This is an automated email from the ASF dual-hosted git repository.
wave pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/main by this push:
new b7eba2f5 Drop admin privileges (#796)
b7eba2f5 is described below
commit b7eba2f588508842eaf3b0afd6fc0425539f8354
Author: Dave Fisher <[email protected]>
AuthorDate: Mon Mar 2 05:56:17 2026 -0800
Drop admin privileges (#796)
---
atr/admin/templates/toggle-admin-view.html | 9 +++------
atr/user.py | 5 +++++
atr/util.py | 17 +++++++++--------
3 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/atr/admin/templates/toggle-admin-view.html
b/atr/admin/templates/toggle-admin-view.html
index 6d2b594f..3cd4face 100644
--- a/atr/admin/templates/toggle-admin-view.html
+++ b/atr/admin/templates/toggle-admin-view.html
@@ -8,8 +8,9 @@
<h1>Toggle admin view</h1>
<p class="mb-4">
- Use this page to switch between viewing the site as an administrator or as
a regular user.
- This is helpful for testing permissions and user experience from different
perspectives.
+ Use this page to drop your administrator permissions in this session
viewing with normal user permissions.
+ This is helpful for testing permissions and user experience from different
perspectives. You will need log out
+ and log in to restore your administrator privileges.
</p>
{% if current_user and is_admin_fn(current_user.uid) %}
@@ -26,9 +27,5 @@
</strong>
</div>
- {% else %}
- <div class="alert alert-warning" role="alert">
- This function is only available to administrators.
- </div>
{% endif %}
{% endblock content %}
diff --git a/atr/user.py b/atr/user.py
index e57e6788..f143769e 100644
--- a/atr/user.py
+++ b/atr/user.py
@@ -23,6 +23,7 @@ import atr.cache as cache
import atr.config as config
import atr.db as db
import atr.models.sql as sql
+import atr.util as util
async def candidate_drafts(uid: str, user_projects: list[sql.Project] | None =
None) -> list[sql.Release]:
@@ -43,6 +44,8 @@ def is_admin(user_id: str | None) -> bool:
return False
if config.get().ALLOW_TESTS and (user_id == "test"):
return True
+ if util.is_user_session_downgraded():
+ return False
if user_id in _get_additional_admin_users():
return True
return user_id in cache.admins_get()
@@ -53,6 +56,8 @@ async def is_admin_async(user_id: str | None) -> bool:
return False
if config.get().ALLOW_TESTS and (user_id == "test"):
return True
+ if util.is_user_session_downgraded():
+ return False
if user_id in _get_additional_admin_users():
return True
return user_id in await cache.admins_get_async()
diff --git a/atr/util.py b/atr/util.py
index 0b774684..4c6ff5d7 100644
--- a/atr/util.py
+++ b/atr/util.py
@@ -618,11 +618,8 @@ def is_ldap_configured() -> bool:
return ldap.get_bind_credentials() is not None
-def is_user_viewing_as_admin(uid: str | None) -> bool:
- """Check whether a user is currently viewing the site with active admin
privileges."""
- if not user.is_admin(uid):
- return False
-
+def is_user_session_downgraded() -> bool:
+ """Check whether a user session is downgraded from active admin
privileges."""
try:
app = asfquart.APP
if (not hasattr(app, "app_id")) or (not isinstance(app.app_id, str)):
@@ -631,13 +628,17 @@ def is_user_viewing_as_admin(uid: str | None) -> bool:
cookie_id = app.app_id
session_dict = quart.session.get(cookie_id, {})
- is_downgraded = session_dict.get("downgrade_admin_to_user", False)
- return not is_downgraded
+ return session_dict.get("downgrade_admin_to_user", False)
except Exception:
- log.exception(f"Error checking admin downgrade session status for
{uid}")
+ log.exception("Error checking admin downgrade session status")
return False
+def is_user_viewing_as_admin(uid: str | None) -> bool:
+ """Check whether a user is currently viewing the site with active admin
privileges."""
+ return user.is_admin(uid)
+
+
def json_for_script_element(value: Any) -> markupsafe.Markup:
"""Serialise JSON safely for use inside a script element."""
return jinja2.utils.htmlsafe_json_dumps(value, dumps=json.dumps,
ensure_ascii=False)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
