def new_collection(request): '''new_container_collection will display a form to generate a new collection ''' if request.user.has_create_permission(): if request.method == "POST": name = request.POST.get('name') if name is not None: # No special characters allowed name = format_collection_name(name) collection = Collection(name=name, secret=str(uuid.uuid4())) collection.save() collection.owners.add(request.user) collection.save() messages.info(request, 'Collection %s created.' % name) return redirect('collection_details', cid=collection.id) # Just new collection form, not a post else: return render(request, "collections/new_collection.html") # If user makes it down here, does not have permission messages.info(request, "You don't have permission to perform this action.") return redirect("collections")
def collection_auth_check(request): ''' check permissions and return a collection id (cid) if a collection exists and the user has permission to upload. If not, a permission denied is returned. ''' auth = request.META.get('HTTP_AUTHORIZATION', None) # Load the body, which is json with variables body_unicode = request.body.decode('utf-8') body = json.loads(body_unicode) # Get variables tag = body.get('tag', 'latest') name = body.get('name') collection_name = format_collection_name(body.get('collection')) print(tag, name, collection_name, auth, body) # Authentication always required for push if auth is None: raise PermissionDenied(detail="Authentication Required") owner = get_request_user(auth) timestamp = generate_timestamp() payload = "push|%s|%s|%s|%s|" % (collection_name, timestamp, name, tag) # Validate Payload print(payload) if not validate_request(auth, payload, "push", timestamp): raise PermissionDenied(detail="Unauthorized") try: collection = Collection.objects.get(name=collection_name) except Collection.DoesNotExist: collection = None # Validate User Permissions, either for creating collection or adding # Here we have permission if: # 1- user collections are enabled with USER_COLLECTIONS # 2- the user is a superuser or staff # 3- the user is owner of a collection if not has_permission(auth, collection, pull_permission=False): raise PermissionDenied(detail="Unauthorized") # If the user cannot create a new collection if not owner.has_create_permission(): raise PermissionDenied(detail="Unauthorized") # If we get here user has create permission, does collection exist? if collection is None: collection = Collection.objects.create(name=collection_name, secret=str(uuid.uuid4())) collection.save() collection.owners.add(owner) collection.save() # Return json response with collection id return JsonResponse({'cid': collection.id})