Change v2 registry auth code to not hit the database when we know we have permissions loaded
Avoids a DB call and, when used in conjunction with blob caching, will avoid a DB *connection*
This commit is contained in:
Joseph Schorr
parent
3c72e9878d
commit
db6007cb37
1 changed files with 13 additions and 8 deletions
|
|
@ -95,21 +95,26 @@ def _require_repo_permission(permission_class, scopes=None, allow_public=False):
|
|||
def wrapped(namespace_name, repo_name, *args, **kwargs):
|
||||
logger.debug('Checking permission %s for repo: %s/%s', permission_class, namespace_name,
|
||||
repo_name)
|
||||
repository = namespace_name + '/' + repo_name
|
||||
repo = model.get_repository(namespace_name, repo_name)
|
||||
if repo is None:
|
||||
raise Unauthorized(repository=repository, scopes=scopes)
|
||||
|
||||
permission = permission_class(namespace_name, repo_name)
|
||||
if (permission.can() or (allow_public and repo.is_public)):
|
||||
if permission.can():
|
||||
return func(namespace_name, repo_name, *args, **kwargs)
|
||||
|
||||
repository = namespace_name + '/' + repo_name
|
||||
if allow_public:
|
||||
repo = model.get_repository(namespace_name, repo_name)
|
||||
if repo is None or not repo.is_public:
|
||||
raise Unauthorized(repository=repository, scopes=scopes)
|
||||
|
||||
if repo.kind != 'image':
|
||||
msg = 'This repository is for managing %s resources and not container images.' % repo.kind
|
||||
raise Unsupported(detail=msg)
|
||||
|
||||
if repo.is_public:
|
||||
return func(namespace_name, repo_name, *args, **kwargs)
|
||||
|
||||
raise Unauthorized(repository=repository, scopes=scopes)
|
||||
|
||||
return wrapped
|
||||
|
||||
return wrapper
|
||||
|
||||
|
||||
|
|
|
|||
Reference in a new issue