Evan Cordell 
								
							 
						 
						
							
							
							
							
								
							
							
								b4ace1dd29 
								
							 
						 
						
							
							
								
								registry auth tests: test more access types  
							
							
							
						 
						
							2016-11-28 14:02:08 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								fc7301be0d 
								
							 
						 
						
							
							
								
								*: fix legacy imports  
							
							... 
							
							
							
							This change reorganizes imports and renames the legacy flask extensions. 
							
						 
						
							2016-09-28 20:17:14 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								c4daf1cc3d 
								
							 
						 
						
							
							
								
								Change permissions model so that non-admins do not get org-wide read  
							
							... 
							
							
							
							Fixes  #1684  
						
							2016-08-04 16:47:28 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a736407611 
								
							 
						 
						
							
							
								
								Fix user:admin scope handling and add test  
							
							
							
						 
						
							2016-05-09 11:16:01 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								b5b2df2063 
								
							 
						 
						
							
							
								
								Make test more resilient to changes in IDs  
							
							
							
						 
						
							2016-03-30 16:19:15 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								a3aa4592cf 
								
							 
						 
						
							
							
								
								Change permissions to only load required by default  
							
							... 
							
							
							
							Permissions now load just the namespace and/or repository permissions requested, with a fallback to a full permissions load if necessary. 
							
						 
						
							2016-03-28 16:33:32 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								354f4109d0 
								
							 
						 
						
							
							
								
								Switch to returning an empty set when there are invalid auth scopes  
							
							
							
						 
						
							2015-07-31 12:49:42 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								3efaa255e8 
								
							 
						 
						
							
							
								
								Accidental refactor, split out legacy.py into separate sumodules and update all call sites.  
							
							
							
						 
						
							2015-07-17 11:56:15 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								bea8b9ac53 
								
							 
						 
						
							
							
								
								More changes for registry-v2 in python.  
							
							... 
							
							
							
							Implement the minimal changes to the local filesystem storage driver and feed them through the distributed storage driver.
Create a digest package which contains digest_tools and checksums.
Fix the tests to use the new v1 endpoint locations.
Fix repository.delete_instance to properly filter the generated queries to avoid most subquery deletes, but still generate them when not explicitly filtered. 
							
						 
						
							2015-07-17 11:50:41 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								7b470237a1 
								
							 
						 
						
							
							
								
								The superuser capability does not require the idea of ordinality since it is a binary permission.  
							
							
							
						 
						
							2015-06-30 11:02:13 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								87efcb9e3d 
								
							 
						 
						
							
							
								
								Delegated superuser API access  
							
							... 
							
							
							
							Add a new scope for SUPERUSER that allows delegated access to the superuser endpoints. CA needs this so they can programmatically create and remove users. 
							
						 
						
							2015-06-30 11:08:26 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								03e1636ff2 
								
							 
						 
						
							
							
								
								Clean up log format to use lazy string substitution.  
							
							
							
						 
						
							2015-06-23 17:10:03 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								8eb9c376cd 
								
							 
						 
						
							
							
								
								Add constructors for the QuayDeferredPermissionUser so that we can avoid extraneous DB lookups of the user whenever we already have the object  
							
							
							
						 
						
							2015-05-07 15:04:12 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								3bc8b8161c 
								
							 
						 
						
							
							
								
								Make the AlwaysFailPermission live up to its name.  
							
							
							
						 
						
							2015-02-19 16:58:13 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								78c8354174 
								
							 
						 
						
							
							
								
								Switch our temporary token lookups for signed grants which will not require DB access.  
							
							
							
						 
						
							2015-02-19 16:54:23 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								30b895b795 
								
							 
						 
						
							
							
								
								Merge branch 'grunt-js-folder' of  https://github.com/coreos-inc/quay  into ackbar  
							
							
							
						 
						
							2015-01-23 17:26:14 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								28d319ad26 
								
							 
						 
						
							
							
								
								Add an in-memory superusermanager, which stores the current list of superusers in a process-shared Value. We do this because in the ER, when we add a new superuser, we need to ensure that ALL workers have their lists updated (otherwise we get the behavior that some workers validate the new permission and others do not).  
							
							
							
						 
						
							2015-01-20 12:43:11 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								42ea3b835c 
								
							 
						 
						
							
							
								
								Fix NPE  
							
							
							
						 
						
							2015-01-12 11:42:09 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								1bf25f25c1 
								
							 
						 
						
							
							
								
								WIP  
							
							
							
						 
						
							2015-01-04 14:38:41 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								dee4c389a8 
								
							 
						 
						
							
							
								
								Base sessions on UUIDs.  
							
							... 
							
							
							
							Now that a backfill has been applied, sessions can now be based on UUIDs
because all users will have one. 
							
						 
						
							2014-11-20 18:44:36 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								12ff4b107c 
								
							 
						 
						
							
							
								
								Undo sessions being driven by UUID.  
							
							... 
							
							
							
							Basing sessions on UUIDs must be done in phases. First all users
must obtain an UUID. Once a backfill has given all previous users
UUIDs and new users are being generated with UUIDs, then we can
actually change the session to be based on that value. 
							
						 
						
							2014-11-20 12:57:17 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								606ad21bec 
								
							 
						 
						
							
							
								
								Apply reviewed changes.  
							
							... 
							
							
							
							Adds a length to the UUID field, renames QuayDeferredPermissionUser
parameter id->uuid, adds transactions to backfill script. 
							
						 
						
							2014-11-19 13:28:16 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jimmy Zelinskie 
								
							 
						 
						
							
							
							
							
								
							
							
								9d677b8eb3 
								
							 
						 
						
							
							
								
								Add UUID to User model and use in cookie.  
							
							
							
						 
						
							2014-11-19 13:28:16 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								03190efde3 
								
							 
						 
						
							
							
								
								Phase 2 of migrating repo namespaces to referencing user objects, backfilling the rows without a value for namespace_user, and changing all accesses to go through the namespace_user object. All tests are passing, manual testing still required.  
							
							
							
						 
						
							2014-09-24 18:01:35 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								8626d1cd70 
								
							 
						 
						
							
							
								
								Initial changes to move repositories from using a namespace string to referencing a user object. Also stores the user id in the cookie rather than the username, to allow users to be renamed. This commit must not be used unmodified because the database migration is too aggressive for live migration.  
							
							
							
						 
						
							2014-09-19 10:17:23 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Jake Moshenko 
								
							 
						 
						
							
							
							
							
								
							
							
								02e47ed572 
								
							 
						 
						
							
							
								
								Begin the work to allow robots and teams to be managed via API.  
							
							
							
						 
						
							2014-08-05 20:53:00 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									jakedt 
								
							 
						 
						
							
							
							
							
								
							
							
								0fd5da172e 
								
							 
						 
						
							
							
								
								Fix the super user default config. Slight style tweaks to the super user permission implementation.  
							
							
							
						 
						
							2014-04-10 15:51:39 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Joseph Schorr 
								
							 
						 
						
							
							
							
							
								
							
							
								0e320c964f 
								
							 
						 
						
							
							
								
								- Add support for super users  
							
							... 
							
							
							
							- Add a super user API
- Add a super user interface 
							
						 
						
							2014-04-10 00:26:55 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									jakedt 
								
							 
						 
						
							
							
							
							
								
							
							
								41cfadac23 
								
							 
						 
						
							
							
								
								Protect the search and repository list endpoints appropriately. Add more differentiating data to some need types. Remove the notification about password change from the user admin page. Select the dependent models for the visible repo list.  
							
							
							
						 
						
							2014-03-25 17:26:45 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									jakedt 
								
							 
						 
						
							
							
							
							
								
							
							
								0992c8a47e 
								
							 
						 
						
							
							
								
								Fix some permissions problems still around due to some usage of scopes as strings.  
							
							
							
						 
						
							2014-03-19 18:21:58 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									jakedt 
								
							 
						 
						
							
							
							
							
								
							
							
								3b7b12085d 
								
							 
						 
						
							
							
								
								User scope objects everywhere. Switch scope objects to namedtuples. Pass the user when validating whether the user has authorized such scopes in the past. Make sure we calculate the scope string using all user scopes form all previously granted tokens.  
							
							
							
						 
						
							2014-03-19 18:09:09 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									jakedt 
								
							 
						 
						
							
							
							
							
								
							
							
								f2d0a2f479 
								
							 
						 
						
							
							
								
								Split out organization repo roles and org management roles.  
							
							
							
						 
						
							2014-03-19 14:36:56 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									jakedt 
								
							 
						 
						
							
							
							
							
								
							
							
								64071b9e8e 
								
							 
						 
						
							
							
								
								Add a user info scope and thread it through the code. Protect the org modification API.  
							
							
							
						 
						
							2014-03-18 19:21:27 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									jakedt 
								
							 
						 
						
							
							
							
							
								
							
							
								5bb4008880 
								
							 
						 
						
							
							
								
								Fix cookie auth to work with oauth token auth. Make sure user loading is truly deferred to save DB connections.  
							
							
							
						 
						
							2014-03-17 12:01:13 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									jakedt 
								
							 
						 
						
							
							
							
							
								
							
							
								0e3fe8f3b1 
								
							 
						 
						
							
							
								
								Port a few more repository methods to the new API interface.  
							
							
							
						 
						
							2014-03-12 20:33:57 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									jakedt 
								
							 
						 
						
							
							
							
							
								
							
							
								e74eb3ee87 
								
							 
						 
						
							
							
								
								Add scope ordinality and translations. Process oauth tokens and limit scopes accordingly.  
							
							
							
						 
						
							2014-03-12 16:31:37 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									yackob03 
								
							 
						 
						
							
							
							
							
								
							
							
								d064af2800 
								
							 
						 
						
							
							
								
								Fix a bug where org admin was not sufficient for the modify repository permission.  
							
							
							
						 
						
							2013-11-07 12:52:46 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									yackob03 
								
							 
						 
						
							
							
							
							
								
							
							
								d14a292896 
								
							 
						 
						
							
							
								
								Org admins should be able to view all teams.  
							
							
							
						 
						
							2013-11-04 16:44:38 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									yackob03 
								
							 
						 
						
							
							
							
							
								
							
							
								f8d3c95b74 
								
							 
						 
						
							
							
								
								Fix a typo in the team need permissions.  
							
							
							
						 
						
							2013-11-04 16:39:52 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									yackob03 
								
							 
						 
						
							
							
							
							
								
							
							
								2eb7ff2442 
								
							 
						 
						
							
							
								
								Add a bunch of the missing permissions from the API.  
							
							
							
						 
						
							2013-11-04 16:18:40 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									yackob03 
								
							 
						 
						
							
							
							
							
								
							
							
								dd77ebd64f 
								
							 
						 
						
							
							
								
								Next batch of backend permissions for orgs.  
							
							
							
						 
						
							2013-11-04 15:42:08 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									yackob03 
								
							 
						 
						
							
							
							
							
								
							
							
								283f9b81ae 
								
							 
						 
						
							
							
								
								First stab at token auth. The UI could use a little bit of polishing.  
							
							
							
						 
						
							2013-10-16 14:24:10 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									yackob03 
								
							 
						 
						
							
							
							
							
								
							
							
								959016a6eb 
								
							 
						 
						
							
							
								
								Remove unnecessary calls to the database for user and permission metadata.  
							
							
							
						 
						
							2013-10-15 14:48:49 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									yackob03 
								
							 
						 
						
							
							
							
							
								
							
							
								891f992bf2 
								
							 
						 
						
							
							
								
								Allow for anonymous access tokens for public repositories.  
							
							
							
						 
						
							2013-10-01 01:18:05 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									yackob03 
								
							 
						 
						
							
							
							
							
								
							
							
								6bcb5cfcaa 
								
							 
						 
						
							
							
								
								Flesh out some permissions APIs.  
							
							
							
						 
						
							2013-09-27 13:24:07 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									yackob03 
								
							 
						 
						
							
							
							
							
								
							
							
								9278871381 
								
							 
						 
						
							
							
								
								Load flask principal permissions even for web and api endpoints.  
							
							
							
						 
						
							2013-09-26 16:32:09 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									yackob03 
								
							 
						 
						
							
							
							
							
								
							
							
								08446ef59e 
								
							 
						 
						
							
							
								
								Fix some stuff with logins and permissions, add tags to the mode.  
							
							
							
						 
						
							2013-09-25 16:46:28 -04:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									yackob03 
								
							 
						 
						
							
							
							
							
								
							
							
								ee5ea51532 
								
							 
						 
						
							
							
								
								Refactor the code into modules, it was getting unweildy.  
							
							
							
						 
						
							2013-09-25 12:45:12 -04:00