diff --git a/endpoints/api/billing.py b/endpoints/api/billing.py index 7f7e0d652..1f31aa58b 100644 --- a/endpoints/api/billing.py +++ b/endpoints/api/billing.py @@ -293,6 +293,7 @@ class OrganizationPlan(ApiResource): @resource('/v1/user/invoices') +@internal_only class UserInvoiceList(ApiResource): """ Resource for listing a user's invoices. """ @require_user_admin @@ -307,6 +308,7 @@ class UserInvoiceList(ApiResource): @resource('/v1/organization//invoices') +@internal_only @related_user_resource(UserInvoiceList) class OrgnaizationInvoiceList(ApiResource): """ Resource for listing an orgnaization's invoices. """ diff --git a/endpoints/api/logs.py b/endpoints/api/logs.py index b62eda9ae..4c6f6813b 100644 --- a/endpoints/api/logs.py +++ b/endpoints/api/logs.py @@ -4,7 +4,8 @@ from datetime import datetime, timedelta from endpoints.api import (resource, nickname, ApiResource, query_param, parse_args, RepositoryParamResource, require_repo_admin, related_user_resource, - format_date, Unauthorized, NotFound, require_user_admin) + format_date, Unauthorized, NotFound, require_user_admin, + internal_only) from auth.permissions import AdministerOrganizationPermission, AdministerOrganizationPermission from auth.auth_context import get_authenticated_user from data import model @@ -63,6 +64,7 @@ def get_logs(namespace, start_time, end_time, performer_name=None, @resource('/v1/repository//logs') +@internal_only class RepositoryLogs(RepositoryParamResource): """ Resource for fetching logs for the specific repository. """ @require_repo_admin @@ -82,6 +84,7 @@ class RepositoryLogs(RepositoryParamResource): @resource('/v1/user/logs') +@internal_only class UserLogs(ApiResource): """ Resource for fetching logs for the current user. """ @require_user_admin @@ -101,6 +104,7 @@ class UserLogs(ApiResource): @resource('/v1/organization//logs') +@internal_only @related_user_resource(UserLogs) class OrgLogs(ApiResource): """ Resource for fetching logs for the entire organization. """ diff --git a/endpoints/api/organization.py b/endpoints/api/organization.py index 2e2f57a5b..b10011aed 100644 --- a/endpoints/api/organization.py +++ b/endpoints/api/organization.py @@ -95,6 +95,7 @@ class OrganizationList(ApiResource): @resource('/v1/organization/') +@internal_only @related_user_resource(User) class Organization(ApiResource): """ Resource for managing organizations. """ @@ -160,6 +161,7 @@ class Organization(ApiResource): @resource('/v1/organization//private') +@internal_only @related_user_resource(PrivateRepositories) class OrgPrivateRepositories(ApiResource): """ Custom verb to compute whether additional private repositories are available. """ @@ -194,6 +196,7 @@ class OrgPrivateRepositories(ApiResource): @resource('/v1/organization//members') +@internal_only class OrgnaizationMemberList(ApiResource): """ Resource for listing the members of an organization. """ @nickname('getOrganizationMembers') @@ -226,6 +229,7 @@ class OrgnaizationMemberList(ApiResource): @resource('/v1/organization//members/') +@internal_only class OrganizationMember(ApiResource): """ Resource for managing individual organization members. """ @nickname('getOrganizationMember') diff --git a/endpoints/api/prototype.py b/endpoints/api/prototype.py index ef46157fa..bedc19832 100644 --- a/endpoints/api/prototype.py +++ b/endpoints/api/prototype.py @@ -1,7 +1,7 @@ from flask import request from endpoints.api import (resource, nickname, ApiResource, validate_json_request, request_error, - log_action, Unauthorized, NotFound) + log_action, Unauthorized, NotFound, internal_only) from auth.permissions import AdministerOrganizationPermission from auth.auth_context import get_authenticated_user from data import model @@ -54,6 +54,7 @@ def log_prototype_action(action_kind, orgname, prototype, **kwargs): @resource('/v1/organization//prototypes') +@internal_only class PermissionPrototypeList(ApiResource): """ Resource for listing and creating permission prototypes. """ schemas = { @@ -178,6 +179,7 @@ class PermissionPrototypeList(ApiResource): @resource('/v1/organization//prototypes/') +@internal_only class PermissionPrototype(ApiResource): """ Resource for managingin individual permission prototypes. """ schemas = { diff --git a/endpoints/api/repository.py b/endpoints/api/repository.py index cd4ed6dbd..fe259e86d 100644 --- a/endpoints/api/repository.py +++ b/endpoints/api/repository.py @@ -94,6 +94,7 @@ class RepositoryList(ApiResource): raise Unauthorized() + @require_scope(scopes.READ_REPO) @nickname('listRepos') @parse_args @query_param('page', 'Offset page number. (int)', type=int) diff --git a/endpoints/api/robot.py b/endpoints/api/robot.py index c8da9afea..0961d694e 100644 --- a/endpoints/api/robot.py +++ b/endpoints/api/robot.py @@ -1,5 +1,5 @@ from endpoints.api import (resource, nickname, ApiResource, log_action, related_user_resource, - Unauthorized, require_user_admin) + Unauthorized, require_user_admin, internal_only) from auth.permissions import AdministerOrganizationPermission, OrganizationMemberPermission from auth.auth_context import get_authenticated_user from data import model @@ -14,6 +14,7 @@ def robot_view(name, token): @resource('/v1/user/robots') +@internal_only class UserRobotList(ApiResource): """ Resource for listing user robots. """ @require_user_admin @@ -28,6 +29,7 @@ class UserRobotList(ApiResource): @resource('/v1/user/robots/') +@internal_only class UserRobot(ApiResource): """ Resource for managing a user's robots. """ @require_user_admin @@ -50,6 +52,7 @@ class UserRobot(ApiResource): @resource('/v1/organization//robots') +@internal_only @related_user_resource(UserRobotList) class OrgRobotList(ApiResource): """ Resource for listing an organization's robots. """ @@ -67,6 +70,7 @@ class OrgRobotList(ApiResource): @resource('/v1/organization//robots/') +@internal_only @related_user_resource(UserRobot) class OrgRobot(ApiResource): """ Resource for managing an organization's robots. """ diff --git a/endpoints/api/team.py b/endpoints/api/team.py index ccdc3b31b..e82a2bd69 100644 --- a/endpoints/api/team.py +++ b/endpoints/api/team.py @@ -1,7 +1,7 @@ from flask import request from endpoints.api import (resource, nickname, ApiResource, validate_json_request, request_error, - log_action, Unauthorized, NotFound) + log_action, Unauthorized, NotFound, internal_only) from auth.permissions import AdministerOrganizationPermission, ViewTeamPermission from auth.auth_context import get_authenticated_user from data import model @@ -27,6 +27,7 @@ def member_view(member): @resource('/v1/organization//team/') +@internal_only class OrganizationTeam(ApiResource): """ Resource for manging an organization's teams. """ schemas = { @@ -109,6 +110,7 @@ class OrganizationTeam(ApiResource): @resource('/v1/organization//team//members') +@internal_only class TeamMemberList(ApiResource): """ Resource for managing the list of members for a team. """ @nickname('getOrganizationTeamMembers') @@ -134,6 +136,7 @@ class TeamMemberList(ApiResource): @resource('/v1/organization//team//members/') +@internal_only class TeamMember(ApiResource): """ Resource for managing individual members of a team. """ @nickname('updateOrganizationTeamMember') diff --git a/endpoints/api/trigger.py b/endpoints/api/trigger.py index 324aa63c6..3ccd2d696 100644 --- a/endpoints/api/trigger.py +++ b/endpoints/api/trigger.py @@ -7,11 +7,11 @@ from urlparse import urlunparse from app import app from endpoints.api import (RepositoryParamResource, nickname, resource, require_repo_admin, - log_action, request_error, query_param, parse_args, + log_action, request_error, query_param, parse_args, internal_only, validate_json_request, api, Unauthorized, NotFound, InvalidRequest) from endpoints.api.build import build_status_view, trigger_view, RepositoryBuildStatus from endpoints.common import start_build -from endpoints.trigger import (BuildTrigger, TriggerDeactivationException, +from endpoints.trigger import (BuildTrigger as BuildTriggerTypes, TriggerDeactivationException, TriggerActivationException, EmptyRepositoryException) from data import model from auth.permissions import UserAdminPermission @@ -63,7 +63,7 @@ class BuildTrigger(RepositoryParamResource): except model.InvalidBuildTriggerException: raise NotFound() - handler = BuildTrigger.get_trigger_for_service(trigger.service.name) + handler = BuildTriggerTypes.get_trigger_for_service(trigger.service.name) config_dict = json.loads(trigger.config) if handler.is_active(config_dict): try: @@ -82,6 +82,7 @@ class BuildTrigger(RepositoryParamResource): @resource('/v1/repository//trigger//subdir') +@internal_only class BuildTriggerSubdirs(RepositoryParamResource): """ Custom verb for fetching the subdirs which are buildable for a trigger. """ schemas = { @@ -102,7 +103,7 @@ class BuildTriggerSubdirs(RepositoryParamResource): except model.InvalidBuildTriggerException: raise NotFound() - handler = BuildTrigger.get_trigger_for_service(trigger.service.name) + handler = BuildTriggerTypes.get_trigger_for_service(trigger.service.name) user_permission = UserAdminPermission(trigger.connected_user.username) if user_permission.can(): new_config_dict = request.get_json() @@ -123,6 +124,7 @@ class BuildTriggerSubdirs(RepositoryParamResource): @resource('/v1/repository//trigger//activate') +@internal_only class BuildTriggerActivate(RepositoryParamResource): """ Custom verb for activating a build trigger once all required information has been collected. """ @@ -144,12 +146,12 @@ class BuildTriggerActivate(RepositoryParamResource): except model.InvalidBuildTriggerException: raise NotFound() - handler = BuildTrigger.get_trigger_for_service(trigger.service.name) + handler = BuildTriggerTypes.get_trigger_for_service(trigger.service.name) existing_config_dict = json.loads(trigger.config) if handler.is_active(existing_config_dict): raise InvalidRequest('Trigger config is not sufficient for activation.') - user_permission = UserPermission(trigger.connected_user.username) + user_permission = UserAdminPermission(trigger.connected_user.username) if user_permission.can(): new_config_dict = request.get_json() @@ -202,7 +204,7 @@ class ActivateBuildTrigger(RepositoryParamResource): except model.InvalidBuildTriggerException: raise NotFound() - handler = BuildTrigger.get_trigger_for_service(trigger.service.name) + handler = BuildTriggerTypes.get_trigger_for_service(trigger.service.name) existing_config_dict = json.loads(trigger.config) if not handler.is_active(existing_config_dict): raise InvalidRequest('Trigger is not active.') @@ -241,6 +243,7 @@ class TriggerBuildList(RepositoryParamResource): @resource('/v1/repository//trigger//sources') +@internal_only class BuildTriggerSources(RepositoryParamResource): """ Custom verb to fetch the list of build sources for the trigger config. """ @require_repo_admin @@ -252,9 +255,9 @@ class BuildTriggerSources(RepositoryParamResource): except model.InvalidBuildTriggerException: raise NotFound() - user_permission = UserPermission(trigger.connected_user.username) + user_permission = UserAdminPermission(trigger.connected_user.username) if user_permission.can(): - trigger_handler = BuildTrigger.get_trigger_for_service(trigger.service.name) + trigger_handler = BuildTriggerTypes.get_trigger_for_service(trigger.service.name) return { 'sources': trigger_handler.list_build_sources(trigger.auth_token) diff --git a/endpoints/api/user.py b/endpoints/api/user.py index d51e81764..f33e6e6cd 100644 --- a/endpoints/api/user.py +++ b/endpoints/api/user.py @@ -174,6 +174,7 @@ class User(ApiResource): raise request_error(exception=ex) @resource('/v1/user/private') +@internal_only class PrivateRepositories(ApiResource): """ Operations dealing with the available count of private repositories. """ @require_user_admin