refactor access handling
This commit is contained in:
parent
3b95f5881f
commit
b2acb3c775
|
@ -56,15 +56,22 @@ module Auth
|
||||||
def process_scope(scope)
|
def process_scope(scope)
|
||||||
type, name, actions = scope.split(':', 3)
|
type, name, actions = scope.split(':', 3)
|
||||||
actions = actions.split(',')
|
actions = actions.split(',')
|
||||||
path = ContainerRegistry::Path.new(name)
|
|
||||||
|
|
||||||
if type == 'registry' && name == 'catalog' && current_user && current_user.admin?
|
case type
|
||||||
return { type: type, name: name, actions: ['*'] }
|
when 'registry'
|
||||||
|
process_registry_access(type, name, actions)
|
||||||
|
when 'repository'
|
||||||
|
path = ContainerRegistry::Path.new(name)
|
||||||
|
process_repository_access(type, path, actions)
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
return unless type == 'repository'
|
def process_registry_access(type, name, actions)
|
||||||
|
return unless current_user&.admin?
|
||||||
|
return unless name == 'catalog'
|
||||||
|
return unless actions == ['*']
|
||||||
|
|
||||||
process_repository_access(type, path, actions)
|
{ type: type, name: name, actions: ['*'] }
|
||||||
end
|
end
|
||||||
|
|
||||||
def process_repository_access(type, path, actions)
|
def process_repository_access(type, path, actions)
|
||||||
|
|
Loading…
Reference in New Issue