(tooling-trusted-releases) branch arm updated: #919 - remove action buttons from committee page for non-members/admins

[arm]

This is an automated email from the ASF dual-hosted git repository.

arm pushed a commit to branch arm
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git


The following commit(s) were added to refs/heads/arm by this push:
     new 692f7790 #919 - remove action buttons from committee page for 
non-members/admins
692f7790 is described below

commit 692f7790b31d64258d1ba34101128801f28e2c74
Author: Alastair McFarlane <a...@apache.org>
AuthorDate: Fri Mar 27 15:53:55 2026 +0000

    #919 - remove action buttons from committee page for non-members/admins
---
 atr/get/committees.py             |  6 +++++-
 atr/templates/committee-view.html | 21 +++++++++++++--------
 atr/web.py                        |  9 ++++++---
 3 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/atr/get/committees.py b/atr/get/committees.py
index 4aaa0fc8..e5a663f9 100644
--- a/atr/get/committees.py
+++ b/atr/get/committees.py
@@ -49,7 +49,7 @@ async def directory(_session: web.Public, _committees: 
Literal["committees"]) ->
 
 
 @get.typed
-async def view(_session: web.Public, _committees: Literal["committees"], name: 
safe.CommitteeKey) -> str:
+async def view(session: web.Public, _committees: Literal["committees"], name: 
safe.CommitteeKey) -> str:
     """
     URL: /committees/<name>
     """
@@ -61,6 +61,9 @@ async def view(_session: web.Public, _committees: 
Literal["committees"], name: s
             _public_signing_keys=True,
         ).demand(base.ASFQuartException(f"Committee {name!s} not found", 
errorcode=404))
     project_list = list(committee.projects)
+    committee_member = False
+    if isinstance(session, web.Committer):
+        committee_member = await session.check_access_committee(name, False)
     for project in project_list:
         # Workaround for the usual loading problem
         project.committee = committee
@@ -71,6 +74,7 @@ async def view(_session: web.Public, _committees: 
Literal["committees"], name: s
         algorithms=shared.algorithms,
         now=datetime.datetime.now(datetime.UTC),
         email_from_key=util.email_from_uid,
+        is_committee_member=committee_member,
         update_committee_keys_form=form.render(
             model_cls=shared.keys.UpdateCommitteeKeysForm,
             action=util.as_url(post.keys.keys),
diff --git a/atr/templates/committee-view.html 
b/atr/templates/committee-view.html
index f4f71dc1..271350ca 100644
--- a/atr/templates/committee-view.html
+++ b/atr/templates/committee-view.html
@@ -2,7 +2,7 @@
 
 {%- block title -%}Committee ~ ATR{%- endblock title -%}
 
-{%- block description -%}Information regarding an Apachommittee.{%- endblock 
description -%}
+{%- block description -%}Information regarding an Apache committee.{%- 
endblock description -%}
 
 {% block content %}
   <h1>{{ committee.display_name }}</h1>
@@ -43,9 +43,11 @@
         <h3 class="mb-2">Signing keys</h3>
       </div>
       <div class="card-body">
-        <div class="mb-4">
-          <a href="{{ as_url(get.keys.upload) }}" class="btn 
btn-outline-primary">Upload a KEYS file</a>
-        </div>
+        {%  if is_committee_member %}
+          <div class="mb-4">
+            <a href="{{ as_url(get.keys.upload) }}" class="btn 
btn-outline-primary">Upload a KEYS file</a>
+          </div>
+        {% endif %}
         {% if committee.public_signing_keys %}
           <div class="table-responsive mb-2">
             <table class="table border table-striped table-sm">
@@ -69,10 +71,13 @@
               </tbody>
             </table>
           </div>
-          <p class="text-muted">
-            The <code>KEYS</code> file is automatically generated when you add 
or remove a key, but you can also use the form below to manually regenerate it.
-          </p>
-          {{ update_committee_keys_form }}
+
+          {%  if is_committee_member %}
+            <p class="text-muted">
+              The <code>KEYS</code> file is automatically generated when you 
add or remove a key, but you can also use the form below to manually regenerate 
it.
+            </p>
+            {{ update_committee_keys_form }}
+          {% endif %}
         {% else %}
           <p class="mb-4">No keys uploaded for this committee yet.</p>
         {% endif %}
diff --git a/atr/web.py b/atr/web.py
index 3fa23077..7f2fc180 100644
--- a/atr/web.py
+++ b/atr/web.py
@@ -99,15 +99,18 @@ class Committer:
                 return
             raise base.ASFQuartException("You do not have access to this 
project", errorcode=403)
 
-    async def check_access_committee(self, committee_key: safe.CommitteeKey) 
-> None:
+    async def check_access_committee(self, committee_key: safe.CommitteeKey, 
die: bool = True) -> bool:
         if str(committee_key) not in self.committees:
             if self.is_admin:
                 # Admins can view all committees
                 # But we must warn them when the committee is not one of their 
own
                 # TODO: As above, this code is difficult to test locally
                 await quart.flash("This is not your committee, but you have 
access as an admin", "warning")
-                return
-            raise base.ASFQuartException("You do not have access to this 
committee", errorcode=403)
+                return True
+            if die:
+                raise base.ASFQuartException("You do not have access to this 
committee", errorcode=403)
+            return False
+        return True
 
     async def form_data(self) -> dict[str, Any]:
         if self.__form_data is None:


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@tooling.apache.org
For additional commands, e-mail: commits-h...@tooling.apache.org