Next batch of backend permissions for orgs.
This commit is contained in:
yackob03
parent
100ec563fa
commit
dd77ebd64f
11 changed files with 13596 additions and 62 deletions
|
|
@ -23,7 +23,8 @@ from util.names import parse_repository_name
|
|||
from util.gravatar import compute_hash
|
||||
from auth.permissions import (ReadRepositoryPermission,
|
||||
ModifyRepositoryPermission,
|
||||
AdministerRepositoryPermission)
|
||||
AdministerRepositoryPermission,
|
||||
CreateRepositoryPermission)
|
||||
from endpoints import registry
|
||||
from endpoints.web import common_login
|
||||
from util.cache import cache_control
|
||||
|
|
@ -290,22 +291,25 @@ def get_organization_private_allowed(orgname):
|
|||
@api_login_required
|
||||
def create_repo_api():
|
||||
owner = current_user.db_user()
|
||||
|
||||
# TODO(jake): Verify that the user can create a repo in this namespace.
|
||||
json = request.get_json()
|
||||
namespace_name = json['namespace'] if 'namespace' in json else owner.username
|
||||
repository_name = json['repository']
|
||||
visibility = json['visibility']
|
||||
|
||||
repo = model.create_repository(namespace_name, repository_name, owner,
|
||||
visibility)
|
||||
repo.description = json['description']
|
||||
repo.save()
|
||||
permission = CreateRepositoryPermission(json['namespace'])
|
||||
if permission.can():
|
||||
namespace_name = json['namespace'] if 'namespace' in json else owner.username
|
||||
repository_name = json['repository']
|
||||
visibility = json['visibility']
|
||||
|
||||
return jsonify({
|
||||
'namespace': namespace_name,
|
||||
'name': repository_name
|
||||
})
|
||||
repo = model.create_repository(namespace_name, repository_name, owner,
|
||||
visibility)
|
||||
repo.description = json['description']
|
||||
repo.save()
|
||||
|
||||
return jsonify({
|
||||
'namespace': namespace_name,
|
||||
'name': repository_name
|
||||
})
|
||||
|
||||
abort(403)
|
||||
|
||||
|
||||
@app.route('/api/find/repository', methods=['GET'])
|
||||
|
|
|
|||
|
|
@ -13,8 +13,9 @@ from auth.auth import (process_auth, get_authenticated_user,
|
|||
get_validated_token)
|
||||
from util.names import parse_namespace_repository, parse_repository_name
|
||||
from util.email import send_confirmation_email
|
||||
from auth.permissions import (ModifyRepositoryPermission,
|
||||
ReadRepositoryPermission, UserPermission)
|
||||
from auth.permissions import (ModifyRepositoryPermission, UserPermission,
|
||||
ReadRepositoryPermission,
|
||||
CreateRepositoryPermission)
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
|
@ -127,7 +128,9 @@ def create_repository(namespace, repository):
|
|||
abort(403)
|
||||
|
||||
else:
|
||||
if get_authenticated_user().username != namespace:
|
||||
permission = CreateRepoPermission('namespace')
|
||||
if not permission.can():
|
||||
logger.info('Attempt to create a new repo with insufficient perms.')
|
||||
abort(403)
|
||||
|
||||
logger.debug('Creaing repository with owner: %s' %
|
||||
|
|
|
|||
Reference in a new issue