fmt: allow modifying internal format in locked job Internal formats are not released and are not included in the calculation of the job digest. They can then be safely added to or deleted from a locked job, without needing to unlock it prior, so the uploader will not need the "update" access, only the "add" access. It is useful to add extra info after a job has been released, like test results, or transient data like CVE scans updated daily with an up-to-date vulnerability database, without giving too many permissions to the uploader. Signed-off-by: Julien Floret <julien.floret@6wind.com> Acked-by: Thomas Faivre <thomas.faivre@6wind.com> Acked-by: Robin Jarry <robin@jarry.cc>
2 files changed, 2 insertions(+), 2 deletions(-) M dlrepo/views/artifact.py M dlrepo/views/fmt.py
M dlrepo/views/artifact.py => dlrepo/views/artifact.py +1 -1
@@ 61,7 61,7 @@ class ArtifactView(BaseView): raise web.HTTPBadRequest( reason="Uploading container images must be done with docker push" ) if job.is_locked(): if job.is_locked() and not fmt.is_internal(): raise web.HTTPBadRequest( reason="Cannot upload files in locked jobs" )
M dlrepo/views/fmt.py => dlrepo/views/fmt.py +1 -1
@@ 198,7 198,7 @@ def _get_format( .get_job(match_info["job"]) ) fmt = job.get_format(match_info["format"]) if delete and job.is_locked(): if delete and job.is_locked() and not fmt.is_internal(): raise web.HTTPBadRequest(reason="Cannot delete format: job is locked") except FileNotFoundError as e: raise web.HTTPNotFound() from e