From a94b7ff6ebba4c8db5fe3314e984b5d66dd9b561 Mon Sep 17 00:00:00 2001
From: Ina Panova <ipanova@redhat.com>
Date: Fri, 21 Jan 2022 16:34:39 +0100
Subject: [PATCH] Account for case when token's scope does not contain
 type/resource/action.

closes #509
---
 CHANGES/509.bugfix                  | 1 +
 pulp_container/app/authorization.py | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 CHANGES/509.bugfix

diff --git a/CHANGES/509.bugfix b/CHANGES/509.bugfix
new file mode 100644
index 000000000..f9128bde4
--- /dev/null
+++ b/CHANGES/509.bugfix
@@ -0,0 +1 @@
+Account for case when token's scope does not contain type/resource/action.
diff --git a/pulp_container/app/authorization.py b/pulp_container/app/authorization.py
index f3581e14f..e44421432 100644
--- a/pulp_container/app/authorization.py
+++ b/pulp_container/app/authorization.py
@@ -133,7 +133,7 @@ def determine_access(self):
                 endpoint.
 
         """
-        if not self.scope:
+        if not self.scope or self.scope.count(":") != 2:
             return []
 
         typ, name, actions = self.scope.split(":")