Check that the user name is the same as the namespace.
This commit is contained in:
yackob03
parent
81d73d434f
commit
4d5de096ab
1 changed files with 8 additions and 8 deletions
16
index.py
16
index.py
|
|
@ -103,23 +103,23 @@ def update_user(username):
|
||||||
@parse_repository_name
|
@parse_repository_name
|
||||||
@generate_headers(access='write')
|
@generate_headers(access='write')
|
||||||
def create_repository(namespace, repository):
|
def create_repository(namespace, repository):
|
||||||
# TODO check that the user is the same as indicated by the namespace
|
|
||||||
|
|
||||||
image_descriptions = json.loads(request.data)
|
image_descriptions = json.loads(request.data)
|
||||||
|
|
||||||
repo = model.get_repository(namespace, repository)
|
repo = model.get_repository(namespace, repository)
|
||||||
|
|
||||||
auth_fail_response = 403
|
|
||||||
if not get_validated_token() or get_authenticated_user():
|
|
||||||
auth_fail_response = 401
|
|
||||||
|
|
||||||
if repo:
|
if repo:
|
||||||
permission = ModifyRepositoryPermission(namespace, repository)
|
permission = ModifyRepositoryPermission(namespace, repository)
|
||||||
if not permission.can():
|
if not permission.can():
|
||||||
abort(auth_fail_response)
|
if get_validated_token() or get_authenticated_user():
|
||||||
|
abort(403)
|
||||||
|
else:
|
||||||
|
abort(401)
|
||||||
else:
|
else:
|
||||||
if not get_authenticated_user():
|
if not get_authenticated_user():
|
||||||
abort(auth_fail_response)
|
abort(401)
|
||||||
|
|
||||||
|
if get_authenticated_user().username != namespace:
|
||||||
|
abort(403)
|
||||||
|
|
||||||
logger.debug('Creaing repository with owner: %s' %
|
logger.debug('Creaing repository with owner: %s' %
|
||||||
get_authenticated_user().username)
|
get_authenticated_user().username)
|
||||||
|
|
|
||||||
Reference in a new issue