(tooling-trusted-releases) branch sbp updated: Strengthen a couple of authorisation patterns

Fri, 20 Feb 2026 12:44:06 -0800 

This is an automated email from the ASF dual-hosted git repository.

sbp pushed a commit to branch sbp
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git


The following commit(s) were added to refs/heads/sbp by this push:
     new fa00a7ba Strengthen a couple of authorisation patterns
fa00a7ba is described below

commit fa00a7bac75a8e953127b73545a87eba48c7eb3c
Author: Sean B. Palmer <[email protected]>
AuthorDate: Fri Feb 20 20:43:19 2026 +0000

    Strengthen a couple of authorisation patterns
---
 atr/admin/__init__.py         | 6 +++---
 atr/storage/writers/tokens.py | 4 ++++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/atr/admin/__init__.py b/atr/admin/__init__.py
index fe0ec2e2..55c4cc78 100644
--- a/atr/admin/__init__.py
+++ b/atr/admin/__init__.py
@@ -739,14 +739,14 @@ async def revoke_user_tokens_post(
     session: web.Committer, revoke_form: RevokeUserTokensForm
 ) -> str | web.WerkzeugResponse:
     """Revoke all Personal Access Tokens for a specified user."""
-    target_uid = revoke_form.asf_uid.strip()
+    target_uid = revoke_form.asf_uid
 
     async with storage.write(session) as write:
-        wafa = write.as_foundation_admin("infrastructure")
+        wafa = write.as_foundation_admin(session.asf_uid)
         count = await wafa.tokens.revoke_all_user_tokens(target_uid)
 
     if count > 0:
-        await quart.flash(f"Revoked {count} token(s) for {target_uid}.", 
"success")
+        await quart.flash(f"Revoked {util.plural(count, 'token')} for 
{target_uid}.", "success")
     else:
         await quart.flash(f"No tokens found for {target_uid}.", "info")
 
diff --git a/atr/storage/writers/tokens.py b/atr/storage/writers/tokens.py
index 67679c3c..bf412286 100644
--- a/atr/storage/writers/tokens.py
+++ b/atr/storage/writers/tokens.py
@@ -183,6 +183,10 @@ class FoundationAdmin(CommitteeMember):
         self.__write = write
         self.__write_as = write_as
         self.__data = data
+        asf_uid = write.authorisation.asf_uid
+        if asf_uid is None:
+            raise storage.AccessError("Not authorized")
+        self.__asf_uid = asf_uid
 
     async def revoke_all_user_tokens(self, target_asf_uid: str) -> int:
         """Revoke all PATs for a specified user. Returns count of revoked 
tokens."""


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to