// Post ... func (p *ProjectAPI) Post() { p.userID = p.ValidateUser() var req projectReq var public int p.DecodeJSONReq(&req) if req.Public { public = 1 } err := validateProjectReq(req) if err != nil { log.Errorf("Invalid project request, error: %v", err) p.RenderError(http.StatusBadRequest, fmt.Sprintf("invalid request: %v", err)) return } projectName := req.ProjectName exist, err := dao.ProjectExists(projectName) if err != nil { log.Errorf("Error happened checking project existence in db, error: %v, project name: %s", err, projectName) } if exist { p.RenderError(http.StatusConflict, "") return } project := models.Project{OwnerID: p.userID, Name: projectName, CreationTime: time.Now(), Public: public} projectID, err := dao.AddProject(project) if err != nil { log.Errorf("Failed to add project, error: %v", err) p.RenderError(http.StatusInternalServerError, "Failed to add project") } p.Redirect(http.StatusCreated, strconv.FormatInt(projectID, 10)) }
// FilterAccess modify the action list in access based on permission // determine if the request needs to be authenticated. func FilterAccess(username string, authenticated bool, a *token.ResourceActions) { if a.Type == "registry" && a.Name == "catalog" { log.Infof("current access, type: %s, name:%s, actions:%v \n", a.Type, a.Name, a.Actions) return } //clear action list to assign to new acess element after perm check. a.Actions = []string{} if a.Type == "repository" { if strings.Contains(a.Name, "/") { //Only check the permission when the requested image has a namespace, i.e. project projectName := a.Name[0:strings.LastIndex(a.Name, "/")] var permission string if authenticated { isAdmin, err := dao.IsAdminRole(username) if err != nil { log.Errorf("Error occurred in IsAdminRole: %v", err) } if isAdmin { exist, err := dao.ProjectExists(projectName) if err != nil { log.Errorf("Error occurred in CheckExistProject: %v", err) return } if exist { permission = "RWM" } else { permission = "" log.Infof("project %s does not exist, set empty permission for admin\n", projectName) } } else { permission, err = dao.GetPermission(username, projectName) if err != nil { log.Errorf("Error occurred in GetPermission: %v", err) return } } } if strings.Contains(permission, "W") { a.Actions = append(a.Actions, "push") } if strings.Contains(permission, "M") { a.Actions = append(a.Actions, "*") } if strings.Contains(permission, "R") || dao.IsProjectPublic(projectName) { a.Actions = append(a.Actions, "pull") } } } log.Infof("current access, type: %s, name:%s, actions:%v \n", a.Type, a.Name, a.Actions) }
// Prepare validates the URL and the user func (p *ProjectAPI) Prepare() { idStr := p.Ctx.Input.Param(":id") if len(idStr) > 0 { var err error p.projectID, err = strconv.ParseInt(idStr, 10, 64) if err != nil { log.Errorf("Error parsing project id: %s, error: %v", idStr, err) p.CustomAbort(http.StatusBadRequest, "invalid project id") } exist, err := dao.ProjectExists(p.projectID) if err != nil { log.Errorf("Error occurred in ProjectExists, error: %v", err) p.CustomAbort(http.StatusInternalServerError, "Internal error.") } if !exist { p.CustomAbort(http.StatusNotFound, fmt.Sprintf("project does not exist, id: %v", p.projectID)) } } }