This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-release.git
The following commit(s) were added to refs/heads/main by this push:
new 5f869a4 Use the correct committees when admins browse as another user
5f869a4 is described below
commit 5f869a448de32b967e08cd8ca469f6ccc998a97e
Author: Sean B. Palmer <[email protected]>
AuthorDate: Tue Jun 10 20:34:21 2025 +0100
Use the correct committees when admins browse as another user
---
atr/blueprints/admin/admin.py | 8 ++++++--
atr/routes/__init__.py | 10 ++++++++++
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/atr/blueprints/admin/admin.py b/atr/blueprints/admin/admin.py
index a3a6f4c..7abb42e 100644
--- a/atr/blueprints/admin/admin.py
+++ b/atr/blueprints/admin/admin.py
@@ -658,7 +658,11 @@ def _session_data(
# For example, this misses "tooling" for tooling members
projects = {p.name for p in ldap_projects.projects if (new_uid in
p.members) or (new_uid in p.owners)}
# And this adds "incubator", which is not in the OAuth data
- committees = {p.name for p in ldap_projects.projects if (p.pmc and
(new_uid in p.members)) or (new_uid in p.owners)}
+ committees = set()
+ for c in committee_data.committees:
+ for user in c.roster:
+ if user.id == new_uid:
+ committees.add(c.name)
# Or asf-member-status?
is_member = bool(projects or committees)
@@ -675,7 +679,7 @@ def _session_data(
"isMember": is_member,
"isChair": is_chair,
"isRoot": is_root,
- "committees": sorted(list(committees)),
+ "pmcs": sorted(list(committees)),
"projects": sorted(list(projects)),
"mfa": current_session.mfa,
"isRole": False,
diff --git a/atr/routes/__init__.py b/atr/routes/__init__.py
index f9fd604..3da21ac 100644
--- a/atr/routes/__init__.py
+++ b/atr/routes/__init__.py
@@ -186,6 +186,16 @@ class CommitterSession:
return
raise base.ASFQuartException("You do not have access to this
project", errorcode=403)
+ async def check_access_committee(self, committee_name: str) -> None:
+ if committee_name not in self.committees:
+ if user.is_admin(self.uid):
+ # Admins can view all committees
+ # But we must warn them when the committee is not one of their
own
+ # TODO: As above, this code is difficult to test locally
+ await quart.flash("This is not your committee, but you have
access as an admin", "warning")
+ return
+ raise base.ASFQuartException("You do not have access to this
committee", errorcode=403)
+
@property
def app_host(self) -> str:
return config.get().APP_HOST
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
