From 5b30ac6c0c6cc376d4582b1764edf089ff651093 Mon Sep 17 00:00:00 2001 From: Farhaan Bukhsh Date: Aug 11 2016 13:25:10 +0000 Subject: Fix fedmsg and redis leaking private-repo info --- diff --git a/pagure/lib/__init__.py b/pagure/lib/__init__.py index 4906237..d03ae1f 100644 --- a/pagure/lib/__init__.py +++ b/pagure/lib/__init__.py @@ -235,7 +235,7 @@ def add_issue_comment(session, issue, comment, user, ticketfolder, if notify: pagure.lib.notify.notify_new_comment(issue_comment, user=user_obj) - if not issue.private: + if not issue.private and not issue.project.private: pagure.lib.notify.log( issue.project, topic='issue.comment.added', @@ -247,7 +247,7 @@ def add_issue_comment(session, issue, comment, user, ticketfolder, redis=REDIS, ) - if REDIS: + if REDIS and not issue.project.private: if issue.private: REDIS.publish('pagure.%s' % issue.uid, json.dumps({ 'issue': 'private', @@ -314,7 +314,7 @@ def add_tag_obj(session, obj, tags, user, ticketfolder): pagure.lib.git.update_git( obj, repo=obj.project, repofolder=ticketfolder) - if not obj.private: + if not obj.private and not obj.project.private: pagure.lib.notify.log( obj.project, topic='issue.tag.added', @@ -328,7 +328,7 @@ def add_tag_obj(session, obj, tags, user, ticketfolder): ) # Send notification for the event-source server - if REDIS: + if REDIS and not obj.project.private: REDIS.publish('pagure.%s' % obj.uid, json.dumps( {'added_tags': added_tags})) @@ -353,7 +353,7 @@ def add_issue_assignee(session, issue, assignee, user, ticketfolder, if notify: pagure.lib.notify.notify_assigned_issue(issue, None, user_obj) - if not issue.private: + if not issue.private and not issue.project.private: pagure.lib.notify.log( issue.project, topic='issue.assigned.reset', @@ -366,7 +366,7 @@ def add_issue_assignee(session, issue, assignee, user, ticketfolder, ) # Send notification for the event-source server - if REDIS: + if REDIS and not issue.project.private: REDIS.publish('pagure.%s' % issue.uid, json.dumps( {'unassigned': '-'})) @@ -387,7 +387,7 @@ def add_issue_assignee(session, issue, assignee, user, ticketfolder, pagure.lib.notify.notify_assigned_issue( issue, assignee_obj, user_obj) - if not issue.private: + if not issue.private and not issue.project.private: pagure.lib.notify.log( issue.project, topic='issue.assigned.added', @@ -400,7 +400,7 @@ def add_issue_assignee(session, issue, assignee, user, ticketfolder, ) # Send notification for the event-source server - if REDIS: + if REDIS and not issue.project.private: REDIS.publish('pagure.%s' % issue.uid, json.dumps( {'assigned': assignee_obj.to_json(public=True)})) @@ -421,16 +421,18 @@ def add_pull_request_assignee( request, repo=request.project, repofolder=requestfolder) pagure.lib.notify.notify_assigned_request(request, None, user_obj) - pagure.lib.notify.log( - request.project, - topic='request.assigned.reset', - msg=dict( - request=request.to_json(public=True), - project=request.project.to_json(public=True), - agent=user_obj.username, - ), - redis=REDIS, - ) + + if not request.project.private: + pagure.lib.notify.log( + request.project, + topic='request.assigned.reset', + msg=dict( + request=request.to_json(public=True), + project=request.project.to_json(public=True), + agent=user_obj.username, + ), + redis=REDIS, + ) return 'Request reset' elif assignee is None and request.assignee is None: @@ -449,16 +451,17 @@ def add_pull_request_assignee( pagure.lib.notify.notify_assigned_request( request, assignee_obj, user_obj) - pagure.lib.notify.log( - request.project, - topic='request.assigned.added', - msg=dict( - request=request.to_json(public=True), - project=request.project.to_json(public=True), - agent=user_obj.username, - ), - redis=REDIS, - ) + if not request.project.private: + pagure.lib.notify.log( + request.project, + topic='request.assigned.added', + msg=dict( + request=request.to_json(public=True), + project=request.project.to_json(public=True), + agent=user_obj.username, + ), + redis=REDIS, + ) return 'Request assigned' @@ -493,7 +496,7 @@ def add_issue_dependency( #pagure.lib.notify.notify_assigned_issue(issue, user_obj) #pagure.lib.notify.notify_assigned_issue(issue_blocked, user_obj) - if not issue.private: + if not issue.private and not issue.project.private: pagure.lib.notify.log( issue.project, topic='issue.dependency.added', @@ -507,7 +510,7 @@ def add_issue_dependency( ) # Send notification for the event-source server - if REDIS: + if REDIS and not issue.project.private: REDIS.publish('pagure.%s' % issue.uid, json.dumps({ 'added_dependency': issue_blocked.id, 'issue_uid': issue.uid, @@ -553,7 +556,7 @@ def remove_issue_dependency( #pagure.lib.notify.notify_assigned_issue(issue, user_obj) #pagure.lib.notify.notify_assigned_issue(issue_blocked, user_obj) - if not issue.private: + if not issue.private and not issue.project.private: pagure.lib.notify.log( issue.project, topic='issue.dependency.removed', @@ -567,7 +570,7 @@ def remove_issue_dependency( ) # Send notification for the event-source server - if REDIS: + if REDIS and not issue.project.private: REDIS.publish('pagure.%s' % issue.uid, json.dumps({ 'removed_dependency': child_del, 'issue_uid': issue.uid, @@ -608,16 +611,17 @@ def remove_tags(session, project, tags, ticketfolder, user): pagure.lib.git.update_git( issue, repo=issue.project, repofolder=ticketfolder) - pagure.lib.notify.log( - project, - topic='project.tag.removed', - msg=dict( - project=project.to_json(public=True), - tags=removed_tags, - agent=user_obj.username, - ), - redis=REDIS, - ) + if not project.private: + pagure.lib.notify.log( + project, + topic='project.tag.removed', + msg=dict( + project=project.to_json(public=True), + tags=removed_tags, + agent=user_obj.username, + ), + redis=REDIS, + ) return msgs @@ -641,20 +645,21 @@ def remove_tags_obj( pagure.lib.git.update_git( obj, repo=obj.project, repofolder=ticketfolder) - pagure.lib.notify.log( - obj.project, - topic='issue.tag.removed', - msg=dict( - issue=obj.to_json(public=True), - project=obj.project.to_json(public=True), - tags=removed_tags, - agent=user_obj.username, - ), - redis=REDIS, - ) + if not obj.project.private: + pagure.lib.notify.log( + obj.project, + topic='issue.tag.removed', + msg=dict( + issue=obj.to_json(public=True), + project=obj.project.to_json(public=True), + tags=removed_tags, + agent=user_obj.username, + ), + redis=REDIS, + ) # Send notification for the event-source server - if REDIS: + if REDIS and not obj.project.private: REDIS.publish('pagure.%s' % obj.uid, json.dumps( {'removed_tags': removed_tags})) @@ -712,17 +717,19 @@ def edit_issue_tags(session, project, old_tag, new_tag, ticketfolder, user): issue, repo=issue.project, repofolder=ticketfolder) msgs.append('Edited tag: %s to %s' % (old_tag, new_tag)) - pagure.lib.notify.log( - project, - topic='project.tag.edited', - msg=dict( - project=project.to_json(public=True), - old_tag=old_tag, - new_tag=new_tag, - agent=user_obj.username, - ), - redis=REDIS, - ) + + if not project.private: + pagure.lib.notify.log( + project, + topic='project.tag.edited', + msg=dict( + project=project.to_json(public=True), + old_tag=old_tag, + new_tag=new_tag, + agent=user_obj.username, + ), + redis=REDIS, + ) return msgs @@ -747,16 +754,17 @@ def add_user_to_project(session, project, new_user, user): # Make sure we won't have SQLAlchemy error before we continue session.flush() - pagure.lib.notify.log( - project, - topic='project.user.added', - msg=dict( - project=project.to_json(public=True), - new_user=new_user_obj.username, - agent=user_obj.username, - ), - redis=REDIS, - ) + if not project.private: + pagure.lib.notify.log( + project, + topic='project.user.added', + msg=dict( + project=project.to_json(public=True), + new_user=new_user_obj.username, + agent=user_obj.username, + ), + redis=REDIS, + ) return 'User added' @@ -807,16 +815,17 @@ def add_group_to_project( # Make sure we won't have SQLAlchemy error before we continue session.flush() - pagure.lib.notify.log( - project, - topic='project.group.added', - msg=dict( - project=project.to_json(public=True), - new_group=group_obj.group_name, - agent=user, - ), - redis=REDIS, - ) + if not project.private: + pagure.lib.notify.log( + project, + topic='project.group.added', + msg=dict( + project=project.to_json(public=True), + new_group=group_obj.group_name, + agent=user, + ), + redis=REDIS, + ) return 'Group added' @@ -848,7 +857,7 @@ def add_pull_request_comment(session, request, commit, tree_id, filename, pagure.lib.notify.notify_pull_request_comment(pr_comment, user_obj) # Send notification for the event-source server - if REDIS: + if REDIS and not request.project.private: comment_text = pr_comment.comment if not notification: comment_text = text2markdown(pr_comment.comment) @@ -876,15 +885,16 @@ def add_pull_request_comment(session, request, commit, tree_id, filename, 'pr': request.to_json(public=True, with_comments=False) })) - pagure.lib.notify.log( - request.project, - topic='pull-request.comment.added', - msg=dict( - pullrequest=request.to_json(public=True), - agent=user_obj.username, - ), - redis=REDIS, - ) + if not request.project.private: + pagure.lib.notify.log( + request.project, + topic='pull-request.comment.added', + msg=dict( + pullrequest=request.to_json(public=True), + agent=user_obj.username, + ), + redis=REDIS, + ) return 'Comment added' @@ -916,19 +926,20 @@ def edit_comment(session, parent, comment, user, key = 'issue' id_ = 'issue_id' - pagure.lib.notify.log( - parent.project, - topic=topic, - msg={ - key: parent.to_json(public=True, with_comments=False), - 'project': parent.project.to_json(public=True), - 'comment': comment.to_json(public=True), - 'agent': user_obj.username, - }, - redis=REDIS, - ) + if not parent.project.private: + pagure.lib.notify.log( + parent.project, + topic=topic, + msg={ + key: parent.to_json(public=True, with_comments=False), + 'project': parent.project.to_json(public=True), + 'comment': comment.to_json(public=True), + 'agent': user_obj.username, + }, + redis=REDIS, + ) - if REDIS: + if REDIS and not parent.project.private: if parent.isa == 'issue' and comment.parent.private: REDIS.publish('pagure.%s' % comment.parent.uid, json.dumps({ 'comment_updated': 'private', @@ -978,16 +989,17 @@ def add_pull_request_flag(session, request, username, percent, comment, url, pagure.lib.git.update_git( request, repo=request.project, repofolder=requestfolder) - pagure.lib.notify.log( - request.project, - topic='pull-request.flag.%s' % action, - msg=dict( - pullrequest=request.to_json(public=True), - flag=pr_flag.to_json(public=True), - agent=user_obj.username, - ), - redis=REDIS, - ) + if not request.project.private: + pagure.lib.notify.log( + request.project, + topic='pull-request.flag.%s' % action, + msg=dict( + pullrequest=request.to_json(public=True), + flag=pr_flag.to_json(public=True), + agent=user_obj.username, + ), + redis=REDIS, + ) return 'Flag %s' % action @@ -1107,14 +1119,15 @@ def new_project(session, user, name, blacklist, allowed_prefix, # create the project in the db session.commit() - pagure.lib.notify.log( - project, - topic='project.new', - msg=dict( - project=project.to_json(public=True), - agent=user_obj.username, - ), - ) + if not project.private: + pagure.lib.notify.log( + project, + topic='project.new', + msg=dict( + project=project.to_json(public=True), + agent=user_obj.username, + ), + ) return 'Project "%s" created' % name @@ -1149,7 +1162,7 @@ def new_issue(session, repo, title, content, user, ticketfolder, if notify: pagure.lib.notify.notify_new_issue(issue, user=user_obj) - if not private: + if not private and not issue.project.private: pagure.lib.notify.log( issue.project, topic='issue.new', @@ -1177,7 +1190,7 @@ def drop_issue(session, issue, user, ticketfolder): pagure.lib.git.clean_git( issue, repo=issue.project, repofolder=ticketfolder) - if not private: + if not private and not issue.project.private: pagure.lib.notify.log( issue.project, topic='issue.drop', @@ -1229,15 +1242,16 @@ def new_pull_request(session, branch_from, if notify: pagure.lib.notify.notify_new_pull_request(request) - pagure.lib.notify.log( - request.project, - topic='pull-request.new', - msg=dict( - pullrequest=request.to_json(public=True), - agent=user_obj.username, - ), - redis=REDIS, - ) + if not request.project.private: + pagure.lib.notify.log( + request.project, + topic='pull-request.new', + msg=dict( + pullrequest=request.to_json(public=True), + agent=user_obj.username, + ), + redis=REDIS, + ) # Send notification to the CI server if REDIS and request.project.ci_hook and PAGURE_CI: @@ -1301,7 +1315,7 @@ def edit_issue(session, issue, ticketfolder, user, notification=True, ) - if not issue.private and edit: + if not issue.private and edit and not issue.project.private: pagure.lib.notify.log( issue.project, topic='issue.edit', @@ -1314,7 +1328,7 @@ def edit_issue(session, issue, ticketfolder, user, redis=REDIS, ) - if REDIS and edit: + if REDIS and edit and not issue.project.private: if issue.private: REDIS.publish('pagure.%s' % issue.uid, json.dumps({ 'issue': 'private', @@ -1366,16 +1380,18 @@ def update_project_settings(session, repo, settings, user): repo.settings = new_settings session.add(repo) session.flush() - pagure.lib.notify.log( - repo, - topic='project.edit', - msg=dict( - project=repo.to_json(public=True), - fields=update, - agent=user_obj.username, - ), - redis=REDIS, - ) + + if not repo.private: + pagure.lib.notify.log( + repo, + topic='project.edit', + msg=dict( + project=repo.to_json(public=True), + fields=update, + agent=user_obj.username, + ), + redis=REDIS, + ) return 'Edited successfully settings of repo: %s' % repo.fullname @@ -1457,14 +1473,15 @@ def fork_project(session, user, repo, gitfolder, requestrepo, bare=True, mode=pygit2.C.GIT_REPOSITORY_INIT_SHARED_GROUP) - pagure.lib.notify.log( - project, - topic='project.forked', - msg=dict( - project=project.to_json(public=True), - agent=user_obj.username, - ), - ) + if not project.private: + pagure.lib.notify.log( + project, + topic='project.forked', + msg=dict( + project=project.to_json(public=True), + agent=user_obj.username, + ), + ) return 'Repo "%s" cloned to "%s/%s"' % (repo.name, user, repo.name) @@ -1996,16 +2013,17 @@ def close_pull_request(session, request, user, requestfolder, merged=True): notify=False, notification=True ) - pagure.lib.notify.log( - request.project, - topic='pull-request.closed', - msg=dict( - pullrequest=request.to_json(public=True), - merged=merged, - agent=user_obj.username, - ), - redis=REDIS, - ) + if not request.project.private: + pagure.lib.notify.log( + request.project, + topic='pull-request.closed', + msg=dict( + pullrequest=request.to_json(public=True), + merged=merged, + agent=user_obj.username, + ), + redis=REDIS, + ) def reset_status_pull_request(session, project):