docker/quay
1
0
Fork 0
mirror of https://github.com/quay/quay.git synced 2026-01-26 06:21:37 +03:00
Code Activity
Files
cd4ac2949ff7d4f625f491b7d854dfbfb90e9249
quay/endpoints/api
History
Dave O'Connor 86b50f48c3 fix: allow global readonly superusers to access org logs without FULL_ACCESS (PROJQUAY-9790) (#4535) 
This fixes a bug where global readonly superusers were incorrectly blocked
from accessing organization logs when FEATURE_SUPERUSERS_FULL_ACCESS was
set to false.

Changes:
- Updated OrgLogs.get() to allow global readonly superusers
- Updated OrgAggregateLogs.get() to allow global readonly superusers
- Updated ExportOrgLogs.post() to allow global readonly superusers
- Added comprehensive tests verifying the fix

The fix ensures that:
1. Global readonly superusers can ALWAYS access organization logs for
   auditing purposes, regardless of FEATURE_SUPERUSERS_FULL_ACCESS setting
2. Regular superusers are still blocked from accessing organization logs
   when FEATURE_SUPERUSERS_FULL_ACCESS is false (correct behavior)

All three endpoints now use consistent permission logic:
  permission.can() OR
  allow_if_global_readonly_superuser() OR
  allow_if_superuser_with_full_access()

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude <noreply@anthropic.com>
2025-11-18 12:49:41 -05:00
..
test
fix: allow global readonly superusers to access org logs without FULL_ACCESS (PROJQUAY-9790) (#4535)
2025-11-18 12:49:41 -05:00
__init__.py
fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4455)
2025-11-13 09:38:11 -05:00
__init__models_interface.py
[PROJQUAY-1021] task: Update "Black" to version 20.8b1
2020-11-30 18:48:19 -05:00
__init__models_pre_oci.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
appspecifictokens.py
feat(api v1): global readonly superuser support and app token visibility (PROJQUAY-8279) (#4276)
2025-10-21 15:00:59 -04:00
billing.py
feat(api v1): global readonly superuser support and app token visibility (PROJQUAY-8279) (#4276)
2025-10-21 15:00:59 -04:00
build.py
fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4455)
2025-11-13 09:38:11 -05:00
discovery.py
ui: Expand support for customized footer links (PROJQUAY-5648) (#3556)
2025-02-07 10:07:55 -05:00
error.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
globalmessages_models_interface.py
[PROJQUAY-1021] task: Update "Black" to version 20.8b1
2020-11-30 18:48:19 -05:00
globalmessages_models_pre_oci.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
globalmessages.py
feat(api v1): global readonly superuser support and app token visibility (PROJQUAY-8279) (#4276)
2025-10-21 15:00:59 -04:00
logs.py
fix: allow global readonly superusers to access org logs without FULL_ACCESS (PROJQUAY-9790) (#4535)
2025-11-18 12:49:41 -05:00
manifest.py
feat: Add image pull statistics API endpoints and UI integration (PROJQUAY-7176) (#4382)
2025-10-27 15:19:52 -04:00
mirror.py
mirror: Add job timeout to mirror configurations (PROJQUAY-7249) (#3723)
2025-06-12 19:09:51 +02:00
namespacequota.py
fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4455)
2025-11-13 09:38:11 -05:00
organization.py
fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4455)
2025-11-13 09:38:11 -05:00
permission_models_interface.py
[PROJQUAY-1021] task: Update "Black" to version 20.8b1
2020-11-30 18:48:19 -05:00
permission_models_pre_oci.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
permission.py
api: adding permissions for global readonly superuser (PROJQUAY-7177) (#2993)
2024-07-09 13:17:26 -04:00
policy.py
fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4455)
2025-11-13 09:38:11 -05:00
prototype.py
fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4455)
2025-11-13 09:38:11 -05:00
repoemail_models_interface.py
[PROJQUAY-1021] task: Update "Black" to version 20.8b1
2020-11-30 18:48:19 -05:00
repoemail_models_pre_oci.py
fix all the docstrings
2020-02-05 19:55:07 -08:00
repoemail.py
feat(api v1): global readonly superuser support and app token visibility (PROJQUAY-8279) (#4276)
2025-10-21 15:00:59 -04:00
repository_models_interface.py
api: reducing db calls in repo list endpoints with quota enabled (PROJQUAY-6895) (#2770)
2024-03-26 10:33:24 -04:00
repository_models_pre_oci.py
fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4455)
2025-11-13 09:38:11 -05:00
repository.py
fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4455)
2025-11-13 09:38:11 -05:00
repositorynotification_models_interface.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
repositorynotification_models_pre_oci.py
'make black' results
2019-12-02 12:23:08 -05:00
repositorynotification.py
api: adding permissions for global readonly superuser (PROJQUAY-7177) (#2993)
2024-07-09 13:17:26 -04:00
repotoken.py
feat(api v1): global readonly superuser support and app token visibility (PROJQUAY-8279) (#4276)
2025-10-21 15:00:59 -04:00
robot_models_interface.py
[PROJQUAY-1021] task: Update "Black" to version 20.8b1
2020-11-30 18:48:19 -05:00
robot_models_pre_oci.py
api: fix duplicate robot accounts (PROJQUAY-5931) (#2192)
2023-09-01 12:03:33 -04:00
robot.py
fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4455)
2025-11-13 09:38:11 -05:00
search.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
secscan.py
api: add missing read permissions for readonly superuser (PROJQUAY-9156) (#4132)
2025-07-23 10:01:20 -04:00
signing_models_interface.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
signing_models_pre_oci.py
fix all the docstrings
2020-02-05 19:55:07 -08:00
signing.py
api: add missing read permissions for readonly superuser (PROJQUAY-9156) (#4132)
2025-07-23 10:01:20 -04:00
subscribe_models_interface.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
subscribe_models_pre_oci.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
subscribe.py
billing: apply free trial to stripe checkout sessions (PROJQUAY-6405) (#2491)
2023-11-15 16:38:55 -05:00
suconfig_models_interface.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
suconfig_models_pre_oci.py
'make black' results
2019-12-02 12:23:08 -05:00
suconfig.py
chore: drop deprecated tables and remove unused code (PROJQUAY-522) (#2089)
2023-08-25 12:17:24 -04:00
superuser_models_interface.py
quota: feature flagging quota edit/view/enforce (PROJQUAY-6734) (#2709)
2024-03-05 13:10:18 -05:00
superuser_models_pre_oci.py
quota: feature flagging quota edit/view/enforce (PROJQUAY-6734) (#2709)
2024-03-05 13:10:18 -05:00
superuser.py
fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4455)
2025-11-13 09:38:11 -05:00
tag.py
feat: Add image pull statistics API endpoints and UI integration (PROJQUAY-7176) (#4382)
2025-10-27 15:19:52 -04:00
team.py
fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4455)
2025-11-13 09:38:11 -05:00
trigger_analyzer.py
trigger_analyzer: fix confusing print (PROJQUAY-1995) (#1073)
2022-01-27 16:43:32 -06:00
trigger.py
fix(api): superuser panel access without SUPERUSERS_FULL_ACCESS (PROJQUAY-9693) (#4455)
2025-11-13 09:38:11 -05:00
user.py
feat(api v1): global readonly superuser support and app token visibility (PROJQUAY-8279) (#4276)
2025-10-21 15:00:59 -04:00