summaryrefslogtreecommitdiffstats
path: root/cvp/opnfv_testapi/resources/test_handlers.py
diff options
context:
space:
mode:
Diffstat (limited to 'cvp/opnfv_testapi/resources/test_handlers.py')
-rw-r--r--cvp/opnfv_testapi/resources/test_handlers.py38
1 files changed, 33 insertions, 5 deletions
diff --git a/cvp/opnfv_testapi/resources/test_handlers.py b/cvp/opnfv_testapi/resources/test_handlers.py
index 2baa2943..161585ef 100644
--- a/cvp/opnfv_testapi/resources/test_handlers.py
+++ b/cvp/opnfv_testapi/resources/test_handlers.py
@@ -188,21 +188,49 @@ class TestsGURHandler(GenericTestHandler):
query = {'_id': objectid.ObjectId(_id)}
db_keys = ['_id', ]
+
+ test = yield dbapi.db_find_one("tests", query)
+ if not test:
+ msg = 'Record does not exist'
+ self.finish_request({'code': 404, 'msg': msg})
+ return
+
curr_user = self.get_secure_cookie(auth_const.OPENID)
- if item in {"shared", "label", "status"}:
+ if item in {"shared", "label"}:
query['owner'] = curr_user
db_keys.append('owner')
- if item == "status" and value == "review":
- test = yield dbapi.db_find_one("tests", query)
- if test:
+ if item == "status":
+ if value in {'approved', 'not approved'}:
+ if test['status'] == 'private':
+ msg = 'Not allowed to approve/not approve'
+ self.finish_request({'code': 403, 'msg': msg})
+ return
+
+ user = yield dbapi.db_find_one("users", {'openid': curr_user})
+ if 'administrator' not in user['role']:
+ msg = 'No permission to operate'
+ self.finish_request({'code': 403, 'msg': msg})
+ return
+ elif value == 'review':
+ if test['status'] != 'private':
+ msg = 'Not allowed to submit to review'
+ self.finish_request({'code': 403, 'msg': msg})
+ return
+
+ query['owner'] = curr_user
+ db_keys.append('owner')
+
test_query = {'id': test['id'], 'status': 'review'}
record = yield dbapi.db_find_one("tests", test_query)
if record:
- msg = ('{} has already submitted one record with the same'
+ msg = ('{} has already submitted one record with the same '
'Test ID: {}'.format(record['owner'], test['id']))
self.finish_request({'code': 403, 'msg': msg})
return
+ else:
+ query['owner'] = curr_user
+ db_keys.append('owner')
logging.debug("before _update 2")
self._update(query=query, db_keys=db_keys)