Check that the user name is the same as the namespace.
This commit is contained in:
yackob03
parent
81d73d434f
commit
4d5de096ab
1 changed files with 8 additions and 8 deletions
16
index.py
16
index.py
|
|
@ -103,23 +103,23 @@ def update_user(username):
|
|||
@parse_repository_name
|
||||
@generate_headers(access='write')
|
||||
def create_repository(namespace, repository):
|
||||
# TODO check that the user is the same as indicated by the namespace
|
||||
|
||||
image_descriptions = json.loads(request.data)
|
||||
|
||||
repo = model.get_repository(namespace, repository)
|
||||
|
||||
auth_fail_response = 403
|
||||
if not get_validated_token() or get_authenticated_user():
|
||||
auth_fail_response = 401
|
||||
|
||||
if repo:
|
||||
permission = ModifyRepositoryPermission(namespace, repository)
|
||||
if not permission.can():
|
||||
abort(auth_fail_response)
|
||||
if get_validated_token() or get_authenticated_user():
|
||||
abort(403)
|
||||
else:
|
||||
abort(401)
|
||||
else:
|
||||
if not get_authenticated_user():
|
||||
abort(auth_fail_response)
|
||||
abort(401)
|
||||
|
||||
if get_authenticated_user().username != namespace:
|
||||
abort(403)
|
||||
|
||||
logger.debug('Creaing repository with owner: %s' %
|
||||
get_authenticated_user().username)
|
||||
|
|
|
|||
Reference in a new issue