From 4d5de096ab8f3eaa9776834a7de9c3c49e023ccf Mon Sep 17 00:00:00 2001
From: yackob03 <jacob.moshenko@gmail.com>
Date: Fri, 20 Sep 2013 18:47:47 -0400
Subject: [PATCH] Check that the user name is the same as the namespace.

---
 index.py | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/index.py b/index.py
index f9b0cf541..540c3a33b 100644
--- a/index.py
+++ b/index.py
@@ -103,23 +103,23 @@ def update_user(username):
 @parse_repository_name
 @generate_headers(access='write')
 def create_repository(namespace, repository):
-  # TODO check that the user is the same as indicated by the namespace
-
   image_descriptions = json.loads(request.data)
 
   repo = model.get_repository(namespace, repository)
 
-  auth_fail_response = 403
-  if not get_validated_token() or get_authenticated_user():
-    auth_fail_response = 401
-
   if repo:
     permission = ModifyRepositoryPermission(namespace, repository)
     if not permission.can():
-      abort(auth_fail_response)
+      if get_validated_token() or get_authenticated_user():
+        abort(403)
+      else:
+        abort(401)
   else:
     if not get_authenticated_user():
-      abort(auth_fail_response)
+      abort(401)
+
+    if get_authenticated_user().username != namespace:
+      abort(403)
 
     logger.debug('Creaing repository with owner: %s' %
                  get_authenticated_user().username)