Fix creation of repositories when having a creator permission

This fixes the grants on a user's session when creating a repository with only the creator permission

Fixes #117

endpoints/index.py

@@ -34,7 +34,7 @@ class GrantType(object):
   WRITE_REPOSITORY = 'write'
 
 
-def generate_headers(scope=GrantType.READ_REPOSITORY):
+def generate_headers(scope=GrantType.READ_REPOSITORY, add_grant_for_status=None):
   def decorator_method(f):
     @wraps(f)
     def wrapper(namespace, repository, *args, **kwargs):
@@ -49,15 +49,16 @@ def generate_headers(scope=GrantType.READ_REPOSITORY):
       response.headers['X-Docker-Endpoints'] = registry_server
 
       has_token_request = request.headers.get('X-Docker-Token', '')
+      force_grant = (add_grant_for_status == response.status_code)
 
-      if has_token_request:
+      if has_token_request or force_grant:
         grants = []
 
         if scope == GrantType.READ_REPOSITORY:
-          if ReadRepositoryPermission(namespace, repository).can():
+          if ReadRepositoryPermission(namespace, repository).can() or force_grant:
             grants.append(repository_read_grant(namespace, repository))
         elif scope == GrantType.WRITE_REPOSITORY:
-          if ModifyRepositoryPermission(namespace, repository).can():
+          if ModifyRepositoryPermission(namespace, repository).can() or force_grant:
             grants.append(repository_write_grant(namespace, repository))
 
         # Generate a signed token for the user (if any) and the grants (if any)
@@ -196,18 +197,18 @@ def update_user(username):
 @index.route('/repositories/<path:repository>', methods=['PUT'])
 @process_auth
 @parse_repository_name
-@generate_headers(scope=GrantType.WRITE_REPOSITORY)
+@generate_headers(scope=GrantType.WRITE_REPOSITORY, add_grant_for_status=201)
 @anon_allowed
 def create_repository(namespace, repository):
-  logger.debug('Parsing image descriptions')
+  logger.debug('Parsing image descriptions for repository %s/%s', namespace, repository)
   image_descriptions = json.loads(request.data.decode('utf8'))
 
-  logger.debug('Looking up repository')
+  logger.debug('Looking up repository %s/%s', namespace, repository)
   repo = model.get_repository(namespace, repository)
 
-  logger.debug('Repository looked up')
+  logger.debug('Found repository %s/%s', namespace, repository)
   if not repo and get_authenticated_user() is None:
-    logger.debug('Attempt to create new repository without user auth.')
+    logger.debug('Attempt to create repository %s/%s without user auth', namespace, repository)
     abort(401,
           message='Cannot create a repository as a guest. Please login via "docker login" first.',
           issue='no-login')
@@ -219,17 +220,19 @@ def create_repository(namespace, repository):
             message='You do not have permission to modify repository %(namespace)s/%(repository)s',
             issue='no-repo-write-permission',
             namespace=namespace, repository=repository)
-
   else:
     permission = CreateRepositoryPermission(namespace)
     if not permission.can():
-      logger.info('Attempt to create a new repo with insufficient perms.')
+      logger.info('Attempt to create a new repo %s/%s with insufficient perms', namespace, repository)
       abort(403,
             message='You do not have permission to create repositories in namespace "%(namespace)s"',
             issue='no-create-permission',
             namespace=namespace)
 
-    logger.debug('Creaing repository with owner: %s', get_authenticated_user().username)
+    # Attempt to create the new repository.
+    logger.debug('Creating repository %s/%s with owner: %s', namespace, repository,
+                 get_authenticated_user().username)
+
     repo = model.create_repository(namespace, repository,
                                    get_authenticated_user())