Skip to content

Commit 84bfba4

Browse files
gerrod3cursoragent
gerrod3
and
cursoragent
committed
Require a distribution for registry-pushed content RBAC checks.
Distribution consumers may only filter content by repository_version on container repositories that have no remote and are tied to a distribution. Co-authored-by: Cursor <cursoragent@cursor.com>
1 parent f7492ea commit 84bfba4

1 file changed

Lines changed: 14 additions & 10 deletions

File tree

pulp_container/app/viewsets.py

Lines changed: 14 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -173,18 +173,22 @@ def _repo_query_params(self, request, view, push_perm, mirror_perm):
173173
mirror_perm, repo
174174
):
175175
repo_pks.append(repo.pk)
176-
elif not repo.remote and (
177-
request.user.has_perm(push_perm)
178-
or any(
179-
request.user.has_perm(push_perm, dist.cast())
180-
or (
181-
dist.cast().namespace
182-
and request.user.has_perm(
183-
"container.namespace_view_containerdistribution",
184-
dist.cast().namespace,
176+
elif (
177+
repo.remote_id is None
178+
and repo.distributions.exists()
179+
and (
180+
request.user.has_perm(push_perm)
181+
or any(
182+
request.user.has_perm(push_perm, dist.cast())
183+
or (
184+
dist.cast().namespace
185+
and request.user.has_perm(
186+
"container.namespace_view_containerdistribution",
187+
dist.cast().namespace,
188+
)
185189
)
190+
for dist in repo.distributions.all()
186191
)
187-
for dist in repo.distributions.all()
188192
)
189193
):
190194
repo_pks.append(repo.pk)

0 commit comments

Comments
 (0)