Disallow non-apps-supported APIs for application repositories

2017-03-22 14:30:13 -04:00 · 2017-03-22 14:30:13 -04:00 · 30b532254c
commit 30b532254c
parent c3402fff5a
16 changed files with 236 additions and 51 deletions
--- a/endpoints/api/init.py
+++ b/endpoints/api/init.py
@ -22,7 +22,7 @@ from auth.auth_context import get_authenticated_user, get_validated_oauth_token
 from auth.process import process_oauth
 from endpoints.csrf import csrf_protect
 from endpoints.exception import (ApiException, Unauthorized, InvalidRequest, InvalidResponse,
-                                 FreshLoginRequired)
+                                 FreshLoginRequired, NotFound)
 from endpoints.decorators import check_anon_protection
 from util.metrics.metricqueue import time_decorator
 from util.names import parse_namespace_repository
@ -200,6 +200,20 @@ class RepositoryParamResource(ApiResource):
  method_decorators = [check_anon_protection, parse_repository_name]


+def disallow_for_app_repositories(func):
+  @wraps(func)
+  def wrapped(self, namespace, repository, *args, **kwargs):
+    # Lookup the repository with the given namespace and name and ensure it is not an application
+    # repository.
+    repo = model.repository.get_repository(namespace, repository, kind_filter='application')
+    if repo:
+      abort(501)
+
+    return func(self, namespace, repository, *args, **kwargs)
+
+  return wrapped
+
+
 def require_repo_permission(permission_class, scope, allow_public=False):
  def wrapper(func):
    @add_method_metadata('oauth2_scope', scope)