Protect the search and repository list endpoints appropriately. Add more differentiating data to some need types. Remove the notification about password change from the user admin page. Select the dependent models for the visible repo list.
This commit is contained in:
jakedt
parent
afb3a67b7b
commit
41cfadac23
7 changed files with 53 additions and 44 deletions
|
|
@ -1,7 +1,8 @@
|
|||
from endpoints.api import (ApiResource, parse_args, query_param, truthy_bool, nickname, resource,
|
||||
require_scope)
|
||||
from data import model
|
||||
from auth.permissions import OrganizationMemberPermission, ViewTeamPermission
|
||||
from auth.permissions import (OrganizationMemberPermission, ViewTeamPermission,
|
||||
ReadRepositoryPermission, UserAdminPermission)
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from auth import scopes
|
||||
|
||||
|
|
@ -13,7 +14,6 @@ class EntitySearch(ApiResource):
|
|||
@query_param('namespace', 'Namespace to use when querying for org entities.', type=str,
|
||||
default='')
|
||||
@query_param('includeTeams', 'Whether to include team names.', type=truthy_bool, default=False)
|
||||
@require_scope(scopes.READ_USER)
|
||||
@nickname('getMatchingEntities')
|
||||
def get(self, args, prefix):
|
||||
""" Get a list of entities that match the specified prefix. """
|
||||
|
|
@ -38,7 +38,10 @@ class EntitySearch(ApiResource):
|
|||
# namespace name was a user
|
||||
user = get_authenticated_user()
|
||||
if user and user.username == namespace_name:
|
||||
robot_namespace = namespace_name
|
||||
# Check if there is admin user permissions (login only)
|
||||
admin_permission = UserAdminPermission(user.username)
|
||||
if admin_permission.can():
|
||||
robot_namespace = namespace_name
|
||||
|
||||
users = model.get_matching_users(prefix, robot_namespace, organization)
|
||||
|
||||
|
|
@ -87,7 +90,7 @@ class FindRepositories(ApiResource):
|
|||
""" Resource for finding repositories. """
|
||||
@parse_args
|
||||
@query_param('query', 'The prefix to use when querying for repositories.', type=str, default='')
|
||||
@require_scope(scopes.READ_USER)
|
||||
@require_scope(scopes.READ_REPO)
|
||||
@nickname('findRepos')
|
||||
def get(self, args):
|
||||
""" Get a list of repositories that match the specified prefix query. """
|
||||
|
|
@ -101,10 +104,12 @@ class FindRepositories(ApiResource):
|
|||
}
|
||||
|
||||
username = None
|
||||
if get_authenticated_user() is not None:
|
||||
username = get_authenticated_user().username
|
||||
user = get_authenticated_user()
|
||||
if user is not None:
|
||||
username = user.username
|
||||
|
||||
matching = model.get_matching_repositories(prefix, username)
|
||||
return {
|
||||
'repositories': [repo_view(repo) for repo in matching]
|
||||
'repositories': [repo_view(repo) for repo in matching
|
||||
if ReadRepositoryPermission(repo.namespace, repo.name).can()]
|
||||
}
|
||||
Reference in a new issue