Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add get_owner and use for package upload
Browse files Browse the repository at this point in the history
gabm committed Jun 9, 2023

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
1 parent a189de8 commit dcbc366
Showing 2 changed files with 36 additions and 7 deletions.
22 changes: 22 additions & 0 deletions quetz/authorization.py
Original file line number Diff line number Diff line change
@@ -39,6 +39,28 @@ def __init__(self, API_key: Optional[str], session: dict, db: Session):
self.session = session
self.db = db

def get_owner(self) -> Optional[bytes]:
owner_id = None

if self.API_key:
api_key = (
self.db.query(ApiKey)
.filter(ApiKey.key == self.API_key, ~ApiKey.deleted)
.filter(
ApiKey.key == self.API_key,
or_(ApiKey.expire_at >= date.today(), ApiKey.expire_at.is_(None)),
)
.one_or_none()
)
if api_key:
owner_id = api_key.owner_id
else:
user_id = self.session.get("user_id")
if user_id:
owner_id = uuid.UUID(user_id).bytes

return owner_id

def get_user(self) -> Optional[bytes]:
user_id = None

21 changes: 14 additions & 7 deletions quetz/main.py
Original file line number Diff line number Diff line change
@@ -913,6 +913,8 @@ def post_package(
dao: Dao = Depends(get_dao),
):
user_id = auth.assert_user()
owner_id = auth.get_owner()

auth.assert_create_package(channel.name)
pm.hook.validate_new_package(
channel_name=channel.name,
@@ -927,7 +929,7 @@ def post_package(
detail=f"Package {channel.name}/{new_package.name} exists",
)

dao.create_package(channel.name, new_package, user_id, authorization.OWNER)
dao.create_package(channel.name, new_package, owner_id, authorization.OWNER)


@api_router.get(
@@ -1382,14 +1384,18 @@ async def post_upload(
status_code=status.HTTP_406_NOT_ACCEPTABLE, detail="Wrong SHA256 checksum"
)

user_id = auth.assert_user()
_ = auth.assert_user()

auth.assert_create_package(channel_name)
condainfo = CondaInfo((body), filename)
dest = os.path.join(condainfo.info["subdir"], filename)

body.seek(0)
await pkgstore.add_package_async(body, channel_name, dest)

# get the id of the owner, in case auth was done through an API key
owner_id = auth.get_owner()

package_name = str(condainfo.info.get("name"))
package_data = rest_models.Package(
name=package_name,
@@ -1400,7 +1406,7 @@ async def post_upload(
dao.create_package(
channel_name,
package_data,
user_id,
owner_id,
authorization.OWNER,
)

@@ -1419,7 +1425,7 @@ async def post_upload(
size=condainfo.info["size"],
filename=filename,
info=json.dumps(condainfo.info),
uploader_id=user_id,
uploader_id=owner_id,
upsert=force,
)
except IntegrityError:
@@ -1504,7 +1510,8 @@ def handle_package_files(
package=None,
is_mirror_op=False,
):
user_id = auth.assert_user()
_ = auth.assert_user()
owner_id = auth.get_owner()

# quick fail if not allowed to upload
# note: we're checking later that `parts[0] == conda_info.package_name`
@@ -1648,7 +1655,7 @@ def _delete_file(condainfo, filename):
dao.create_package(
channel.name,
package_data,
user_id,
owner_id,
authorization.OWNER,
)

@@ -1669,7 +1676,7 @@ def _delete_file(condainfo, filename):
size=condainfo.info["size"],
filename=file.filename,
info=json.dumps(condainfo.info),
uploader_id=user_id,
uploader_id=owner_id,
upsert=force,
)
except IntegrityError:

0 comments on commit dcbc366

Please sign in to comment.