vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Flesh out the API for managing permissions.

Browse source
This commit is contained in:
yackob03 2013-09-27 14:56:14 -04:00
parent 6bcb5cfcaa
commit 1883014ad9
2 changed files with 85 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
data/model.py
View file

@ -200,3 +200,37 @@ def get_user_repo_permissions(user, repository):
select = RepositoryPermission.select() select = RepositoryPermission.select()
return select.where(RepositoryPermission.user == user, return select.where(RepositoryPermission.user == user,
RepositoryPermission.repository == repository) RepositoryPermission.repository == repository)
def get_user_reponame_permission(user_obj, namespace_name, repository_name):
repo = Repository.get(Repository.name == repository_name,
Repository.namespace == namespace_name)
perm = RepositoryPermission.get(RepositoryPermission.user == user_obj,
RepositoryPermission.repository == repo)
return perm
def set_user_repo_permission(user_obj, namespace_name, repository_name,
role_name):
repo = Repository.get(Repository.name == repository_name,
Repository.namespace == namespace_name)
new_role = Role.get(Role.name == role_name)
# Fetch any existing permission for this user on the repo
try:
perm = RepositoryPermission.get(RepositoryPermission.user == user_obj,
RepositoryPermission.repository == repo)
perm.role = new_role
perm.save()
return perm
except RepositoryPermission.DoesNotExist:
new_perm = RepositoryPermission.create(repository=repo, user=user_obj,
role=new_role)
return new_perm
def delete_user_permission(user_obj, namespace_name, repository_name):
repo = Repository.get(Repository.name == repository_name,
Repository.namespace == namespace_name)
perm = RepositoryPermission.get(RepositoryPermission.user == user_obj,
RepositoryPermission.repository == repo)
perm.delete_instance()

57
endpoints/api.py
View file

@ -80,6 +80,7 @@ def update_repo_api(namespace, repository):
@login_required @login_required
@parse_repository_name @parse_repository_name
def get_repo_api(namespace, repository): def get_repo_api(namespace, repository):
logger.debug('Get repo: %s/%s' % (namespace, repository))
def image_view(image): def image_view(image):
return { return {
'id': image.image_id, 'id': image.image_id,
@ -104,18 +105,26 @@ def get_repo_api(namespace, repository):
tags = model.list_repository_tags(namespace, repository) tags = model.list_repository_tags(namespace, repository)
tag_dict = {tag.name: tag_view(tag) for tag in tags} tag_dict = {tag.name: tag_view(tag) for tag in tags}
can_write = ModifyRepositoryPermission(namespace, repository).can() can_write = ModifyRepositoryPermission(namespace, repository).can()
can_admin = AdministerRepositoryPermission(namespace, repository).can()
return jsonify({ return jsonify({
'namespace': namespace, 'namespace': namespace,
'name': repository, 'name': repository,
'description': repo.description, 'description': repo.description,
'tags': tag_dict, 'tags': tag_dict,
'can_write': can_write, 'can_write': can_write,
'can_admin': can_admin,
}) })
abort(404) # Not fount abort(404) # Not fount
abort(403) # Permission denied abort(403) # Permission denied
def role_view(repo_perm_obj):
return {
'role': repo_perm_obj.role.name
}
@app.route('/api/repository/<path:repository>/permissions/', methods=['GET']) @app.route('/api/repository/<path:repository>/permissions/', methods=['GET'])
@login_required @login_required
@parse_repository_name @parse_repository_name
@ -125,14 +134,31 @@ def list_repo_permissions(namespace, repository):
repo_perms = model.get_all_repo_users(namespace, repository) repo_perms = model.get_all_repo_users(namespace, repository)
return jsonify({ return jsonify({
'permissions': {repo_perm.user.username: repo_perm.role.name 'permissions': {repo_perm.user.username: role_view(repo_perm)
for repo_perm in repo_perms} for repo_perm in repo_perms}
}) })
abort(403) # Permission denied abort(403) # Permission denied
@app.route('/api/repository/<path:repository>/permissions/<username>', @app.route('/api/repository/<path:repository>/permissions/<username>',
methods=['PUT']) methods=['GET'])
@login_required
@parse_repository_name
def get_permissions(namespace, repository, username):
logger.debug('Get repo: %s/%s permissions for user %s' %
(namespace, repository, username))
permission = AdministerRepositoryPermission(namespace, repository)
if permission.can():
user = current_user.db_user
perm = model.get_user_reponame_permission(user, namespace, repository)
return jsonify(role_view(perm))
abort(403) # Permission denied
@app.route('/api/repository/<path:repository>/permissions/<username>',
methods=['PUT', 'POST'])
@login_required @login_required
@parse_repository_name @parse_repository_name
def change_permissions(namespace, repository, username): def change_permissions(namespace, repository, username):
@ -140,8 +166,27 @@ def change_permissions(namespace, repository, username):
if permission.can(): if permission.can():
new_permission = request.get_json() new_permission = request.get_json()
return jsonify({ user = current_user.db_user
'setting_permission_to': [permission_view(repo_perm) for repo_perm in repo_perms] logger.debug('Setting permission to: %s for user %s' %
}) (new_permission['role'], username))
perm = model.set_user_repo_permission(user, namespace, repository,
new_permission['role'])
abort(403) # Permission denied resp = jsonify(role_view(perm))
if request.method == 'POST':
resp.status_code = 201
return resp
abort(403) # Permission denied
@app.route('/api/repository/<path:repository>/permissions/<username>',
methods=['DELETE'])
@login_required
@parse_repository_name
def delete_permissions(namespace, repository, username):
permission = AdministerRepositoryPermission(namespace, repository)
if permission.can():
model.delete_user_permission(current_user.db_user, namespace, repository)
return make_response('Deleted', 204)
abort(403) # Permission denied