Flesh out the API for managing permissions.
This commit is contained in:
parent
6bcb5cfcaa
commit
1883014ad9
2 changed files with 85 additions and 6 deletions
|
@ -200,3 +200,37 @@ def get_user_repo_permissions(user, repository):
|
|||
select = RepositoryPermission.select()
|
||||
return select.where(RepositoryPermission.user == user,
|
||||
RepositoryPermission.repository == repository)
|
||||
|
||||
|
||||
def get_user_reponame_permission(user_obj, namespace_name, repository_name):
|
||||
repo = Repository.get(Repository.name == repository_name,
|
||||
Repository.namespace == namespace_name)
|
||||
perm = RepositoryPermission.get(RepositoryPermission.user == user_obj,
|
||||
RepositoryPermission.repository == repo)
|
||||
return perm
|
||||
|
||||
|
||||
def set_user_repo_permission(user_obj, namespace_name, repository_name,
|
||||
role_name):
|
||||
repo = Repository.get(Repository.name == repository_name,
|
||||
Repository.namespace == namespace_name)
|
||||
new_role = Role.get(Role.name == role_name)
|
||||
|
||||
# Fetch any existing permission for this user on the repo
|
||||
try:
|
||||
perm = RepositoryPermission.get(RepositoryPermission.user == user_obj,
|
||||
RepositoryPermission.repository == repo)
|
||||
perm.role = new_role
|
||||
perm.save()
|
||||
return perm
|
||||
except RepositoryPermission.DoesNotExist:
|
||||
new_perm = RepositoryPermission.create(repository=repo, user=user_obj,
|
||||
role=new_role)
|
||||
return new_perm
|
||||
|
||||
def delete_user_permission(user_obj, namespace_name, repository_name):
|
||||
repo = Repository.get(Repository.name == repository_name,
|
||||
Repository.namespace == namespace_name)
|
||||
perm = RepositoryPermission.get(RepositoryPermission.user == user_obj,
|
||||
RepositoryPermission.repository == repo)
|
||||
perm.delete_instance()
|
||||
|
|
|
@ -80,6 +80,7 @@ def update_repo_api(namespace, repository):
|
|||
@login_required
|
||||
@parse_repository_name
|
||||
def get_repo_api(namespace, repository):
|
||||
logger.debug('Get repo: %s/%s' % (namespace, repository))
|
||||
def image_view(image):
|
||||
return {
|
||||
'id': image.image_id,
|
||||
|
@ -104,18 +105,26 @@ def get_repo_api(namespace, repository):
|
|||
tags = model.list_repository_tags(namespace, repository)
|
||||
tag_dict = {tag.name: tag_view(tag) for tag in tags}
|
||||
can_write = ModifyRepositoryPermission(namespace, repository).can()
|
||||
can_admin = AdministerRepositoryPermission(namespace, repository).can()
|
||||
return jsonify({
|
||||
'namespace': namespace,
|
||||
'name': repository,
|
||||
'description': repo.description,
|
||||
'tags': tag_dict,
|
||||
'can_write': can_write,
|
||||
'can_admin': can_admin,
|
||||
})
|
||||
|
||||
abort(404) # Not fount
|
||||
abort(403) # Permission denied
|
||||
|
||||
|
||||
def role_view(repo_perm_obj):
|
||||
return {
|
||||
'role': repo_perm_obj.role.name
|
||||
}
|
||||
|
||||
|
||||
@app.route('/api/repository/<path:repository>/permissions/', methods=['GET'])
|
||||
@login_required
|
||||
@parse_repository_name
|
||||
|
@ -125,14 +134,31 @@ def list_repo_permissions(namespace, repository):
|
|||
repo_perms = model.get_all_repo_users(namespace, repository)
|
||||
|
||||
return jsonify({
|
||||
'permissions': {repo_perm.user.username: repo_perm.role.name
|
||||
'permissions': {repo_perm.user.username: role_view(repo_perm)
|
||||
for repo_perm in repo_perms}
|
||||
})
|
||||
|
||||
abort(403) # Permission denied
|
||||
|
||||
|
||||
@app.route('/api/repository/<path:repository>/permissions/<username>',
|
||||
methods=['PUT'])
|
||||
methods=['GET'])
|
||||
@login_required
|
||||
@parse_repository_name
|
||||
def get_permissions(namespace, repository, username):
|
||||
logger.debug('Get repo: %s/%s permissions for user %s' %
|
||||
(namespace, repository, username))
|
||||
permission = AdministerRepositoryPermission(namespace, repository)
|
||||
if permission.can():
|
||||
user = current_user.db_user
|
||||
perm = model.get_user_reponame_permission(user, namespace, repository)
|
||||
return jsonify(role_view(perm))
|
||||
|
||||
abort(403) # Permission denied
|
||||
|
||||
|
||||
@app.route('/api/repository/<path:repository>/permissions/<username>',
|
||||
methods=['PUT', 'POST'])
|
||||
@login_required
|
||||
@parse_repository_name
|
||||
def change_permissions(namespace, repository, username):
|
||||
|
@ -140,8 +166,27 @@ def change_permissions(namespace, repository, username):
|
|||
if permission.can():
|
||||
new_permission = request.get_json()
|
||||
|
||||
return jsonify({
|
||||
'setting_permission_to': [permission_view(repo_perm) for repo_perm in repo_perms]
|
||||
})
|
||||
user = current_user.db_user
|
||||
logger.debug('Setting permission to: %s for user %s' %
|
||||
(new_permission['role'], username))
|
||||
perm = model.set_user_repo_permission(user, namespace, repository,
|
||||
new_permission['role'])
|
||||
|
||||
abort(403) # Permission denied
|
||||
resp = jsonify(role_view(perm))
|
||||
if request.method == 'POST':
|
||||
resp.status_code = 201
|
||||
return resp
|
||||
|
||||
abort(403) # Permission denied
|
||||
|
||||
@app.route('/api/repository/<path:repository>/permissions/<username>',
|
||||
methods=['DELETE'])
|
||||
@login_required
|
||||
@parse_repository_name
|
||||
def delete_permissions(namespace, repository, username):
|
||||
permission = AdministerRepositoryPermission(namespace, repository)
|
||||
if permission.can():
|
||||
model.delete_user_permission(current_user.db_user, namespace, repository)
|
||||
return make_response('Deleted', 204)
|
||||
|
||||
abort(403) # Permission denied
|
||||
|
|
Reference in a new issue