use kwargs for parse_repository_name
This commit is contained in:
Jimmy Zelinskie
parent
3b52a255b2
commit
bb46cc933d
15 changed files with 285 additions and 270 deletions
|
|
@ -2,19 +2,19 @@ import json
|
|||
import logging
|
||||
import urlparse
|
||||
|
||||
from flask import request, make_response, jsonify, session
|
||||
from functools import wraps
|
||||
|
||||
from flask import request, make_response, jsonify, session
|
||||
|
||||
from data import model
|
||||
from app import app, authentication, userevents, storage
|
||||
from app import authentication, userevents
|
||||
from auth.auth import process_auth, generate_signed_token
|
||||
from auth.auth_context import get_authenticated_user, get_validated_token, get_validated_oauth_token
|
||||
from util.names import REPOSITORY_NAME_REGEX
|
||||
from auth.permissions import (ModifyRepositoryPermission, UserAdminPermission,
|
||||
ReadRepositoryPermission, CreateRepositoryPermission,
|
||||
repository_read_grant, repository_write_grant)
|
||||
|
||||
from util.http import abort
|
||||
from util.names import REPOSITORY_NAME_REGEX
|
||||
from endpoints.common import parse_repository_name
|
||||
from endpoints.v1 import v1_bp
|
||||
from endpoints.trackhelper import track_and_log
|
||||
|
|
@ -33,12 +33,12 @@ class GrantType(object):
|
|||
def generate_headers(scope=GrantType.READ_REPOSITORY, add_grant_for_status=None):
|
||||
def decorator_method(f):
|
||||
@wraps(f)
|
||||
def wrapper(namespace, repository, *args, **kwargs):
|
||||
response = f(namespace, repository, *args, **kwargs)
|
||||
def wrapper(namespace_name, repo_name, *args, **kwargs):
|
||||
response = f(namespace_name, repo_name, *args, **kwargs)
|
||||
|
||||
# Setting session namespace and repository
|
||||
session['namespace'] = namespace
|
||||
session['repository'] = repository
|
||||
session['namespace'] = namespace_name
|
||||
session['repository'] = repo_name
|
||||
|
||||
# We run our index and registry on the same hosts for now
|
||||
registry_server = urlparse.urlparse(request.url).netloc
|
||||
|
|
@ -51,11 +51,11 @@ def generate_headers(scope=GrantType.READ_REPOSITORY, add_grant_for_status=None)
|
|||
grants = []
|
||||
|
||||
if scope == GrantType.READ_REPOSITORY:
|
||||
if force_grant or ReadRepositoryPermission(namespace, repository).can():
|
||||
grants.append(repository_read_grant(namespace, repository))
|
||||
if force_grant or ReadRepositoryPermission(namespace_name, repo_name).can():
|
||||
grants.append(repository_read_grant(namespace_name, repo_name))
|
||||
elif scope == GrantType.WRITE_REPOSITORY:
|
||||
if force_grant or ModifyRepositoryPermission(namespace, repository).can():
|
||||
grants.append(repository_write_grant(namespace, repository))
|
||||
if force_grant or ModifyRepositoryPermission(namespace_name, repo_name).can():
|
||||
grants.append(repository_write_grant(namespace_name, repo_name))
|
||||
|
||||
# Generate a signed token for the user (if any) and the grants (if any)
|
||||
if grants or get_authenticated_user():
|
||||
|
|
@ -170,50 +170,50 @@ def update_user(username):
|
|||
|
||||
@v1_bp.route('/repositories/<repopath:repository>/', methods=['PUT'])
|
||||
@process_auth
|
||||
@parse_repository_name
|
||||
@parse_repository_name()
|
||||
@generate_headers(scope=GrantType.WRITE_REPOSITORY, add_grant_for_status=201)
|
||||
@anon_allowed
|
||||
def create_repository(namespace, repository):
|
||||
def create_repository(namespace_name, repo_name):
|
||||
# Verify that the repository name is valid.
|
||||
if not REPOSITORY_NAME_REGEX.match(repository):
|
||||
if not REPOSITORY_NAME_REGEX.match(repo_name):
|
||||
abort(400, message='Invalid repository name. Repository names cannot contain slashes.')
|
||||
|
||||
logger.debug('Looking up repository %s/%s', namespace, repository)
|
||||
repo = model.repository.get_repository(namespace, repository)
|
||||
logger.debug('Looking up repository %s/%s', namespace_name, repo_name)
|
||||
repo = model.repository.get_repository(namespace_name, repo_name)
|
||||
|
||||
logger.debug('Found repository %s/%s', namespace, repository)
|
||||
logger.debug('Found repository %s/%s', namespace_name, repo_name)
|
||||
if not repo and get_authenticated_user() is None:
|
||||
logger.debug('Attempt to create repository %s/%s without user auth', namespace, repository)
|
||||
logger.debug('Attempt to create repository %s/%s without user auth', namespace_name, repo_name)
|
||||
abort(401,
|
||||
message='Cannot create a repository as a guest. Please login via "docker login" first.',
|
||||
issue='no-login')
|
||||
|
||||
elif repo:
|
||||
permission = ModifyRepositoryPermission(namespace, repository)
|
||||
permission = ModifyRepositoryPermission(namespace_name, repo_name)
|
||||
if not permission.can():
|
||||
abort(403,
|
||||
message='You do not have permission to modify repository %(namespace)s/%(repository)s',
|
||||
issue='no-repo-write-permission',
|
||||
namespace=namespace, repository=repository)
|
||||
namespace=namespace_name, repository=repo_name)
|
||||
else:
|
||||
permission = CreateRepositoryPermission(namespace)
|
||||
permission = CreateRepositoryPermission(namespace_name)
|
||||
if not permission.can():
|
||||
logger.info('Attempt to create a new repo %s/%s with insufficient perms', namespace,
|
||||
repository)
|
||||
logger.info('Attempt to create a new repo %s/%s with insufficient perms', namespace_name,
|
||||
repo_name)
|
||||
msg = 'You do not have permission to create repositories in namespace "%(namespace)s"'
|
||||
abort(403, message=msg, issue='no-create-permission', namespace=namespace)
|
||||
abort(403, message=msg, issue='no-create-permission', namespace=namespace_name)
|
||||
|
||||
# Attempt to create the new repository.
|
||||
logger.debug('Creating repository %s/%s with owner: %s', namespace, repository,
|
||||
logger.debug('Creating repository %s/%s with owner: %s', namespace_name, repo_name,
|
||||
get_authenticated_user().username)
|
||||
|
||||
repo = model.repository.create_repository(namespace, repository, get_authenticated_user())
|
||||
repo = model.repository.create_repository(namespace_name, repo_name, get_authenticated_user())
|
||||
|
||||
if get_authenticated_user():
|
||||
user_event_data = {
|
||||
'action': 'push_start',
|
||||
'repository': repository,
|
||||
'namespace': namespace
|
||||
'repository': repo_name,
|
||||
'namespace': namespace_name,
|
||||
}
|
||||
|
||||
event = userevents.get_event(get_authenticated_user().username)
|
||||
|
|
@ -224,15 +224,15 @@ def create_repository(namespace, repository):
|
|||
|
||||
@v1_bp.route('/repositories/<repopath:repository>/images', methods=['PUT'])
|
||||
@process_auth
|
||||
@parse_repository_name
|
||||
@parse_repository_name()
|
||||
@generate_headers(scope=GrantType.WRITE_REPOSITORY)
|
||||
@anon_allowed
|
||||
def update_images(namespace, repository):
|
||||
permission = ModifyRepositoryPermission(namespace, repository)
|
||||
def update_images(namespace_name, repo_name):
|
||||
permission = ModifyRepositoryPermission(namespace_name, repo_name)
|
||||
|
||||
if permission.can():
|
||||
logger.debug('Looking up repository')
|
||||
repo = model.repository.get_repository(namespace, repository)
|
||||
repo = model.repository.get_repository(namespace_name, repo_name)
|
||||
if not repo:
|
||||
# Make sure the repo actually exists.
|
||||
abort(404, message='Unknown repository', issue='unknown-repo')
|
||||
|
|
@ -254,17 +254,17 @@ def update_images(namespace, repository):
|
|||
|
||||
@v1_bp.route('/repositories/<repopath:repository>/images', methods=['GET'])
|
||||
@process_auth
|
||||
@parse_repository_name
|
||||
@parse_repository_name()
|
||||
@generate_headers(scope=GrantType.READ_REPOSITORY)
|
||||
@anon_protect
|
||||
def get_repository_images(namespace, repository):
|
||||
permission = ReadRepositoryPermission(namespace, repository)
|
||||
def get_repository_images(namespace_name, repo_name):
|
||||
permission = ReadRepositoryPermission(namespace_name, repo_name)
|
||||
|
||||
# TODO invalidate token?
|
||||
if permission.can() or model.repository.repository_is_public(namespace, repository):
|
||||
if permission.can() or model.repository.repository_is_public(namespace_name, repo_name):
|
||||
# We can't rely on permissions to tell us if a repo exists anymore
|
||||
logger.debug('Looking up repository')
|
||||
repo = model.repository.get_repository(namespace, repository)
|
||||
repo = model.repository.get_repository(namespace_name, repo_name)
|
||||
if not repo:
|
||||
abort(404, message='Unknown repository', issue='unknown-repo')
|
||||
|
||||
|
|
@ -280,17 +280,17 @@ def get_repository_images(namespace, repository):
|
|||
|
||||
@v1_bp.route('/repositories/<repopath:repository>/images', methods=['DELETE'])
|
||||
@process_auth
|
||||
@parse_repository_name
|
||||
@parse_repository_name()
|
||||
@generate_headers(scope=GrantType.WRITE_REPOSITORY)
|
||||
@anon_allowed
|
||||
def delete_repository_images(namespace, repository):
|
||||
def delete_repository_images(namespace_name, repo_name):
|
||||
abort(501, 'Not Implemented', issue='not-implemented')
|
||||
|
||||
|
||||
@v1_bp.route('/repositories/<repopath:repository>/auth', methods=['PUT'])
|
||||
@parse_repository_name
|
||||
@parse_repository_name()
|
||||
@anon_allowed
|
||||
def put_repository_auth(namespace, repository):
|
||||
def put_repository_auth(namespace_name, repo_name):
|
||||
abort(501, 'Not Implemented', issue='not-implemented')
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,8 @@
|
|||
|
||||
import logging
|
||||
import json
|
||||
|
||||
from flask import abort, request, jsonify, make_response, session
|
||||
|
||||
from app import app
|
||||
from util.names import TAG_ERROR, TAG_REGEX
|
||||
from auth.auth import process_auth
|
||||
from auth.permissions import (ReadRepositoryPermission,
|
||||
|
|
@ -22,12 +20,12 @@ logger = logging.getLogger(__name__)
|
|||
@v1_bp.route('/repositories/<repopath:repository>/tags', methods=['GET'])
|
||||
@process_auth
|
||||
@anon_protect
|
||||
@parse_repository_name
|
||||
def get_tags(namespace, repository):
|
||||
permission = ReadRepositoryPermission(namespace, repository)
|
||||
@parse_repository_name()
|
||||
def get_tags(namespace_name, repo_name):
|
||||
permission = ReadRepositoryPermission(namespace_name, repo_name)
|
||||
|
||||
if permission.can() or model.repository.repository_is_public(namespace, repository):
|
||||
tags = model.tag.list_repository_tags(namespace, repository)
|
||||
if permission.can() or model.repository.repository_is_public(namespace_name, repo_name):
|
||||
tags = model.tag.list_repository_tags(namespace_name, repo_name)
|
||||
tag_map = {tag.name: tag.image.docker_image_id for tag in tags}
|
||||
return jsonify(tag_map)
|
||||
|
||||
|
|
@ -37,13 +35,13 @@ def get_tags(namespace, repository):
|
|||
@v1_bp.route('/repositories/<repopath:repository>/tags/<tag>', methods=['GET'])
|
||||
@process_auth
|
||||
@anon_protect
|
||||
@parse_repository_name
|
||||
def get_tag(namespace, repository, tag):
|
||||
permission = ReadRepositoryPermission(namespace, repository)
|
||||
@parse_repository_name()
|
||||
def get_tag(namespace_name, repo_name, tag):
|
||||
permission = ReadRepositoryPermission(namespace_name, repo_name)
|
||||
|
||||
if permission.can() or model.repository.repository_is_public(namespace, repository):
|
||||
if permission.can() or model.repository.repository_is_public(namespace_name, repo_name):
|
||||
try:
|
||||
tag_image = model.tag.get_tag_image(namespace, repository, tag)
|
||||
tag_image = model.tag.get_tag_image(namespace_name, repo_name, tag)
|
||||
except model.DataModelException:
|
||||
abort(404)
|
||||
|
||||
|
|
@ -57,19 +55,19 @@ def get_tag(namespace, repository, tag):
|
|||
@v1_bp.route('/repositories/<repopath:repository>/tags/<tag>', methods=['PUT'])
|
||||
@process_auth
|
||||
@anon_protect
|
||||
@parse_repository_name
|
||||
def put_tag(namespace, repository, tag):
|
||||
permission = ModifyRepositoryPermission(namespace, repository)
|
||||
@parse_repository_name()
|
||||
def put_tag(namespace_name, repo_name, tag):
|
||||
permission = ModifyRepositoryPermission(namespace_name, repo_name)
|
||||
|
||||
if permission.can():
|
||||
if not TAG_REGEX.match(tag):
|
||||
abort(400, TAG_ERROR)
|
||||
|
||||
docker_image_id = json.loads(request.data)
|
||||
model.tag.create_or_update_tag(namespace, repository, tag, docker_image_id)
|
||||
model.tag.create_or_update_tag(namespace_name, repo_name, tag, docker_image_id)
|
||||
|
||||
# Store the updated tag.
|
||||
if not 'pushed_tags' in session:
|
||||
if 'pushed_tags' not in session:
|
||||
session['pushed_tags'] = {}
|
||||
|
||||
session['pushed_tags'][tag] = docker_image_id
|
||||
|
|
@ -82,13 +80,13 @@ def put_tag(namespace, repository, tag):
|
|||
@v1_bp.route('/repositories/<repopath:repository>/tags/<tag>', methods=['DELETE'])
|
||||
@process_auth
|
||||
@anon_protect
|
||||
@parse_repository_name
|
||||
def delete_tag(namespace, repository, tag):
|
||||
permission = ModifyRepositoryPermission(namespace, repository)
|
||||
@parse_repository_name()
|
||||
def delete_tag(namespace_name, repo_name, tag):
|
||||
permission = ModifyRepositoryPermission(namespace_name, repo_name)
|
||||
|
||||
if permission.can():
|
||||
model.tag.delete_tag(namespace, repository, tag)
|
||||
track_and_log('delete_tag', model.repository.get_repository(namespace, repository),
|
||||
model.tag.delete_tag(namespace_name, repo_name, tag)
|
||||
track_and_log('delete_tag', model.repository.get_repository(namespace_name, repo_name),
|
||||
tag=tag)
|
||||
return make_response('Deleted', 200)
|
||||
|
||||
|
|
|
|||
Reference in a new issue