From 24f58f70d615a95b44df0a2ccfb2d2de86d7d36e Mon Sep 17 00:00:00 2001 From: Shengwen YU Date: Mon, 6 Feb 2023 17:28:07 +0800 Subject: [PATCH] [Cherry-pick] fix retention/immutable API issue (#18158) (#18177) fix retention/immutable API issue (#18158) Signed-off-by: Shengwen Yu --- src/server/v2.0/handler/immutable.go | 3 +++ src/server/v2.0/handler/project.go | 19 ++++++++++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/src/server/v2.0/handler/immutable.go b/src/server/v2.0/handler/immutable.go index 2687914d1..5f8a5944b 100644 --- a/src/server/v2.0/handler/immutable.go +++ b/src/server/v2.0/handler/immutable.go @@ -81,6 +81,9 @@ func (ia *immutableAPI) DeleteImmuRule(ctx context.Context, params operation.Del } func (ia *immutableAPI) UpdateImmuRule(ctx context.Context, params operation.UpdateImmuRuleParams) middleware.Responder { + if params.ImmutableRuleID != params.ImmutableRule.ID { + return ia.SendError(ctx, errors.BadRequestError(fmt.Errorf("the immutable_rule_id doesn't match the id in the payload body of ImmutableRule"))) + } projectNameOrID := parseProjectNameOrID(params.ProjectNameOrID, params.XIsResourceName) if err := ia.RequireProjectAccess(ctx, projectNameOrID, rbac.ActionUpdate, rbac.ResourceImmutableTag); err != nil { return ia.SendError(ctx, err) diff --git a/src/server/v2.0/handler/project.go b/src/server/v2.0/handler/project.go index 7436ac7a5..bf90167d5 100644 --- a/src/server/v2.0/handler/project.go +++ b/src/server/v2.0/handler/project.go @@ -162,7 +162,7 @@ func (a *projectAPI) CreateProject(ctx context.Context, params operation.CreateP req.Metadata.EnableContentTrust = nil } - // validate the RegistryID and StorageLimit in the body of the request + // validate the RetentionID, RegistryID and StorageLimit in the body of the request if err := a.validateProjectReq(ctx, req); err != nil { return a.SendError(ctx, err) } @@ -208,6 +208,7 @@ func (a *projectAPI) CreateProject(ctx context.Context, params operation.CreateP if err := lib.JSONCopy(&p.Metadata, req.Metadata); err != nil { log.Warningf("failed to call JSONCopy on project metadata when CreateProject, error: %v", err) } + delete(p.Metadata, "retention_id") projectID, err := a.projectCtl.Create(ctx, p) if err != nil { @@ -557,6 +558,18 @@ func (a *projectAPI) UpdateProject(ctx context.Context, params operation.UpdateP log.Warningf("failed to call JSONCopy on project metadata when UpdateProject, error: %v", err) } + // validate retention_id + if ridParam, ok := p.Metadata["retention_id"]; ok { + md, err := a.metadataMgr.Get(ctx, p.ProjectID) + if err != nil { + return a.SendError(ctx, err) + } + if rid, ok := md["retention_id"]; !ok || rid != ridParam { + errMsg := "the retention_id in the request's payload when updating a project should be omitted, alternatively passing the one that has already been associated to this project" + return a.SendError(ctx, errors.BadRequestError(fmt.Errorf(errMsg))) + } + } + if err := a.projectCtl.Update(ctx, p); err != nil { return a.SendError(ctx, err) } @@ -677,6 +690,10 @@ func (a *projectAPI) getProject(ctx context.Context, projectNameOrID interface{} } func (a *projectAPI) validateProjectReq(ctx context.Context, req *models.ProjectReq) error { + if req.Metadata.RetentionID != nil && *req.Metadata.RetentionID != "" { + return errors.BadRequestError(fmt.Errorf("the retention_id in the request's payload when creating a project should be omitted, alternatively passing an empty string")) + } + if req.RegistryID != nil { if *req.RegistryID <= 0 { return errors.BadRequestError(fmt.Errorf("%d is invalid value of registry_id, it should be geater than 0", *req.RegistryID))