Merge pull request #1019 from rikatz/master

Improves namespace validation for Docker Notary integration
This commit is contained in:
Daniel Jiang 2016-11-10 08:27:14 +08:00 committed by GitHub
commit 32f8c92eb7

View File

@ -105,8 +105,17 @@ func FilterAccess(username string, a *token.ResourceActions) {
//clear action list to assign to new acess element after perm check. //clear action list to assign to new acess element after perm check.
a.Actions = []string{} a.Actions = []string{}
if a.Type == "repository" { if a.Type == "repository" {
if strings.Contains(a.Name, "/") { //Only check the permission when the requested image has a namespace, i.e. project repoSplit := strings.Split(a.Name, "/")
projectName := a.Name[0:strings.LastIndex(a.Name, "/")] repoLength := len(repoSplit)
if repoLength > 1 { //Only check the permission when the requested image has a namespace, i.e. project
var projectName string
registryURL := os.Getenv("HARBOR_REG_URL")
if repoSplit[0] == registryURL {
projectName = repoSplit[1]
log.Infof("Detected Registry URL in Project Name. Assuming this is a notary request and setting Project Name as %s\n", projectName)
} else {
projectName = repoSplit[0]
}
var permission string var permission string
if len(username) > 0 { if len(username) > 0 {
isAdmin, err := dao.IsAdminRole(username) isAdmin, err := dao.IsAdminRole(username)