vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

endpoints.appr.decorators: isolate appr decorators

Browse source
This commit is contained in:
Jimmy Zelinskie 2017-03-22 23:53:03 -04:00
parent 6dfd1ef660
commit 3d0e63d8e5
3 changed files with 38 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
endpoints/appr/__init__.py
View file

@ -8,7 +8,7 @@ from flask import Blueprint
from app import metric_queue from app import metric_queue
from auth.permissions import (AdministerRepositoryPermission, ReadRepositoryPermission, from auth.permissions import (AdministerRepositoryPermission, ReadRepositoryPermission,
ModifyRepositoryPermission) ModifyRepositoryPermission)
from endpoints.decorators import require_repo_permission from endpoints.appr.decorators import require_repo_permission
from util.metrics.metricqueue import time_blueprint from util.metrics.metricqueue import time_blueprint

37
endpoints/appr/decorators.py Normal file
View file

@ -0,0 +1,37 @@
import logging
from functools import wraps
from data import model
logger = logging.getLogger(__name__)
def _raise_unauthorized(repository, scopes):
raise StandardError("Unauthorized acces to %s", repository)
def _get_reponame_kwargs(*args, **kwargs):
return [kwargs['namespace_name'], kwargs['repo_name']]
def require_repo_permission(permission_class, scopes=None, allow_public=False,
raise_method=_raise_unauthorized,
get_reponame_method=_get_reponame_kwargs):
def wrapper(func):
@wraps(func)
def wrapped(*args, **kwargs):
namespace_name, repo_name = get_reponame_method(*args, **kwargs)
logger.debug('Checking permission %s for repo: %s/%s', permission_class,
namespace_name, repo_name)
permission = permission_class(namespace_name, repo_name)
if (permission.can() or
(allow_public and
model.repository.repository_is_public(namespace_name, repo_name))):
return func(*args, **kwargs)
repository = namespace_name + '/' + repo_name
raise_method(repository, scopes)
return wrapped
return wrapper

33
endpoints/decorators.py
View file

@ -1,7 +1,5 @@
""" Various decorators for endpoint and API handlers. """ """ Various decorators for endpoint and API handlers. """
import logging
from functools import wraps from functools import wraps
from flask import abort from flask import abort
@ -13,9 +11,6 @@ from auth.auth_context import (get_validated_oauth_token, get_authenticated_user
from data import model # TODO: stop using model directly from data import model # TODO: stop using model directly
logger = logging.getLogger(__name__)
def anon_allowed(func): def anon_allowed(func):
""" Marks a method to allow anonymous access where it would otherwise be disallowed. """ """ Marks a method to allow anonymous access where it would otherwise be disallowed. """
func.__anon_allowed = True func.__anon_allowed = True
@ -43,31 +38,3 @@ def check_anon_protection(func):
abort(401) abort(401)
return wrapper return wrapper
def _raise_unauthorized(repository, scopes):
raise StandardError("Unauthorized acces to %s", repository)
def _get_reponame_kwargs(*args, **kwargs):
return [kwargs['namespace_name'], kwargs['repo_name']]
def require_repo_permission(permission_class, scopes=None, allow_public=False,
raise_method=_raise_unauthorized,
get_reponame_method=_get_reponame_kwargs):
def wrapper(func):
@wraps(func)
def wrapped(*args, **kwargs):
namespace_name, repo_name = get_reponame_method(*args, **kwargs)
logger.debug('Checking permission %s for repo: %s/%s', permission_class,
namespace_name, repo_name)
permission = permission_class(namespace_name, repo_name)
if (permission.can() or
(allow_public and
model.repository.repository_is_public(namespace_name, repo_name))):
return func(*args, **kwargs)
repository = namespace_name + '/' + repo_name
raise_method(repository, scopes)
return wrapped
return wrapper