repos: Update API authentication

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/web/repos.py b/src/web/repos.py
index fb3de8976fd1fd539d4173d070865761c7431559..7f539d42a85b435c81e2a4fd3ccdbd93fb30eaea 100644 (file)
--- a/src/web/repos.py
+++ b/src/web/repos.py
@@ -26,28 +26,28 @@ from . import base
 from . import ui_modules
 
 class APIv1IndexHandler(base.APIMixin, base.BaseHandler):
-       # Allow users to create builds
+       # Only users can have repositories
        allow_users = True
+       allow_builders = False
 
-       @tornado.web.authenticated
+       @base.negotiate
        async def get(self, distro_slug):
-               with self.db.transaction():
-                       # Fetch distro
-                       distro = self.backend.distros.get_by_slug(distro_slug)
-                       if not distro:
-                               raise tornado.web.HTTPError(404, "Could not find distro '%s'" % distro_slug)
+               # Fetch distro
+               distro = self.backend.distros.get_by_slug(distro_slug)
+               if not distro:
+                       raise tornado.web.HTTPError(404, "Could not find distro '%s'" % distro_slug)
 
-                       # Fetch all repositories
-                       try:
-                               repos = self.current_user.repos[distro]
-                       except KeyError:
-                               repos = []
+               # Fetch all repositories
+               try:
+                       repos = self.current_user.repos[distro]
+               except KeyError:
+                       repos = []
 
                self.finish({
                        "repos" : [repo.to_json() for repo in repos],
                })
 
-       @tornado.web.authenticated
+       @base.negotiate
        async def post(self, distro_slug):
                with self.db.transaction():
                        # Fetch distro
@@ -70,33 +70,42 @@ class APIv1IndexHandler(base.APIMixin, base.BaseHandler):
 
 
 class APIv1ShowHandler(base.APIMixin, base.BaseHandler):
+       # Only users can have repositories
+       allow_users = True
+       allow_builders = False
+
        def _get_repo(self, distro_slug, repo_slug):
                # Fetch distro
-               self.distro = self.backend.distros.get_by_slug(distro_slug)
-               if not self.distro:
+               distro = self.backend.distros.get_by_slug(distro_slug)
+               if not distro:
                        raise tornado.web.HTTPError(404, "Could not find distro '%s'" % distro_slug)
 
                # Fetch repository
-               self.repo = self.current_users.get_repo(self.distro, repo_slug)
-               if not self.repo:
+               repo = self.current_user.get_repo(distro, repo_slug)
+               if not repo:
                        raise tornado.web.HTTPError(404, "Could not find repository '%s" % repo_slug)
 
-       @tornado.web.authenticated
+               return distro, repo
+
+       @base.negotiate
        async def get(self, distro_slug, name):
                with self.db.transaction():
-                       repo = self._get_repo(distro_slug, name)
+                       distro, repo = self._get_repo(distro_slug, name)
 
                self.finish(repo.to_json())
 
-       @tornado.web.authenticated
+       @base.negotiate
        async def delete(self, distro_slug, name):
                with self.db.transaction():
-                       repo = self._get_repo(distro_slug, name)
+                       distro, repo = self._get_repo(distro_slug, name)
 
                        # XXX check permissions
 
                        # Delete the repository
-                       await self.repo.delete(self.current_user)
+                       await repo.delete(self.current_user)
+
+               # Send a positive response
+               self.finish({})
 
 
 class BaseHandler(base.BaseHandler):