mirror of
https://github.com/Start9Labs/registry.git
synced 2026-03-26 02:11:53 +00:00
add case for when package is new
This commit is contained in:
Lucy Cifferello
@@ -337,3 +337,11 @@ getAllowedPkgs pkgId adminId = do
|
|||||||
where_ $ p ^. AdminPkgsAdmin ==. val adminId
|
where_ $ p ^. AdminPkgsAdmin ==. val adminId
|
||||||
pure p
|
pure p
|
||||||
pure $ entityVal <$> pkgs
|
pure $ entityVal <$> pkgs
|
||||||
|
|
||||||
|
getPkg:: (Monad m, MonadIO m) => PkgRecordId -> ReaderT SqlBackend m [PkgRecord]
|
||||||
|
getPkg pkgId = do
|
||||||
|
pkg <- select $ do
|
||||||
|
p <- from $ table @PkgRecord
|
||||||
|
where_ $ p ^. PkgRecordId ==. val pkgId
|
||||||
|
pure p
|
||||||
|
pure $ entityVal <$> pkg
|
||||||
@@ -79,7 +79,7 @@ import Model (
|
|||||||
Unique (UniqueName, UniquePkgCategory),
|
Unique (UniqueName, UniquePkgCategory),
|
||||||
Upload (..),
|
Upload (..),
|
||||||
VersionRecord (versionRecordNumber, versionRecordPkgId),
|
VersionRecord (versionRecordNumber, versionRecordPkgId),
|
||||||
unPkgRecordKey,
|
unPkgRecordKey, AdminPkgs (AdminPkgs),
|
||||||
)
|
)
|
||||||
import Network.HTTP.Types (
|
import Network.HTTP.Types (
|
||||||
status400,
|
status400,
|
||||||
@@ -162,7 +162,7 @@ postCheckPkgAuthR pkgId = do
|
|||||||
Just name -> do
|
Just name -> do
|
||||||
if ((length whitelist > 0 && (pkgId `elem` whitelist)) || length whitelist <= 0)
|
if ((length whitelist > 0 && (pkgId `elem` whitelist)) || length whitelist <= 0)
|
||||||
then do
|
then do
|
||||||
authorized <- checkAdminAllowedPkgs pkgId name
|
(authorized, _) <- checkAdminAllowedPkgs pkgId name
|
||||||
if authorized
|
if authorized
|
||||||
then sendResponseText status200 "User authorized to upload this package."
|
then sendResponseText status200 "User authorized to upload this package."
|
||||||
else sendResponseText status401 "User not authorized to upload this package."
|
else sendResponseText status401 "User not authorized to upload this package."
|
||||||
@@ -198,11 +198,15 @@ postPkgUploadR = do
|
|||||||
"Impossible: an unauthenticated user has managed to upload a pacakge to this registry."
|
"Impossible: an unauthenticated user has managed to upload a pacakge to this registry."
|
||||||
pure ()
|
pure ()
|
||||||
Just name -> do
|
Just name -> do
|
||||||
authorized <- checkAdminAllowedPkgs packageManifestId name
|
(authorized, newPkg) <- checkAdminAllowedPkgs packageManifestId name
|
||||||
if authorized
|
if authorized
|
||||||
then do
|
then do
|
||||||
now <- liftIO getCurrentTime
|
now <- liftIO getCurrentTime
|
||||||
runDB $ insert_ (Upload (AdminKey name) (PkgRecordKey packageManifestId) packageManifestVersion now)
|
runDB $ insert_ (Upload (AdminKey name) (PkgRecordKey packageManifestId) packageManifestVersion now)
|
||||||
|
-- if pkg is whitelisted and a new upload, add as authorized for this admin user
|
||||||
|
if (newPkg)
|
||||||
|
then runDB $ insert_ (AdminPkgs (AdminKey name) (PkgRecordKey packageManifestId))
|
||||||
|
else pure ()
|
||||||
else sendResponseText status401 "User not authorized to upload this package."
|
else sendResponseText status401 "User not authorized to upload this package."
|
||||||
else sendResponseText status500 "Package does not belong on this registry."
|
else sendResponseText status500 "Package does not belong on this registry."
|
||||||
where
|
where
|
||||||
@@ -257,7 +261,7 @@ postPkgIndexR = do
|
|||||||
"Impossible: an unauthenticated user has accessed the index endpoint."
|
"Impossible: an unauthenticated user has accessed the index endpoint."
|
||||||
pure ()
|
pure ()
|
||||||
Just name -> do
|
Just name -> do
|
||||||
authorized <- checkAdminAllowedPkgs indexPkgReqId name
|
(authorized, _) <- checkAdminAllowedPkgs indexPkgReqId name
|
||||||
if authorized
|
if authorized
|
||||||
then do
|
then do
|
||||||
manifest <- getManifestLocation indexPkgReqId indexPkgReqVersion
|
manifest <- getManifestLocation indexPkgReqId indexPkgReqVersion
|
||||||
@@ -280,7 +284,7 @@ postPkgDeindexR = do
|
|||||||
"Impossible: an unauthenticated user has accessed the deindex endpoint."
|
"Impossible: an unauthenticated user has accessed the deindex endpoint."
|
||||||
pure ()
|
pure ()
|
||||||
Just name -> do
|
Just name -> do
|
||||||
authorized <- checkAdminAllowedPkgs indexPkgReqId name
|
(authorized, _) <- checkAdminAllowedPkgs indexPkgReqId name
|
||||||
if authorized
|
if authorized
|
||||||
then do
|
then do
|
||||||
case indexPkgReqArches of
|
case indexPkgReqArches of
|
||||||
@@ -346,7 +350,7 @@ postPkgCategorizeR cat pkg = do
|
|||||||
"Impossible: an unauthenticated user has accessed the categorize endpoint."
|
"Impossible: an unauthenticated user has accessed the categorize endpoint."
|
||||||
pure ()
|
pure ()
|
||||||
Just name -> do
|
Just name -> do
|
||||||
authorized <- checkAdminAllowedPkgs pkg name
|
(authorized, _) <- checkAdminAllowedPkgs pkg name
|
||||||
if authorized
|
if authorized
|
||||||
then runDB $ do
|
then runDB $ do
|
||||||
catEnt <- getBy (UniqueName cat) `orThrow` sendResponseText status404 [i|Category "#{cat}" does not exist|]
|
catEnt <- getBy (UniqueName cat) `orThrow` sendResponseText status404 [i|Category "#{cat}" does not exist|]
|
||||||
@@ -368,7 +372,7 @@ deletePkgCategorizeR cat pkg = do
|
|||||||
"Impossible: an unauthenticated user has accessed the uncategorize endpoint."
|
"Impossible: an unauthenticated user has accessed the uncategorize endpoint."
|
||||||
pure ()
|
pure ()
|
||||||
Just name -> do
|
Just name -> do
|
||||||
authorized <- checkAdminAllowedPkgs pkg name
|
(authorized, _) <- checkAdminAllowedPkgs pkg name
|
||||||
if authorized
|
if authorized
|
||||||
then runDB $ do
|
then runDB $ do
|
||||||
catEnt <- getBy (UniqueName cat) `orThrow` sendResponseText status404 [i|Category "#{cat}" does not exist|]
|
catEnt <- getBy (UniqueName cat) `orThrow` sendResponseText status404 [i|Category "#{cat}" does not exist|]
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ import Data.String.Interpolate.IsString (
|
|||||||
import Data.Text qualified as T
|
import Data.Text qualified as T
|
||||||
import Data.Text.Lazy qualified as TL
|
import Data.Text.Lazy qualified as TL
|
||||||
import Data.Text.Lazy.Builder qualified as TB
|
import Data.Text.Lazy.Builder qualified as TB
|
||||||
import Database.Queries (fetchAllPkgVersions, getVersionPlatform, getAllowedPkgs)
|
import Database.Queries (fetchAllPkgVersions, getVersionPlatform, getAllowedPkgs, getPkg)
|
||||||
import Foundation
|
import Foundation
|
||||||
import Lib.PkgRepository (
|
import Lib.PkgRepository (
|
||||||
PkgRepo,
|
PkgRepo,
|
||||||
@@ -256,7 +256,12 @@ areRegexMatchesEqual textMap (PackageDevice regexMap) =
|
|||||||
case MM.lookup key textMap of
|
case MM.lookup key textMap of
|
||||||
val -> or $ regexMatch regexPattern <$> val
|
val -> or $ regexMatch regexPattern <$> val
|
||||||
|
|
||||||
checkAdminAllowedPkgs :: PkgId -> Text -> Handler Bool
|
checkAdminAllowedPkgs :: PkgId -> Text -> Handler (Bool, Bool) -- (exists, new)
|
||||||
checkAdminAllowedPkgs pkgId adminId = do
|
checkAdminAllowedPkgs pkgId adminId = do
|
||||||
|
-- if pkg does not exist yet, allow, because authorized by whitelist
|
||||||
|
pkg <- runDB $ getPkg (PkgRecordKey pkgId)
|
||||||
|
if length pkg > 0
|
||||||
|
then do
|
||||||
res <- runDB $ getAllowedPkgs (PkgRecordKey pkgId) (AdminKey adminId)
|
res <- runDB $ getAllowedPkgs (PkgRecordKey pkgId) (AdminKey adminId)
|
||||||
pure $ if length res > 0 then True else False
|
pure $ if length res > 0 then (True, True) else (False, True)
|
||||||
|
else pure (True, False)
|
||||||
@@ -156,6 +156,7 @@ Admin
|
|||||||
AdminPkgs
|
AdminPkgs
|
||||||
admin AdminId
|
admin AdminId
|
||||||
pkgId PkgRecordId
|
pkgId PkgRecordId
|
||||||
|
UniqueAdminPkg pkgId admin
|
||||||
|
|
||||||
Upload
|
Upload
|
||||||
uploader AdminId
|
uploader AdminId
|
||||||
|
|||||||
Reference in New Issue
Block a user