aboutsummaryrefslogtreecommitdiffstats
path: root/opnfv_testapi
diff options
context:
space:
mode:
Diffstat (limited to 'opnfv_testapi')
-rw-r--r--opnfv_testapi/resources/test_handlers.py18
1 files changed, 16 insertions, 2 deletions
diff --git a/opnfv_testapi/resources/test_handlers.py b/opnfv_testapi/resources/test_handlers.py
index 82cf9ae..0cc60d5 100644
--- a/opnfv_testapi/resources/test_handlers.py
+++ b/opnfv_testapi/resources/test_handlers.py
@@ -145,9 +145,23 @@ class TestsGURHandler(GenericTestHandler):
raise gen.Return('API response validation enabled')
@swagger.operation(nickname="deleteTestById")
+ @web.asynchronous
+ @gen.coroutine
def delete(self, test_id):
- query = {'_id': objectid.ObjectId(test_id)}
- self._delete(query=query)
+ curr_user = self.get_secure_cookie(auth_const.OPENID)
+ curr_user_role = self.get_secure_cookie(auth_const.ROLE)
+ if curr_user is not None:
+ query = {'_id': objectid.ObjectId(test_id)}
+ test_data = yield dbapi.db_find_one(self.table, query)
+ if not test_data:
+ raises.NotFound(message.not_found(self.table, query))
+ if curr_user == test_data['owner'] or \
+ curr_user_role.find('administrator') != -1:
+ self._delete(query=query)
+ else:
+ raises.Forbidden(message.no_auth())
+ else:
+ raises.Unauthorized(message.no_auth())
@swagger.operation(nickname="updateTestById")
@web.asynchronous