First stab at token auth. The UI could use a little bit of polishing.

2013-10-16 14:24:10 -04:00 · 2013-10-16 14:24:10 -04:00 · 283f9b81ae
commit 283f9b81ae
parent f1746417b1
9 changed files with 360 additions and 91 deletions
--- a/endpoints/api.py
+++ b/endpoints/api.py
@ -456,6 +456,92 @@ def delete_permissions(namespace, repository, username):
  abort(403)  # Permission denied


+def token_view(token_obj):
+  return {
+    'friendlyName': token_obj.friendly_name,
+    'code': token_obj.code,
+    'role': token_obj.role.name,
+  }
+
+
+@app.route('/api/repository/<path:repository>/tokens/', methods=['GET'])
+@api_login_required
+@parse_repository_name
+def list_repo_tokens(namespace, repository):
+  permission = AdministerRepositoryPermission(namespace, repository)
+  if permission.can():
+    tokens = model.get_repository_delegate_tokens(namespace, repository)
+
+    return jsonify({
+      'tokens': {token.code: token_view(token) for token in tokens}
+    })
+
+  abort(403)  # Permission denied
+
+
+@app.route('/api/repository/<path:repository>/tokens/<code>', methods=['GET'])
+@api_login_required
+@parse_repository_name
+def get_tokens(namespace, repository, code):
+  permission = AdministerRepositoryPermission(namespace, repository)
+  if permission.can():
+    perm = model.get_repo_delegate_token(namespace, repository, code)
+    return jsonify(token_view(perm))
+
+  abort(403)  # Permission denied
+
+
+@app.route('/api/repository/<path:repository>/tokens/', methods=['POST'])
+@api_login_required
+@parse_repository_name
+def create_token(namespace, repository):
+  permission = AdministerRepositoryPermission(namespace, repository)
+  if permission.can():
+    token_params = request.get_json()
+
+    token = model.create_delegate_token(namespace, repository,
+                                        token_params['friendlyName'])
+
+    resp = jsonify(token_view(token))
+    resp.status_code = 201
+    return resp
+
+  abort(403)  # Permission denied
+
+
+@app.route('/api/repository/<path:repository>/tokens/<code>', methods=['PUT'])
+@api_login_required
+@parse_repository_name
+def change_token(namespace, repository, code):
+  permission = AdministerRepositoryPermission(namespace, repository)
+  if permission.can():
+    new_permission = request.get_json()
+
+    logger.debug('Setting permission to: %s for code %s' %
+                 (new_permission['role'], code))
+
+    token = model.set_repo_delegate_token_role(namespace, repository, code,
+                                               new_permission['role'])
+
+    resp = jsonify(token_view(token))
+    return resp
+
+  abort(403)  # Permission denied
+
+
+@app.route('/api/repository/<path:repository>/tokens/<code>',
+           methods=['DELETE'])
+@api_login_required
+@parse_repository_name
+def delete_token(namespace, repository, code):
+  permission = AdministerRepositoryPermission(namespace, repository)
+  if permission.can():
+    model.delete_delegate_token(namespace, repository, code)
+    return make_response('Deleted', 204)
+
+  abort(403)  # Permission denied
+
+
 def subscription_view(stripe_subscription, used_repos):
  return {
    'currentPeriodStart': stripe_subscription.current_period_start,