n 1 sed -i '' 's/"team:delete"/EventTag.Team.TeamDelete/g'
    rg -l '"team:team_project_role:change"' | xargs -n 1 sed -i '' 's/"team:team_project_role:change"/EventTag.Team.TeamProjectRoleChange/g'
    rg -l '"team:team_project_role:create"' | xargs -n 1 sed -i '' 's/"team:team_project_role:create"/EventTag.Team.TeamProjectRoleCreate/g'
    rg -l '"team:team_project_role:delete"' | xargs -n 1 sed -i '' 's/"team:team_project_role:delete"/EventTag.Team.TeamProjectRoleDelete/g'
    rg -l '"team:team_role:add"' | xargs -n 1 sed -i '' 's/"team:team_role:add"/EventTag.Team.TeamRoleAdd/g'
    rg -l '"team:team_role:delete"' | xargs -n 1 sed -i '' 's/"team:team_role:delete"/EventTag.Team.TeamRoleDelete/g'

(Remove empty quotes '' if using GNU sed instead of BSD sed.)

* Standardize use of "*:add" and "*:remove" for role events

"*:add" was already being used in "project:role:add" but there was also
inconsistent use of "project:role:accepted". Standardizing role events
to "*:add" and "*:remove" seemed to fit best with other events.

    rg -l RoleAccepted | xargs -n 1 sed -i '' 's/RoleAccepted/RoleAdd/g'
    rg -l RoleCreate | xargs -n 1 sed -i '' 's/RoleCreate/RoleAdd/g'
    rg -l RoleDelete | xargs -n 1 sed -i '' 's/RoleDelete/RoleRemove/g'

(Remove empty quotes '' if using GNU sed instead of BSD sed.)

* Standardize use of "*:decline_invite" for role events

"*:decline_invite" seems to fit better with existing "*:revoke_invite"
tags for role events.

    rg -l RoleDeclined | xargs -n 1 sed -i '' 's/RoleDeclined/RoleDeclineInvite/g'

(Remove empty quotes '' if using GNU sed instead of BSD sed.)

* Record missing role events

There were several missing tags for role events:

- "account:organization_role:invite"
- "account:organization_role:revoke_invite"
- "account:role:change"
- "account:role:decline_invite"
- "account:role:remove"
- "account:role:revoke_invite"
- "project:role:decline_invite"

`Role` and `OrganizationRole` should have the following 6 event tags:

- "*:invite"
- "*:decline_invite"
- "*:revoke_invite"
- "*:add"
- "*:change"
- "*:remove"

`TeamProjectRole` should only have the following 3 event tags because
there are no invitations with for `TeamProjectRole`:

- "*:add"
- "*:change"
- "*:remove"

`TeamRole` should only have the following 2 event tags because there are
no invitations for `TeamRole` and only one `TeamRoleType`:

- "*:add"
- "*:remove"

* Record missing rename events

There were a couple missing rename events:

- "organization:team:rename"
- "team:rename"

* Do not record owner invite event when creating org

* NFC: {<br> => display: block} in security logs

* Add "Security history" for organizations

* Align left <th> in security logs

* Add "Security history" for teams

* Graceful fail if additional event field is missing

Allowing `user_service.get_user` to accept `None` as input results in an
empty string instead of a hard error in the Jinja template.

* Update "Security history" for projects

Added missing event formatters for:

- "project:release:unyank"
- "project:role:invite"
- "project:role:decline_invite"
- "project:role:revoke_invite"
- "project:team_project_role:add"
- "project:team_project_role:remove"
- "project:team_project_role:change"
- "project:organization_project:add"
- "project:organization_project:remove"
- "project:oidc_provider:added"
- "project:oidc_provider:removed"

Also added links to release versions for all release events.

* NFC: Comments reminding us to keep tags in sync

* Update warehouse/accounts/views.py

Co-authored-by: Ee Durbin <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
developer experience Anything that improves the experience for Warehouse devs
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant