aboutsummaryrefslogtreecommitdiffstats
path: root/opnfv_testapi/resources/test_handlers.py
diff options
context:
space:
mode:
Diffstat (limited to 'opnfv_testapi/resources/test_handlers.py')
-rw-r--r--opnfv_testapi/resources/test_handlers.py22
1 files changed, 20 insertions, 2 deletions
diff --git a/opnfv_testapi/resources/test_handlers.py b/opnfv_testapi/resources/test_handlers.py
index 82cf9ae..5ecb176 100644
--- a/opnfv_testapi/resources/test_handlers.py
+++ b/opnfv_testapi/resources/test_handlers.py
@@ -74,6 +74,10 @@ class TestsCLHandler(GenericTestHandler):
'per_page': CONF.api_results_per_page
}
+ curr_user = self.get_secure_cookie(auth_const.OPENID)
+ if curr_user is None:
+ raises.Unauthorized(message.no_auth())
+
query = yield self.set_query()
yield self._list(query=query, **limitations)
logging.debug('list end')
@@ -145,9 +149,23 @@ class TestsGURHandler(GenericTestHandler):
raise gen.Return('API response validation enabled')
@swagger.operation(nickname="deleteTestById")
+ @web.asynchronous
+ @gen.coroutine
def delete(self, test_id):
- query = {'_id': objectid.ObjectId(test_id)}
- self._delete(query=query)
+ curr_user = self.get_secure_cookie(auth_const.OPENID)
+ curr_user_role = self.get_secure_cookie(auth_const.ROLE)
+ if curr_user is not None:
+ query = {'_id': objectid.ObjectId(test_id)}
+ test_data = yield dbapi.db_find_one(self.table, query)
+ if not test_data:
+ raises.NotFound(message.not_found(self.table, query))
+ if curr_user == test_data['owner'] or \
+ curr_user_role.find('administrator') != -1:
+ self._delete(query=query)
+ else:
+ raises.Forbidden(message.no_auth())
+ else:
+ raises.Unauthorized(message.no_auth())
@swagger.operation(nickname="updateTestById")
@web.asynchronous