Protect the search and repository list endpoints appropriately. Add more differentiating data to some need types. Remove the notification about password change from the user admin page. Select the dependent models for the visible repo list.
This commit is contained in:
jakedt
parent
afb3a67b7b
commit
41cfadac23
7 changed files with 53 additions and 44 deletions
|
|
@ -9,7 +9,7 @@ from endpoints.api import (truthy_bool, format_date, nickname, log_action, valid
|
|||
RepositoryParamResource, resource, query_param, parse_args, ApiResource,
|
||||
request_error, require_scope, Unauthorized, NotFound, InvalidRequest)
|
||||
from auth.permissions import (ModifyRepositoryPermission, AdministerRepositoryPermission,
|
||||
CreateRepositoryPermission)
|
||||
CreateRepositoryPermission, ReadRepositoryPermission)
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from auth import scopes
|
||||
|
||||
|
|
@ -132,7 +132,8 @@ class RepositoryList(ApiResource):
|
|||
include_public=args['public'], sort=args['sort'],
|
||||
namespace=args['namespace'])
|
||||
|
||||
response['repositories'] = [repo_view(repo) for repo in repo_query]
|
||||
response['repositories'] = [repo_view(repo) for repo in repo_query
|
||||
if ReadRepositoryPermission(repo.namespace, repo.name).can()]
|
||||
|
||||
return response
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,8 @@
|
|||
from endpoints.api import (ApiResource, parse_args, query_param, truthy_bool, nickname, resource,
|
||||
require_scope)
|
||||
from data import model
|
||||
from auth.permissions import OrganizationMemberPermission, ViewTeamPermission
|
||||
from auth.permissions import (OrganizationMemberPermission, ViewTeamPermission,
|
||||
ReadRepositoryPermission, UserAdminPermission)
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from auth import scopes
|
||||
|
||||
|
|
@ -13,7 +14,6 @@ class EntitySearch(ApiResource):
|
|||
@query_param('namespace', 'Namespace to use when querying for org entities.', type=str,
|
||||
default='')
|
||||
@query_param('includeTeams', 'Whether to include team names.', type=truthy_bool, default=False)
|
||||
@require_scope(scopes.READ_USER)
|
||||
@nickname('getMatchingEntities')
|
||||
def get(self, args, prefix):
|
||||
""" Get a list of entities that match the specified prefix. """
|
||||
|
|
@ -38,7 +38,10 @@ class EntitySearch(ApiResource):
|
|||
# namespace name was a user
|
||||
user = get_authenticated_user()
|
||||
if user and user.username == namespace_name:
|
||||
robot_namespace = namespace_name
|
||||
# Check if there is admin user permissions (login only)
|
||||
admin_permission = UserAdminPermission(user.username)
|
||||
if admin_permission.can():
|
||||
robot_namespace = namespace_name
|
||||
|
||||
users = model.get_matching_users(prefix, robot_namespace, organization)
|
||||
|
||||
|
|
@ -87,7 +90,7 @@ class FindRepositories(ApiResource):
|
|||
""" Resource for finding repositories. """
|
||||
@parse_args
|
||||
@query_param('query', 'The prefix to use when querying for repositories.', type=str, default='')
|
||||
@require_scope(scopes.READ_USER)
|
||||
@require_scope(scopes.READ_REPO)
|
||||
@nickname('findRepos')
|
||||
def get(self, args):
|
||||
""" Get a list of repositories that match the specified prefix query. """
|
||||
|
|
@ -101,10 +104,12 @@ class FindRepositories(ApiResource):
|
|||
}
|
||||
|
||||
username = None
|
||||
if get_authenticated_user() is not None:
|
||||
username = get_authenticated_user().username
|
||||
user = get_authenticated_user()
|
||||
if user is not None:
|
||||
username = user.username
|
||||
|
||||
matching = model.get_matching_repositories(prefix, username)
|
||||
return {
|
||||
'repositories': [repo_view(repo) for repo in matching]
|
||||
'repositories': [repo_view(repo) for repo in matching
|
||||
if ReadRepositoryPermission(repo.namespace, repo.name).can()]
|
||||
}
|
||||
|
|
@ -14,7 +14,8 @@ from endpoints.api.subscribe import subscribe
|
|||
from endpoints.common import common_login
|
||||
from data import model
|
||||
from data.plans import get_plan
|
||||
from auth.permissions import AdministerOrganizationPermission, CreateRepositoryPermission
|
||||
from auth.permissions import (AdministerOrganizationPermission, CreateRepositoryPermission,
|
||||
UserAdminPermission)
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from auth import scopes
|
||||
from util.gravatar import compute_hash
|
||||
|
|
@ -46,20 +47,26 @@ def user_view(user):
|
|||
|
||||
logins = model.list_federated_logins(user)
|
||||
|
||||
return {
|
||||
user_response = {
|
||||
'verified': user.verified,
|
||||
'anonymous': False,
|
||||
'username': user.username,
|
||||
'email': user.email,
|
||||
'gravatar': compute_hash(user.email),
|
||||
'askForPassword': user.password_hash is None,
|
||||
'organizations': [org_view(o) for o in organizations],
|
||||
'logins': [login_view(login) for login in logins],
|
||||
'can_create_repo': True,
|
||||
'invoice_email': user.invoice_email,
|
||||
'preferred_namespace': not (user.stripe_id is None)
|
||||
}
|
||||
|
||||
user_admin = UserAdminPermission(user.username)
|
||||
if user_admin.can():
|
||||
user_response.update({
|
||||
'organizations': [org_view(o) for o in organizations],
|
||||
'logins': [login_view(login) for login in logins],
|
||||
'can_create_repo': True,
|
||||
'invoice_email': user.invoice_email,
|
||||
'preferred_namespace': not (user.stripe_id is None),
|
||||
})
|
||||
|
||||
return user_response
|
||||
|
||||
|
||||
def notification_view(notification):
|
||||
return {
|
||||
|
|
@ -119,7 +126,7 @@ class User(ApiResource):
|
|||
},
|
||||
}
|
||||
|
||||
@require_scope(scopes.READ_USER)
|
||||
@require_user_read
|
||||
@nickname('getLoggedInUser')
|
||||
def get(self):
|
||||
""" Get user information for the authenticated user. """
|
||||
|
|
|
|||
Reference in a new issue