2017-03-23 03:53:03 +00:00
|
|
|
import logging
|
|
|
|
|
|
|
|
from functools import wraps
|
|
|
|
|
|
|
|
from data import model
|
2017-04-04 17:57:24 +00:00
|
|
|
from util.http import abort
|
|
|
|
|
2017-03-23 03:53:03 +00:00
|
|
|
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
|
|
|
|
def _raise_unauthorized(repository, scopes):
|
|
|
|
raise StandardError("Unauthorized acces to %s", repository)
|
|
|
|
|
|
|
|
|
|
|
|
def _get_reponame_kwargs(*args, **kwargs):
|
2017-03-23 04:37:39 +00:00
|
|
|
return [kwargs['namespace'], kwargs['package_name']]
|
2017-03-23 03:53:03 +00:00
|
|
|
|
|
|
|
|
2017-03-23 04:01:37 +00:00
|
|
|
def disallow_for_image_repository(get_reponame_method=_get_reponame_kwargs):
|
2017-03-23 03:53:03 +00:00
|
|
|
def wrapper(func):
|
|
|
|
@wraps(func)
|
|
|
|
def wrapped(*args, **kwargs):
|
|
|
|
namespace_name, repo_name = get_reponame_method(*args, **kwargs)
|
2017-03-23 03:46:05 +00:00
|
|
|
image_repo = model.repository.get_repository(namespace_name, repo_name, kind_filter='image')
|
|
|
|
if image_repo is not None:
|
|
|
|
logger.debug('Tried to invoked a CNR method on an image repository')
|
2017-04-04 17:57:24 +00:00
|
|
|
abort(405, message='Cannot push an application to an image repository with the same name')
|
2017-03-23 04:01:37 +00:00
|
|
|
return func(*args, **kwargs)
|
|
|
|
return wrapped
|
|
|
|
return wrapper
|
|
|
|
|
2017-03-23 03:46:05 +00:00
|
|
|
|
2017-03-23 04:01:37 +00:00
|
|
|
def require_repo_permission(permission_class, scopes=None, allow_public=False,
|
|
|
|
raise_method=_raise_unauthorized,
|
|
|
|
get_reponame_method=_get_reponame_kwargs):
|
|
|
|
def wrapper(func):
|
|
|
|
@wraps(func)
|
|
|
|
@disallow_for_image_repository(get_reponame_method=get_reponame_method)
|
|
|
|
def wrapped(*args, **kwargs):
|
|
|
|
namespace_name, repo_name = get_reponame_method(*args, **kwargs)
|
2017-03-23 03:53:03 +00:00
|
|
|
logger.debug('Checking permission %s for repo: %s/%s', permission_class,
|
|
|
|
namespace_name, repo_name)
|
|
|
|
permission = permission_class(namespace_name, repo_name)
|
|
|
|
if (permission.can() or
|
|
|
|
(allow_public and
|
|
|
|
model.repository.repository_is_public(namespace_name, repo_name))):
|
|
|
|
return func(*args, **kwargs)
|
|
|
|
repository = namespace_name + '/' + repo_name
|
|
|
|
raise_method(repository, scopes)
|
|
|
|
return wrapped
|
|
|
|
return wrapper
|