Allow admins to still write

Author: di

tests/unit/admin/views/test_flags.py

@@ -10,7 +10,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-import pretend
 import pytest
 
 from warehouse.admin.flags import AdminFlag
@@ -99,31 +98,3 @@ def test_edit_flag(
 
         assert flag.enabled == expected_enabled
         assert flag.description == expected_description
-
-    def test_edit_read_only_flag(self, db_request, monkeypatch):
-        # Clear out any existing flags added from migrations
-        db_request.db.query(AdminFlag).delete()
-
-        active = pretend.stub()
-        doomed = pretend.stub()
-        txn = pretend.stub(status=doomed)
-        monkeypatch.setattr(
-            views.transaction._transaction.Status, 'ACTIVE', active
-        )
-
-        db_request.tm = pretend.stub(
-            isDoomed=lambda: True,
-            get=lambda: txn,
-        )
-        db_request.POST = {
-            'id': 'read-only',
-            'description': 'some new description',
-        }
-        db_request.route_path = lambda *a: '/the/redirect'
-        db_request.flash = lambda *a: None
-
-        AdminFlagFactory(id='read-only', enabled=True)
-
-        views.edit_flag(db_request)
-
-        assert txn.status == active

tests/unit/test_db.py

@@ -203,15 +203,23 @@ def test_create_session(monkeypatch, read_only, tx_status):
         connection.connection.rollback.calls == [pretend.call()]
 
 
-@pytest.mark.parametrize("admin_flag, doom_calls", [
-    (None, []),
-    (pretend.stub(enabled=False), []),
-    (
-        pretend.stub(enabled=True, description='flag description'),
-        [pretend.call()],
-    ),
-])
-def test_create_session_read_only_mode(admin_flag, doom_calls, monkeypatch):
+@pytest.mark.parametrize(
+    "admin_flag, is_superuser, doom_calls",
+    [
+        (None, True, []),
+        (None, False, []),
+        (pretend.stub(enabled=False), True, []),
+        (pretend.stub(enabled=False), False, []),
+        (pretend.stub(enabled=True, description='flag description'), True, []),
+        (
+            pretend.stub(enabled=True, description='flag description'),
+            False,
+            [pretend.call()],
+        ),
+    ],
+)
+def test_create_session_read_only_mode(
+        admin_flag, is_superuser, doom_calls, monkeypatch):
     get = pretend.call_recorder(lambda *a: admin_flag)
     session_obj = pretend.stub(
         close=lambda: None,
@@ -238,6 +246,7 @@ def test_create_session_read_only_mode(admin_flag, doom_calls, monkeypatch):
         tm=pretend.stub(doom=pretend.call_recorder(lambda: None)),
         read_only=False,
         add_finished_callback=lambda callback: None,
+        user=pretend.stub(is_superuser=is_superuser),
     )
 
     assert _create_session(request) is session_obj

warehouse/admin/views/flags.py

@@ -12,7 +12,6 @@
 
 from pyramid.httpexceptions import HTTPSeeOther
 from pyramid.view import view_config
-import transaction
 
 from warehouse.admin.flags import AdminFlag
 
@@ -42,11 +41,6 @@ def edit_flag(request):
     flag.description = request.POST['description']
     flag.enabled = bool(request.POST.get('enabled'))
 
-    if flag.id == 'read-only' and request.tm.isDoomed():
-        # We are trying to disable the `read-only` flag, but the flag has
-        # alreeady doomed the transaction, so we need to manually un-doom it
-        request.tm.get().status = transaction._transaction.Status.ACTIVE
-
     request.session.flash(
         f'Successfully edited flag {flag.id!r}',
         queue='success',

warehouse/db.py

@@ -165,7 +165,7 @@ def cleanup(request):
     # Check if we're in read-only mode
     from warehouse.admin.flags import AdminFlag
     flag = session.query(AdminFlag).get('read-only')
-    if flag and flag.enabled:
+    if flag and flag.enabled and not request.user.is_superuser:
         request.tm.doom()
 
     # Return our session now that it's created and registered