Merge branch 'master' into sync_image

Conflicts: api/repository.go
2024-11-26 20:26:13 +01:00 · 2016-05-26 14:12:26 +08:00 · 2016-05-26 14:12:26 +08:00 · 039d94c13d
commit 039d94c13d
parent d42359c679 f7de4c5841
6 changed files with 170 additions and 117 deletions
--- a/api/member.go
+++ b/api/member.go
@ -114,23 +114,10 @@ func (pma *ProjectMemberAPI) Get() {

 // Post ...
 func (pma *ProjectMemberAPI) Post() {
-	pid := pma.project.ProjectID
-
-	//userQuery := models.User{UserID: pma.currentUserID, RoleID: models.PROJECTADMIN}
-	rolelist, err := dao.GetUserProjectRoles(pma.currentUserID, pid)
-	if err != nil {
-		log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err)
-		pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
-	}
-	hasProjectAdminRole := false
-	for _, role := range rolelist {
-		if role.RoleID == models.PROJECTADMIN {
-			hasProjectAdminRole = true
-			break
-		}
-	}
-	if !hasProjectAdminRole {
-		log.Warningf("Current user, id: %d does not have project admin role for project, id:", pma.currentUserID, pid)
+	currentUserID := pma.currentUserID
+	projectID := pma.project.ProjectID
+	if !hasProjectAdminRole(currentUserID, projectID) {
+		log.Warningf("Current user, id: %d does not have project admin role for project, id:", currentUserID, projectID)
 		pma.RenderError(http.StatusForbidden, "")
 		return
 	}
@ -144,21 +131,21 @@ func (pma *ProjectMemberAPI) Post() {
 		pma.RenderError(http.StatusNotFound, "User does not exist")
 		return
 	}
-	rolelist, err = dao.GetUserProjectRoles(userID, pid)
+	rolelist, err := dao.GetUserProjectRoles(userID, projectID)
 	if err != nil {
 		log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err)
 		pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	if len(rolelist) > 0 {
-		log.Warningf("user is already added to project, user id: %d, project id: %d", userID, pid)
+		log.Warningf("user is already added to project, user id: %d, project id: %d", userID, projectID)
 		pma.RenderError(http.StatusConflict, "user is ready in project")
 		return
 	}

 	for _, rid := range req.Roles {
-		err = dao.AddProjectMember(pid, userID, int(rid))
+		err = dao.AddProjectMember(projectID, userID, int(rid))
 		if err != nil {
-			log.Errorf("Failed to update DB to add project user role, project id: %d, user id: %d, role id: %d", pid, userID, rid)
+			log.Errorf("Failed to update DB to add project user role, project id: %d, user id: %d, role id: %d", projectID, userID, rid)
 			pma.RenderError(http.StatusInternalServerError, "Failed to update data in database")
 			return
 		}
@ -167,27 +154,16 @@ func (pma *ProjectMemberAPI) Post() {

 // Put ...
 func (pma *ProjectMemberAPI) Put() {
+	currentUserID := pma.currentUserID
 	pid := pma.project.ProjectID
-	mid := pma.memberID
-
-	rolelist, err := dao.GetUserProjectRoles(pma.currentUserID, pid)
-	if err != nil {
-		log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err)
-		pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
-	}
-	hasProjectAdminRole := false
-	for _, role := range rolelist {
-		if role.RoleID == models.PROJECTADMIN {
-			hasProjectAdminRole = true
-			break
-		}
-	}
-
-	if !hasProjectAdminRole {
-		log.Warningf("Current user, id: %d does not have project admin role for project, id: %d", pma.currentUserID, pid)
+	if !hasProjectAdminRole(currentUserID, pid) {
+		log.Warningf("Current user, id: %d does not have project admin role for project, id:", currentUserID, pid)
 		pma.RenderError(http.StatusForbidden, "")
 		return
 	}
+
+	mid := pma.memberID
+
 	var req memberReq
 	pma.DecodeJSONReq(&req)
 	roleList, err := dao.GetUserProjectRoles(mid, pid)
@ -217,51 +193,20 @@ func (pma *ProjectMemberAPI) Put() {

 // Delete ...
 func (pma *ProjectMemberAPI) Delete() {
+	currentUserID := pma.currentUserID
 	pid := pma.project.ProjectID
-	mid := pma.memberID
-
-	rolelist, err := dao.GetUserProjectRoles(pma.currentUserID, pid)
-	hasProjectAdminRole := false
-	for _, role := range rolelist {
-		if role.RoleID == models.PROJECTADMIN {
-			hasProjectAdminRole = true
-			break
-		}
-	}
-
-	if !hasProjectAdminRole {
-		log.Warningf("Current user, id: %d does not have project admin role for project, id: %d", pma.currentUserID, pid)
+	if !hasProjectAdminRole(currentUserID, pid) {
+		log.Warningf("Current user, id: %d does not have project admin role for project, id:", currentUserID, pid)
 		pma.RenderError(http.StatusForbidden, "")
 		return
 	}
-	err = dao.DeleteProjectMember(pid, mid)
+
+	mid := pma.memberID
+
+	err := dao.DeleteProjectMember(pid, mid)
 	if err != nil {
 		log.Errorf("Failed to delete project roles for user, user id: %d, project id: %d, error: %v", mid, pid, err)
 		pma.RenderError(http.StatusInternalServerError, "Failed to update data in DB")
 		return
 	}
 }
-
-//sysadmin has all privileges to all projects
-func listRoles(userID int, projectID int64) ([]models.Role, error) {
-	roles := make([]models.Role, 1)
-	isSysAdmin, err := dao.IsAdminRole(userID)
-	if err != nil {
-		return roles, err
-	}
-	if isSysAdmin {
-		role, err := dao.GetRoleByID(models.PROJECTADMIN)
-		if err != nil {
-			return roles, err
-		}
-		roles = append(roles, *role)
-		return roles, nil
-	}
-
-	rs, err := dao.GetUserProjectRoles(userID, projectID)
-	if err != nil {
-		return roles, err
-	}
-	roles = append(roles, rs...)
-	return roles, nil
-}
--- a/api/project.go
+++ b/api/project.go
@ -43,7 +43,6 @@ const projectNameMaxLen int = 30

 // Prepare validates the URL and the user
 func (p *ProjectAPI) Prepare() {
-	p.userID = p.ValidateUser()
 	idStr := p.Ctx.Input.Param(":id")
 	if len(idStr) > 0 {
 		var err error
@ -65,6 +64,8 @@ func (p *ProjectAPI) Prepare() {

 // Post ...
 func (p *ProjectAPI) Post() {
+	p.userID = p.ValidateUser()
+
 	var req projectReq
 	var public int
 	p.DecodeJSONReq(&req)
@ -99,20 +100,52 @@ func (p *ProjectAPI) Post() {
 // Head ...
 func (p *ProjectAPI) Head() {
 	projectName := p.GetString("project_name")
-	result, err := dao.ProjectExists(projectName)
+	if len(projectName) == 0 {
+		p.CustomAbort(http.StatusBadRequest, "project_name is needed")
+	}
+
+	project, err := dao.GetProjectByName(projectName)
 	if err != nil {
-		log.Errorf("Error while communicating with DB, error: %v", err)
-		p.RenderError(http.StatusInternalServerError, "Error while communicating with DB")
+		log.Errorf("error occurred in GetProjectByName: %v", err)
+		p.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
+	}
+
+	// only public project can be Headed by user without login
+	if project != nil && project.Public == 1 {
 		return
 	}
-	if !result {
-		p.RenderError(http.StatusNotFound, "")
-		return
+
+	userID := p.ValidateUser()
+	if project == nil {
+		p.CustomAbort(http.StatusNotFound, http.StatusText(http.StatusNotFound))
+	}
+
+	if !checkProjectPermission(userID, project.ProjectID) {
+		p.CustomAbort(http.StatusForbidden, http.StatusText(http.StatusForbidden))
 	}
 }

 // Get ...
 func (p *ProjectAPI) Get() {
+	project, err := dao.GetProjectByID(p.projectID)
+	if err != nil {
+		log.Errorf("failed to get project %d: %v", p.projectID, err)
+		p.CustomAbort(http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
+	}
+
+	if project.Public == 0 {
+		userID := p.ValidateUser()
+		if !checkProjectPermission(userID, p.projectID) {
+			p.CustomAbort(http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized))
+		}
+	}
+
+	p.Data["json"] = project
+	p.ServeJSON()
+}
+
+// List ...
+func (p *ProjectAPI) List() {
 	var projectList []models.Project
 	projectName := p.GetString("project_name")
 	if len(projectName) > 0 {
@ -132,6 +165,8 @@ func (p *ProjectAPI) Get() {
 	if public == 1 {
 		projectList, err = dao.GetPublicProjects(projectName)
 	} else {
+		//if the request is not for public projects, user must login or provide credential
+		p.userID = p.ValidateUser()
 		isAdmin, err = dao.IsAdminRole(p.userID)
 		if err != nil {
 			log.Errorf("Error occured in check admin, error: %v", err)
@ -164,6 +199,8 @@ func (p *ProjectAPI) Get() {

 // Put ...
 func (p *ProjectAPI) Put() {
+	p.userID = p.ValidateUser()
+
 	var req projectReq
 	var public int

@ -192,6 +229,7 @@ func (p *ProjectAPI) Put() {

 // FilterAccessLog handles GET to /api/projects/{}/logs
 func (p *ProjectAPI) FilterAccessLog() {
+	p.userID = p.ValidateUser()

 	var filter models.AccessLog
 	p.DecodeJSONReq(&filter)
--- a/api/repository.go
+++ b/api/repository.go
@ -19,6 +19,7 @@ import (
 	"encoding/json"
 	"net/http"
 	"os"
+	"sort"
 	"strconv"
 	"strings"
 	"time"
@ -39,23 +40,13 @@ import (
 // the security of registry
 type RepositoryAPI struct {
 	BaseAPI
-	userID int
-}
-
-// Prepare will set a non existent user ID in case the request tries to view repositories under a project he doesn't has permission.
-func (ra *RepositoryAPI) Prepare() {
-	if svc_utils.VerifySecret(ra.Ctx.Request) {
-		ra.userID = 1
-	} else {
-		ra.userID = ra.ValidateUser()
-	}
 }

 // Get ...
 func (ra *RepositoryAPI) Get() {
-	projectID, err0 := ra.GetInt64("project_id")
-	if err0 != nil {
-		log.Errorf("Failed to get project id, error: %v", err0)
+	projectID, err := ra.GetInt64("project_id")
+	if err != nil {
+		log.Errorf("Failed to get project id, error: %v", err)
 		ra.RenderError(http.StatusBadRequest, "Invalid project id")
 		return
 	}
@ -69,9 +60,20 @@ func (ra *RepositoryAPI) Get() {
 		ra.RenderError(http.StatusNotFound, "")
 		return
 	}
-	if p.Public == 0 && !checkProjectPermission(ra.userID, projectID) {
-		ra.RenderError(http.StatusForbidden, "")
-		return
+
+	if p.Public == 0 {
+		var userID int
+
+		if svc_utils.VerifySecret(ra.Ctx.Request) {
+			userID = 1
+		} else {
+			userID = ra.ValidateUser()
+		}
+
+		if !checkProjectPermission(userID, projectID) {
+			ra.RenderError(http.StatusForbidden, "")
+			return
+		}
 	}

 	repoList, err := cache.GetRepoFromCache()
@ -110,7 +112,7 @@ func (ra *RepositoryAPI) Delete() {
 		ra.CustomAbort(http.StatusBadRequest, "repo_name is nil")
 	}

-	rc, err := ra.initializeRepositoryClient(repoName)
+	rc, err := ra.initRepositoryClient(repoName)
 	if err != nil {
 		log.Errorf("error occurred while initializing repository client for %s: %v", repoName, err)
 		ra.CustomAbort(http.StatusInternalServerError, "internal error")
@ -166,7 +168,7 @@ func (ra *RepositoryAPI) GetTags() {
 		ra.CustomAbort(http.StatusBadRequest, "repo_name is nil")
 	}

-	rc, err := ra.initializeRepositoryClient(repoName)
+	rc, err := ra.initRepositoryClient(repoName)
 	if err != nil {
 		log.Errorf("error occurred while initializing repository client for %s: %v", repoName, err)
 		ra.CustomAbort(http.StatusInternalServerError, "internal error")
@ -186,6 +188,8 @@ func (ra *RepositoryAPI) GetTags() {

 	tags = append(tags, ts...)

+	sort.Strings(tags)
+
 	ra.Data["json"] = tags
 	ra.ServeJSON()
 }
@ -199,7 +203,7 @@ func (ra *RepositoryAPI) GetManifests() {
 		ra.CustomAbort(http.StatusBadRequest, "repo_name or tag is nil")
 	}

-	rc, err := ra.initializeRepositoryClient(repoName)
+	rc, err := ra.initRepositoryClient(repoName)
 	if err != nil {
 		log.Errorf("error occurred while initializing repository client for %s: %v", repoName, err)
 		ra.CustomAbort(http.StatusInternalServerError, "internal error")
@ -238,16 +242,50 @@ func (ra *RepositoryAPI) GetManifests() {
 	ra.ServeJSON()
 }

-func (ra *RepositoryAPI) initializeRepositoryClient(repoName string) (r *registry.Repository, err error) {
-	u := models.User{
-		UserID: ra.userID,
-	}
-	user, err := dao.GetUser(u)
+func (ra *RepositoryAPI) initRepositoryClient(repoName string) (r *registry.Repository, err error) {
+	username, err := ra.getUsername()
 	if err != nil {
 		return nil, err
 	}

 	endpoint := os.Getenv("REGISTRY_URL")

-	return registry.NewRepositoryWithUsername(repoName, endpoint, user.Username)
+	return registry.NewRepositoryWithUsername(repoName, endpoint, username)
+}
+
+func (ra *RepositoryAPI) getUsername() (string, error) {
+	// get username from basic auth
+	username, _, ok := ra.Ctx.Request.BasicAuth()
+	if ok {
+		return username, nil
+	}
+
+	// get username from session
+	sessionUsername := ra.GetSession("username")
+	if sessionUsername != nil {
+		username, ok = sessionUsername.(string)
+		if ok {
+			return username, nil
+		}
+	}
+
+	// if username does not exist in session, try to get userId from sessiion
+	// and then get username from DB according to the userId
+	sessionUserID := ra.GetSession("userId")
+	if sessionUserID != nil {
+		userID, ok := sessionUserID.(int)
+		if ok {
+			u := models.User{
+				UserID: userID,
+			}
+			user, err := dao.GetUser(u)
+			if err != nil {
+				return "", err
+			}
+
+			return user.Username, nil
+		}
+	}
+
+	return "", nil
 }
--- a/api/utils.go
+++ b/api/utils.go
@ -29,20 +29,52 @@ import (
 )

 func checkProjectPermission(userID int, projectID int64) bool {
-	exist, err := dao.IsAdminRole(userID)
+	roles, err := listRoles(userID, projectID)
 	if err != nil {
-		log.Errorf("Error occurred in IsAdminRole, error: %v", err)
+		log.Errorf("error occurred in getProjectPermission: %v", err)
 		return false
 	}
-	if exist {
-		return true
-	}
-	roleList, err := dao.GetUserProjectRoles(userID, projectID)
+	return len(roles) > 0
+}
+
+func hasProjectAdminRole(userID int, projectID int64) bool {
+	roles, err := listRoles(userID, projectID)
 	if err != nil {
-		log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err)
+		log.Errorf("error occurred in getProjectPermission: %v", err)
 		return false
 	}
-	return len(roleList) > 0
+
+	for _, role := range roles {
+		if role.RoleID == models.PROJECTADMIN {
+			return true
+		}
+	}
+
+	return false
+}
+
+//sysadmin has all privileges to all projects
+func listRoles(userID int, projectID int64) ([]models.Role, error) {
+	roles := make([]models.Role, 1)
+	isSysAdmin, err := dao.IsAdminRole(userID)
+	if err != nil {
+		return roles, err
+	}
+	if isSysAdmin {
+		role, err := dao.GetRoleByID(models.PROJECTADMIN)
+		if err != nil {
+			return roles, err
+		}
+		roles = append(roles, *role)
+		return roles, nil
+	}
+
+	rs, err := dao.GetUserProjectRoles(userID, projectID)
+	if err != nil {
+		return roles, err
+	}
+	roles = append(roles, rs...)
+	return roles, nil
 }

 func checkUserExists(name string) int {
--- a/dao/project.go
+++ b/dao/project.go
@ -249,7 +249,6 @@ func getProjects(public int, projectName string) ([]models.Project, error) {
 	}
 	sql += " order by name "
 	var projects []models.Project
-	log.Debugf("sql xxx", sql)
 	if _, err := o.Raw(sql, queryParam).QueryRows(&projects); err != nil {
 		return nil, err
 	}
--- a/ui/router.go
+++ b/ui/router.go
@ -53,6 +53,7 @@ func initRouters() {
 	//API:
 	beego.Router("/api/search", &api.SearchAPI{})
 	beego.Router("/api/projects/:pid/members/?:mid", &api.ProjectMemberAPI{})
+	beego.Router("/api/projects/", &api.ProjectAPI{}, "get:List")
 	beego.Router("/api/projects/?:id", &api.ProjectAPI{})
 	beego.Router("/api/statistics", &api.StatisticAPI{})
 	beego.Router("/api/projects/:id/logs/filter", &api.ProjectAPI{}, "post:FilterAccessLog")