[sysadmin-bin] Remove users that were manually added to GNOME group projects, we want to restrict access to anythin

From: Andrea Veri <av src gnome org>
To: gnome-sysadmin gnome org,commits-list gnome org
Subject: [sysadmin-bin] Remove users that were manually added to GNOME group projects, we want to restrict access to anythin
Date: Fri, 10 Nov 2017 10:29:29 +0000 (UTC)

commit 08a25323e6ed69a518ba5c4260bd1eeb2f6ee62d
Author: Andrea Veri <averi redhat com>
Date:   Fri Nov 10 11:29:21 2017 +0100

    Remove users that were manually added to GNOME group projects, we want to restrict access to anything 
that lives within GNOME to LDAP (gnomecvs) members

 gitlab/gitlab-operations.py |   19 ++++++++++++++-----
 1 files changed, 14 insertions(+), 5 deletions(-)
---
diff --git a/gitlab/gitlab-operations.py b/gitlab/gitlab-operations.py
index 48bfd12..03eadae 100755
--- a/gitlab/gitlab-operations.py
+++ b/gitlab/gitlab-operations.py
@@ -124,11 +124,20 @@ for project in maints:
     members_dict = {}
 
     for member in members:
+        identity_found = False
         user = gl.users.get(member.attributes['id'])
-       
-        for index, _ in enumerate(user.attributes['identities']):
-            if user.attributes['identities'][index]['provider'] == 'ldapmain':
-                
members_dict[user.attributes['identities'][index]['extern_uid'].split(',')[0].replace('uid=', '')] = 
user.attributes['id']
+
+        if len(user.attributes['identities']) > 0:
+            for index, _ in enumerate(user.attributes['identities']):
+                provider = user.attributes['identities'][index]['provider']
+                if provider not in ('google_oauth2', 'github'):
+                    
members_dict[user.attributes['identities'][index]['extern_uid'].split(',')[0].replace('uid=', '')] = 
user.attributes['id']
+                    identity_found = True
+
+            if not identity_found:
+                members_dict[user.attributes['username']] = user.attributes['id']
+        else:
+            members_dict[user.attributes['username']] = user.attributes['id']
 
     for member in members_dict:
         if member not in maints[project]:
@@ -142,4 +151,4 @@ for project in maints:
             else:
                 proj.members.delete(members_dict[member])
 
-                print 'Dropped level access %s, this means user %s was added manually on project %s, that is 
not necessary as permissions are inherited from the GNOME group by default' % 
(member.attributes['access_level'], member, project)
+                print 'Dropped level access %s, this means user %s was added manually on project %s, that is 
not necessary as permissions are inherited from the GNOME group by default' % 
(_member.attributes['access_level'], member, project)

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]