From 069208f2f1edcbcf317350ad4ee045a0512e06c5 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Thu, 23 Mar 2017 00:01:37 -0400 Subject: [PATCH] Break out repo kind checking into its own decorator We then use that decorator both in the API and in the permissions check decorator --- endpoints/appr/decorators.py | 21 +++++++++++++++------ endpoints/appr/registry.py | 4 ++++ 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/endpoints/appr/decorators.py b/endpoints/appr/decorators.py index 857c3f18e..54754c05d 100644 --- a/endpoints/appr/decorators.py +++ b/endpoints/appr/decorators.py @@ -18,19 +18,28 @@ def _get_reponame_kwargs(*args, **kwargs): return [kwargs['namespace_name'], kwargs['repo_name']] +def disallow_for_image_repository(get_reponame_method=_get_reponame_kwargs): + def wrapper(func): + @wraps(func) + def wrapped(*args, **kwargs): + namespace_name, repo_name = get_reponame_method(*args, **kwargs) + image_repo = model.repository.get_repository(namespace_name, repo_name, kind_filter='image') + if image_repo is not None: + logger.debug('Tried to invoked a CNR method on an image repository') + abort(501) + return func(*args, **kwargs) + return wrapped + return wrapper + + def require_repo_permission(permission_class, scopes=None, allow_public=False, raise_method=_raise_unauthorized, get_reponame_method=_get_reponame_kwargs): def wrapper(func): @wraps(func) + @disallow_for_image_repository(get_reponame_method=get_reponame_method) def wrapped(*args, **kwargs): namespace_name, repo_name = get_reponame_method(*args, **kwargs) - - image_repo = model.repository.get_repository(namespace_name, repo_name, kind_filter='image') - if image_repo is not None: - logger.debug('Tried to invoked a CNR method on an image repository') - abort(501) - logger.debug('Checking permission %s for repo: %s/%s', permission_class, namespace_name, repo_name) permission = permission_class(namespace_name, repo_name) diff --git a/endpoints/appr/registry.py b/endpoints/appr/registry.py index a6e39d87c..c44e30cb7 100644 --- a/endpoints/appr/registry.py +++ b/endpoints/appr/registry.py @@ -15,6 +15,7 @@ from auth.process import process_auth from auth.auth_context import get_authenticated_user from auth.permissions import CreateRepositoryPermission, ModifyRepositoryPermission from endpoints.appr import appr_bp, require_app_repo_read, require_app_repo_write +from endpoints.appr.decorators import disallow_for_image_repository from endpoints.appr.cnr_backend import Package, Channel, Blob from endpoints.decorators import anon_allowed, anon_protect @@ -109,6 +110,8 @@ def delete_package(namespace, package_name, release, media_type): methods=['GET'], strict_slashes=False ) +@process_auth +@require_app_repo_read def show_package(namespace, package_name, release, media_type): reponame = repo_name(namespace, package_name) result = cnr_registry.show_package(reponame, release, @@ -163,6 +166,7 @@ def pull(namespace, package_name, release, media_type): @appr_bp.route("/api/v1/packages//", methods=['POST'], strict_slashes=False) +@disallow_for_image_repository() @process_auth @anon_protect def push(namespace, package_name):