vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

endpoints: clarify repo access decorators

Browse source
This commit is contained in:
Jimmy Zelinskie 2017-03-22 23:41:31 -04:00
parent 3d1c1f9f39
commit 82bcd45727
2 changed files with 40 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
endpoints/appr/__init__.py
View file

@ -8,7 +8,7 @@ from flask import Blueprint
from app import metric_queue from app import metric_queue
from auth.permissions import (AdministerRepositoryPermission, ReadRepositoryPermission, from auth.permissions import (AdministerRepositoryPermission, ReadRepositoryPermission,
ModifyRepositoryPermission) ModifyRepositoryPermission)
from data import model # TODO: stop using model directly from endpoints.decorators import require_repo_permission
from util.metrics.metricqueue import time_blueprint from util.metrics.metricqueue import time_blueprint
@ -17,35 +17,6 @@ time_blueprint(appr_bp, metric_queue)
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
def _raise_unauthorized(repository, scopes):
raise StandardError("Unauthorized acces to %s", repository)
def _get_reponame_kwargs(*args, **kwargs):
return [kwargs['namespace_name'], kwargs['repo_name']]
def require_repo_permission(permission_class, scopes=None, allow_public=False,
raise_method=_raise_unauthorized,
get_reponame_method=_get_reponame_kwargs):
def wrapper(func):
@wraps(func)
def wrapped(*args, **kwargs):
namespace_name, repo_name = get_reponame_method(*args, **kwargs)
logger.debug('Checking permission %s for repo: %s/%s', permission_class,
namespace_name, repo_name)
permission = permission_class(namespace_name, repo_name)
if (permission.can() or
(allow_public and
model.repository.repository_is_public(namespace_name, repo_name))):
return func(*args, **kwargs)
repository = namespace_name + '/' + repo_name
raise_method(repository, scopes)
return wrapped
return wrapper
def _raise_method(repository, scopes): def _raise_method(repository, scopes):
raise UnauthorizedAccess("Unauthorized access for: %s" % repository, raise UnauthorizedAccess("Unauthorized access for: %s" % repository,
{"package": repository, "scopes": scopes}) {"package": repository, "scopes": scopes})

41
endpoints/decorators.py
View file

@ -1,10 +1,19 @@
""" Various decorators for endpoint and API handlers. """ """ Various decorators for endpoint and API handlers. """
import features import logging
from functools import wraps
from flask import abort from flask import abort
import features
from auth.auth_context import (get_validated_oauth_token, get_authenticated_user, from auth.auth_context import (get_validated_oauth_token, get_authenticated_user,
get_validated_token, get_grant_context) get_validated_token, get_grant_context)
from functools import wraps from data import model # TODO: stop using model directly
logger = logging.getLogger(__name__)
def anon_allowed(func): def anon_allowed(func):
@ -34,3 +43,31 @@ def check_anon_protection(func):
abort(401) abort(401)
return wrapper return wrapper
def _raise_unauthorized(repository, scopes):
raise StandardError("Unauthorized acces to %s", repository)
def _get_reponame_kwargs(*args, **kwargs):
return [kwargs['namespace_name'], kwargs['repo_name']]
def require_repo_permission(permission_class, scopes=None, allow_public=False,
raise_method=_raise_unauthorized,
get_reponame_method=_get_reponame_kwargs):
def wrapper(func):
@wraps(func)
def wrapped(*args, **kwargs):
namespace_name, repo_name = get_reponame_method(*args, **kwargs)
logger.debug('Checking permission %s for repo: %s/%s', permission_class,
namespace_name, repo_name)
permission = permission_class(namespace_name, repo_name)
if (permission.can() or
(allow_public and
model.repository.repository_is_public(namespace_name, repo_name))):
return func(*args, **kwargs)
repository = namespace_name + '/' + repo_name
raise_method(repository, scopes)
return wrapped
return wrapper