diff options
author | thuva4 <tharma.thuva@gmail.com> | 2018-03-18 16:14:43 +0530 |
---|---|---|
committer | thuva4 <tharma.thuva@gmail.com> | 2018-03-18 16:14:43 +0530 |
commit | 5410727d88587663f0ef28e0fe399f7073e6cd7d (patch) | |
tree | dcfde6675f59f954847ff7160ecd278f0ccc3bf2 /testapi/opnfv_testapi/common | |
parent | 3f179ccef8a3d49993ecdec58a008054288b622b (diff) |
Add submitter check for testcase
prevent user(Non submitter) from create, update,
delete a testcase
tests are added
Change-Id: I0c63dea7a6e0d3438802dd8c84e8a752ef7fe3f6
Signed-off-by: thuva4 <tharma.thuva@gmail.com>
Diffstat (limited to 'testapi/opnfv_testapi/common')
-rw-r--r-- | testapi/opnfv_testapi/common/check.py | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/testapi/opnfv_testapi/common/check.py b/testapi/opnfv_testapi/common/check.py index 18dc67d..09a9270 100644 --- a/testapi/opnfv_testapi/common/check.py +++ b/testapi/opnfv_testapi/common/check.py @@ -31,16 +31,22 @@ def is_authorized(method): raises.Unauthorized(message.not_lfid()) if method.__name__ == "_create": kwargs['creator'] = testapi_id - if self.table in ['projects']: + if self.table in ['projects', 'testcases']: + map_name = { + 'projects': 'name', + 'testcases': 'project_name' + } + group = "opnfv-gerrit-{}-submitters" query = kwargs.get('query') if type(query) is not dict: query_data = query() else: - if self.json_args is None or 'name' not in self.json_args: + if (self.json_args is None or + map_name[self.table] not in self.json_args): query_data = query else: query_data = self.json_args - group = "opnfv-gerrit-" + query_data['name'] + "-submitters" + group = group.format(query_data[map_name[self.table]]) if group not in user_info['groups']: raises.Unauthorized(message.no_permission()) ret = yield gen.coroutine(method)(self, *args, **kwargs) |