diff options
Diffstat (limited to 'testapi/opnfv_testapi/common/check.py')
-rw-r--r-- | testapi/opnfv_testapi/common/check.py | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/testapi/opnfv_testapi/common/check.py b/testapi/opnfv_testapi/common/check.py index 18dc67d..fdc527f 100644 --- a/testapi/opnfv_testapi/common/check.py +++ b/testapi/opnfv_testapi/common/check.py @@ -31,16 +31,22 @@ def is_authorized(method): raises.Unauthorized(message.not_lfid()) if method.__name__ == "_create": kwargs['creator'] = testapi_id - if self.table in ['projects']: + if self.table in ['projects', 'testcases']: + map_name = { + 'projects': 'name', + 'testcases': 'project_name' + } + group = "opnfv-gerrit-{}-submitters" query = kwargs.get('query') if type(query) is not dict: query_data = query() else: - if self.json_args is None or 'name' not in self.json_args: + if (self.json_args is None or + map_name[self.table] not in self.json_args): query_data = query else: query_data = self.json_args - group = "opnfv-gerrit-" + query_data['name'] + "-submitters" + group = group.format(query_data[map_name[self.table]]) if group not in user_info['groups']: raises.Unauthorized(message.no_permission()) ret = yield gen.coroutine(method)(self, *args, **kwargs) @@ -59,12 +65,14 @@ def is_reource_tied(method): } if self.table in tied_maps: if method.__name__ == '_update': - if 'name' not in self.json_args: - ret = yield gen.coroutine(method)(self, *args, **kwargs) - raise gen.Return(ret) + if 'name' in self.json_args: + if self.json_args['name'] == kwargs.get('query')['name']: + ret = yield gen.coroutine(method)( + self, *args, **kwargs) + raise gen.Return(ret) query_data[tied_maps[self.table][1]] = kwargs.get('query')['name'] - data = yield dbapi.db_find_one(tied_maps[self.table][0], - query_data) + data = yield dbapi.db_find_one( + tied_maps[self.table][0], query_data) if data: raises.Unauthorized(message.tied_with_resource()) ret = yield gen.coroutine(method)(self, *args, **kwargs) |