Full add public repository support.
This commit is contained in:
yackob03
parent
d50a5d83f8
commit
b718dbc6e3
5 changed files with 39 additions and 32 deletions
|
|
@ -96,8 +96,8 @@ def get_token(code):
|
||||||
return AccessToken.get(AccessToken.code == code)
|
return AccessToken.get(AccessToken.code == code)
|
||||||
|
|
||||||
|
|
||||||
def get_matching_repositories(repo_term, username=None):
|
def get_visible_repositories(username=None):
|
||||||
query = Repository.select().distinct().limit(10).join(Visibility)
|
query = Repository.select().distinct().join(Visibility)
|
||||||
or_clauses = [(Visibility.name == 'public')]
|
or_clauses = [(Visibility.name == 'public')]
|
||||||
|
|
||||||
if username:
|
if username:
|
||||||
|
|
@ -106,12 +106,17 @@ def get_matching_repositories(repo_term, username=None):
|
||||||
query = with_perms.join(User)
|
query = with_perms.join(User)
|
||||||
or_clauses.append(User.username == username)
|
or_clauses.append(User.username == username)
|
||||||
|
|
||||||
|
return query.where(reduce(operator.or_, or_clauses))
|
||||||
|
|
||||||
|
|
||||||
|
def get_matching_repositories(repo_term, username=None):
|
||||||
|
visible = get_visible_repositories(username)
|
||||||
search_clauses = (Repository.name ** ('%' + repo_term + '%') |
|
search_clauses = (Repository.name ** ('%' + repo_term + '%') |
|
||||||
Repository.namespace ** ('%' + repo_term + '%') |
|
Repository.namespace ** ('%' + repo_term + '%') |
|
||||||
Repository.description ** ('%' + repo_term + '%'))
|
Repository.description ** ('%' + repo_term + '%'))
|
||||||
|
|
||||||
|
|
||||||
final = query.where(search_clauses).where(reduce(operator.or_, or_clauses))
|
final = visible.where(search_clauses).limit(10)
|
||||||
return list(final)
|
return list(final)
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -144,20 +149,20 @@ def get_all_repo_users(namespace_name, repository_name):
|
||||||
Repository.name == repository_name)
|
Repository.name == repository_name)
|
||||||
|
|
||||||
|
|
||||||
def get_repository(namespace, name):
|
def get_repository(namespace_name, repository_name):
|
||||||
try:
|
try:
|
||||||
return Repository.get(Repository.name == name,
|
return Repository.get(Repository.name == repository_name,
|
||||||
Repository.namespace == namespace)
|
Repository.namespace == namespace_name)
|
||||||
except Repository.DoesNotExist:
|
except Repository.DoesNotExist:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
||||||
def get_user_repositories(user):
|
def repository_is_public(namespace_name, repository_name):
|
||||||
select = RepositoryPermission.select(RepositoryPermission, Repository, Role)
|
joined = Repository.select().join(Visibility)
|
||||||
with_user = select.join(User).where(User.username == user.username)
|
query = joined.where(Repository.namespace == namespace_name,
|
||||||
with_role = with_user.switch(RepositoryPermission).join(Role)
|
Repository.name == repository_name,
|
||||||
with_repo = with_role.switch(RepositoryPermission).join(Repository)
|
Visibility.name == 'public')
|
||||||
return with_repo
|
return len(list(query)) > 0
|
||||||
|
|
||||||
|
|
||||||
def create_repository(namespace, name, owner):
|
def create_repository(namespace, name, owner):
|
||||||
|
|
|
||||||
|
|
@ -76,16 +76,16 @@ def match_repos_api(prefix):
|
||||||
@app.route('/api/repository/', methods=['GET'])
|
@app.route('/api/repository/', methods=['GET'])
|
||||||
@login_required
|
@login_required
|
||||||
def list_repos_api():
|
def list_repos_api():
|
||||||
def repo_view(repo_perm):
|
def repo_view(repo_obj):
|
||||||
return {
|
return {
|
||||||
'namespace': repo_perm.repository.namespace,
|
'namespace': repo_obj.namespace,
|
||||||
'name': repo_perm.repository.name,
|
'name': repo_obj.name,
|
||||||
'role': repo_perm.role.name,
|
'description': repo_obj.description,
|
||||||
'description': repo_perm.repository.description,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
username = current_user.db_user.username
|
||||||
repos = [repo_view(repo)
|
repos = [repo_view(repo)
|
||||||
for repo in model.get_user_repositories(current_user.db_user)]
|
for repo in model.get_visible_repositories(username)]
|
||||||
response = {
|
response = {
|
||||||
'repositories': repos
|
'repositories': repos
|
||||||
}
|
}
|
||||||
|
|
@ -136,7 +136,7 @@ def get_repo_api(namespace, repository):
|
||||||
}
|
}
|
||||||
|
|
||||||
permission = ReadRepositoryPermission(namespace, repository)
|
permission = ReadRepositoryPermission(namespace, repository)
|
||||||
if permission.can():
|
if permission.can() or model.repository_is_public(namespace, repository):
|
||||||
repo = model.get_repository(namespace, repository)
|
repo = model.get_repository(namespace, repository)
|
||||||
if repo:
|
if repo:
|
||||||
tags = model.list_repository_tags(namespace, repository)
|
tags = model.list_repository_tags(namespace, repository)
|
||||||
|
|
@ -168,7 +168,7 @@ def role_view(repo_perm_obj):
|
||||||
@parse_repository_name
|
@parse_repository_name
|
||||||
def list_tag_images(namespace, repository, tag):
|
def list_tag_images(namespace, repository, tag):
|
||||||
permission = ReadRepositoryPermission(namespace, repository)
|
permission = ReadRepositoryPermission(namespace, repository)
|
||||||
if permission.can():
|
if permission.can() or model.repository_is_public(namespace, repository):
|
||||||
images = model.get_tag_images(namespace, repository, tag)
|
images = model.get_tag_images(namespace, repository, tag)
|
||||||
|
|
||||||
return jsonify({
|
return jsonify({
|
||||||
|
|
|
||||||
|
|
@ -157,7 +157,7 @@ def get_repository_images(namespace, repository):
|
||||||
|
|
||||||
# TODO invalidate token?
|
# TODO invalidate token?
|
||||||
|
|
||||||
if permission.can():
|
if permission.can() or model.repository_is_public(namespace, repository):
|
||||||
all_images = []
|
all_images = []
|
||||||
for image in model.get_repository_images(namespace, repository):
|
for image in model.get_repository_images(namespace, repository):
|
||||||
new_image_view = {
|
new_image_view = {
|
||||||
|
|
|
||||||
|
|
@ -80,15 +80,15 @@ def set_cache_headers(f):
|
||||||
@set_cache_headers
|
@set_cache_headers
|
||||||
def get_image_layer(namespace, repository, image_id, headers):
|
def get_image_layer(namespace, repository, image_id, headers):
|
||||||
permission = ReadRepositoryPermission(namespace, repository)
|
permission = ReadRepositoryPermission(namespace, repository)
|
||||||
if not permission.can():
|
if permission.can() or model.repository_is_public(namespace, repository):
|
||||||
abort(403)
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
return Response(store.stream_read(store.image_layer_path(
|
return Response(store.stream_read(store.image_layer_path(
|
||||||
namespace, repository, image_id)), headers=headers)
|
namespace, repository, image_id)), headers=headers)
|
||||||
except IOError:
|
except IOError:
|
||||||
abort(404) #'Image not found', 404)
|
abort(404) #'Image not found', 404)
|
||||||
|
|
||||||
|
abort(403)
|
||||||
|
|
||||||
|
|
||||||
@app.route('/v1/images/<image_id>/layer', methods=['PUT'])
|
@app.route('/v1/images/<image_id>/layer', methods=['PUT'])
|
||||||
@process_auth
|
@process_auth
|
||||||
|
|
@ -182,7 +182,8 @@ def put_image_checksum(namespace, repository, image_id):
|
||||||
@set_cache_headers
|
@set_cache_headers
|
||||||
def get_image_json(namespace, repository, image_id, headers):
|
def get_image_json(namespace, repository, image_id, headers):
|
||||||
permission = ReadRepositoryPermission(namespace, repository)
|
permission = ReadRepositoryPermission(namespace, repository)
|
||||||
if not permission.can():
|
if (not permission.can() and not
|
||||||
|
model.repository_is_public(namespace, repository)):
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
@ -211,7 +212,8 @@ def get_image_json(namespace, repository, image_id, headers):
|
||||||
@set_cache_headers
|
@set_cache_headers
|
||||||
def get_image_ancestry(namespace, repository, image_id, headers):
|
def get_image_ancestry(namespace, repository, image_id, headers):
|
||||||
permission = ReadRepositoryPermission(namespace, repository)
|
permission = ReadRepositoryPermission(namespace, repository)
|
||||||
if not permission.can():
|
if (not permission.can() and not
|
||||||
|
model.repository_is_public(namespace, repository)):
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,7 @@ logger = logging.getLogger(__name__)
|
||||||
def get_tags(namespace, repository):
|
def get_tags(namespace, repository):
|
||||||
permission = ReadRepositoryPermission(namespace, repository)
|
permission = ReadRepositoryPermission(namespace, repository)
|
||||||
|
|
||||||
if permission.can():
|
if permission.can() or model.repository_is_public(namespace, repository):
|
||||||
tags = model.list_repository_tags(namespace, repository)
|
tags = model.list_repository_tags(namespace, repository)
|
||||||
tag_map = {tag.name: tag.image.image_id for tag in tags}
|
tag_map = {tag.name: tag.image.image_id for tag in tags}
|
||||||
return jsonify(tag_map)
|
return jsonify(tag_map)
|
||||||
|
|
@ -40,7 +40,7 @@ def get_tags(namespace, repository):
|
||||||
def get_tag(namespace, repository, tag):
|
def get_tag(namespace, repository, tag):
|
||||||
permission = ReadRepositoryPermission(namespace, repository)
|
permission = ReadRepositoryPermission(namespace, repository)
|
||||||
|
|
||||||
if permission.can():
|
if permission.can() or model.repository_is_public(namespace, repository):
|
||||||
tag_image = model.get_tag_image(namespace, repository, tag)
|
tag_image = model.get_tag_image(namespace, repository, tag)
|
||||||
response = make_response(tag_image.image_id, 200)
|
response = make_response(tag_image.image_id, 200)
|
||||||
|
|
||||||
|
|
|
||||||
Reference in a new issue