Flesh out the API for managing permissions.

2013-09-27 14:56:14 -04:00 · 2013-09-27 14:56:14 -04:00 · 1883014ad9
commit 1883014ad9
parent 6bcb5cfcaa
2 changed files with 85 additions and 6 deletions
--- a/endpoints/api.py
+++ b/endpoints/api.py
@ -80,6 +80,7 @@ def update_repo_api(namespace, repository):
@login_required
@parse_repository_name
 def get_repo_api(namespace, repository):
+  logger.debug('Get repo: %s/%s' % (namespace, repository))
  def image_view(image):
    return {
      'id': image.image_id,
@ -104,18 +105,26 @@ def get_repo_api(namespace, repository):
      tags = model.list_repository_tags(namespace, repository)
      tag_dict = {tag.name: tag_view(tag) for tag in tags}
      can_write = ModifyRepositoryPermission(namespace, repository).can()
+      can_admin = AdministerRepositoryPermission(namespace, repository).can()
      return jsonify({
        'namespace': namespace,
        'name': repository,
        'description': repo.description,
        'tags': tag_dict,
        'can_write': can_write,
+        'can_admin': can_admin,
      })

    abort(404)  # Not fount
  abort(403)  # Permission denied


+def role_view(repo_perm_obj):
+  return {
+    'role': repo_perm_obj.role.name
+  }
+
+
@app.route('/api/repository/<path:repository>/permissions/', methods=['GET'])
@login_required
@parse_repository_name
@ -125,14 +134,31 @@ def list_repo_permissions(namespace, repository):
    repo_perms = model.get_all_repo_users(namespace, repository)

    return jsonify({
-      'permissions': {repo_perm.user.username: repo_perm.role.name 
+      'permissions': {repo_perm.user.username: role_view(repo_perm) 
                      for repo_perm in repo_perms}
    })

  abort(403)  # Permission denied

+
@app.route('/api/repository/<path:repository>/permissions/<username>',
-           methods=['PUT'])
+           methods=['GET'])
+@login_required
+@parse_repository_name
+def get_permissions(namespace, repository, username):
+  logger.debug('Get repo: %s/%s permissions for user %s' %
+               (namespace, repository, username))
+  permission = AdministerRepositoryPermission(namespace, repository)
+  if permission.can():
+    user = current_user.db_user
+    perm = model.get_user_reponame_permission(user, namespace, repository)
+    return jsonify(role_view(perm))
+
+  abort(403)  # Permission denied
+
+
+@app.route('/api/repository/<path:repository>/permissions/<username>',
+           methods=['PUT', 'POST'])
@login_required
@parse_repository_name
 def change_permissions(namespace, repository, username):
@ -140,8 +166,27 @@ def change_permissions(namespace, repository, username):
  if permission.can():
    new_permission = request.get_json()

-    return jsonify({
-      'setting_permission_to': [permission_view(repo_perm) for repo_perm in repo_perms]
-    })
+    user = current_user.db_user
+    logger.debug('Setting permission to: %s for user %s' %
+                 (new_permission['role'], username))
+    perm = model.set_user_repo_permission(user, namespace, repository,
+                                          new_permission['role'])

-  abort(403)  # Permission denied
+    resp = jsonify(role_view(perm))
+    if request.method == 'POST':
+      resp.status_code = 201
+    return resp
+
+  abort(403)  # Permission denied
+
+@app.route('/api/repository/<path:repository>/permissions/<username>',
+           methods=['DELETE'])
+@login_required
+@parse_repository_name
+def delete_permissions(namespace, repository, username):
+  permission = AdministerRepositoryPermission(namespace, repository)
+  if permission.can():
+    model.delete_user_permission(current_user.db_user, namespace, repository)
+    return make_response('Deleted', 204)
+
+  abort(403)  # Permission denied