diff --git a/registry/handlers/app.go b/registry/handlers/app.go index 670a2794..766dc4b9 100644 --- a/registry/handlers/app.go +++ b/registry/handlers/app.go @@ -901,12 +901,10 @@ func appendAccessRecords(records []auth.Access, method string, repo string) []au Action: "push", }) case "DELETE": - // DELETE access requires full admin rights, which is represented - // as "*". This may not be ideal. records = append(records, auth.Access{ Resource: resource, - Action: "*", + Action: "delete", }) } return records diff --git a/registry/handlers/app_test.go b/registry/handlers/app_test.go index 385fa4c6..12c0b61c 100644 --- a/registry/handlers/app_test.go +++ b/registry/handlers/app_test.go @@ -229,9 +229,9 @@ func TestAppendAccessRecords(t *testing.T) { Resource: expectedResource, Action: "push", } - expectedAllRecord := auth.Access{ + expectedDeleteRecord := auth.Access{ Resource: expectedResource, - Action: "*", + Action: "delete", } records := []auth.Access{} @@ -271,7 +271,7 @@ func TestAppendAccessRecords(t *testing.T) { records = []auth.Access{} result = appendAccessRecords(records, "DELETE", repo) - expectedResult = []auth.Access{expectedAllRecord} + expectedResult = []auth.Access{expectedDeleteRecord} if ok := reflect.DeepEqual(result, expectedResult); !ok { t.Fatalf("Actual access record differs from expected") }