From db6007cb371b4db0a4fa2e12e6eb0aaa3678644c Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Thu, 14 Dec 2017 13:37:31 -0500 Subject: [PATCH] Change v2 registry auth code to not hit the database when we know we have permissions loaded Avoids a DB call and, when used in conjunction with blob caching, will avoid a DB *connection* --- endpoints/v2/__init__.py | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/endpoints/v2/__init__.py b/endpoints/v2/__init__.py index 198b56cbe..28a837ddd 100644 --- a/endpoints/v2/__init__.py +++ b/endpoints/v2/__init__.py @@ -95,21 +95,26 @@ def _require_repo_permission(permission_class, scopes=None, allow_public=False): def wrapped(namespace_name, repo_name, *args, **kwargs): logger.debug('Checking permission %s for repo: %s/%s', permission_class, namespace_name, repo_name) - repository = namespace_name + '/' + repo_name - repo = model.get_repository(namespace_name, repo_name) - if repo is None: - raise Unauthorized(repository=repository, scopes=scopes) permission = permission_class(namespace_name, repo_name) - if (permission.can() or (allow_public and repo.is_public)): + if permission.can(): + return func(namespace_name, repo_name, *args, **kwargs) + + repository = namespace_name + '/' + repo_name + if allow_public: + repo = model.get_repository(namespace_name, repo_name) + if repo is None or not repo.is_public: + raise Unauthorized(repository=repository, scopes=scopes) + if repo.kind != 'image': msg = 'This repository is for managing %s resources and not container images.' % repo.kind raise Unsupported(detail=msg) - return func(namespace_name, repo_name, *args, **kwargs) + + if repo.is_public: + return func(namespace_name, repo_name, *args, **kwargs) + raise Unauthorized(repository=repository, scopes=scopes) - return wrapped - return wrapper