Add ability for admins to set the upload limit on projects (#2470)

Author: Jon Wayne Parrott

tests/unit/admin/views/test_projects.py

@@ -342,3 +342,56 @@ def test_non_normalized_name(self, db_request):
         )
         with pytest.raises(HTTPMovedPermanently):
             views.journals_list(project, db_request)
+
+
+class TestProjectSetLimit:
+    def test_sets_limitwith_integer(self, db_request):
+        project = ProjectFactory.create(name="foo")
+
+        db_request.route_path = pretend.call_recorder(
+            lambda *a, **kw: "/admin/projects/")
+        db_request.session = pretend.stub(
+            flash=pretend.call_recorder(lambda *a, **kw: None),
+        )
+        db_request.matchdict["project_name"] = project.normalized_name
+        db_request.POST["upload_limit"] = "12345"
+
+        views.set_upload_limit(project, db_request)
+
+        assert db_request.session.flash.calls == [
+            pretend.call(
+                "Successfully set the upload limit on 'foo' to 12345",
+                queue="success"),
+        ]
+
+        assert project.upload_limit == 12345
+
+    def test_sets_limit_with_none(self, db_request):
+        project = ProjectFactory.create(name="foo")
+        project.upload_limit = 12345
+
+        db_request.route_path = pretend.call_recorder(
+            lambda *a, **kw: "/admin/projects/")
+        db_request.session = pretend.stub(
+            flash=pretend.call_recorder(lambda *a, **kw: None),
+        )
+        db_request.matchdict["project_name"] = project.normalized_name
+
+        views.set_upload_limit(project, db_request)
+
+        assert db_request.session.flash.calls == [
+            pretend.call(
+                "Successfully set the upload limit on 'foo' to None",
+                queue="success"),
+        ]
+
+        assert project.upload_limit is None
+
+    def test_sets_limit_with_bad_value(self, db_request):
+        project = ProjectFactory.create(name="foo")
+
+        db_request.matchdict["project_name"] = project.normalized_name
+        db_request.POST["upload_limit"] = "meep"
+
+        with pytest.raises(HTTPBadRequest):
+            views.set_upload_limit(project, db_request)

warehouse/admin/routes.py

@@ -57,6 +57,13 @@ def includeme(config):
         traverse="/{project_name}",
         domain=warehouse,
     )
+    config.add_route(
+        "admin.project.set_upload_limit",
+        "/admin/projects/{project_name}/set_upload_limit/",
+        factory="warehouse.packaging.models:ProjectFactory",
+        traverse="/{project_name}",
+        domain=warehouse,
+    )
 
     # Journal related Admin pages
     config.add_route(

warehouse/admin/templates/admin/projects/detail.html

@@ -46,6 +46,18 @@
         <div class="box box-primary">
           <div class="box-body box-profile">
             <h3 class="project-name text-center">{{ project.name }}</h3>
+            <div class="box-body box-attributes">
+              <table class="table table-hover">
+                <tr>
+                  <th>Attribute</th>
+                  <th>Value</th>
+                </tr>
+                <tr>
+                  <td>Upload limit</td>
+                  <td>{{ project.upload_limit }}</td>
+                </tr>
+              </table>
+            </div>
             <div class="box-body box-maintainers">
               <table class="table table-hover">
                 <tr>
@@ -108,6 +120,7 @@ <h3 class="project-name text-center">{{ project.name }}</h3>
         </div>
       </div>
   </div>
+  <!-- Blacklist form -->
   <div class="box box-secondary collapsed-box">
     <div class="box-header with-border">
       <h3 class="box-title">Blacklist Project</h3>
@@ -132,4 +145,30 @@ <h3 class="box-title">Blacklist Project</h3>
       </div>
     </form>
   </div>
+
+  <!-- Upload limit form -->
+  <div class="box box-secondary collapsed-box">
+    <div class="box-header with-border">
+      <h3 class="box-title">Set upload limit</h3>
+      <div class="box-tools">
+        <button class="btn btn-box-tool" data-widget="collapse" data-toggle="tooltip" title="Expand"><i class="fa fa-plus"></i></button>
+      </div>
+    </div>
+
+    <form method="POST" action="{{ request.route_path('admin.project.set_upload_limit', project_name=project.normalized_name) }}">
+      <input name="csrf_token" type="hidden" value="{{ request.session.get_csrf_token() }}">
+      <div class="box-body">
+        <div class="form-group col-sm-12">
+          <label for="uploadLimit">Upload limit (in bytes)</label>
+          <input type="text" name="upload_limit" class="form-control" id="uploadLimit" rows="3" value="{{ project.upload_limit | default('', True)}}">
+        </div>
+      </div>
+
+      <div class="box-footer">
+        <div class="pull-right">
+          <button type="submit" class="btn btn-primary">Submit</button>
+        </div>
+      </div>
+    </form>
+  </div>
 {% endblock %}

warehouse/admin/views/projects.py

@@ -16,6 +16,7 @@
 from pyramid.httpexceptions import (
     HTTPBadRequest,
     HTTPMovedPermanently,
+    HTTPSeeOther,
 )
 from pyramid.view import view_config
 from sqlalchemy import or_
@@ -201,3 +202,37 @@ def journals_list(project, request):
     )
 
     return {"journals": journals, "project": project, "query": q}
+
+
+@view_config(
+    route_name="admin.project.set_upload_limit",
+    permission="admin",
+    request_method="POST",
+    uses_session=True,
+    require_methods=False,
+)
+def set_upload_limit(project, request):
+    upload_limit = request.POST.get("upload_limit", "")
+
+    # Update the project's upload limit.
+    # If the upload limit is an empty string or othrwise falsy, just set the
+    # limit to None, indicating the default limit.
+    if not upload_limit:
+        project.upload_limit = None
+    else:
+        try:
+            project.upload_limit = int(upload_limit)
+        except ValueError:
+            raise HTTPBadRequest(
+                f"Invalid value for upload_limit: {upload_limit}, "
+                f"must be integer or empty string.")
+
+    request.session.flash(
+        f"Successfully set the upload limit on {project.name!r} to "
+        f"{project.upload_limit!r}",
+        queue="success",
+    )
+
+    return HTTPSeeOther(
+        request.route_path(
+            'admin.project.detail', project_name=project.normalized_name))