Change DELETE action from "*" to "delete"
With token authentication, requiring the "*" action for DELETE requests makes it impossible to administratively lock a repository against pushes and pulls but still allow deletion. This change adds a new "delete" action for DELETE requests to make that possible. Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
This commit is contained in:
parent
8e065ad239
commit
ccb839e0e3
@ -901,12 +901,10 @@ func appendAccessRecords(records []auth.Access, method string, repo string) []au
|
||||
Action: "push",
|
||||
})
|
||||
case "DELETE":
|
||||
// DELETE access requires full admin rights, which is represented
|
||||
// as "*". This may not be ideal.
|
||||
records = append(records,
|
||||
auth.Access{
|
||||
Resource: resource,
|
||||
Action: "*",
|
||||
Action: "delete",
|
||||
})
|
||||
}
|
||||
return records
|
||||
|
@ -229,9 +229,9 @@ func TestAppendAccessRecords(t *testing.T) {
|
||||
Resource: expectedResource,
|
||||
Action: "push",
|
||||
}
|
||||
expectedAllRecord := auth.Access{
|
||||
expectedDeleteRecord := auth.Access{
|
||||
Resource: expectedResource,
|
||||
Action: "*",
|
||||
Action: "delete",
|
||||
}
|
||||
|
||||
records := []auth.Access{}
|
||||
@ -271,7 +271,7 @@ func TestAppendAccessRecords(t *testing.T) {
|
||||
|
||||
records = []auth.Access{}
|
||||
result = appendAccessRecords(records, "DELETE", repo)
|
||||
expectedResult = []auth.Access{expectedAllRecord}
|
||||
expectedResult = []auth.Access{expectedDeleteRecord}
|
||||
if ok := reflect.DeepEqual(result, expectedResult); !ok {
|
||||
t.Fatalf("Actual access record differs from expected")
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user