Prevent CNR methods from auth-ing on non-app repos

2017-03-22 23:46:05 -04:00 · 2017-03-22 23:46:05 -04:00 · 4c34b00b38
commit 4c34b00b38
parent bdda74d6df
2 changed files with 26 additions and 0 deletions
--- a/endpoints/appr/decorators.py
+++ b/endpoints/appr/decorators.py
@ -2,6 +2,8 @@ import logging

 from functools import wraps

+from flask import abort
+
 from data import model


@ -24,6 +26,11 @@ def require_repo_permission(permission_class, scopes=None, allow_public=False,
    def wrapped(*args, **kwargs):
      namespace_name, repo_name = get_reponame_method(*args, **kwargs)

+      image_repo = model.repository.get_repository(namespace_name, repo_name, kind_filter='image')
+      if image_repo is not None:
+        logger.debug('Tried to invoked a CNR method on an image repository')
+        abort(501)
+
      logger.debug('Checking permission %s for repo: %s/%s', permission_class,
                   namespace_name, repo_name)
      permission = permission_class(namespace_name, repo_name)