Fix some permissions problems still around due to some usage of scopes as strings.

auth/auth.py

@@ -54,7 +54,7 @@ def process_basic_auth(auth):
       set_authenticated_user(robot)
       
       deferred_robot = QuayDeferredPermissionUser(robot.username, 'username',
-                                                  {'direct_user_login'})
+                                                  {scopes.DIRECT_LOGIN})
       identity_changed.send(app, identity=deferred_robot)
       return
     except model.InvalidRobotException:
@@ -68,7 +68,7 @@ def process_basic_auth(auth):
       set_authenticated_user(authenticated)
 
       new_identity = QuayDeferredPermissionUser(authenticated.username, 'username',
-                                                {'direct_user_login'})
+                                                {scopes.DIRECT_LOGIN})
       identity_changed.send(app, identity=new_identity)
       return
 
@@ -152,7 +152,7 @@ def process_oauth(f):
     elif not current_user.is_anonymous():
       logger.debug('Loading user from cookie: %s', current_user.get_id())
       set_authenticated_user_deferred(current_user.get_id())
-      loaded = QuayDeferredPermissionUser(current_user.get_id(), 'username', {'direct_user_login'})
+      loaded = QuayDeferredPermissionUser(current_user.get_id(), 'username', {scopes.DIRECT_LOGIN})
       identity_changed.send(app, identity=loaded)
     else:
       logger.debug('No auth header or login cookie.')

auth/permissions.py

@@ -217,7 +217,7 @@ def on_identity_loaded(sender, identity):
 
   elif identity.auth_type == 'username':
     logger.debug('Switching username permission to deferred object: %s', identity.id)
-    switch_to_deferred = QuayDeferredPermissionUser(identity.id, 'username', {'direct_user_login'})
+    switch_to_deferred = QuayDeferredPermissionUser(identity.id, 'username', {scopes.DIRECT_LOGIN})
     identity_changed.send(app, identity=switch_to_deferred)
 
   elif identity.auth_type == 'token':

endpoints/common.py

@@ -12,6 +12,7 @@ from data import model
 from data.queue import dockerfile_build_queue
 from app import app, login_manager
 from auth.permissions import QuayDeferredPermissionUser
+from auth import scopes
 from endpoints.api.discovery import swagger_route_data
 from werkzeug.routing import BaseConverter
 
@@ -70,7 +71,7 @@ class _LoginWrappedDBUser(UserMixin):
 def common_login(db_user):
   if login_user(_LoginWrappedDBUser(db_user.username, db_user)):
     logger.debug('Successfully signed in as: %s' % db_user.username)
-    new_identity = QuayDeferredPermissionUser(db_user.username, 'username', {'direct_user_login'})
+    new_identity = QuayDeferredPermissionUser(db_user.username, 'username', {scopes.DIRECT_LOGIN})
     identity_changed.send(app, identity=new_identity)
     return True
   else:

test/test_api_usage.py

@@ -32,7 +32,12 @@ from endpoints.api.repository import RepositoryList, RepositoryVisibility, Repos
 from endpoints.api.permission import (RepositoryUserPermission, RepositoryTeamPermission,
                                       RepositoryTeamPermissionList, RepositoryUserPermissionList)
 
-app.register_blueprint(api_bp, url_prefix='/api')
+try:
+  app.register_blueprint(api_bp, url_prefix='/api')
+except ValueError:
+  # This blueprint was already registered
+  pass
+
 app.register_blueprint(webhooks, url_prefix='/webhooks')
 
 NO_ACCESS_USER = 'freshuser'