vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Prevent unlimited insane query from running and fix tests

Browse source 
Fixes #591
This commit is contained in:
Joseph Schorr 2015-10-05 17:11:49 -04:00
parent 297a794aa1
commit dd804816ba
4 changed files with 15 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

6
endpoints/api/repository.py
View file

@ -146,6 +146,10 @@ class RepositoryList(ApiResource):
starred_repos = model.repository.get_user_starred_repositories(get_authenticated_user())
star_lookup = set([repo.id for repo in starred_repos])
# If the user asked for only public repositories, limit to only public repos.
if public and (not namespace and not starred):
username = None
# Find the matching repositories.
repositories = model.repository.get_visible_repositories(username=username,
limit=limit,
@ -177,6 +181,8 @@ class RepositoryList(ApiResource):
def get(self, args):
""" Fetch the list of repositories visible to the current user under a variety of situations.
"""
if not args['namespace'] and not args['starred'] and not args['public']:
raise InvalidRequest('namespace, starred or public are required for this API call')
repositories, star_lookup = self._load_repositories(args['namespace'], args['public'],
args['starred'], args['limit'],