Check for the repository since we can no longer rely on permissions for the existence of repositories.

This commit is contained in:
yackob03 2013-11-11 18:05:21 -05:00
parent 64cbc735fb
commit e5994bab9b

View file

@ -174,6 +174,10 @@ def update_images(namespace, repository):
if permission.can(): if permission.can():
repository = model.get_repository(namespace, repository) repository = model.get_repository(namespace, repository)
if not repository:
# Make sure the repo actually exists.
abort(404)
image_with_checksums = json.loads(request.data) image_with_checksums = json.loads(request.data)
for image in image_with_checksums: for image in image_with_checksums:
@ -196,6 +200,11 @@ def get_repository_images(namespace, repository):
# TODO invalidate token? # TODO invalidate token?
if permission.can() or model.repository_is_public(namespace, repository): if permission.can() or model.repository_is_public(namespace, repository):
# We can't rely on permissions to tell us if a repo exists anymore
repo = model.get_repository(namespace, repository)
if not repo:
abort(404)
all_images = [] all_images = []
for image in model.get_repository_images(namespace, repository): for image in model.get_repository_images(namespace, repository):
new_image_view = { new_image_view = {
@ -215,8 +224,7 @@ def get_repository_images(namespace, repository):
return resp return resp
# TODO Submit a pull to docker CLI to get it to accept 403s abort(403)
abort(404)
@app.route('/v1/repositories/<path:repository>/images', methods=['DELETE']) @app.route('/v1/repositories/<path:repository>/images', methods=['DELETE'])