From e5994bab9bb6e34fad36b3b8a128127ab3492f01 Mon Sep 17 00:00:00 2001 From: yackob03 Date: Mon, 11 Nov 2013 18:05:21 -0500 Subject: [PATCH] Check for the repository since we can no longer rely on permissions for the existence of repositories. --- endpoints/index.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/endpoints/index.py b/endpoints/index.py index 4647d43ff..6b0cde6d8 100644 --- a/endpoints/index.py +++ b/endpoints/index.py @@ -174,6 +174,10 @@ def update_images(namespace, repository): if permission.can(): repository = model.get_repository(namespace, repository) + if not repository: + # Make sure the repo actually exists. + abort(404) + image_with_checksums = json.loads(request.data) for image in image_with_checksums: @@ -196,6 +200,11 @@ def get_repository_images(namespace, repository): # TODO invalidate token? if permission.can() or model.repository_is_public(namespace, repository): + # We can't rely on permissions to tell us if a repo exists anymore + repo = model.get_repository(namespace, repository) + if not repo: + abort(404) + all_images = [] for image in model.get_repository_images(namespace, repository): new_image_view = { @@ -215,8 +224,7 @@ def get_repository_images(namespace, repository): return resp - # TODO Submit a pull to docker CLI to get it to accept 403s - abort(404) + abort(403) @app.route('/v1/repositories//images', methods=['DELETE'])