diff --git a/tests/unit/admin/test_routes.py b/tests/unit/admin/test_routes.py index ab481bf4cd75..1b1fa30ebcbd 100644 --- a/tests/unit/admin/test_routes.py +++ b/tests/unit/admin/test_routes.py @@ -248,6 +248,20 @@ def test_includeme(): traverse="/{project_name}", domain=warehouse, ), + pretend.call( + "admin.project.archive", + "/admin/projects/{project_name}/archive/", + factory="warehouse.packaging.models:ProjectFactory", + traverse="/{project_name}", + domain=warehouse, + ), + pretend.call( + "admin.project.unarchive", + "/admin/projects/{project_name}/unarchive/", + factory="warehouse.packaging.models:ProjectFactory", + traverse="/{project_name}", + domain=warehouse, + ), pretend.call("admin.journals.list", "/admin/journals/", domain=warehouse), pretend.call( "admin.prohibited_project_names.list", diff --git a/tests/unit/admin/views/test_projects.py b/tests/unit/admin/views/test_projects.py index 47c17b064b50..918fe09ef33e 100644 --- a/tests/unit/admin/views/test_projects.py +++ b/tests/unit/admin/views/test_projects.py @@ -26,7 +26,7 @@ from tests.common.db.oidc import GitHubPublisherFactory from warehouse.admin.views import projects as views from warehouse.observations.models import ObservationKind -from warehouse.packaging.models import Project, Role +from warehouse.packaging.models import LifecycleStatus, Project, Role from warehouse.packaging.tasks import update_release_description from warehouse.search.tasks import reindex_project from warehouse.utils.paginate import paginate_url_factory @@ -952,3 +952,96 @@ def test_reindexes_project(self, db_request): assert db_request.session.flash.calls == [ pretend.call("Task sent to reindex the project 'foo'", queue="success") ] + + +class TestProjectArchival: + def test_archive(self, db_request): + project = ProjectFactory.create(name="foo") + user = UserFactory.create(username="testuser") + + db_request.route_path = pretend.call_recorder(lambda *a, **kw: "/the-redirect") + db_request.method = "POST" + db_request.user = user + db_request.session = pretend.stub( + flash=pretend.call_recorder(lambda *a, **kw: None) + ) + + result = views.archive_project_view(project, db_request) + + assert isinstance(result, HTTPSeeOther) + assert result.headers["Location"] == "/the-redirect" + assert project.lifecycle_status == LifecycleStatus.Archived + assert db_request.route_path.calls == [ + pretend.call("admin.project.detail", project_name=project.name) + ] + + def test_unarchive_project(self, db_request): + project = ProjectFactory.create( + name="foo", lifecycle_status=LifecycleStatus.Archived + ) + user = UserFactory.create(username="testuser") + + db_request.route_path = pretend.call_recorder(lambda *a, **kw: "/the-redirect") + db_request.method = "POST" + db_request.user = user + db_request.session = pretend.stub( + flash=pretend.call_recorder(lambda *a, **kw: None) + ) + + result = views.unarchive_project_view(project, db_request) + + assert isinstance(result, HTTPSeeOther) + assert result.headers["Location"] == "/the-redirect" + assert db_request.route_path.calls == [ + pretend.call("admin.project.detail", project_name=project.name) + ] + assert project.lifecycle_status is None + + def test_disallowed_archive(self, db_request): + project = ProjectFactory.create(name="foo", lifecycle_status="quarantine-enter") + user = UserFactory.create(username="testuser") + + db_request.route_path = pretend.call_recorder(lambda *a, **kw: "/the-redirect") + db_request.method = "POST" + db_request.user = user + db_request.session = pretend.stub( + flash=pretend.call_recorder(lambda *a, **kw: None) + ) + + result = views.archive_project_view(project, db_request) + + assert isinstance(result, HTTPSeeOther) + assert result.headers["Location"] == "/the-redirect" + assert db_request.session.flash.calls == [ + pretend.call( + f"Cannot archive project with status {project.lifecycle_status}", + queue="error", + ) + ] + assert db_request.route_path.calls == [ + pretend.call("admin.project.detail", project_name="foo") + ] + assert project.lifecycle_status == "quarantine-enter" + + def test_disallowed_unarchive(self, db_request): + project = ProjectFactory.create(name="foo", lifecycle_status="quarantine-enter") + user = UserFactory.create(username="testuser") + + db_request.route_path = pretend.call_recorder(lambda *a, **kw: "/the-redirect") + db_request.method = "POST" + db_request.user = user + db_request.session = pretend.stub( + flash=pretend.call_recorder(lambda *a, **kw: None) + ) + + result = views.unarchive_project_view(project, db_request) + + assert isinstance(result, HTTPSeeOther) + assert result.headers["Location"] == "/the-redirect" + assert db_request.session.flash.calls == [ + pretend.call("Can only unarchive an archived project", queue="error") + ] + assert db_request.route_path.calls == [ + pretend.call("admin.project.detail", project_name="foo") + ] + assert project.lifecycle_status == "quarantine-enter" diff --git a/tests/unit/manage/test_views.py b/tests/unit/manage/test_views.py index fb16a5a325ec..f38a9b39267c 100644 --- a/tests/unit/manage/test_views.py +++ b/tests/unit/manage/test_views.py @@ -63,6 +63,7 @@ from warehouse.packaging.models import ( File, JournalEntry, + LifecycleStatus, Project, Release, Role, @@ -96,7 +97,6 @@ class TestManageUnverifiedAccount: - def test_manage_account(self, monkeypatch): user_service = pretend.stub() name = pretend.stub() @@ -2603,7 +2603,7 @@ class TestManageProjectSettings: @pytest.mark.parametrize("enabled", [False, True]) def test_manage_project_settings(self, enabled, monkeypatch): request = pretend.stub(organization_access=enabled) - project = pretend.stub(organization=None) + project = pretend.stub(organization=None, lifecycle_status=None) view = views.ManageProjectSettingsViews(project, request) form = pretend.stub() view.transfer_organization_project_form_class = lambda *a, **kw: form @@ -2630,7 +2630,7 @@ def test_manage_project_settings_in_organization_managed(self, monkeypatch): request = pretend.stub(organization_access=True) organization_managed = pretend.stub(name="managed-org", is_active=True) organization_owned = pretend.stub(name="owned-org", is_active=True) - project = pretend.stub(organization=organization_managed) + project = pretend.stub(organization=organization_managed, lifecycle_status=None) view = views.ManageProjectSettingsViews(project, request) form = pretend.stub() view.transfer_organization_project_form_class = pretend.call_recorder( @@ -2662,7 +2662,7 @@ def test_manage_project_settings_in_organization_owned(self, monkeypatch): request = pretend.stub(organization_access=True) organization_managed = pretend.stub(name="managed-org", is_active=True) organization_owned = pretend.stub(name="owned-org", is_active=True) - project = pretend.stub(organization=organization_owned) + project = pretend.stub(organization=organization_owned, lifecycle_status=None) view = views.ManageProjectSettingsViews(project, request) form = pretend.stub() view.transfer_organization_project_form_class = pretend.call_recorder( @@ -7467,3 +7467,96 @@ def test_delete_oidc_publisher_admin_disabled(self, monkeypatch): queue="error", ) ] + + +class TestArchiveProject: + def test_archive(self, db_request): + project = ProjectFactory.create(name="foo") + user = UserFactory.create(username="testuser") + + db_request.route_path = pretend.call_recorder(lambda *a, **kw: "/the-redirect") + db_request.method = "POST" + db_request.user = user + db_request.session = pretend.stub( + flash=pretend.call_recorder(lambda *a, **kw: None) + ) + + result = views.archive_project_view(project, db_request) + + assert isinstance(result, HTTPSeeOther) + assert result.headers["Location"] == "/the-redirect" + assert project.lifecycle_status == LifecycleStatus.Archived + assert db_request.route_path.calls == [ + pretend.call("manage.project.settings", project_name=project.name) + ] + + def test_unarchive_project(self, db_request): + project = ProjectFactory.create( + name="foo", lifecycle_status=LifecycleStatus.Archived + ) + user = UserFactory.create(username="testuser") + + db_request.route_path = pretend.call_recorder(lambda *a, **kw: "/the-redirect") + db_request.method = "POST" + db_request.user = user + db_request.session = pretend.stub( + flash=pretend.call_recorder(lambda *a, **kw: None) + ) + + result = views.unarchive_project_view(project, db_request) + + assert isinstance(result, HTTPSeeOther) + assert result.headers["Location"] == "/the-redirect" + assert db_request.route_path.calls == [ + pretend.call("manage.project.settings", project_name=project.name) + ] + assert project.lifecycle_status is None + + def test_disallowed_archive(self, db_request): + project = ProjectFactory.create(name="foo", lifecycle_status="quarantine-enter") + user = UserFactory.create(username="testuser") + + db_request.route_path = pretend.call_recorder(lambda *a, **kw: "/the-redirect") + db_request.method = "POST" + db_request.user = user + db_request.session = pretend.stub( + flash=pretend.call_recorder(lambda *a, **kw: None) + ) + + result = views.archive_project_view(project, db_request) + + assert isinstance(result, HTTPSeeOther) + assert result.headers["Location"] == "/the-redirect" + assert db_request.session.flash.calls == [ + pretend.call( + f"Cannot archive project with status {project.lifecycle_status}", + queue="error", + ) + ] + assert db_request.route_path.calls == [ + pretend.call("manage.project.settings", project_name="foo") + ] + assert project.lifecycle_status == "quarantine-enter" + + def test_disallowed_unarchive(self, db_request): + project = ProjectFactory.create(name="foo", lifecycle_status="quarantine-enter") + user = UserFactory.create(username="testuser") + + db_request.route_path = pretend.call_recorder(lambda *a, **kw: "/the-redirect") + db_request.method = "POST" + db_request.user = user + db_request.session = pretend.stub( + flash=pretend.call_recorder(lambda *a, **kw: None) + ) + + result = views.unarchive_project_view(project, db_request) + + assert isinstance(result, HTTPSeeOther) + assert result.headers["Location"] == "/the-redirect" + assert db_request.session.flash.calls == [ + pretend.call("Can only unarchive an archived project", queue="error") + ] + assert db_request.route_path.calls == [ + pretend.call("manage.project.settings", project_name="foo") + ] + assert project.lifecycle_status == "quarantine-enter" diff --git a/tests/unit/packaging/test_models.py b/tests/unit/packaging/test_models.py index aac3cc37433b..8a80d58129e2 100644 --- a/tests/unit/packaging/test_models.py +++ b/tests/unit/packaging/test_models.py @@ -365,6 +365,99 @@ def test_acl_for_quarantined_project(self, db_session): key=lambda x: x[1], ) + def test_acl_for_archived_project(self, db_session): + """ + If a Project is archived, the Project ACL should disallow uploads. + """ + project = DBProjectFactory.create(lifecycle_status="archived") + owner1 = DBRoleFactory.create(project=project) + owner2 = DBRoleFactory.create(project=project) + + # Maintainers should not appear in the ACLs, since they only have + # upload permissions, and archived projects don't allow upload + DBRoleFactory.create_batch(2, project=project, role_name="Maintainer") + + organization = DBOrganizationFactory.create() + owner3 = DBOrganizationRoleFactory.create(organization=organization) + DBOrganizationProjectFactory.create(organization=organization, project=project) + + team = DBTeamFactory.create() + owner4 = DBTeamRoleFactory.create(team=team) + DBTeamProjectRoleFactory.create( + team=team, project=project, role_name=TeamProjectRoleType.Owner + ) + + # Publishers should not appear in the ACLs, since they only have upload + # permissions, and archived projects don't allow upload + GitHubPublisherFactory.create(projects=[project]) + + acls = [] + for location in lineage(project): + try: + acl = location.__acl__ + except AttributeError: + continue + + if acl and callable(acl): + acl = acl() + + acls.extend(acl) + + _perms_read_and_write = [ + Permissions.ProjectsRead, + Permissions.ProjectsWrite, + ] + assert acls == [ + ( + Allow, + "group:admins", + ( + Permissions.AdminDashboardSidebarRead, + Permissions.AdminObservationsRead, + Permissions.AdminObservationsWrite, + Permissions.AdminProhibitedProjectsWrite, + Permissions.AdminProhibitedUsernameWrite, + Permissions.AdminProjectsDelete, + Permissions.AdminProjectsRead, + Permissions.AdminProjectsSetLimit, + Permissions.AdminProjectsWrite, + Permissions.AdminRoleAdd, + Permissions.AdminRoleDelete, + ), + ), + ( + Allow, + "group:moderators", + ( + Permissions.AdminDashboardSidebarRead, + Permissions.AdminObservationsRead, + Permissions.AdminObservationsWrite, + Permissions.AdminProjectsRead, + Permissions.AdminProjectsSetLimit, + Permissions.AdminRoleAdd, + Permissions.AdminRoleDelete, + ), + ), + ( + Allow, + "group:observers", + Permissions.APIObservationsAdd, + ), + ( + Allow, + Authenticated, + Permissions.SubmitMalwareObservation, + ), + ] + sorted( + [ + (Allow, f"user:{owner1.user.id}", _perms_read_and_write), + (Allow, f"user:{owner2.user.id}", _perms_read_and_write), + (Allow, f"user:{owner3.user.id}", _perms_read_and_write), + (Allow, f"user:{owner4.user.id}", _perms_read_and_write), + ], + key=lambda x: x[1], + ) + def test_repr(self, db_request): project = DBProjectFactory() assert isinstance(repr(project), str) diff --git a/tests/unit/test_routes.py b/tests/unit/test_routes.py index 0de9e3f61694..5377dc445eed 100644 --- a/tests/unit/test_routes.py +++ b/tests/unit/test_routes.py @@ -493,6 +493,20 @@ def add_redirect_rule(*args, **kwargs): traverse="/{project_name}", domain=warehouse, ), + pretend.call( + "manage.project.archive", + "/manage/project/{project_name}/archive/", + factory="warehouse.packaging.models:ProjectFactory", + traverse="/{project_name}", + domain=warehouse, + ), + pretend.call( + "manage.project.unarchive", + "/manage/project/{project_name}/unarchive/", + factory="warehouse.packaging.models:ProjectFactory", + traverse="/{project_name}", + domain=warehouse, + ), pretend.call( "manage.project.history", "/manage/project/{project_name}/history/", diff --git a/warehouse/admin/routes.py b/warehouse/admin/routes.py index 0f8b941d7599..fe7bdae93635 100644 --- a/warehouse/admin/routes.py +++ b/warehouse/admin/routes.py @@ -252,6 +252,20 @@ def includeme(config): traverse="/{project_name}", domain=warehouse, ) + config.add_route( + "admin.project.archive", + "/admin/projects/{project_name}/archive/", + factory="warehouse.packaging.models:ProjectFactory", + traverse="/{project_name}", + domain=warehouse, + ) + config.add_route( + "admin.project.unarchive", + "/admin/projects/{project_name}/unarchive/", + factory="warehouse.packaging.models:ProjectFactory", + traverse="/{project_name}", + domain=warehouse, + ) # Journal related Admin pages config.add_route("admin.journals.list", "/admin/journals/", domain=warehouse) diff --git a/warehouse/admin/templates/admin/projects/detail.html b/warehouse/admin/templates/admin/projects/detail.html index cab3ebd25907..a8bef4318c9e 100644 --- a/warehouse/admin/templates/admin/projects/detail.html +++ b/warehouse/admin/templates/admin/projects/detail.html @@ -552,6 +552,33 @@

Prohibit Project Name

+
+
+

Archive project

+
+ +
+
+ +
+ {% set can_be_archived = not project.lifecycle_status or project.lifecycle_status == "quarantine-exit" %} + {% set can_be_unarchived = project.lifecycle_status == "archived" %} +
+ +
+ +
+
+
+ +
+ +
+
+
+
+ {% include 'delete.html' %} diff --git a/warehouse/admin/views/projects.py b/warehouse/admin/views/projects.py index 07f5ada3ede2..dfa1f797df38 100644 --- a/warehouse/admin/views/projects.py +++ b/warehouse/admin/views/projects.py @@ -30,9 +30,11 @@ from warehouse.search.tasks import reindex_project as _reindex_project from warehouse.utils.paginate import paginate_url_factory from warehouse.utils.project import ( + archive_project, clear_project_quarantine, confirm_project, remove_project, + unarchive_project, ) UPLOAD_LIMIT_CAP = ONE_GIB @@ -737,3 +739,37 @@ def reindex_project(project, request): return HTTPSeeOther( request.route_path("admin.project.detail", project_name=project.normalized_name) ) + + +@view_config( + route_name="admin.project.archive", + permission=Permissions.AdminProjectsWrite, + context=Project, + uses_session=True, + require_methods=["POST"], +) +def archive_project_view(project, request) -> HTTPSeeOther: + """ + Archive a Project. Reversible action. + """ + archive_project(project, request) + return HTTPSeeOther( + request.route_path("admin.project.detail", project_name=project.name) + ) + + +@view_config( + route_name="admin.project.unarchive", + permission=Permissions.AdminProjectsWrite, + context=Project, + uses_session=True, + require_methods=["POST"], +) +def unarchive_project_view(project, request) -> HTTPSeeOther: + """ + Unarchive a Project. Reversible action. + """ + unarchive_project(project, request) + return HTTPSeeOther( + request.route_path("admin.project.detail", project_name=project.name) + ) diff --git a/warehouse/events/tags.py b/warehouse/events/tags.py index 61e3161c8e37..22eaaaec92f9 100644 --- a/warehouse/events/tags.py +++ b/warehouse/events/tags.py @@ -124,6 +124,8 @@ class Project(EventTagEnum): OrganizationProjectRemove = "project:organization_project:remove" OwnersRequire2FADisabled = "project:owners_require_2fa:disabled" OwnersRequire2FAEnabled = "project:owners_require_2fa:enabled" + ProjectArchiveEnter = "project:archive:enter" + ProjectArchiveExit = "project:archive:exit" ProjectCreate = "project:create" ProjectQuarantineEnter = "project:quarantine:enter" ProjectQuarantineExit = "project:quarantine:exit" diff --git a/warehouse/locale/messages.pot b/warehouse/locale/messages.pot index 1e2004814d4a..11b047802d45 100644 --- a/warehouse/locale/messages.pot +++ b/warehouse/locale/messages.pot @@ -152,7 +152,7 @@ msgstr "" msgid "Successful WebAuthn assertion" msgstr "" -#: warehouse/accounts/views.py:609 warehouse/manage/views/__init__.py:873 +#: warehouse/accounts/views.py:609 warehouse/manage/views/__init__.py:876 msgid "Recovery code accepted. The supplied code cannot be used again." msgstr "" @@ -286,7 +286,7 @@ msgid "You are now ${role} of the '${project_name}' project." msgstr "" #: warehouse/accounts/views.py:1588 warehouse/accounts/views.py:1831 -#: warehouse/manage/views/__init__.py:1409 +#: warehouse/manage/views/__init__.py:1412 msgid "" "Trusted publishing is temporarily disabled. See https://pypi.org/help" "#admin-intervention for details." @@ -306,19 +306,19 @@ msgstr "" msgid "You can't register more than 3 pending trusted publishers at once." msgstr "" -#: warehouse/accounts/views.py:1654 warehouse/manage/views/__init__.py:1464 -#: warehouse/manage/views/__init__.py:1577 -#: warehouse/manage/views/__init__.py:1689 -#: warehouse/manage/views/__init__.py:1799 +#: warehouse/accounts/views.py:1654 warehouse/manage/views/__init__.py:1467 +#: warehouse/manage/views/__init__.py:1580 +#: warehouse/manage/views/__init__.py:1692 +#: warehouse/manage/views/__init__.py:1802 msgid "" "There have been too many attempted trusted publisher registrations. Try " "again later." msgstr "" -#: warehouse/accounts/views.py:1665 warehouse/manage/views/__init__.py:1478 -#: warehouse/manage/views/__init__.py:1591 -#: warehouse/manage/views/__init__.py:1703 -#: warehouse/manage/views/__init__.py:1813 +#: warehouse/accounts/views.py:1665 warehouse/manage/views/__init__.py:1481 +#: warehouse/manage/views/__init__.py:1594 +#: warehouse/manage/views/__init__.py:1706 +#: warehouse/manage/views/__init__.py:1816 msgid "The trusted publisher could not be registered" msgstr "" @@ -446,157 +446,157 @@ msgid "" "less." msgstr "" -#: warehouse/manage/views/__init__.py:285 +#: warehouse/manage/views/__init__.py:288 msgid "Account details updated" msgstr "" -#: warehouse/manage/views/__init__.py:315 +#: warehouse/manage/views/__init__.py:318 msgid "Email ${email_address} added - check your email for a verification link" msgstr "" -#: warehouse/manage/views/__init__.py:821 +#: warehouse/manage/views/__init__.py:824 msgid "Recovery codes already generated" msgstr "" -#: warehouse/manage/views/__init__.py:822 +#: warehouse/manage/views/__init__.py:825 msgid "Generating new recovery codes will invalidate your existing codes." msgstr "" -#: warehouse/manage/views/__init__.py:931 +#: warehouse/manage/views/__init__.py:934 msgid "Verify your email to create an API token." msgstr "" -#: warehouse/manage/views/__init__.py:1031 +#: warehouse/manage/views/__init__.py:1034 msgid "API Token does not exist." msgstr "" -#: warehouse/manage/views/__init__.py:1063 +#: warehouse/manage/views/__init__.py:1066 msgid "Invalid credentials. Try again" msgstr "" -#: warehouse/manage/views/__init__.py:1182 +#: warehouse/manage/views/__init__.py:1185 msgid "Invalid alternate repository location details" msgstr "" -#: warehouse/manage/views/__init__.py:1219 +#: warehouse/manage/views/__init__.py:1222 msgid "Added alternate repository '${name}'" msgstr "" -#: warehouse/manage/views/__init__.py:1253 -#: warehouse/manage/views/__init__.py:2146 -#: warehouse/manage/views/__init__.py:2231 -#: warehouse/manage/views/__init__.py:2332 -#: warehouse/manage/views/__init__.py:2432 +#: warehouse/manage/views/__init__.py:1256 +#: warehouse/manage/views/__init__.py:2149 +#: warehouse/manage/views/__init__.py:2234 +#: warehouse/manage/views/__init__.py:2335 +#: warehouse/manage/views/__init__.py:2435 msgid "Confirm the request" msgstr "" -#: warehouse/manage/views/__init__.py:1265 +#: warehouse/manage/views/__init__.py:1268 msgid "Invalid alternate repository id" msgstr "" -#: warehouse/manage/views/__init__.py:1276 +#: warehouse/manage/views/__init__.py:1279 msgid "Invalid alternate repository for project" msgstr "" -#: warehouse/manage/views/__init__.py:1284 +#: warehouse/manage/views/__init__.py:1287 msgid "" "Could not delete alternate repository - ${confirm} is not the same as " "${alt_repo_name}" msgstr "" -#: warehouse/manage/views/__init__.py:1314 +#: warehouse/manage/views/__init__.py:1317 msgid "Deleted alternate repository '${name}'" msgstr "" -#: warehouse/manage/views/__init__.py:1445 +#: warehouse/manage/views/__init__.py:1448 msgid "" "GitHub-based trusted publishing is temporarily disabled. See " "https://pypi.org/help#admin-intervention for details." msgstr "" -#: warehouse/manage/views/__init__.py:1558 +#: warehouse/manage/views/__init__.py:1561 msgid "" "GitLab-based trusted publishing is temporarily disabled. See " "https://pypi.org/help#admin-intervention for details." msgstr "" -#: warehouse/manage/views/__init__.py:1670 +#: warehouse/manage/views/__init__.py:1673 msgid "" "Google-based trusted publishing is temporarily disabled. See " "https://pypi.org/help#admin-intervention for details." msgstr "" -#: warehouse/manage/views/__init__.py:1779 +#: warehouse/manage/views/__init__.py:1782 msgid "" "ActiveState-based trusted publishing is temporarily disabled. See " "https://pypi.org/help#admin-intervention for details." msgstr "" -#: warehouse/manage/views/__init__.py:2014 -#: warehouse/manage/views/__init__.py:2315 -#: warehouse/manage/views/__init__.py:2423 +#: warehouse/manage/views/__init__.py:2017 +#: warehouse/manage/views/__init__.py:2318 +#: warehouse/manage/views/__init__.py:2426 msgid "" "Project deletion temporarily disabled. See https://pypi.org/help#admin-" "intervention for details." msgstr "" -#: warehouse/manage/views/__init__.py:2158 +#: warehouse/manage/views/__init__.py:2161 msgid "Could not yank release - " msgstr "" -#: warehouse/manage/views/__init__.py:2243 +#: warehouse/manage/views/__init__.py:2246 msgid "Could not un-yank release - " msgstr "" -#: warehouse/manage/views/__init__.py:2344 +#: warehouse/manage/views/__init__.py:2347 msgid "Could not delete release - " msgstr "" -#: warehouse/manage/views/__init__.py:2444 +#: warehouse/manage/views/__init__.py:2447 msgid "Could not find file" msgstr "" -#: warehouse/manage/views/__init__.py:2448 +#: warehouse/manage/views/__init__.py:2451 msgid "Could not delete file - " msgstr "" -#: warehouse/manage/views/__init__.py:2598 +#: warehouse/manage/views/__init__.py:2601 msgid "Team '${team_name}' already has ${role_name} role for project" msgstr "" -#: warehouse/manage/views/__init__.py:2705 +#: warehouse/manage/views/__init__.py:2708 msgid "User '${username}' already has ${role_name} role for project" msgstr "" -#: warehouse/manage/views/__init__.py:2772 +#: warehouse/manage/views/__init__.py:2775 msgid "${username} is now ${role} of the '${project_name}' project." msgstr "" -#: warehouse/manage/views/__init__.py:2804 +#: warehouse/manage/views/__init__.py:2807 msgid "" "User '${username}' does not have a verified primary email address and " "cannot be added as a ${role_name} for project" msgstr "" -#: warehouse/manage/views/__init__.py:2817 +#: warehouse/manage/views/__init__.py:2820 #: warehouse/manage/views/organizations.py:878 msgid "User '${username}' already has an active invite. Please try again later." msgstr "" -#: warehouse/manage/views/__init__.py:2882 +#: warehouse/manage/views/__init__.py:2885 #: warehouse/manage/views/organizations.py:943 msgid "Invitation sent to '${username}'" msgstr "" -#: warehouse/manage/views/__init__.py:2915 +#: warehouse/manage/views/__init__.py:2918 msgid "Could not find role invitation." msgstr "" -#: warehouse/manage/views/__init__.py:2926 +#: warehouse/manage/views/__init__.py:2929 msgid "Invitation already expired." msgstr "" -#: warehouse/manage/views/__init__.py:2958 +#: warehouse/manage/views/__init__.py:2961 #: warehouse/manage/views/organizations.py:1130 msgid "Invitation revoked from '${username}'." msgstr "" @@ -859,8 +859,8 @@ msgstr "" #: warehouse/templates/manage/project/release.html:194 #: warehouse/templates/manage/project/releases.html:140 #: warehouse/templates/manage/project/releases.html:179 -#: warehouse/templates/packaging/detail.html:407 -#: warehouse/templates/packaging/detail.html:427 +#: warehouse/templates/packaging/detail.html:417 +#: warehouse/templates/packaging/detail.html:437 #: warehouse/templates/pages/classifiers.html:25 #: warehouse/templates/pages/help.html:20 #: warehouse/templates/pages/help.html:228 @@ -1097,9 +1097,9 @@ msgstr "" #: warehouse/templates/manage/organization/settings.html:286 #: warehouse/templates/manage/project/documentation.html:27 #: warehouse/templates/manage/project/release.html:182 -#: warehouse/templates/manage/project/settings.html:87 -#: warehouse/templates/manage/project/settings.html:136 -#: warehouse/templates/manage/project/settings.html:357 +#: warehouse/templates/manage/project/settings.html:119 +#: warehouse/templates/manage/project/settings.html:168 +#: warehouse/templates/manage/project/settings.html:389 #: warehouse/templates/manage/team/settings.html:84 msgid "Warning" msgstr "" @@ -1465,9 +1465,9 @@ msgstr "" #: warehouse/templates/manage/project/roles.html:328 #: warehouse/templates/manage/project/roles.html:359 #: warehouse/templates/manage/project/roles.html:380 -#: warehouse/templates/manage/project/settings.html:287 -#: warehouse/templates/manage/project/settings.html:307 -#: warehouse/templates/manage/project/settings.html:327 +#: warehouse/templates/manage/project/settings.html:319 +#: warehouse/templates/manage/project/settings.html:339 +#: warehouse/templates/manage/project/settings.html:359 #: warehouse/templates/manage/team/roles.html:106 #: warehouse/templates/manage/team/settings.html:35 #: warehouse/templates/packaging/submit-malware-observation.html:58 @@ -1761,9 +1761,9 @@ msgstr "" #: warehouse/templates/manage/project/history.html:312 #: warehouse/templates/manage/project/history.html:323 #: warehouse/templates/manage/project/history.html:334 -#: warehouse/templates/manage/project/settings.html:224 -#: warehouse/templates/manage/project/settings.html:285 -#: warehouse/templates/manage/project/settings.html:291 +#: warehouse/templates/manage/project/settings.html:256 +#: warehouse/templates/manage/project/settings.html:317 +#: warehouse/templates/manage/project/settings.html:323 #: warehouse/templates/manage/unverified-account.html:112 msgid "Name" msgstr "" @@ -2686,7 +2686,7 @@ msgstr "" #: warehouse/templates/manage/manage_base.html:331 #: warehouse/templates/manage/project/release.html:137 #: warehouse/templates/manage/project/releases.html:178 -#: warehouse/templates/manage/project/settings.html:72 +#: warehouse/templates/manage/project/settings.html:104 #: warehouse/templates/manage/unverified-account.html:172 #: warehouse/templates/manage/unverified-account.html:174 #: warehouse/templates/manage/unverified-account.html:184 @@ -3343,12 +3343,12 @@ msgid "Update password" msgstr "" #: warehouse/templates/manage/account.html:472 -#: warehouse/templates/manage/project/settings.html:43 +#: warehouse/templates/manage/project/settings.html:75 msgid "API tokens" msgstr "" #: warehouse/templates/manage/account.html:473 -#: warehouse/templates/manage/project/settings.html:44 +#: warehouse/templates/manage/project/settings.html:76 msgid "" "API tokens provide an alternative way to authenticate when uploading " "packages to PyPI." @@ -4555,7 +4555,7 @@ msgstr "" #: warehouse/templates/manage/project/publishing.html:275 #: warehouse/templates/manage/project/publishing.html:357 #: warehouse/templates/manage/project/roles.html:341 -#: warehouse/templates/manage/project/settings.html:348 +#: warehouse/templates/manage/project/settings.html:380 #: warehouse/templates/manage/team/roles.html:131 msgid "Add" msgstr "" @@ -5603,7 +5603,7 @@ msgstr "" #: warehouse/templates/manage/organization/roles.html:252 #: warehouse/templates/manage/project/release.html:106 #: warehouse/templates/manage/project/releases.html:109 -#: warehouse/templates/manage/project/settings.html:252 +#: warehouse/templates/manage/project/settings.html:284 msgid "Delete" msgstr "" @@ -6000,9 +6000,9 @@ msgstr "" #: warehouse/templates/manage/project/history.html:313 #: warehouse/templates/manage/project/history.html:324 #: warehouse/templates/manage/project/history.html:335 -#: warehouse/templates/manage/project/settings.html:225 -#: warehouse/templates/manage/project/settings.html:305 -#: warehouse/templates/manage/project/settings.html:311 +#: warehouse/templates/manage/project/settings.html:257 +#: warehouse/templates/manage/project/settings.html:337 +#: warehouse/templates/manage/project/settings.html:343 msgid "Url" msgstr "" @@ -6181,7 +6181,7 @@ msgstr "" #: warehouse/templates/manage/project/release.html:137 #: warehouse/templates/manage/project/releases.html:178 -#: warehouse/templates/manage/project/settings.html:72 +#: warehouse/templates/manage/project/settings.html:104 msgid "Dismiss" msgstr "" @@ -6524,23 +6524,51 @@ msgstr "" msgid " (request an increase) " msgstr "" +#: warehouse/templates/manage/project/settings.html:43 +#: warehouse/templates/manage/project/settings.html:57 +#: warehouse/templates/manage/project/settings.html:65 +msgid "Archive project" +msgstr "" + #: warehouse/templates/manage/project/settings.html:48 +msgid "" +"Archiving a project will block any new uploads. Before doing so, we " +"recommend publishing a final release with an update to the project's " +"README to warn the users that the project won't receive further updates, " +"and to mention any alternative projects they may consider as a " +"replacement." +msgstr "" + +#: warehouse/templates/manage/project/settings.html:60 +#: warehouse/templates/manage/project/settings.html:71 +msgid "Unarchive project" +msgstr "" + +#: warehouse/templates/manage/project/settings.html:66 +msgid "Archiving a project will block any new file uploads" +msgstr "" + +#: warehouse/templates/manage/project/settings.html:72 +msgid "Unarchiving a project will allow new file uploads" +msgstr "" + +#: warehouse/templates/manage/project/settings.html:80 #, python-format msgid "Create a token for %(project_name)s" msgstr "" -#: warehouse/templates/manage/project/settings.html:53 +#: warehouse/templates/manage/project/settings.html:85 #, python-format msgid "" "Verify your primary email address to add an API " "token for %(project_name)s." msgstr "" -#: warehouse/templates/manage/project/settings.html:60 +#: warehouse/templates/manage/project/settings.html:92 msgid "Project description and sidebar" msgstr "" -#: warehouse/templates/manage/project/settings.html:62 +#: warehouse/templates/manage/project/settings.html:94 #, python-format msgid "" "To set the '%(project_name)s' description, author, links, classifiers, " @@ -6556,147 +6584,147 @@ msgid "" "Python Packaging User Guide for more help." msgstr "" -#: warehouse/templates/manage/project/settings.html:85 +#: warehouse/templates/manage/project/settings.html:117 msgid "Remove project from organization" msgstr "" -#: warehouse/templates/manage/project/settings.html:88 +#: warehouse/templates/manage/project/settings.html:120 msgid "Removing this project from the organization will:" msgstr "" -#: warehouse/templates/manage/project/settings.html:92 -#: warehouse/templates/manage/project/settings.html:142 +#: warehouse/templates/manage/project/settings.html:124 +#: warehouse/templates/manage/project/settings.html:174 #, python-format msgid "Remove this project from the '%(organization_name)s' organization." msgstr "" -#: warehouse/templates/manage/project/settings.html:95 -#: warehouse/templates/manage/project/settings.html:145 +#: warehouse/templates/manage/project/settings.html:127 +#: warehouse/templates/manage/project/settings.html:177 #, python-format msgid "" "Revoke project permissions for teams in the '%(organization_name)s' " "organization." msgstr "" -#: warehouse/templates/manage/project/settings.html:99 -#: warehouse/templates/manage/project/settings.html:105 +#: warehouse/templates/manage/project/settings.html:131 +#: warehouse/templates/manage/project/settings.html:137 msgid "" "Individual owners and maintainers of the project will retain their " "project permissions." msgstr "" -#: warehouse/templates/manage/project/settings.html:104 +#: warehouse/templates/manage/project/settings.html:136 #, python-format msgid "" "This will remove the project from the '%(organization_name)s' " "organization." msgstr "" -#: warehouse/templates/manage/project/settings.html:108 +#: warehouse/templates/manage/project/settings.html:140 msgid "Remove project" msgstr "" -#: warehouse/templates/manage/project/settings.html:108 -#: warehouse/templates/manage/project/settings.html:179 -#: warehouse/templates/manage/project/settings.html:395 +#: warehouse/templates/manage/project/settings.html:140 +#: warehouse/templates/manage/project/settings.html:211 +#: warehouse/templates/manage/project/settings.html:427 msgid "Project Name" msgstr "" -#: warehouse/templates/manage/project/settings.html:112 +#: warehouse/templates/manage/project/settings.html:144 msgid "Cannot remove project from organization" msgstr "" -#: warehouse/templates/manage/project/settings.html:114 +#: warehouse/templates/manage/project/settings.html:146 msgid "" "Your organization is currently the sole owner of the " "project. You must add an individual owner to the project before you can " "remove the project from your organization." msgstr "" -#: warehouse/templates/manage/project/settings.html:130 +#: warehouse/templates/manage/project/settings.html:162 msgid "Transfer project to another organization" msgstr "" -#: warehouse/templates/manage/project/settings.html:132 +#: warehouse/templates/manage/project/settings.html:164 msgid "Transfer project to an organization" msgstr "" -#: warehouse/templates/manage/project/settings.html:137 +#: warehouse/templates/manage/project/settings.html:169 msgid "Transferring this project will:" msgstr "" -#: warehouse/templates/manage/project/settings.html:149 +#: warehouse/templates/manage/project/settings.html:181 msgid "Revoke your direct Owner role on the project." msgstr "" -#: warehouse/templates/manage/project/settings.html:152 +#: warehouse/templates/manage/project/settings.html:184 msgid "" "You will retain Owner permissions on the project through your " "organization role." msgstr "" -#: warehouse/templates/manage/project/settings.html:157 +#: warehouse/templates/manage/project/settings.html:189 msgid "Add the project to another organization that you own." msgstr "" -#: warehouse/templates/manage/project/settings.html:159 +#: warehouse/templates/manage/project/settings.html:191 msgid "Add the project to an organization that you own." msgstr "" -#: warehouse/templates/manage/project/settings.html:163 +#: warehouse/templates/manage/project/settings.html:195 msgid "Grant full project permissions to owners of the organization." msgstr "" -#: warehouse/templates/manage/project/settings.html:167 +#: warehouse/templates/manage/project/settings.html:199 msgid "" "All other individual owners and maintainers of the project will retain " "their project permissions." msgstr "" -#: warehouse/templates/manage/project/settings.html:179 +#: warehouse/templates/manage/project/settings.html:211 msgid "Transfer project" msgstr "" -#: warehouse/templates/manage/project/settings.html:185 +#: warehouse/templates/manage/project/settings.html:217 msgid "Cannot transfer project to another organization" msgstr "" -#: warehouse/templates/manage/project/settings.html:187 +#: warehouse/templates/manage/project/settings.html:219 msgid "Cannot transfer project to an organization" msgstr "" -#: warehouse/templates/manage/project/settings.html:192 +#: warehouse/templates/manage/project/settings.html:224 msgid "" "Organization owners can transfer the project to organizations that they " "own or manage." msgstr "" -#: warehouse/templates/manage/project/settings.html:193 +#: warehouse/templates/manage/project/settings.html:225 msgid "You are not an owner or manager of any other organizations." msgstr "" -#: warehouse/templates/manage/project/settings.html:195 +#: warehouse/templates/manage/project/settings.html:227 msgid "" "Project owners can transfer the project to organizations that they own or" " manage." msgstr "" -#: warehouse/templates/manage/project/settings.html:196 +#: warehouse/templates/manage/project/settings.html:228 msgid "You are not an owner or manager of any organizations." msgstr "" -#: warehouse/templates/manage/project/settings.html:205 +#: warehouse/templates/manage/project/settings.html:237 msgid "Alternate repository locations" msgstr "" -#: warehouse/templates/manage/project/settings.html:209 +#: warehouse/templates/manage/project/settings.html:241 #, python-format msgid "" "Provisional support for PEP 708 \"Alternate " "Locations\" Metadata." msgstr "" -#: warehouse/templates/manage/project/settings.html:213 +#: warehouse/templates/manage/project/settings.html:245 #, python-format msgid "" "Implementation may change, consider subscribing to %(count)s" @@ -6763,15 +6791,15 @@ msgid_plural "" msgstr[0] "" msgstr[1] "" -#: warehouse/templates/manage/project/settings.html:369 +#: warehouse/templates/manage/project/settings.html:401 msgid "Irreversibly delete the project" msgstr "" -#: warehouse/templates/manage/project/settings.html:373 +#: warehouse/templates/manage/project/settings.html:405 msgid "Make the project name available to any other PyPI user" msgstr "" -#: warehouse/templates/manage/project/settings.html:375 +#: warehouse/templates/manage/project/settings.html:407 msgid "" "This user will be able to make new releases under this project name, so " "long as the distribution filenames do not match filenames from a " @@ -6961,7 +6989,7 @@ msgstr "" #: warehouse/templates/packaging/detail.html:238 #: warehouse/templates/packaging/detail.html:272 -#: warehouse/templates/packaging/detail.html:322 +#: warehouse/templates/packaging/detail.html:332 msgid "Project description" msgstr "" @@ -6972,7 +7000,7 @@ msgstr "" #: warehouse/templates/packaging/detail.html:244 #: warehouse/templates/packaging/detail.html:284 -#: warehouse/templates/packaging/detail.html:344 +#: warehouse/templates/packaging/detail.html:354 msgid "Release history" msgstr "" @@ -6983,7 +7011,7 @@ msgstr "" #: warehouse/templates/packaging/detail.html:251 #: warehouse/templates/packaging/detail.html:291 -#: warehouse/templates/packaging/detail.html:406 +#: warehouse/templates/packaging/detail.html:416 msgid "Download files" msgstr "" @@ -6992,40 +7020,50 @@ msgid "Project details. Focus will be moved to the project details." msgstr "" #: warehouse/templates/packaging/detail.html:278 -#: warehouse/templates/packaging/detail.html:336 +#: warehouse/templates/packaging/detail.html:346 msgid "Project details" msgstr "" #: warehouse/templates/packaging/detail.html:318 -#: warehouse/templates/packaging/detail.html:393 +msgid "This project has been archived." +msgstr "" + +#: warehouse/templates/packaging/detail.html:320 +msgid "" +"The maintainers of this project have marked this project as archived. No " +"new releases are expected." +msgstr "" + +#: warehouse/templates/packaging/detail.html:328 +#: warehouse/templates/packaging/detail.html:403 msgid "Reason this release was yanked:" msgstr "" -#: warehouse/templates/packaging/detail.html:329 +#: warehouse/templates/packaging/detail.html:339 msgid "The author of this package has not provided a project description" msgstr "" -#: warehouse/templates/packaging/detail.html:346 +#: warehouse/templates/packaging/detail.html:356 msgid "Release notifications" msgstr "" -#: warehouse/templates/packaging/detail.html:347 +#: warehouse/templates/packaging/detail.html:357 msgid "RSS feed" msgstr "" -#: warehouse/templates/packaging/detail.html:359 +#: warehouse/templates/packaging/detail.html:369 msgid "This version" msgstr "" -#: warehouse/templates/packaging/detail.html:379 +#: warehouse/templates/packaging/detail.html:389 msgid "pre-release" msgstr "" -#: warehouse/templates/packaging/detail.html:384 +#: warehouse/templates/packaging/detail.html:394 msgid "yanked" msgstr "" -#: warehouse/templates/packaging/detail.html:407 +#: warehouse/templates/packaging/detail.html:417 #, python-format msgid "" "Download the file for your platform. If you're not sure which to choose, " @@ -7033,24 +7071,24 @@ msgid "" "target=\"_blank\" rel=\"noopener\">installing packages." msgstr "" -#: warehouse/templates/packaging/detail.html:410 +#: warehouse/templates/packaging/detail.html:420 msgid "Source Distribution" msgid_plural "Source Distributions" msgstr[0] "" msgstr[1] "" -#: warehouse/templates/packaging/detail.html:426 +#: warehouse/templates/packaging/detail.html:436 msgid "No source distribution files available for this release." msgstr "" -#: warehouse/templates/packaging/detail.html:427 +#: warehouse/templates/packaging/detail.html:437 #, python-format msgid "" "See tutorial on generating distribution archives." msgstr "" -#: warehouse/templates/packaging/detail.html:434 +#: warehouse/templates/packaging/detail.html:444 msgid "Built Distribution" msgid_plural "Built Distributions" msgstr[0] "" diff --git a/warehouse/manage/views/__init__.py b/warehouse/manage/views/__init__.py index a5f9602ff5be..f74679cebacc 100644 --- a/warehouse/manage/views/__init__.py +++ b/warehouse/manage/views/__init__.py @@ -140,11 +140,16 @@ from warehouse.rate_limiting import IRateLimiter from warehouse.utils.http import is_safe_url from warehouse.utils.paginate import paginate_url_factory -from warehouse.utils.project import confirm_project, destroy_docs, remove_project +from warehouse.utils.project import ( + archive_project, + confirm_project, + destroy_docs, + remove_project, + unarchive_project, +) class ManageAccountMixin: - def __init__(self, request): self.request = request self.user_service = request.find_service(IUserService, context=None) @@ -218,7 +223,6 @@ def reverify_email(self): ) @lift() class ManageUnverifiedAccountViews(ManageAccountMixin): - @view_config(request_method="GET") def manage_unverified_account(self): return {"help_url": self.request.help_url(_anchor="account-recovery")} @@ -236,7 +240,6 @@ def manage_unverified_account(self): ) @lift() class ManageVerifiedAccountViews(ManageAccountMixin): - @property def active_projects(self): return user_projects(request=self.request)["projects_sole_owned"] @@ -3180,3 +3183,37 @@ def manage_project_history(project, request): ) def manage_project_documentation(project, request): return {"project": project} + + +@view_config( + route_name="manage.project.archive", + context=Project, + uses_session=True, + require_methods=["POST"], + permission=Permissions.ProjectsWrite, +) +def archive_project_view(project, request) -> HTTPSeeOther: + """ + Archive a Project. Reversible action. + """ + archive_project(project, request) + return HTTPSeeOther( + request.route_path("manage.project.settings", project_name=project.name) + ) + + +@view_config( + route_name="manage.project.unarchive", + context=Project, + uses_session=True, + require_methods=["POST"], + permission=Permissions.ProjectsWrite, +) +def unarchive_project_view(project, request) -> HTTPSeeOther: + """ + Unarchive a Project. Reversible action. + """ + unarchive_project(project, request) + return HTTPSeeOther( + request.route_path("manage.project.settings", project_name=project.name) + ) diff --git a/warehouse/migrations/versions/12a43f12cc18_add_new_lifecycle_statuses.py b/warehouse/migrations/versions/12a43f12cc18_add_new_lifecycle_statuses.py new file mode 100644 index 000000000000..5ff9ef22742e --- /dev/null +++ b/warehouse/migrations/versions/12a43f12cc18_add_new_lifecycle_statuses.py @@ -0,0 +1,55 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +""" +Add new lifecycle statuses + +Revision ID: 12a43f12cc18 +Revises: f7720656a33c +""" + +from alembic import op +from alembic_postgresql_enum import TableReference + +revision = "12a43f12cc18" +down_revision = "f7720656a33c" + + +def upgrade(): + op.sync_enum_values( + "public", + "lifecyclestatus", + ["quarantine-enter", "quarantine-exit", "archived"], + [ + TableReference( + table_schema="public", + table_name="projects", + column_name="lifecycle_status", + ) + ], + enum_values_to_rename=[], + ) + + +def downgrade(): + op.sync_enum_values( + "public", + "lifecyclestatus", + ["quarantine-enter", "quarantine-exit"], + [ + TableReference( + table_schema="public", + table_name="projects", + column_name="lifecycle_status", + ) + ], + enum_values_to_rename=[], + ) diff --git a/warehouse/packaging/models.py b/warehouse/packaging/models.py index a023eafb738a..59e2a30ed426 100644 --- a/warehouse/packaging/models.py +++ b/warehouse/packaging/models.py @@ -166,6 +166,7 @@ def __contains__(self, project): class LifecycleStatus(enum.StrEnum): QuarantineEnter = "quarantine-enter" QuarantineExit = "quarantine-exit" + Archived = "archived" class Project(SitemapMixin, HasEvents, HasObservations, db.Model): @@ -327,10 +328,14 @@ def __acl__(self): (Allow, Authenticated, Permissions.SubmitMalwareObservation), ] - # The project has zero or more OIDC publishers registered to it, - # each of which serves as an identity with the ability to upload releases. - for publisher in self.oidc_publishers: - acls.append((Allow, f"oidc:{publisher.id}", [Permissions.ProjectsUpload])) + if self.lifecycle_status != LifecycleStatus.Archived: + # The project has zero or more OIDC publishers registered to it, + # each of which serves as an identity with the ability to upload releases + # (only if the project is not archived) + for publisher in self.oidc_publishers: + acls.append( + (Allow, f"oidc:{publisher.id}", [Permissions.ProjectsUpload]) + ) # Get all of the users for this project. user_query = ( @@ -376,27 +381,25 @@ def __acl__(self): for user_id, permission_name in sorted(permissions, key=lambda x: (x[1], x[0])): # Disallow Write permissions for Projects in quarantine, allow Upload if self.lifecycle_status == LifecycleStatus.QuarantineEnter: - acls.append( - ( - Allow, - f"user:{user_id}", - [Permissions.ProjectsRead, Permissions.ProjectsUpload], - ) - ) + current_permissions = [ + Permissions.ProjectsRead, + Permissions.ProjectsUpload, + ] elif permission_name == "Administer": - acls.append( - ( - Allow, - f"user:{user_id}", - [ - Permissions.ProjectsRead, - Permissions.ProjectsUpload, - Permissions.ProjectsWrite, - ], - ) - ) + current_permissions = [ + Permissions.ProjectsRead, + Permissions.ProjectsUpload, + Permissions.ProjectsWrite, + ] else: - acls.append((Allow, f"user:{user_id}", [Permissions.ProjectsUpload])) + current_permissions = [Permissions.ProjectsUpload] + + if self.lifecycle_status == LifecycleStatus.Archived: + # Disallow upload permissions for archived projects + current_permissions.remove(Permissions.ProjectsUpload) + + if current_permissions: + acls.append((Allow, f"user:{user_id}", current_permissions)) return acls @property diff --git a/warehouse/routes.py b/warehouse/routes.py index c31158dbab82..e8566619705c 100644 --- a/warehouse/routes.py +++ b/warehouse/routes.py @@ -493,6 +493,20 @@ def includeme(config): traverse="/{project_name}", domain=warehouse, ) + config.add_route( + "manage.project.archive", + "/manage/project/{project_name}/archive/", + factory="warehouse.packaging.models:ProjectFactory", + traverse="/{project_name}", + domain=warehouse, + ) + config.add_route( + "manage.project.unarchive", + "/manage/project/{project_name}/unarchive/", + factory="warehouse.packaging.models:ProjectFactory", + traverse="/{project_name}", + domain=warehouse, + ) config.add_route( "manage.project.history", "/manage/project/{project_name}/history/", diff --git a/warehouse/templates/manage/project/settings.html b/warehouse/templates/manage/project/settings.html index 609b684067f6..79351180ecb3 100644 --- a/warehouse/templates/manage/project/settings.html +++ b/warehouse/templates/manage/project/settings.html @@ -40,6 +40,38 @@

{% trans %}Project settings{% endtrans %}

(request an increase) {% endtrans %} +

{% trans %}Archive project{% endtrans %}

+ {% set can_be_archived = not project.lifecycle_status or project.lifecycle_status == "quarantine-exit" %} + {% set can_be_unarchived = project.lifecycle_status == "archived" %} +
+

+ {% trans %} + Archiving a project will block any new uploads. Before doing so, we + recommend publishing a final release with an update to the project's + README to warn the users that the project won't receive further updates, + and to mention any alternative projects they may consider as a replacement. + {% endtrans %} +

+
+ + {% trans %}Archive project{% endtrans %} + + + {% trans %}Unarchive project{% endtrans %} + + + {% set action = request.route_path('manage.project.archive', project_name=project.name) %} + {% set slug = "archive-project" %} + {% set title = gettext("Archive project") %} + {% set extra_description = gettext("Archiving a project will block any new file uploads") %} + {{ confirm_modal(title=title, label=project.name, slug=slug, extra_description=extra_description, action=action, warning=False) }} + + {% set action = request.route_path('manage.project.unarchive', project_name=project.name) %} + {% set slug = "unarchive-project" %} + {% set title = gettext("Unarchive project") %} + {% set extra_description = gettext("Unarchiving a project will allow new file uploads") %} + {{ confirm_modal(title=title, label=project.name, slug=slug, extra_description=extra_description, action=action, warning=False) }} +

{% trans %}API tokens{% endtrans %}

{% trans %}API tokens provide an alternative way to authenticate when uploading packages to PyPI.{% endtrans %}

{% if user.has_primary_verified_email %} diff --git a/warehouse/templates/packaging/detail.html b/warehouse/templates/packaging/detail.html index fef56c293cda..a789e0897261 100644 --- a/warehouse/templates/packaging/detail.html +++ b/warehouse/templates/packaging/detail.html @@ -313,6 +313,16 @@

{% trans %}Navigation{% endtrans %}

{% endtrans %}

+ {% elif project.lifecycle_status == "archived" %} +
+

{% trans %}This project has been archived.{% endtrans %}

+

+ {% trans %} + The maintainers of this project have marked this project as archived. + No new releases are expected. + {% endtrans %} +

+
{% elif release.yanked and release.yanked_reason %}

{% trans %}Reason this release was yanked:{% endtrans %}

diff --git a/warehouse/utils/project.py b/warehouse/utils/project.py index 5e4d83882b3e..eea718429030 100644 --- a/warehouse/utils/project.py +++ b/warehouse/utils/project.py @@ -189,3 +189,44 @@ def destroy_docs(project, request, flash=True): request.session.flash( f"Deleted docs for project {project.name!r}", queue="success" ) + + +def archive_project(project: Project, request) -> None: + if ( + project.lifecycle_status is not None + and project.lifecycle_status != LifecycleStatus.QuarantineExit + ): + request.session.flash( + f"Cannot archive project with status {project.lifecycle_status}", + queue="error", + ) + return + + project.lifecycle_status = LifecycleStatus.Archived + project.record_event( + tag=EventTag.Project.ProjectArchiveEnter, + request=request, + additional={ + "submitted_by": request.user.username, + }, + ) + request.session.flash("Project archived", queue="success") + + +def unarchive_project(project: Project, request) -> None: + if project.lifecycle_status != LifecycleStatus.Archived: + request.session.flash( + "Can only unarchive an archived project", + queue="error", + ) + return + + project.lifecycle_status = None + project.record_event( + tag=EventTag.Project.ProjectArchiveExit, + request=request, + additional={ + "submitted_by": request.user.username, + }, + ) + request.session.flash("Project unarchived", queue="success")