Mark a whole slew of APIs as internal only.
This commit is contained in:
jakedt
parent
5e7ffd95ca
commit
6267275d6f
9 changed files with 37 additions and 13 deletions
|
|
@ -293,6 +293,7 @@ class OrganizationPlan(ApiResource):
|
|||
|
||||
|
||||
@resource('/v1/user/invoices')
|
||||
@internal_only
|
||||
class UserInvoiceList(ApiResource):
|
||||
""" Resource for listing a user's invoices. """
|
||||
@require_user_admin
|
||||
|
|
@ -307,6 +308,7 @@ class UserInvoiceList(ApiResource):
|
|||
|
||||
|
||||
@resource('/v1/organization/<orgname>/invoices')
|
||||
@internal_only
|
||||
@related_user_resource(UserInvoiceList)
|
||||
class OrgnaizationInvoiceList(ApiResource):
|
||||
""" Resource for listing an orgnaization's invoices. """
|
||||
|
|
|
|||
|
|
@ -4,7 +4,8 @@ from datetime import datetime, timedelta
|
|||
|
||||
from endpoints.api import (resource, nickname, ApiResource, query_param, parse_args,
|
||||
RepositoryParamResource, require_repo_admin, related_user_resource,
|
||||
format_date, Unauthorized, NotFound, require_user_admin)
|
||||
format_date, Unauthorized, NotFound, require_user_admin,
|
||||
internal_only)
|
||||
from auth.permissions import AdministerOrganizationPermission, AdministerOrganizationPermission
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from data import model
|
||||
|
|
@ -63,6 +64,7 @@ def get_logs(namespace, start_time, end_time, performer_name=None,
|
|||
|
||||
|
||||
@resource('/v1/repository/<path:repository>/logs')
|
||||
@internal_only
|
||||
class RepositoryLogs(RepositoryParamResource):
|
||||
""" Resource for fetching logs for the specific repository. """
|
||||
@require_repo_admin
|
||||
|
|
@ -82,6 +84,7 @@ class RepositoryLogs(RepositoryParamResource):
|
|||
|
||||
|
||||
@resource('/v1/user/logs')
|
||||
@internal_only
|
||||
class UserLogs(ApiResource):
|
||||
""" Resource for fetching logs for the current user. """
|
||||
@require_user_admin
|
||||
|
|
@ -101,6 +104,7 @@ class UserLogs(ApiResource):
|
|||
|
||||
|
||||
@resource('/v1/organization/<orgname>/logs')
|
||||
@internal_only
|
||||
@related_user_resource(UserLogs)
|
||||
class OrgLogs(ApiResource):
|
||||
""" Resource for fetching logs for the entire organization. """
|
||||
|
|
|
|||
|
|
@ -95,6 +95,7 @@ class OrganizationList(ApiResource):
|
|||
|
||||
|
||||
@resource('/v1/organization/<orgname>')
|
||||
@internal_only
|
||||
@related_user_resource(User)
|
||||
class Organization(ApiResource):
|
||||
""" Resource for managing organizations. """
|
||||
|
|
@ -160,6 +161,7 @@ class Organization(ApiResource):
|
|||
|
||||
|
||||
@resource('/v1/organization/<orgname>/private')
|
||||
@internal_only
|
||||
@related_user_resource(PrivateRepositories)
|
||||
class OrgPrivateRepositories(ApiResource):
|
||||
""" Custom verb to compute whether additional private repositories are available. """
|
||||
|
|
@ -194,6 +196,7 @@ class OrgPrivateRepositories(ApiResource):
|
|||
|
||||
|
||||
@resource('/v1/organization/<orgname>/members')
|
||||
@internal_only
|
||||
class OrgnaizationMemberList(ApiResource):
|
||||
""" Resource for listing the members of an organization. """
|
||||
@nickname('getOrganizationMembers')
|
||||
|
|
@ -226,6 +229,7 @@ class OrgnaizationMemberList(ApiResource):
|
|||
|
||||
|
||||
@resource('/v1/organization/<orgname>/members/<membername>')
|
||||
@internal_only
|
||||
class OrganizationMember(ApiResource):
|
||||
""" Resource for managing individual organization members. """
|
||||
@nickname('getOrganizationMember')
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
from flask import request
|
||||
|
||||
from endpoints.api import (resource, nickname, ApiResource, validate_json_request, request_error,
|
||||
log_action, Unauthorized, NotFound)
|
||||
log_action, Unauthorized, NotFound, internal_only)
|
||||
from auth.permissions import AdministerOrganizationPermission
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from data import model
|
||||
|
|
@ -54,6 +54,7 @@ def log_prototype_action(action_kind, orgname, prototype, **kwargs):
|
|||
|
||||
|
||||
@resource('/v1/organization/<orgname>/prototypes')
|
||||
@internal_only
|
||||
class PermissionPrototypeList(ApiResource):
|
||||
""" Resource for listing and creating permission prototypes. """
|
||||
schemas = {
|
||||
|
|
@ -178,6 +179,7 @@ class PermissionPrototypeList(ApiResource):
|
|||
|
||||
|
||||
@resource('/v1/organization/<orgname>/prototypes/<prototypeid>')
|
||||
@internal_only
|
||||
class PermissionPrototype(ApiResource):
|
||||
""" Resource for managingin individual permission prototypes. """
|
||||
schemas = {
|
||||
|
|
|
|||
|
|
@ -94,6 +94,7 @@ class RepositoryList(ApiResource):
|
|||
|
||||
raise Unauthorized()
|
||||
|
||||
@require_scope(scopes.READ_REPO)
|
||||
@nickname('listRepos')
|
||||
@parse_args
|
||||
@query_param('page', 'Offset page number. (int)', type=int)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
from endpoints.api import (resource, nickname, ApiResource, log_action, related_user_resource,
|
||||
Unauthorized, require_user_admin)
|
||||
Unauthorized, require_user_admin, internal_only)
|
||||
from auth.permissions import AdministerOrganizationPermission, OrganizationMemberPermission
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from data import model
|
||||
|
|
@ -14,6 +14,7 @@ def robot_view(name, token):
|
|||
|
||||
|
||||
@resource('/v1/user/robots')
|
||||
@internal_only
|
||||
class UserRobotList(ApiResource):
|
||||
""" Resource for listing user robots. """
|
||||
@require_user_admin
|
||||
|
|
@ -28,6 +29,7 @@ class UserRobotList(ApiResource):
|
|||
|
||||
|
||||
@resource('/v1/user/robots/<robot_shortname>')
|
||||
@internal_only
|
||||
class UserRobot(ApiResource):
|
||||
""" Resource for managing a user's robots. """
|
||||
@require_user_admin
|
||||
|
|
@ -50,6 +52,7 @@ class UserRobot(ApiResource):
|
|||
|
||||
|
||||
@resource('/v1/organization/<orgname>/robots')
|
||||
@internal_only
|
||||
@related_user_resource(UserRobotList)
|
||||
class OrgRobotList(ApiResource):
|
||||
""" Resource for listing an organization's robots. """
|
||||
|
|
@ -67,6 +70,7 @@ class OrgRobotList(ApiResource):
|
|||
|
||||
|
||||
@resource('/v1/organization/<orgname>/robots/<robot_shortname>')
|
||||
@internal_only
|
||||
@related_user_resource(UserRobot)
|
||||
class OrgRobot(ApiResource):
|
||||
""" Resource for managing an organization's robots. """
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
from flask import request
|
||||
|
||||
from endpoints.api import (resource, nickname, ApiResource, validate_json_request, request_error,
|
||||
log_action, Unauthorized, NotFound)
|
||||
log_action, Unauthorized, NotFound, internal_only)
|
||||
from auth.permissions import AdministerOrganizationPermission, ViewTeamPermission
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from data import model
|
||||
|
|
@ -27,6 +27,7 @@ def member_view(member):
|
|||
|
||||
|
||||
@resource('/v1/organization/<orgname>/team/<teamname>')
|
||||
@internal_only
|
||||
class OrganizationTeam(ApiResource):
|
||||
""" Resource for manging an organization's teams. """
|
||||
schemas = {
|
||||
|
|
@ -109,6 +110,7 @@ class OrganizationTeam(ApiResource):
|
|||
|
||||
|
||||
@resource('/v1/organization/<orgname>/team/<teamname>/members')
|
||||
@internal_only
|
||||
class TeamMemberList(ApiResource):
|
||||
""" Resource for managing the list of members for a team. """
|
||||
@nickname('getOrganizationTeamMembers')
|
||||
|
|
@ -134,6 +136,7 @@ class TeamMemberList(ApiResource):
|
|||
|
||||
|
||||
@resource('/v1/organization/<orgname>/team/<teamname>/members/<membername>')
|
||||
@internal_only
|
||||
class TeamMember(ApiResource):
|
||||
""" Resource for managing individual members of a team. """
|
||||
@nickname('updateOrganizationTeamMember')
|
||||
|
|
|
|||
|
|
@ -7,11 +7,11 @@ from urlparse import urlunparse
|
|||
|
||||
from app import app
|
||||
from endpoints.api import (RepositoryParamResource, nickname, resource, require_repo_admin,
|
||||
log_action, request_error, query_param, parse_args,
|
||||
log_action, request_error, query_param, parse_args, internal_only,
|
||||
validate_json_request, api, Unauthorized, NotFound, InvalidRequest)
|
||||
from endpoints.api.build import build_status_view, trigger_view, RepositoryBuildStatus
|
||||
from endpoints.common import start_build
|
||||
from endpoints.trigger import (BuildTrigger, TriggerDeactivationException,
|
||||
from endpoints.trigger import (BuildTrigger as BuildTriggerTypes, TriggerDeactivationException,
|
||||
TriggerActivationException, EmptyRepositoryException)
|
||||
from data import model
|
||||
from auth.permissions import UserAdminPermission
|
||||
|
|
@ -63,7 +63,7 @@ class BuildTrigger(RepositoryParamResource):
|
|||
except model.InvalidBuildTriggerException:
|
||||
raise NotFound()
|
||||
|
||||
handler = BuildTrigger.get_trigger_for_service(trigger.service.name)
|
||||
handler = BuildTriggerTypes.get_trigger_for_service(trigger.service.name)
|
||||
config_dict = json.loads(trigger.config)
|
||||
if handler.is_active(config_dict):
|
||||
try:
|
||||
|
|
@ -82,6 +82,7 @@ class BuildTrigger(RepositoryParamResource):
|
|||
|
||||
|
||||
@resource('/v1/repository/<path:repository>/trigger/<trigger_uuid>/subdir')
|
||||
@internal_only
|
||||
class BuildTriggerSubdirs(RepositoryParamResource):
|
||||
""" Custom verb for fetching the subdirs which are buildable for a trigger. """
|
||||
schemas = {
|
||||
|
|
@ -102,7 +103,7 @@ class BuildTriggerSubdirs(RepositoryParamResource):
|
|||
except model.InvalidBuildTriggerException:
|
||||
raise NotFound()
|
||||
|
||||
handler = BuildTrigger.get_trigger_for_service(trigger.service.name)
|
||||
handler = BuildTriggerTypes.get_trigger_for_service(trigger.service.name)
|
||||
user_permission = UserAdminPermission(trigger.connected_user.username)
|
||||
if user_permission.can():
|
||||
new_config_dict = request.get_json()
|
||||
|
|
@ -123,6 +124,7 @@ class BuildTriggerSubdirs(RepositoryParamResource):
|
|||
|
||||
|
||||
@resource('/v1/repository/<path:repository>/trigger/<trigger_uuid>/activate')
|
||||
@internal_only
|
||||
class BuildTriggerActivate(RepositoryParamResource):
|
||||
""" Custom verb for activating a build trigger once all required information has been collected.
|
||||
"""
|
||||
|
|
@ -144,12 +146,12 @@ class BuildTriggerActivate(RepositoryParamResource):
|
|||
except model.InvalidBuildTriggerException:
|
||||
raise NotFound()
|
||||
|
||||
handler = BuildTrigger.get_trigger_for_service(trigger.service.name)
|
||||
handler = BuildTriggerTypes.get_trigger_for_service(trigger.service.name)
|
||||
existing_config_dict = json.loads(trigger.config)
|
||||
if handler.is_active(existing_config_dict):
|
||||
raise InvalidRequest('Trigger config is not sufficient for activation.')
|
||||
|
||||
user_permission = UserPermission(trigger.connected_user.username)
|
||||
user_permission = UserAdminPermission(trigger.connected_user.username)
|
||||
if user_permission.can():
|
||||
new_config_dict = request.get_json()
|
||||
|
||||
|
|
@ -202,7 +204,7 @@ class ActivateBuildTrigger(RepositoryParamResource):
|
|||
except model.InvalidBuildTriggerException:
|
||||
raise NotFound()
|
||||
|
||||
handler = BuildTrigger.get_trigger_for_service(trigger.service.name)
|
||||
handler = BuildTriggerTypes.get_trigger_for_service(trigger.service.name)
|
||||
existing_config_dict = json.loads(trigger.config)
|
||||
if not handler.is_active(existing_config_dict):
|
||||
raise InvalidRequest('Trigger is not active.')
|
||||
|
|
@ -241,6 +243,7 @@ class TriggerBuildList(RepositoryParamResource):
|
|||
|
||||
|
||||
@resource('/v1/repository/<path:repository>/trigger/<trigger_uuid>/sources')
|
||||
@internal_only
|
||||
class BuildTriggerSources(RepositoryParamResource):
|
||||
""" Custom verb to fetch the list of build sources for the trigger config. """
|
||||
@require_repo_admin
|
||||
|
|
@ -252,9 +255,9 @@ class BuildTriggerSources(RepositoryParamResource):
|
|||
except model.InvalidBuildTriggerException:
|
||||
raise NotFound()
|
||||
|
||||
user_permission = UserPermission(trigger.connected_user.username)
|
||||
user_permission = UserAdminPermission(trigger.connected_user.username)
|
||||
if user_permission.can():
|
||||
trigger_handler = BuildTrigger.get_trigger_for_service(trigger.service.name)
|
||||
trigger_handler = BuildTriggerTypes.get_trigger_for_service(trigger.service.name)
|
||||
|
||||
return {
|
||||
'sources': trigger_handler.list_build_sources(trigger.auth_token)
|
||||
|
|
|
|||
|
|
@ -174,6 +174,7 @@ class User(ApiResource):
|
|||
raise request_error(exception=ex)
|
||||
|
||||
@resource('/v1/user/private')
|
||||
@internal_only
|
||||
class PrivateRepositories(ApiResource):
|
||||
""" Operations dealing with the available count of private repositories. """
|
||||
@require_user_admin
|
||||
|
|
|
|||
Reference in a new issue