Full add public repository support.

endpoints/api.py

@@ -76,16 +76,16 @@ def match_repos_api(prefix):
 @app.route('/api/repository/', methods=['GET'])
 @login_required
 def list_repos_api():
-  def repo_view(repo_perm):
+  def repo_view(repo_obj):
     return {
-      'namespace': repo_perm.repository.namespace,
-      'name': repo_perm.repository.name,
-      'role': repo_perm.role.name,
-      'description': repo_perm.repository.description,
+      'namespace': repo_obj.namespace,
+      'name': repo_obj.name,
+      'description': repo_obj.description,
     }
 
+  username = current_user.db_user.username
   repos = [repo_view(repo)
-           for repo in model.get_user_repositories(current_user.db_user)]
+           for repo in model.get_visible_repositories(username)]
   response = {
     'repositories': repos
   }
@@ -136,7 +136,7 @@ def get_repo_api(namespace, repository):
     }
 
   permission = ReadRepositoryPermission(namespace, repository)
-  if permission.can():
+  if permission.can() or model.repository_is_public(namespace, repository):
     repo = model.get_repository(namespace, repository)
     if repo:
       tags = model.list_repository_tags(namespace, repository)
@@ -168,7 +168,7 @@ def role_view(repo_perm_obj):
 @parse_repository_name
 def list_tag_images(namespace, repository, tag):
   permission = ReadRepositoryPermission(namespace, repository)
-  if permission.can():
+  if permission.can() or model.repository_is_public(namespace, repository):
     images = model.get_tag_images(namespace, repository, tag)
 
     return jsonify({

endpoints/index.py

@@ -157,7 +157,7 @@ def get_repository_images(namespace, repository):
 
   # TODO invalidate token?
 
-  if permission.can():
+  if permission.can() or model.repository_is_public(namespace, repository):
     all_images = []
     for image in model.get_repository_images(namespace, repository):
       new_image_view = {

endpoints/registry.py

@@ -80,14 +80,14 @@ def set_cache_headers(f):
 @set_cache_headers
 def get_image_layer(namespace, repository, image_id, headers):
   permission = ReadRepositoryPermission(namespace, repository)
-  if not permission.can():
-    abort(403)
+  if permission.can() or model.repository_is_public(namespace, repository):
+    try:
+      return Response(store.stream_read(store.image_layer_path(
+        namespace, repository, image_id)), headers=headers)
+    except IOError:
+      abort(404)  #'Image not found', 404)
 
-  try:
-    return Response(store.stream_read(store.image_layer_path(
-      namespace, repository, image_id)), headers=headers)
-  except IOError:
-    abort(404)  #'Image not found', 404)
+  abort(403)
 
 
 @app.route('/v1/images/<image_id>/layer', methods=['PUT'])
@@ -182,7 +182,8 @@ def put_image_checksum(namespace, repository, image_id):
 @set_cache_headers
 def get_image_json(namespace, repository, image_id, headers):
   permission = ReadRepositoryPermission(namespace, repository)
-  if not permission.can():
+  if (not permission.can() and not
+      model.repository_is_public(namespace, repository)):
     abort(403)
 
   try:
@@ -211,7 +212,8 @@ def get_image_json(namespace, repository, image_id, headers):
 @set_cache_headers
 def get_image_ancestry(namespace, repository, image_id, headers):
   permission = ReadRepositoryPermission(namespace, repository)
-  if not permission.can():
+  if (not permission.can() and not
+      model.repository_is_public(namespace, repository)):
     abort(403)
 
   try:

endpoints/tags.py

@@ -25,7 +25,7 @@ logger = logging.getLogger(__name__)
 def get_tags(namespace, repository):
   permission = ReadRepositoryPermission(namespace, repository)
 
-  if permission.can():
+  if permission.can() or model.repository_is_public(namespace, repository):
     tags = model.list_repository_tags(namespace, repository)
     tag_map = {tag.name: tag.image.image_id for tag in tags}
     return jsonify(tag_map)
@@ -40,7 +40,7 @@ def get_tags(namespace, repository):
 def get_tag(namespace, repository, tag):
   permission = ReadRepositoryPermission(namespace, repository)
 
-  if permission.can():
+  if permission.can() or model.repository_is_public(namespace, repository):
     tag_image = model.get_tag_image(namespace, repository, tag)
     response = make_response(tag_image.image_id, 200)