diff options
| -rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 2410443ebb6..f40cd2b06c8 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -56,15 +56,22 @@ module Auth def process_scope(scope) type, name, actions = scope.split(':', 3) actions = actions.split(',') - path = ContainerRegistry::Path.new(name) - if type == 'registry' && name == 'catalog' && current_user && current_user.admin? - return { type: type, name: name, actions: ['*'] } + case type + when 'registry' + process_registry_access(type, name, actions) + when 'repository' + path = ContainerRegistry::Path.new(name) + process_repository_access(type, path, actions) end + end - return unless type == 'repository' + def process_registry_access(type, name, actions) + return unless current_user&.admin? + return unless name == 'catalog' + return unless actions == ['*'] - process_repository_access(type, path, actions) + { type: type, name: name, actions: ['*'] } end def process_repository_access(type, path, actions) |