Ensure that verbs cannot be performed on disabled namespaces or by disabled users

endpoints/verbs/__init__.py

@@ -204,6 +204,10 @@ def _verify_repo_verb(_, namespace, repo_name, tag, verb, checker=None):
                  get_authenticated_user())
     abort(405)
 
+  # Make sure the repo's namespace isn't disabled.
+  if not model.is_namespace_enabled(namespace):
+    abort(400)
+
   # If there is a data checker, call it first.
   if checker is not None:
     if not checker(tag_image):

endpoints/verbs/models_interface.py

@@ -152,3 +152,8 @@ class VerbsDataInterface(object):
     or None if none.
     """
     pass
+
+  @abstractmethod
+  def is_namespace_enabled(self, namespace_name):
+    """ Returns whether the given namespace exists and is enabled. """
+    pass

endpoints/verbs/models_pre_oci.py

@@ -141,6 +141,10 @@ class PreOCIModel(VerbsDataInterface):
       v1_metadata=_docker_v1_metadata(namespace_name, repo_name, found),
       internal_db_id=found.id,)
 
+  def is_namespace_enabled(self, namespace_name):
+    namespace = model.user.get_namespace_user(namespace_name)
+    return namespace is not None and namespace.enabled
+
 
 pre_oci_model = PreOCIModel()