vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Break out repo kind checking into its own decorator

Browse source 
We then use that decorator both in the API and in the permissions check decorator
This commit is contained in:
Joseph Schorr 2017-03-23 00:01:37 -04:00
parent 4c34b00b38
commit 069208f2f1
2 changed files with 19 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

21
endpoints/appr/decorators.py
View file

@ -18,19 +18,28 @@ def _get_reponame_kwargs(*args, **kwargs):
return [kwargs['namespace_name'], kwargs['repo_name']] return [kwargs['namespace_name'], kwargs['repo_name']]
def disallow_for_image_repository(get_reponame_method=_get_reponame_kwargs):
def wrapper(func):
@wraps(func)
def wrapped(*args, **kwargs):
namespace_name, repo_name = get_reponame_method(*args, **kwargs)
image_repo = model.repository.get_repository(namespace_name, repo_name, kind_filter='image')
if image_repo is not None:
logger.debug('Tried to invoked a CNR method on an image repository')
abort(501)
return func(*args, **kwargs)
return wrapped
return wrapper
def require_repo_permission(permission_class, scopes=None, allow_public=False, def require_repo_permission(permission_class, scopes=None, allow_public=False,
raise_method=_raise_unauthorized, raise_method=_raise_unauthorized,
get_reponame_method=_get_reponame_kwargs): get_reponame_method=_get_reponame_kwargs):
def wrapper(func): def wrapper(func):
@wraps(func) @wraps(func)
@disallow_for_image_repository(get_reponame_method=get_reponame_method)
def wrapped(*args, **kwargs): def wrapped(*args, **kwargs):
namespace_name, repo_name = get_reponame_method(*args, **kwargs) namespace_name, repo_name = get_reponame_method(*args, **kwargs)
image_repo = model.repository.get_repository(namespace_name, repo_name, kind_filter='image')
if image_repo is not None:
logger.debug('Tried to invoked a CNR method on an image repository')
abort(501)
logger.debug('Checking permission %s for repo: %s/%s', permission_class, logger.debug('Checking permission %s for repo: %s/%s', permission_class,
namespace_name, repo_name) namespace_name, repo_name)
permission = permission_class(namespace_name, repo_name) permission = permission_class(namespace_name, repo_name)

4
endpoints/appr/registry.py
View file

@ -15,6 +15,7 @@ from auth.process import process_auth
from auth.auth_context import get_authenticated_user from auth.auth_context import get_authenticated_user
from auth.permissions import CreateRepositoryPermission, ModifyRepositoryPermission from auth.permissions import CreateRepositoryPermission, ModifyRepositoryPermission
from endpoints.appr import appr_bp, require_app_repo_read, require_app_repo_write from endpoints.appr import appr_bp, require_app_repo_read, require_app_repo_write
from endpoints.appr.decorators import disallow_for_image_repository
from endpoints.appr.cnr_backend import Package, Channel, Blob from endpoints.appr.cnr_backend import Package, Channel, Blob
from endpoints.decorators import anon_allowed, anon_protect from endpoints.decorators import anon_allowed, anon_protect
@ -109,6 +110,8 @@ def delete_package(namespace, package_name, release, media_type):
methods=['GET'], methods=['GET'],
strict_slashes=False strict_slashes=False
) )
@process_auth
@require_app_repo_read
def show_package(namespace, package_name, release, media_type): def show_package(namespace, package_name, release, media_type):
reponame = repo_name(namespace, package_name) reponame = repo_name(namespace, package_name)
result = cnr_registry.show_package(reponame, release, result = cnr_registry.show_package(reponame, release,
@ -163,6 +166,7 @@ def pull(namespace, package_name, release, media_type):
@appr_bp.route("/api/v1/packages/<string:namespace>/<string:package_name>", methods=['POST'], @appr_bp.route("/api/v1/packages/<string:namespace>/<string:package_name>", methods=['POST'],
strict_slashes=False) strict_slashes=False)
@disallow_for_image_repository()
@process_auth @process_auth
@anon_protect @anon_protect
def push(namespace, package_name): def push(namespace, package_name):