Merge branch 'swaggerlikeus' of https://bitbucket.org/yackob03/quay into swaggerlikeus

data/model/legacy.py

@@ -1288,7 +1288,10 @@ def set_user_repo_permission(username, namespace_name, repository_name,
   if username == namespace_name:
     raise DataModelException('Namespace owner must always be admin.')
 
-  user = User.get(User.username == username)
+  try:
+    user = User.get(User.username == username)
+  except User.DoesNotExist:
+    raise InvalidUsernameException('Invalid username: %s' % username)
   return __set_entity_repo_permission(user, 'user', namespace_name,
                                       repository_name, role_name)
 

endpoints/api/__init__.py

@@ -210,7 +210,10 @@ def validate_json_request(schema_name):
 
 def request_error(exception=None, **kwargs):
   data = kwargs.copy()
-  raise InvalidRequest(exception.message, data)
+  message = 'Request error.'
+  if exception:
+    message = exception.message
+  raise InvalidRequest(message, data)
 
 
 def log_action(kind, user_or_orgname, metadata=None, repo=None):

endpoints/api/billing.py

@@ -113,6 +113,9 @@ class UserCard(ApiResource):
   def get(self):
     """ Get the user's credit card. """
     user = get_authenticated_user()
+    if not user:
+      raise Unauthorized()
+
     return get_card(user)
 
   @nickname('setUserCard')
@@ -120,6 +123,9 @@ class UserCard(ApiResource):
   def post(self):
     """ Update the user's credit card. """
     user = get_authenticated_user()
+    if not user:
+      raise Unauthorized()
+
     token = request.get_json()['token']
     response = set_card(user, token)
     log_action('account_change_cc', user.username)
@@ -300,6 +306,9 @@ class UserInvoiceList(ApiResource):
   def get(self):
     """ List the invoices for the current user. """
     user = get_authenticated_user()
+    if not user:
+      raise Unauthorized()
+
     if not user.stripe_id:
       raise NotFound()
         

endpoints/api/build.py

@@ -195,5 +195,5 @@ class FileDropResource(ApiResource):
     (url, file_id) = user_files.prepare_for_drop(mime_type)
     return {
       'url': url,
-      'file_id': file_id
+      'file_id': str(file_id),
     }

endpoints/api/logs.py

@@ -95,8 +95,11 @@ class UserLogs(ApiResource):
     start_time = args['starttime']
     end_time = args['endtime']
 
-    return get_logs(get_authenticated_user().username, start_time, end_time,
-                    performer_name=performer_name)
+    user = get_authenticated_user()
+    if not user:
+      raise Unauthorized()
+
+    return get_logs(user.username, start_time, end_time, performer_name=performer_name)
 
 
 @resource('/v1/organization/<orgname>/logs')

endpoints/api/organization.py

@@ -66,6 +66,10 @@ class OrganizationList(ApiResource):
   @validate_json_request('NewOrg')
   def post(self):
     """ Create a new organization. """
+    user = get_authenticated_user()
+    if not user:
+      raise Unauthorized()
+
     org_data = request.get_json()
     existing = None
 
@@ -85,7 +89,7 @@ class OrganizationList(ApiResource):
       raise request_error(message=msg)
 
     try:
-      model.create_organization(org_data['name'], org_data['email'], get_authenticated_user())
+      model.create_organization(org_data['name'], org_data['email'], user)
       return 'Created', 201
     except model.DataModelException as ex:
       raise request_error(exception=ex)

endpoints/api/permission.py

@@ -133,8 +133,12 @@ class RepositoryUserPermission(RepositoryParamResource):
     logger.debug('Setting permission to: %s for user %s' %
                  (new_permission['role'], username))
 
-    perm = model.set_user_repo_permission(username, namespace, repository,
-                                          new_permission['role'])
+    try:
+      perm = model.set_user_repo_permission(username, namespace, repository,
+                                            new_permission['role'])
+    except model.InvalidUsernameException as ex:
+      raise request_error(exception=ex)
+
     perm_view = wrap_role_view_user(role_view(perm), perm.user)
 
     try:

endpoints/api/repository.py

@@ -29,6 +29,7 @@ class RepositoryList(ApiResource):
       'required': [
         'repository',
         'visibility',
+        'description',
       ],
       'properties': {
         'repository': {
@@ -62,6 +63,9 @@ class RepositoryList(ApiResource):
   def post(self):
     """Create a new repository."""
     owner = get_authenticated_user()
+    if not owner:
+      raise Unauthorized()
+
     req = request.get_json()
     namespace_name = req['namespace'] if 'namespace' in req else owner.username
 

endpoints/api/search.py

@@ -33,7 +33,8 @@ class EntitySearch(ApiResource):
 
     except model.InvalidOrganizationException:
       # namespace name was a user
-      if get_authenticated_user().username == namespace_name:
+      user = get_authenticated_user()
+      if user and user.username == namespace_name:
         robot_namespace = namespace_name
 
     users = model.get_matching_users(prefix, robot_namespace, organization)

endpoints/api/user.py

@@ -7,7 +7,7 @@ from flask.ext.principal import identity_changed, AnonymousIdentity
 
 from app import app
 from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error,
-                           log_action, internal_only, NotFound)
+                           log_action, internal_only, NotFound, Unauthorized)
 from endpoints.api.subscribe import subscribe
 from endpoints.common import common_login
 from data import model
@@ -122,6 +122,9 @@ class User(ApiResource):
   def put(self):
     """ Update a users details such as password or email. """
     user = get_authenticated_user()
+    if not user:
+      raise Unauthorized()
+
     user_data = request.get_json()
 
     try:
@@ -179,6 +182,9 @@ class PrivateRepositories(ApiResource):
     """ Get the number of private repos this user has, and whether they are allowed to create more.
     """
     user = get_authenticated_user()
+    if not user:
+      raise Unauthorized()
+
     private_repos = model.get_private_repo_count(user.username)
     repos_allowed = 0
 
@@ -251,6 +257,9 @@ class ConvertToOrganization(ApiResource):
   def post(self):
     """ Convert the user to an organization. """
     user = get_authenticated_user()
+    if not user:
+      raise Unauthorized()
+
     convert_data = request.get_json()
 
     # Ensure that the new admin user is the not user being converted.