Check for the repository since we can no longer rely on permissions for the existence of repositories.

2013-11-11 18:05:21 -05:00 · 2013-11-11 18:05:21 -05:00 · e5994bab9b
commit e5994bab9b
parent 64cbc735fb
1 changed files with 10 additions and 2 deletions
--- a/endpoints/index.py
+++ b/endpoints/index.py
@ -174,6 +174,10 @@ def update_images(namespace, repository):

  if permission.can():
    repository = model.get_repository(namespace, repository)
+    if not repository:
+      # Make sure the repo actually exists.
+      abort(404)
+
    image_with_checksums = json.loads(request.data)

    for image in image_with_checksums:
@ -196,6 +200,11 @@ def get_repository_images(namespace, repository):
  # TODO invalidate token?

  if permission.can() or model.repository_is_public(namespace, repository):
+    # We can't rely on permissions to tell us if a repo exists anymore
+    repo = model.get_repository(namespace, repository)
+    if not repo:
+      abort(404)
+
    all_images = []
    for image in model.get_repository_images(namespace, repository):
      new_image_view = {
@ -215,8 +224,7 @@ def get_repository_images(namespace, repository):

    return resp

-  # TODO Submit a pull to docker CLI to get it to accept 403s
-  abort(404)
+  abort(403)


@app.route('/v1/repositories/<path:repository>/images', methods=['DELETE'])