vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add support for * (admin) permission to registry auth v2 endpoint

Browse source
This commit is contained in:
Evan Cordell 2016-11-18 14:46:11 -05:00
parent c4fbc8e2e4
commit 9e96e6870f
2 changed files with 22 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
endpoints/v2/v2auth.py
View file

@ -7,7 +7,7 @@ from flask import request, jsonify, abort
from app import app, userevents, instance_keys
from auth.auth_context import get_authenticated_user, get_validated_token, get_validated_oauth_token
from auth.permissions import (ModifyRepositoryPermission, ReadRepositoryPermission,
CreateRepositoryPermission)
CreateRepositoryPermission, AdministerRepositoryPermission)
from auth.process import process_auth
from endpoints.v2 import v2_bp
from endpoints.decorators import anon_protect
@ -118,6 +118,13 @@ def generate_registry_jwt():
else:
logger.debug('No permission to pull repository %s/%s', namespace, reponame)
if '*' in actions:
# Grant * user is admin
if (AdministerRepositoryPermission(namespace, reponame).can()):
final_actions.append('*')
else:
logger.debug("No permission to administer repository %s/%s", namespace, reponame)
# Add the access for the JWT.
access.append({
'type': 'repository',