Patches 1 and 2 add missing restrictions on deleting a job format.
Patch 3 is for allowing modification of an internal format even when the
job is locked.
Julien Floret (3):
fmt: refuse deletion in product view
fmt: refuse deletion if job is locked
fmt: allow modifying internal format in locked job
dlrepo/views/artifact.py | 2 +-
dlrepo/views/fmt.py | 12 ++++++++----
2 files changed, 9 insertions(+), 5 deletions(-)
--
2.39.2
Hi,
Oops, I forgot to run "make lint". The changes made by black are
trivial formatting of long lines in patch 1.
Robin, do you want me to send a v2 of this series?
Hi,
Oops, I forgot to run "make lint". The changes made by black are
trivial formatting of long lines in patch 1.
Robin, do you want me to send a v2 of this series?
Julien
Le mer. 24 janv. 2024 à 14:39, Julien Floret <julien.floret@6wind.com> a écrit :
Internal formats are not released and are not included in the
calculation of the job digest.
They can then be safely added to or deleted from a locked job, without
needing to unlock it prior, so the uploader will not need the "update"
access, only the "add" access.
It is useful to add extra info after a job has been released, like
test results, or transient data like CVE scans updated daily with an
up-to-date vulnerability database, without giving too many permissions
to the uploader.
Signed-off-by: Julien Floret <julien.floret@6wind.com>
Acked-by: Thomas Faivre <thomas.faivre@6wind.com>
---
dlrepo/views/artifact.py | 2 +-dlrepo/views/fmt.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/dlrepo/views/artifact.py b/dlrepo/views/artifact.py
index a6bf70a99442..dcd40ca992d2 100644
--- a/dlrepo/views/artifact.py+++ b/dlrepo/views/artifact.py
@@ -61,7 +61,7 @@ class ArtifactView(BaseView):
raise web.HTTPBadRequest(
reason="Uploading container images must be done with docker push"
)
- if job.is_locked():+ if job.is_locked() and not fmt.is_internal(): raise web.HTTPBadRequest(
reason="Cannot upload files in locked jobs"
)
diff --git a/dlrepo/views/fmt.py b/dlrepo/views/fmt.py
index 654d30468f77..c4bba26488ec 100644
--- a/dlrepo/views/fmt.py+++ b/dlrepo/views/fmt.py
@@ -194,7 +194,7 @@ def _get_format(repo, match_info, access_cb: Callable[[str], bool] = None, delet
.get_job(match_info["job"])
)
fmt = job.get_format(match_info["format"])
- if delete and job.is_locked():+ if delete and job.is_locked() and not fmt.is_internal(): raise web.HTTPBadRequest(reason="Cannot delete format: job is locked")
except FileNotFoundError as e:
raise web.HTTPNotFound() from e
--
2.39.2