From cd276773ff96089ea4d5455b35497f62212c163f Mon Sep 17 00:00:00 2001 From: jakedt Date: Fri, 14 Mar 2014 13:24:01 -0400 Subject: [PATCH] Port over tokens. --- endpoints/api/__init__.py | 15 +++-- endpoints/api/legacy.py | 5 ++ endpoints/api/permission.py | 6 +- endpoints/api/repotoken.py | 131 ++++++++++++++++++++++++++++++++++++ 4 files changed, 147 insertions(+), 10 deletions(-) create mode 100644 endpoints/api/repotoken.py diff --git a/endpoints/api/__init__.py b/endpoints/api/__init__.py index be56f2d6a..a281b075a 100644 --- a/endpoints/api/__init__.py +++ b/endpoints/api/__init__.py @@ -173,13 +173,14 @@ def log_action(kind, user_or_orgname, metadata={}, repo=None): import endpoints.api.legacy -import endpoints.api.repository -import endpoints.api.discovery -import endpoints.api.user -import endpoints.api.search import endpoints.api.build -import endpoints.api.webhook -import endpoints.api.trigger +import endpoints.api.discovery import endpoints.api.image +import endpoints.api.permission +import endpoints.api.repository +import endpoints.api.repotoken +import endpoints.api.search import endpoints.api.tag -import endpoints.api.permission \ No newline at end of file +import endpoints.api.trigger +import endpoints.api.user +import endpoints.api.webhook diff --git a/endpoints/api/legacy.py b/endpoints/api/legacy.py index d287271e6..3f811f958 100644 --- a/endpoints/api/legacy.py +++ b/endpoints/api/legacy.py @@ -1967,6 +1967,7 @@ def token_view(token_obj): } +# Ported @api_bp.route('/repository//tokens/', methods=['GET']) @api_login_required @parse_repository_name @@ -1982,6 +1983,7 @@ def list_repo_tokens(namespace, repository): abort(403) # Permission denied +# Ported @api_bp.route('/repository//tokens/', methods=['GET']) @api_login_required @parse_repository_name @@ -1998,6 +2000,7 @@ def get_tokens(namespace, repository, code): abort(403) # Permission denied +# Ported @api_bp.route('/repository//tokens/', methods=['POST']) @api_login_required @parse_repository_name @@ -2020,6 +2023,7 @@ def create_token(namespace, repository): abort(403) # Permission denied +# Ported @api_bp.route('/repository//tokens/', methods=['PUT']) @api_login_required @parse_repository_name @@ -2045,6 +2049,7 @@ def change_token(namespace, repository, code): abort(403) # Permission denied +# Ported @api_bp.route('/repository//tokens/', methods=['DELETE']) @api_login_required diff --git a/endpoints/api/permission.py b/endpoints/api/permission.py index 8db4baae3..6fd67f62d 100644 --- a/endpoints/api/permission.py +++ b/endpoints/api/permission.py @@ -92,7 +92,7 @@ class RepositoryUserPermission(RepositoryParamResource): 'properties': { 'role': { 'type': 'string', - 'description': 'Visibility which the repository will start with', + 'description': 'Role to use for the user', 'enum': [ 'read', 'write', @@ -176,12 +176,12 @@ class RepositoryTeamPermission(RepositoryParamResource): 'TeamPermission': { 'id': 'TeamPermission', 'type': 'object', - 'description': 'Description of a user permission.', + 'description': 'Description of a team permission.', 'required': True, 'properties': { 'role': { 'type': 'string', - 'description': 'Visibility which the repository will start with', + 'description': 'Role to use for the team', 'enum': [ 'read', 'write', diff --git a/endpoints/api/repotoken.py b/endpoints/api/repotoken.py new file mode 100644 index 000000000..486c20ac1 --- /dev/null +++ b/endpoints/api/repotoken.py @@ -0,0 +1,131 @@ +import logging + +from flask import request +from flask.ext.restful import abort + +from endpoints.api import (resource, nickname, require_repo_admin, RepositoryParamResource, + log_action, validate_json_request) +from data import model + + +logger = logging.getLogger(__name__) + + +def token_view(token_obj): + return { + 'friendlyName': token_obj.friendly_name, + 'code': token_obj.code, + 'role': token_obj.role.name, + } + + +@resource('/v1/repository//tokens/') +class RepositoryTokenList(RepositoryParamResource): + """ Resource for creating and listing repository tokens. """ + schemas = { + 'NewToken': { + 'id': 'NewToken', + 'type': 'object', + 'description': 'Description of a new token.', + 'required': True, + 'properties': { + 'friendlyName': { + 'type': 'string', + 'description': 'Friendly name to help identify the token.', + 'required': True, + }, + }, + }, + } + + @require_repo_admin + @nickname('listRepoTokens') + def get(self, namespace, repository): + """ List the tokens for the specified repository. """ + tokens = model.get_repository_delegate_tokens(namespace, repository) + + return { + 'tokens': {token.code: token_view(token) for token in tokens} + } + + @require_repo_admin + @nickname('createToken') + @validate_json_request('NewToken') + def post(self, namespace, repository): + """ Create a new repository token. """ + token_params = request.get_json() + + token = model.create_delegate_token(namespace, repository, + token_params['friendlyName']) + + log_action('add_repo_accesstoken', namespace, + {'repo': repository, 'token': token_params['friendlyName']}, + repo = model.get_repository(namespace, repository)) + + return token_view(token), 201 + + +@resource('/v1/repository//tokens/') +class RepositoryToken(RepositoryParamResource): + """ Resource for managing individual tokens. """ + schemas = { + 'TokenPermission': { + 'id': 'TokenPermission', + 'type': 'object', + 'description': 'Description of a token permission.', + 'required': True, + 'properties': { + 'role': { + 'type': 'string', + 'description': 'Role to use for the token', + 'enum': [ + 'read', + 'write', + 'admin', + ], + 'required': True, + }, + }, + }, + } + @require_repo_admin + @nickname('getTokens') + def get(self, namespace, repository, code): + """ Fetch the specified token information. """ + try: + perm = model.get_repo_delegate_token(namespace, repository, code) + except model.InvalidTokenException: + abort(404) + + return token_view(perm) + + @require_repo_admin + @nickname('changeToken') + @validate_json_request('TokenPermission') + def put(self, namespace, repository, code): + new_permission = request.get_json() + + logger.debug('Setting permission to: %s for code %s' % + (new_permission['role'], code)) + + token = model.set_repo_delegate_token_role(namespace, repository, code, + new_permission['role']) + + log_action('change_repo_permission', namespace, + {'repo': repository, 'token': token.friendly_name, 'code': code, + 'role': new_permission['role']}, + repo = model.get_repository(namespace, repository)) + + return token_view(token) + + @require_repo_admin + @nickname('deleteToken') + def delete(self, namespace, repository, code): + token = model.delete_delegate_token(namespace, repository, code) + + log_action('delete_repo_accesstoken', namespace, + {'repo': repository, 'token': token.friendly_name, + 'code': code}, + repo = model.get_repository(namespace, repository)) + + return 'Deleted', 204