Jimmy Zelinskie
parent
bb46cc933d
commit
ea2e17cc11
9 changed files with 91 additions and 71 deletions
|
|
@ -1,24 +1,24 @@
|
|||
import logging
|
||||
|
||||
from flask import Blueprint, make_response, url_for, request, jsonify
|
||||
from functools import wraps
|
||||
from urlparse import urlparse
|
||||
|
||||
from flask import Blueprint, make_response, url_for, request, jsonify
|
||||
from semantic_version import Spec
|
||||
|
||||
import features
|
||||
|
||||
from app import metric_queue
|
||||
from endpoints.decorators import anon_protect, anon_allowed
|
||||
from endpoints.v2.errors import V2RegistryException, Unauthorized
|
||||
from app import app, metric_queue
|
||||
from auth.auth_context import get_grant_context
|
||||
from auth.permissions import (ReadRepositoryPermission, ModifyRepositoryPermission,
|
||||
AdministerRepositoryPermission)
|
||||
from data import model
|
||||
from app import app
|
||||
from util.http import abort
|
||||
from util.saas.metricqueue import time_blueprint
|
||||
from util.registry.dockerver import docker_version
|
||||
from auth.registry_jwt_auth import process_registry_jwt_auth, get_auth_headers
|
||||
from data import model
|
||||
from endpoints.decorators import anon_protect, anon_allowed
|
||||
from endpoints.v2.errors import V2RegistryException, Unauthorized
|
||||
from util.http import abort
|
||||
from util.registry.dockerver import docker_version
|
||||
from util.saas.metricqueue import time_blueprint
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
v2_bp = Blueprint('v2', __name__)
|
||||
|
|
@ -33,12 +33,12 @@ def handle_registry_v2_exception(error):
|
|||
|
||||
response.status_code = error.http_status_code
|
||||
if response.status_code == 401:
|
||||
response.headers.extend(get_auth_headers())
|
||||
response.headers.extend(get_auth_headers(repository=error.repository, scopes=error.scopes))
|
||||
logger.debug('sending response: %s', response.get_data())
|
||||
return response
|
||||
|
||||
|
||||
def _require_repo_permission(permission_class, allow_public=False):
|
||||
def _require_repo_permission(permission_class, scopes=None, allow_public=False):
|
||||
def wrapper(func):
|
||||
@wraps(func)
|
||||
def wrapped(namespace_name, repo_name, *args, **kwargs):
|
||||
|
|
@ -49,14 +49,19 @@ def _require_repo_permission(permission_class, allow_public=False):
|
|||
(allow_public and
|
||||
model.repository.repository_is_public(namespace_name, repo_name))):
|
||||
return func(namespace_name, repo_name, *args, **kwargs)
|
||||
raise Unauthorized()
|
||||
repository = namespace_name + '/' + repo_name
|
||||
raise Unauthorized(repository=repository, scopes=scopes)
|
||||
return wrapped
|
||||
return wrapper
|
||||
|
||||
|
||||
require_repo_read = _require_repo_permission(ReadRepositoryPermission, True)
|
||||
require_repo_write = _require_repo_permission(ModifyRepositoryPermission)
|
||||
require_repo_admin = _require_repo_permission(AdministerRepositoryPermission)
|
||||
require_repo_read = _require_repo_permission(ReadRepositoryPermission,
|
||||
scopes=['pull'],
|
||||
allow_public=True)
|
||||
require_repo_write = _require_repo_permission(ModifyRepositoryPermission,
|
||||
scopes=['pull', 'push'])
|
||||
require_repo_admin = _require_repo_permission(AdministerRepositoryPermission,
|
||||
scopes=['pull', 'push'])
|
||||
|
||||
|
||||
def get_input_stream(flask_request):
|
||||
|
|
@ -79,7 +84,7 @@ def route_show_if(value):
|
|||
|
||||
@v2_bp.route('/')
|
||||
@route_show_if(features.ADVERTISE_V2)
|
||||
@process_registry_jwt_auth
|
||||
@process_registry_jwt_auth()
|
||||
@anon_allowed
|
||||
def v2_support_enabled():
|
||||
docker_ver = docker_version(request.user_agent.string)
|
||||
|
|
|
|||
Reference in a new issue