Change DELETE action from "*" to "delete"

With token authentication, requiring the "*" action for DELETE requests
makes it impossible to administratively lock a repository against pushes
and pulls but still allow deletion.  This change adds a new "delete"
action for DELETE requests to make that possible.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
This commit is contained in:
Noah Treuhaft 2017-01-03 12:27:12 -08:00
parent 8e065ad239
commit ccb839e0e3
2 changed files with 4 additions and 6 deletions

View File

@ -901,12 +901,10 @@ func appendAccessRecords(records []auth.Access, method string, repo string) []au
Action: "push",
})
case "DELETE":
// DELETE access requires full admin rights, which is represented
// as "*". This may not be ideal.
records = append(records,
auth.Access{
Resource: resource,
Action: "*",
Action: "delete",
})
}
return records

View File

@ -229,9 +229,9 @@ func TestAppendAccessRecords(t *testing.T) {
Resource: expectedResource,
Action: "push",
}
expectedAllRecord := auth.Access{
expectedDeleteRecord := auth.Access{
Resource: expectedResource,
Action: "*",
Action: "delete",
}
records := []auth.Access{}
@ -271,7 +271,7 @@ func TestAppendAccessRecords(t *testing.T) {
records = []auth.Access{}
result = appendAccessRecords(records, "DELETE", repo)
expectedResult = []auth.Access{expectedAllRecord}
expectedResult = []auth.Access{expectedDeleteRecord}
if ok := reflect.DeepEqual(result, expectedResult); !ok {
t.Fatalf("Actual access record differs from expected")
}