Propagate the grant user context to the signed grant to fix image sharing.

auth/auth.py

@@ -15,7 +15,7 @@ from data import model
 from data.model import oauth
 from app import app, authentication
 from permissions import QuayDeferredPermissionUser
-from auth_context import (set_authenticated_user, set_validated_token,
+from auth_context import (set_authenticated_user, set_validated_token, set_grant_user_context,
                           set_authenticated_user_deferred, set_validated_oauth_token)
 from util.http import abort
 
@@ -131,10 +131,11 @@ def _process_basic_auth(auth):
   logger.debug('Basic auth present but could not be validated.')
 
 
-def generate_signed_token(grants):
+def generate_signed_token(grants, user_context):
   ser = SecureCookieSessionInterface().get_signing_serializer(app)
   data_to_sign = {
     'grants': grants,
+    'user_context': user_context,
   }
 
   encrypted = ser.dumps(data_to_sign)
@@ -164,6 +165,7 @@ def _process_signed_grant(auth):
   logger.debug('Successfully validated signed grant with data: %s', token_data)
 
   loaded_identity = Identity(None, 'signed_grant')
+  set_grant_user_context(token_data['user_context'])
   loaded_identity.provides.update(token_data['grants'])
   identity_changed.send(app, identity=loaded_identity)