Break out repo kind checking into its own decorator

We then use that decorator both in the API and in the permissions check decorator
2017-03-23 00:01:37 -04:00 · 2017-03-23 00:01:37 -04:00 · 069208f2f1
commit 069208f2f1
parent 4c34b00b38
2 changed files with 19 additions and 6 deletions
--- a/endpoints/appr/decorators.py
+++ b/endpoints/appr/decorators.py
@ -18,19 +18,28 @@ def _get_reponame_kwargs(*args, **kwargs):
  return [kwargs['namespace_name'], kwargs['repo_name']]


+def disallow_for_image_repository(get_reponame_method=_get_reponame_kwargs):
+  def wrapper(func):
+    @wraps(func)
+    def wrapped(*args, **kwargs):
+      namespace_name, repo_name = get_reponame_method(*args, **kwargs)
+      image_repo = model.repository.get_repository(namespace_name, repo_name, kind_filter='image')
+      if image_repo is not None:
+        logger.debug('Tried to invoked a CNR method on an image repository')
+        abort(501)
+      return func(*args, **kwargs)
+    return wrapped
+  return wrapper
+
+
 def require_repo_permission(permission_class, scopes=None, allow_public=False,
                            raise_method=_raise_unauthorized,
                            get_reponame_method=_get_reponame_kwargs):
  def wrapper(func):
    @wraps(func)
+    @disallow_for_image_repository(get_reponame_method=get_reponame_method)
    def wrapped(*args, **kwargs):
      namespace_name, repo_name = get_reponame_method(*args, **kwargs)
-
-      image_repo = model.repository.get_repository(namespace_name, repo_name, kind_filter='image')
-      if image_repo is not None:
-        logger.debug('Tried to invoked a CNR method on an image repository')
-        abort(501)
-
      logger.debug('Checking permission %s for repo: %s/%s', permission_class,
                   namespace_name, repo_name)
      permission = permission_class(namespace_name, repo_name)
--- a/endpoints/appr/registry.py
+++ b/endpoints/appr/registry.py
@ -15,6 +15,7 @@ from auth.process import process_auth
 from auth.auth_context import get_authenticated_user
 from auth.permissions import CreateRepositoryPermission, ModifyRepositoryPermission
 from endpoints.appr import appr_bp, require_app_repo_read, require_app_repo_write
+from endpoints.appr.decorators import disallow_for_image_repository
 from endpoints.appr.cnr_backend import Package, Channel, Blob
 from endpoints.decorators import anon_allowed, anon_protect

@ -109,6 +110,8 @@ def delete_package(namespace, package_name, release, media_type):
  methods=['GET'],
  strict_slashes=False
 )
+@process_auth
+@require_app_repo_read
 def show_package(namespace, package_name, release, media_type):
  reponame = repo_name(namespace, package_name)
  result = cnr_registry.show_package(reponame, release,
@ -163,6 +166,7 @@ def pull(namespace, package_name, release, media_type):

@appr_bp.route("/api/v1/packages/<string:namespace>/<string:package_name>", methods=['POST'],
               strict_slashes=False)
+@disallow_for_image_repository()
@process_auth
@anon_protect
 def push(namespace, package_name):