ziggi/mstore
1
0
Fork 0
Code Pull Requests Actions Packages Projects Releases Wiki Activity

working commit

Browse Source
This commit is contained in:
Олег Бородин
2026-02-13 16:28:05 +02:00
parent e72ffda8b1
commit 04cf117632
6 changed files with 387 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/handler/account.go
+70 -8
View File
@@ -12,7 +12,13 @@ import (
func (hand *Handler) CheckRight(ctx context.Context, accountID, right, subject string) (bool, error) {
var err error
var res bool
hand.logg.Debugf("CheckRight %s: %s %s", accountID, right, subject)
hand.logg.Debugf("Cop check your right %s: %s %s", accountID, right, subject)
// =[]=
// /------\
// .---[-] [#] \--,
// >| [ ] [ ] |
// '--0-------0----'
// Bad news for you, baby.... #
res = true
return res, err
@@ -28,23 +34,23 @@ func (hand *Handler) CreateAccount(rctx *router.Context) {
hand.SendError(rctx, err)
return
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteAccounts, params.Username)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteAccounts, "")
if err != nil {
err := fmt.Errorf("CreateAccount error: %v", err)
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("CreateAccount not enabled for this user")
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
res, err := hand.oper.CreateAccount(rctx.Ctx, operatorID, params)
if err != nil {
hand.logg.Errorf("CreateAccount error: %v", err)
hand.logg.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
@@ -61,9 +67,23 @@ func (hand *Handler) GetAccount(rctx *router.Context) {
hand.SendError(rctx, err)
return
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteAccounts, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
res, err := hand.oper.GetAccount(rctx.Ctx, params)
if err != nil {
hand.logg.Errorf("CreateAccount error: %v", err)
hand.logg.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
@@ -80,6 +100,20 @@ func (hand *Handler) ListAccounts(rctx *router.Context) {
hand.SendError(rctx, err)
return
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteAccounts, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
res, err := hand.oper.ListAccounts(rctx.Ctx, params)
if err != nil {
hand.logg.Errorf("ListAccounts error: %v", err)
@@ -99,6 +133,20 @@ func (hand *Handler) UpdateAccount(rctx *router.Context) {
hand.SendError(rctx, err)
return
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteAccounts, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
res, err := hand.oper.UpdateAccount(rctx.Ctx, params)
if err != nil {
hand.logg.Errorf("UpdateAccount error: %v", err)
@@ -118,6 +166,20 @@ func (hand *Handler) DeleteAccount(rctx *router.Context) {
hand.SendError(rctx, err)
return
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteAccounts, params.Username)
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
res, err := hand.oper.DeleteAccount(rctx.Ctx, params)
if err != nil {
hand.logg.Errorf("DeleteAccount error: %v", err)
app/handler/blob.go
+86
View File
@@ -11,9 +11,11 @@
package handler
import (
"fmt"
"io"
"net/http"
"mstore/app/descr"
"mstore/app/operator"
"mstore/app/router"
)
@@ -29,6 +31,20 @@ func (hand *Handler) BlobExists(rctx *router.Context) {
Name: name,
Digest: digest,
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadImages, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
ctx := rctx.GetContext()
res, code, err := hand.oper.BlobExists(ctx, params)
if err != nil {
@@ -57,6 +73,20 @@ func (hand *Handler) PostUpload(rctx *router.Context) {
Mount: mount,
From: from,
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteImages, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
res, code, err := hand.oper.PostUpload(rctx.Ctx, params)
if err != nil {
hand.logg.Errorf("PostUpload error: %v", err)
@@ -90,6 +120,20 @@ func (hand *Handler) PatchUpload(rctx *router.Context) {
Reference: reference,
Reader: reader,
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteImages, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
ctx := rctx.GetContext()
res, code, err := hand.oper.PatchUpload(ctx, params)
if err != nil {
@@ -122,6 +166,20 @@ func (hand *Handler) PutUpload(rctx *router.Context) {
Reference: reference,
Digest: digest,
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteImages, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
res, code, err := hand.oper.PutUpload(rctx.Ctx, params)
if err != nil {
hand.logg.Errorf("PutUpload error: %v", err)
@@ -140,6 +198,20 @@ func (hand *Handler) GetBlob(rctx *router.Context) {
Name: name,
Digest: digest,
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadImages, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
ctx := rctx.GetContext()
res, code, err := hand.oper.GetBlob(ctx, params)
if err != nil {
@@ -174,6 +246,20 @@ func (hand *Handler) DeleteBlob(rctx *router.Context) {
Name: name,
Digest: digest,
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteImages, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
ctx := rctx.GetContext()
_, code, err := hand.oper.DeleteBlob(ctx, params)
if err != nil {
app/handler/file.go
+72 -2
View File
@@ -10,8 +10,10 @@
package handler
import (
"fmt"
"io"
"mstore/app/descr"
"mstore/app/operator"
"mstore/app/router"
)
@@ -24,6 +26,20 @@ func (hand *Handler) FileInfo(rctx *router.Context) {
params := &operator.FileInfoParams{
Filepath: filepath,
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadFiles, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
ctx := rctx.GetContext()
code, res, err := hand.oper.FileInfo(ctx, params)
if err != nil {
@@ -52,8 +68,21 @@ func (hand *Handler) PutFile(rctx *router.Context) {
ContentSize: contentSize,
Source: rctx.Request.Body,
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteFiles, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
ctx := rctx.GetContext()
code, _, err := hand.oper.PutFile(ctx, params)
if err != nil {
hand.logg.Errorf("PutFile error: %v", err)
@@ -69,6 +98,20 @@ func (hand *Handler) GetFile(rctx *router.Context) {
params := &operator.GetFileParams{
Filepath: filepath,
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadFiles, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
ctx := rctx.GetContext()
code, res, err := hand.oper.GetFile(ctx, params)
if err != nil {
@@ -99,6 +142,20 @@ func (hand *Handler) DeleteFile(rctx *router.Context) {
params := &operator.DeleteFileParams{
Filepath: filepath,
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteFiles, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
ctx := rctx.GetContext()
code, _, err := hand.oper.DeleteFile(ctx, params)
if err != nil {
@@ -117,8 +174,21 @@ func (hand *Handler) ListFiles(rctx *router.Context) {
params := &operator.ListFilesParams{
Filepath: filepath,
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadFiles, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
ctx := rctx.GetContext()
code, res, err := hand.oper.ListFiles(ctx, params)
if err != nil {
hand.logg.Errorf("ListFiles error: %v", err)
app/handler/grant.go
+73
View File
@@ -10,6 +10,9 @@
package handler
import (
"fmt"
"mstore/app/descr"
"mstore/app/operator"
"mstore/app/router"
)
@@ -24,6 +27,20 @@ func (hand *Handler) CreateGrant(rctx *router.Context) {
hand.SendError(rctx, err)
return
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteGrants, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
res, err := hand.oper.CreateGrant(rctx.Ctx, params)
if err != nil {
hand.logg.Errorf("CreateGrant error: %v", err)
@@ -43,6 +60,20 @@ func (hand *Handler) GetGrant(rctx *router.Context) {
hand.SendError(rctx, err)
return
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadGrants, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
res, err := hand.oper.GetGrant(rctx.Ctx, params)
if err != nil {
hand.logg.Errorf("CreateGrant error: %v", err)
@@ -62,6 +93,20 @@ func (hand *Handler) ListGrants(rctx *router.Context) {
hand.SendError(rctx, err)
return
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadGrants, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
res, err := hand.oper.ListGrants(rctx.Ctx, params)
if err != nil {
hand.logg.Errorf("ListGrants error: %v", err)
@@ -81,6 +126,20 @@ func (hand *Handler) UpdateGrant(rctx *router.Context) {
hand.SendError(rctx, err)
return
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteGrants, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
res, err := hand.oper.UpdateGrant(rctx.Ctx, params)
if err != nil {
hand.logg.Errorf("UpdateGrant error: %v", err)
@@ -100,6 +159,20 @@ func (hand *Handler) DeleteGrant(rctx *router.Context) {
hand.SendError(rctx, err)
return
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteGrants, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
res, err := hand.oper.DeleteGrant(rctx.Ctx, params)
if err != nil {
hand.logg.Errorf("DeleteGrant error: %v", err)
app/handler/manifest.go
+86
View File
@@ -10,8 +10,10 @@
package handler
import (
"fmt"
"net/http"
"mstore/app/descr"
"mstore/app/operator"
"mstore/app/router"
)
@@ -24,6 +26,20 @@ func (hand *Handler) ManifestExists(rctx *router.Context) {
Name: name,
Reference: reference,
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadImages, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
ctx := rctx.GetContext()
res, code, err := hand.oper.ManifestExists(ctx, params)
if err != nil {
@@ -54,6 +70,20 @@ func (hand *Handler) PutManifest(rctx *router.Context) {
Reference: reference,
Reader: rctx.Request.Body,
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteImages, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
ctx := rctx.GetContext()
res, code, err := hand.oper.PutManifest(ctx, params)
if err != nil {
@@ -73,6 +103,20 @@ func (hand *Handler) GetManifest(rctx *router.Context) {
Name: name,
Reference: reference,
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadImages, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
ctx := rctx.GetContext()
res, code, err := hand.oper.GetManifest(ctx, params)
if err != nil {
@@ -99,6 +143,20 @@ func (hand *Handler) DeleteManifest(rctx *router.Context) {
Name: name,
Reference: reference,
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteImages, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
ctx := rctx.GetContext()
_, code, err := hand.oper.DeleteManifest(ctx, params)
if err != nil {
@@ -116,6 +174,20 @@ func (hand *Handler) GetReferer(rctx *router.Context) {
Name: name,
Digest: digest,
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadImages, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
res, code, err := hand.oper.GetReferer(rctx.Ctx, params)
if err != nil {
hand.logg.Errorf("GetReferer error: %v", err)
@@ -130,6 +202,20 @@ func (hand *Handler) GetTags(rctx *router.Context) {
params := &operator.GetTagsParams{
Name: name,
}
// Rigth checking
operatorID, _ := rctx.GetString(userTag)
opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadImages, "")
if err != nil {
err := fmt.Errorf("Operation error: %v", err)
hand.SendError(rctx, err)
return
}
if !opEnable {
err := fmt.Errorf("Operation not enabled for this account")
hand.SendError(rctx, err)
return
}
// Execution of the operation
ctx := rctx.GetContext()
res, code, err := hand.oper.GetTags(ctx, params)
if err != nil {
pkg/client/account_test.go
-1
View File
@@ -115,7 +115,6 @@ func TestAccountLife(t *testing.T) {
fmt.Printf("accounts:\n%s\n", string(accountsYAML))
}
{
// DeleteAccount
fmt.Printf("=== DeleteAccount ===\n")