Prevent copying artifact to a proxy cache project

Prevent copying artifact to a proxy cache project Signed-off-by: Wenkai Yin <yinw@vmware.com>
2024-09-20 14:45:37 +00:00 · 2020-07-17 15:24:18 +08:00 · 2020-07-17 15:24:18 +08:00 · 54a1155140
commit 54a1155140
parent af3a638980
2 changed files with 22 additions and 0 deletions
--- a/api/v2.0/swagger.yaml
+++ b/api/v2.0/swagger.yaml
@ -228,6 +228,8 @@ paths:
          $ref: '#/responses/403'
        '404':
          $ref: '#/responses/404'
+        '405':
+          $ref: '#/responses/405'
        '500':
          $ref: '#/responses/500'
  /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}:
@ -1323,6 +1325,14 @@ responses:
        type: string
    schema:
      $ref: '#/definitions/Errors'
+  '405':
+    description: Method not allowed
+    headers:
+      X-Request-Id:
+        description: The ID of the corresponding request for the response
+        type: string
+    schema:
+      $ref: '#/definitions/Errors'
  '409':
    description: Conflict
    headers:
--- a/src/server/v2.0/handler/artifact.go
+++ b/src/server/v2.0/handler/artifact.go
@ -18,6 +18,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/goharbor/harbor/src/controller/event/metadata"
+	"github.com/goharbor/harbor/src/controller/project"
 	"github.com/goharbor/harbor/src/pkg/notification"
 	"net/http"
 	"strings"
@ -48,6 +49,7 @@ const (
 func newArtifactAPI() *artifactAPI {
 	return &artifactAPI{
 		artCtl:  artifact.Ctl,
+		proCtl:  project.Ctl,
 		repoCtl: repository.Ctl,
 		scanCtl: scan.DefaultController,
 		tagCtl:  tag.Ctl,
@ -57,6 +59,7 @@ func newArtifactAPI() *artifactAPI {
 type artifactAPI struct {
 	BaseAPI
 	artCtl  artifact.Controller
+	proCtl  project.Controller
 	repoCtl repository.Controller
 	scanCtl scan.Controller
 	tagCtl  tag.Controller
@ -152,6 +155,15 @@ func (a *artifactAPI) CopyArtifact(ctx context.Context, params operation.CopyArt
 		return a.SendError(ctx, err)
 	}

+	pro, err := a.proCtl.GetByName(ctx, params.ProjectName)
+	if err != nil {
+		return a.SendError(ctx, err)
+	}
+	if pro.RegistryID > 0 {
+		return a.SendError(ctx, errors.New(nil).WithCode(errors.MethodNotAllowedCode).
+			WithMessage("cannot copy the artifact to a proxy cache project"))
+	}
+
 	srcRepo, ref, err := parse(params.From)
 	if err != nil {
 		return a.SendError(ctx, err)