docker/quay
1
0
Fork 0
mirror of https://github.com/quay/quay.git synced 2025-07-30 07:43:13 +03:00
Code Activity

api: adding global readonly user to list repo endpoint (PROJQUAY-7446) (#3072)

Browse Source 
Adding global readonly user to list repo endpoint.
This commit is contained in:
Brandon Caton
2024-07-25 11:18:34 -04:00
committed by GitHub
parent b78a746426
commit ec64325edd
2 changed files with 23 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
endpoints/api/repository_models_pre_oci.py
View File

@ -8,7 +8,7 @@ from data.database import Repository as RepositoryTable
from data.database import RepositoryState from data.database import RepositoryState
from data.registry_model import registry_model from data.registry_model import registry_model
from data.registry_model.datatypes import RepositoryReference from data.registry_model.datatypes import RepositoryReference
from endpoints.api import allow_if_superuser from endpoints.api import allow_if_global_readonly_superuser, allow_if_superuser
from endpoints.api.repository_models_interface import ( from endpoints.api.repository_models_interface import (
ApplicationRepository, ApplicationRepository,
Channel, Channel,
@ -115,7 +115,7 @@ class PreOCIModel(RepositoryDataInterface):
limit=REPOS_PER_PAGE + 1, limit=REPOS_PER_PAGE + 1,
kind_filter=repo_kind, kind_filter=repo_kind,
namespace=namespace, namespace=namespace,
is_superuser=allow_if_superuser(), is_superuser=allow_if_superuser() or allow_if_global_readonly_superuser(),
) )
repos, next_page_token = model.modelutil.paginate_query( repos, next_page_token = model.modelutil.paginate_query(

21
test/test_api_usage.py
View File

@ -2328,6 +2328,27 @@ class TestListRepos(ApiTestCase):
self.login(PUBLIC_USER) self.login(PUBLIC_USER)
self.assertRepositoryNotVisible("neworg", "somerepo") self.assertRepositoryNotVisible("neworg", "somerepo")
def test_list_repos_globalreadonlysuperuser(self):
repository = model.repository.get_repository("orgwithnosuperuser", "repo")
assert repository is not None
assert repository.visibility.name == "private"
self.login("globalreadonlysuperuser")
json = self.getJsonResponse(
RepositoryList,
params=dict(namespace="orgwithnosuperuser", public=False),
)
assert len(json["repositories"]) == 1
assert json["repositories"][0]["name"] == "repo"
# Make sure a normal user can't see the repository
self.login(NO_ACCESS_USER)
json = self.getJsonResponse(
RepositoryList,
params=dict(namespace="orgwithnosuperuser", public=False),
)
assert len(json["repositories"]) == 0
class TestViewPublicRepository(ApiTestCase): class TestViewPublicRepository(ApiTestCase):
def test_normalview(self): def test_normalview(self):