Allow users to be filtered by openid and email

This will allow matching of Gerrit users to StoryBoard users to be done more easily and reliably. These are filtered only by exact matches to reduce the ease of brute-forcing the email addresses we keep private, and because there is no need to do substring matching on openids. Change-Id: Ibf824868cdbd2e654e1b108bb933dceddc53dcbf
2016-06-23 21:22:22 +01:00 · 2016-06-23 21:22:22 +01:00 · 72d4a86179
commit 72d4a86179
parent 8ee1331a33
2 changed files with 48 additions and 12 deletions
--- a/storyboard/api/v1/users.py
+++ b/storyboard/api/v1/users.py
@ -58,16 +58,18 @@ class UsersController(rest.RestController):
    @decorators.db_exceptions
    @secure(checks.guest)
    @wsme_pecan.wsexpose([wmodels.User], int, int, int, wtypes.text,
-                         wtypes.text, wtypes.text, wtypes.text)
+                         wtypes.text, wtypes.text, wtypes.text, wtypes.text,
                         wtypes.text)
    def get(self, marker=None, offset=None, limit=None, full_name=None,
-            sort_field='id', sort_dir='asc'):
+            email=None, openid=None, sort_field='id', sort_dir='asc'):
        """Page and filter the users in storyboard.
        :param marker: The resource id where the page should begin.
        :param offset: The offset to start the page at.
        :param limit: The number of users to retrieve.
        :param username: A string of characters to filter the username with.
        :param full_name: A string of characters to filter the full_name with.
        :param email: A string of characters to filter the email with.
        :param openid: A string of characters to filter the openid with.
        :param sort_field: The name of the field to sort on.
        :param sort_dir: Sort direction for results (asc, desc).
        """
@ -85,10 +87,14 @@ class UsersController(rest.RestController):
                                       offset=offset,
                                       limit=limit,
                                       full_name=full_name,
                                       email=email,
                                       openid=openid,
                                       filter_non_public=True,
                                       sort_field=sort_field,
                                       sort_dir=sort_dir)
-        user_count = users_api.user_get_count(full_name=full_name)
+        user_count = users_api.user_get_count(full_name=full_name,
                                              email=email,
                                              openid=openid)
        # Apply the query response headers.
        if limit:
--- a/storyboard/db/api/users.py
+++ b/storyboard/db/api/users.py
@ -26,17 +26,47 @@ def user_get(user_id, filter_non_public=False, session=None):
    return entity
 def _build_user_query(full_name=None, email=None, openid=None):
    query = api_base.model_query(models.User)
    query = api_base.apply_query_filters(query=query,
                                         model=models.User,
                                         full_name=full_name)
    if email:
        query = query.filter(models.User.email == email)
    if openid:
        query = query.filter(models.User.openid == openid)
    return query
 def user_get_all(marker=None, offset=None, limit=None,
                 filter_non_public=False, sort_field=None, sort_dir=None,
                 full_name=None, email=None, openid=None,
                 **kwargs):
-    return api_base.entity_get_all(models.User,
+    query = _build_user_query(full_name=full_name,
-                                   marker=marker,
+                              email=email,
-                                   offset=offset,
+                              openid=openid)
-                                   limit=limit,
+
-                                   filter_non_public=filter_non_public,
+    query = api_base.paginate_query(query=query,
-                                   sort_field=sort_field,
+                                    model=models.User,
-                                   sort_dir=sort_dir,
+                                    limit=limit,
-                                   **kwargs)
+                                    marker=marker,
                                    offset=offset,
                                    sort_key=sort_field,
                                    sort_dir=sort_dir)
    users = query.all()
    if len(users) > 0 and filter_non_public:
        sample_user = users[0]
        public_fields = getattr(sample_user, "_public_fields", [])
        users = [api_base._filter_non_public_fields(user, public_fields)
                 for user in users]
    return users
 def user_get_count(**kwargs):