diff --git a/endpoints/api.py b/endpoints/api.py index e49189370..b46bcb5f9 100644 --- a/endpoints/api.py +++ b/endpoints/api.py @@ -1005,7 +1005,7 @@ def list_repos(): return jsonify(response) -@api.route('/repository/', methods=['PUT']) +@api.route('/repository/', methods=['PUT']) @api_login_required @parse_repository_name def update_repo(namespace, repository): @@ -1027,7 +1027,7 @@ def update_repo(namespace, repository): abort(403) -@api.route('/repository//changevisibility', +@api.route('/repository//changevisibility', methods=['POST']) @api_login_required @parse_repository_name @@ -1048,7 +1048,7 @@ def change_repo_visibility(namespace, repository): abort(403) -@api.route('/repository/', methods=['DELETE']) +@api.route('/repository/', methods=['DELETE']) @api_login_required @parse_repository_name def delete_repository(namespace, repository): @@ -1079,7 +1079,7 @@ def image_view(image): } -@api.route('/repository/', methods=['GET']) +@api.route('/repository/', methods=['GET']) @parse_repository_name def get_repo(namespace, repository): logger.debug('Get repo: %s/%s' % (namespace, repository)) @@ -1159,7 +1159,7 @@ def build_status_view(build_obj, can_write=False): } -@api.route('/repository//build/', methods=['GET']) +@api.route('/repository//build/', methods=['GET']) @parse_repository_name def get_repo_builds(namespace, repository): permission = ReadRepositoryPermission(namespace, repository) @@ -1176,7 +1176,7 @@ def get_repo_builds(namespace, repository): abort(403) # Permission denied -@api.route('/repository//build//status', +@api.route('/repository//build//status', methods=['GET']) @parse_repository_name def get_repo_build_status(namespace, repository, build_uuid): @@ -1193,7 +1193,7 @@ def get_repo_build_status(namespace, repository, build_uuid): abort(403) # Permission denied -@api.route('/repository//build//archiveurl', +@api.route('/repository//build//archiveurl', methods=['GET']) @parse_repository_name def get_repo_build_archive_url(namespace, repository, build_uuid): @@ -1211,7 +1211,7 @@ def get_repo_build_archive_url(namespace, repository, build_uuid): abort(403) # Permission denied -@api.route('/repository//build//logs', +@api.route('/repository//build//logs', methods=['GET']) @parse_repository_name def get_repo_build_logs(namespace, repository, build_uuid): @@ -1236,7 +1236,7 @@ def get_repo_build_logs(namespace, repository, build_uuid): abort(403) # Permission denied -@api.route('/repository//build/', methods=['POST']) +@api.route('/repository//build/', methods=['POST']) @api_login_required @parse_repository_name def request_repo_build(namespace, repository): @@ -1282,7 +1282,7 @@ def webhook_view(webhook): } -@api.route('/repository//webhook/', methods=['POST']) +@api.route('/repository//webhook/', methods=['POST']) @api_login_required @parse_repository_name def create_webhook(namespace, repository): @@ -1303,7 +1303,7 @@ def create_webhook(namespace, repository): abort(403) # Permissions denied -@api.route('/repository//webhook/', +@api.route('/repository//webhook/', methods=['GET']) @api_login_required @parse_repository_name @@ -1320,7 +1320,7 @@ def get_webhook(namespace, repository, public_id): abort(403) # Permission denied -@api.route('/repository//webhook/', methods=['GET']) +@api.route('/repository//webhook/', methods=['GET']) @api_login_required @parse_repository_name def list_webhooks(namespace, repository): @@ -1334,7 +1334,7 @@ def list_webhooks(namespace, repository): abort(403) # Permission denied -@api.route('/repository//webhook/', +@api.route('/repository//webhook/', methods=['DELETE']) @api_login_required @parse_repository_name @@ -1350,7 +1350,7 @@ def delete_webhook(namespace, repository, public_id): abort(403) # Permission denied -@api.route('/repository//trigger/', +@api.route('/repository//trigger/', methods=['GET']) @api_login_required @parse_repository_name @@ -1372,7 +1372,7 @@ def _prepare_webhook_url(scheme, username, password, hostname, path): return urlparse.urlunparse((scheme, auth_hostname, path, '', '', '')) -@api.route('/repository//trigger//subdir', +@api.route('/repository//trigger//subdir', methods=['POST']) @api_login_required @parse_repository_name @@ -1405,7 +1405,7 @@ def list_build_trigger_subdirs(namespace, repository, trigger_uuid): abort(403) # Permission denied -@api.route('/repository//trigger//activate', +@api.route('/repository//trigger//activate', methods=['POST']) @api_login_required @parse_repository_name @@ -1464,7 +1464,7 @@ def activate_build_trigger(namespace, repository, trigger_uuid): abort(403) # Permission denied -@api.route('/repository//trigger//start', +@api.route('/repository//trigger//start', methods=['POST']) @api_login_required @parse_repository_name @@ -1502,7 +1502,7 @@ def manually_start_build_trigger(namespace, repository, trigger_uuid): abort(403) # Permission denied -@api.route('/repository//trigger//builds', +@api.route('/repository//trigger//builds', methods=['GET']) @api_login_required @parse_repository_name @@ -1519,7 +1519,7 @@ def list_trigger_recent_builds(namespace, repository, trigger_uuid): abort(403) # Permission denied -@api.route('/repository//trigger//sources', +@api.route('/repository//trigger//sources', methods=['GET']) @api_login_required @parse_repository_name @@ -1543,7 +1543,7 @@ def list_trigger_build_sources(namespace, repository, trigger_uuid): -@api.route('/repository//trigger/', methods=['GET']) +@api.route('/repository//trigger/', methods=['GET']) @api_login_required @parse_repository_name def list_build_triggers(namespace, repository): @@ -1557,7 +1557,7 @@ def list_build_triggers(namespace, repository): abort(403) # Permission denied -@api.route('/repository//trigger/', +@api.route('/repository//trigger/', methods=['DELETE']) @api_login_required @parse_repository_name @@ -1617,7 +1617,7 @@ def wrap_role_view_org(role_json, user, org_members): return role_json -@api.route('/repository//image/', methods=['GET']) +@api.route('/repository//image/', methods=['GET']) @parse_repository_name def list_repository_images(namespace, repository): permission = ReadRepositoryPermission(namespace, repository) @@ -1642,7 +1642,7 @@ def list_repository_images(namespace, repository): abort(403) -@api.route('/repository//image/', +@api.route('/repository//image/', methods=['GET']) @parse_repository_name def get_image(namespace, repository, image_id): @@ -1656,7 +1656,7 @@ def get_image(namespace, repository, image_id): abort(403) -@api.route('/repository//image//changes', +@api.route('/repository//image//changes', methods=['GET']) @cache_control(max_age=60*60) # Cache for one hour @parse_repository_name @@ -1681,7 +1681,7 @@ def get_image_changes(namespace, repository, image_id): abort(403) -@api.route('/repository//tag/', +@api.route('/repository//tag/', methods=['DELETE']) @parse_repository_name def delete_full_tag(namespace, repository, tag): @@ -1700,7 +1700,7 @@ def delete_full_tag(namespace, repository, tag): abort(403) # Permission denied -@api.route('/repository//tag//images', +@api.route('/repository//tag//images', methods=['GET']) @parse_repository_name def list_tag_images(namespace, repository, tag): @@ -1724,7 +1724,7 @@ def list_tag_images(namespace, repository, tag): abort(403) # Permission denied -@api.route('/repository//permissions/team/', +@api.route('/repository//permissions/team/', methods=['GET']) @api_login_required @parse_repository_name @@ -1741,7 +1741,7 @@ def list_repo_team_permissions(namespace, repository): abort(403) # Permission denied -@api.route('/repository//permissions/user/', +@api.route('/repository//permissions/user/', methods=['GET']) @api_login_required @parse_repository_name @@ -1782,7 +1782,7 @@ def list_repo_user_permissions(namespace, repository): abort(403) # Permission denied -@api.route('/repository//permissions/user/', +@api.route('/repository//permissions/user/', methods=['GET']) @api_login_required @parse_repository_name @@ -1807,7 +1807,7 @@ def get_user_permissions(namespace, repository, username): abort(403) # Permission denied -@api.route('/repository//permissions/team/', +@api.route('/repository//permissions/team/', methods=['GET']) @api_login_required @parse_repository_name @@ -1822,7 +1822,7 @@ def get_team_permissions(namespace, repository, teamname): abort(403) # Permission denied -@api.route('/repository//permissions/user/', +@api.route('/repository//permissions/user/', methods=['PUT', 'POST']) @api_login_required @parse_repository_name @@ -1861,7 +1861,7 @@ def change_user_permissions(namespace, repository, username): abort(403) # Permission denied -@api.route('/repository//permissions/team/', +@api.route('/repository//permissions/team/', methods=['PUT', 'POST']) @api_login_required @parse_repository_name @@ -1889,7 +1889,7 @@ def change_team_permissions(namespace, repository, teamname): abort(403) # Permission denied -@api.route('/repository//permissions/user/', +@api.route('/repository//permissions/user/', methods=['DELETE']) @api_login_required @parse_repository_name @@ -1910,7 +1910,7 @@ def delete_user_permissions(namespace, repository, username): abort(403) # Permission denied -@api.route('/repository//permissions/team/', +@api.route('/repository//permissions/team/', methods=['DELETE']) @api_login_required @parse_repository_name @@ -1936,7 +1936,7 @@ def token_view(token_obj): } -@api.route('/repository//tokens/', methods=['GET']) +@api.route('/repository//tokens/', methods=['GET']) @api_login_required @parse_repository_name def list_repo_tokens(namespace, repository): @@ -1951,7 +1951,7 @@ def list_repo_tokens(namespace, repository): abort(403) # Permission denied -@api.route('/repository//tokens/', methods=['GET']) +@api.route('/repository//tokens/', methods=['GET']) @api_login_required @parse_repository_name def get_tokens(namespace, repository, code): @@ -1967,7 +1967,7 @@ def get_tokens(namespace, repository, code): abort(403) # Permission denied -@api.route('/repository//tokens/', methods=['POST']) +@api.route('/repository//tokens/', methods=['POST']) @api_login_required @parse_repository_name def create_token(namespace, repository): @@ -1989,7 +1989,7 @@ def create_token(namespace, repository): abort(403) # Permission denied -@api.route('/repository//tokens/', methods=['PUT']) +@api.route('/repository//tokens/', methods=['PUT']) @api_login_required @parse_repository_name def change_token(namespace, repository, code): @@ -2014,7 +2014,7 @@ def change_token(namespace, repository, code): abort(403) # Permission denied -@api.route('/repository//tokens/', +@api.route('/repository//tokens/', methods=['DELETE']) @api_login_required @parse_repository_name @@ -2427,7 +2427,7 @@ def log_view(log): -@api.route('/repository//logs', methods=['GET']) +@api.route('/repository//logs', methods=['GET']) @api_login_required @parse_repository_name def list_repo_logs(namespace, repository): diff --git a/endpoints/common.py b/endpoints/common.py index c479a3566..4db244bb8 100644 --- a/endpoints/common.py +++ b/endpoints/common.py @@ -12,13 +12,20 @@ from data import model from data.queue import dockerfile_build_queue from app import app, login_manager from auth.permissions import QuayDeferredPermissionUser +from werkzeug.routing import BaseConverter logger = logging.getLogger(__name__) - route_data = None +class RepoPathConverter(BaseConverter): + regex = '[a-zA-Z0-9_-]+/[a-zA-Z0-9_-]+' + weight = 200 + +app.url_map.converters['repopath'] = RepoPathConverter + + def get_route_data(): global route_data if route_data: @@ -160,4 +167,4 @@ def start_build(repository, dockerfile_id, tags, build_name, subdir, manual, ip=request.remote_addr, metadata=metadata, repository=repository) - return build_request \ No newline at end of file + return build_request diff --git a/test/specs.py b/test/specs.py index 8506a9342..a2a8bd2cb 100644 --- a/test/specs.py +++ b/test/specs.py @@ -71,6 +71,9 @@ UPDATE_REPO_DETAILS = { 'description': 'A new description', } +FAKE_TRIGGER_CONFIG = { + 'active': True +} class TestSpec(object): def __init__(self, url, anon_code=401, no_access_code=403, read_code=403, @@ -458,29 +461,31 @@ def build_specs(): TestSpec(url_for('api.get_build_trigger', repository=PRIVATE_REPO, trigger_uuid=TRIGGER_UUID), admin_code=404), - TestSpec(url_for('api.list_build_trigger_subdirs', repository=PUBLIC_REPO, - trigger_uuid=TRIGGER_UUID), 403, 403, 403, 403), - TestSpec(url_for('api.list_build_trigger_subdirs', repository=ORG_REPO, - trigger_uuid=TRIGGER_UUID), 403, 403, 403, 404), - TestSpec(url_for('api.list_build_trigger_subdirs', repository=PRIVATE_REPO, - trigger_uuid=TRIGGER_UUID), 403, 403, 403, 404), + TestSpec(url_for('api.list_build_trigger_subdirs', + repository=PUBLIC_REPO, trigger_uuid=TRIGGER_UUID), + 401, 403, 403, 403).set_method('POST').set_data_from_obj(FAKE_TRIGGER_CONFIG), + TestSpec(url_for('api.list_build_trigger_subdirs', + repository=ORG_REPO, trigger_uuid=TRIGGER_UUID), + 401, 403, 403, 404).set_method('POST').set_data_from_obj(FAKE_TRIGGER_CONFIG), + TestSpec(url_for('api.list_build_trigger_subdirs', repository=PRIVATE_REPO, trigger_uuid=TRIGGER_UUID), + 401, 403, 403, 404).set_method('POST').set_data_from_obj(FAKE_TRIGGER_CONFIG), - TestSpec(url_for('api.activate_build_trigger', repository=PUBLIC_REPO, - trigger_uuid=TRIGGER_UUID), 403, 403, 403, 403), - TestSpec(url_for('api.activate_build_trigger', repository=ORG_REPO, - trigger_uuid=TRIGGER_UUID), 403, 403, 403, 404), - TestSpec(url_for('api.activate_build_trigger', repository=PRIVATE_REPO, - trigger_uuid=TRIGGER_UUID), 403, 403, 403, 404), + TestSpec(url_for('api.activate_build_trigger', repository=PUBLIC_REPO, trigger_uuid=TRIGGER_UUID), + 401, 403, 403, 403).set_method('POST').set_data_from_obj(FAKE_TRIGGER_CONFIG), + TestSpec(url_for('api.activate_build_trigger', repository=ORG_REPO, trigger_uuid=TRIGGER_UUID), + 401, 403, 403, 404).set_method('POST').set_data_from_obj(FAKE_TRIGGER_CONFIG), + TestSpec(url_for('api.activate_build_trigger', repository=PRIVATE_REPO, trigger_uuid=TRIGGER_UUID), + 401, 403, 403, 404).set_method('POST').set_data_from_obj(FAKE_TRIGGER_CONFIG), TestSpec(url_for('api.manually_start_build_trigger', repository=PUBLIC_REPO, trigger_uuid=TRIGGER_UUID), - 403, 403, 403, 403), + 401, 403, 403, 403).set_method('POST').set_data_from_obj(FAKE_TRIGGER_CONFIG), TestSpec(url_for('api.manually_start_build_trigger', repository=ORG_REPO, trigger_uuid=TRIGGER_UUID), - 403, 403, 403, 404), + 401, 403, 403, 404).set_method('POST').set_data_from_obj(FAKE_TRIGGER_CONFIG), TestSpec(url_for('api.manually_start_build_trigger', repository=PRIVATE_REPO, trigger_uuid=TRIGGER_UUID), - 403, 403, 403, 404), + 401, 403, 403, 404).set_method('POST').set_data_from_obj(FAKE_TRIGGER_CONFIG), TestSpec(url_for('api.list_trigger_recent_builds', repository=PUBLIC_REPO, trigger_uuid=TRIGGER_UUID), admin_code=403),