docker/quay
1
0
Fork 0
mirror of https://github.com/quay/quay.git synced 2026-01-26 06:21:37 +03:00
Code Activity
Files
cd4ac2949ff7d4f625f491b7d854dfbfb90e9249
quay/endpoints
History
Dave O'Connor 86b50f48c3 fix: allow global readonly superusers to access org logs without FULL_ACCESS (PROJQUAY-9790) (#4535) 
This fixes a bug where global readonly superusers were incorrectly blocked
from accessing organization logs when FEATURE_SUPERUSERS_FULL_ACCESS was
set to false.

Changes:
- Updated OrgLogs.get() to allow global readonly superusers
- Updated OrgAggregateLogs.get() to allow global readonly superusers
- Updated ExportOrgLogs.post() to allow global readonly superusers
- Added comprehensive tests verifying the fix

The fix ensures that:
1. Global readonly superusers can ALWAYS access organization logs for
   auditing purposes, regardless of FEATURE_SUPERUSERS_FULL_ACCESS setting
2. Regular superusers are still blocked from accessing organization logs
   when FEATURE_SUPERUSERS_FULL_ACCESS is false (correct behavior)

All three endpoints now use consistent permission logic:
  permission.can() OR
  allow_if_global_readonly_superuser() OR
  allow_if_superuser_with_full_access()

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude <noreply@anthropic.com>
2025-11-18 12:49:41 -05:00
..
api
fix: allow global readonly superusers to access org logs without FULL_ACCESS (PROJQUAY-9790) (#4535)
2025-11-18 12:49:41 -05:00
keyserver
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
oauth
ui: Rewrite OAuthError component for React (PROJQUAY-9498) (#4383)
2025-10-22 13:14:17 -04:00
test
feat(api v1): global readonly superuser support and app token visibility (PROJQUAY-8279) (#4276)
2025-10-21 15:00:59 -04:00
v1
revert: tracing improving otlp handling (PROJQUAY-8902) (#4438)
2025-11-03 16:17:32 +01:00
v2
fix: Added lazy initialization for redis to retry the connection after pod restart automatically connect when available (PROJQUAY-9791) (#4538)
2025-11-18 12:49:41 -05:00
__init__.py
initial import for Open Source 🎉
2019-11-12 11:09:47 -05:00
bitbuckettrigger.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
building.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
common_models_interface.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
common_models_pre_oci.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
common.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
csrf.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
decorated.py
api: override flask application function to catch error (PROJQUAY-8026) (#3344)
2024-10-21 09:26:19 -04:00
decorators.py
storage: Disable pushes on registry (PROJQUAY-6870) (#2755)
2024-08-07 15:40:10 -04:00
exception.py
fix all the docstrings
2020-02-05 19:55:07 -08:00
githubtrigger.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
gitlabtrigger.py
notifications: Support slash in repository names (PROJQUAY-7538) (#3778)
2025-10-30 09:53:46 -04:00
metrics.py
Add media type to the v2 push metrics
2020-02-17 13:15:04 -05:00
realtime.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
secscan.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
web.py
revert: tracing improving otlp handling (PROJQUAY-8902) (#4438)
2025-11-03 16:17:32 +01:00
webhooks.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
wellknown.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00