diff options
Diffstat (limited to 'testapi/opnfv_testapi/common/check.py')
| -rw-r--r-- | testapi/opnfv_testapi/common/check.py | 53 |
1 files changed, 45 insertions, 8 deletions
diff --git a/testapi/opnfv_testapi/common/check.py b/testapi/opnfv_testapi/common/check.py index 333871d..fdc527f 100644 --- a/testapi/opnfv_testapi/common/check.py +++ b/testapi/opnfv_testapi/common/check.py @@ -21,7 +21,8 @@ from opnfv_testapi.db import api as dbapi def is_authorized(method): @functools.wraps(method) def wrapper(self, *args, **kwargs): - if CONF.api_authenticate and self.table in ['pods', 'projects', 'testcases']: + resources = ['pods', 'projects', 'testcases', 'scenarios'] + if CONF.api_authenticate and self.table in resources: testapi_id = self.get_secure_cookie(constants.TESTAPI_ID) if not testapi_id: raises.Unauthorized(message.not_login()) @@ -29,17 +30,23 @@ def is_authorized(method): if not user_info: raises.Unauthorized(message.not_lfid()) if method.__name__ == "_create": - kwargs['owner'] = testapi_id - if self.table in ['projects']: + kwargs['creator'] = testapi_id + if self.table in ['projects', 'testcases']: + map_name = { + 'projects': 'name', + 'testcases': 'project_name' + } + group = "opnfv-gerrit-{}-submitters" query = kwargs.get('query') if type(query) is not dict: query_data = query() else: - if self.json_args is None: + if (self.json_args is None or + map_name[self.table] not in self.json_args): query_data = query else: query_data = self.json_args - group = "opnfv-gerrit-" + query_data['name'] + "-submitters" + group = group.format(query_data[map_name[self.table]]) if group not in user_info['groups']: raises.Unauthorized(message.no_permission()) ret = yield gen.coroutine(method)(self, *args, **kwargs) @@ -47,6 +54,32 @@ def is_authorized(method): return wrapper +def is_reource_tied(method): + @functools.wraps(method) + def wrapper(self, *args, **kwargs): + query_data = {} + tied_maps = { + 'projects': ('testcases', 'project_name'), + 'pods': ('results', 'pod_name'), + 'testcases': ('results', 'case_name') + } + if self.table in tied_maps: + if method.__name__ == '_update': + if 'name' in self.json_args: + if self.json_args['name'] == kwargs.get('query')['name']: + ret = yield gen.coroutine(method)( + self, *args, **kwargs) + raise gen.Return(ret) + query_data[tied_maps[self.table][1]] = kwargs.get('query')['name'] + data = yield dbapi.db_find_one( + tied_maps[self.table][0], query_data) + if data: + raises.Unauthorized(message.tied_with_resource()) + ret = yield gen.coroutine(method)(self, *args, **kwargs) + raise gen.Return(ret) + return wrapper + + def valid_token(method): @functools.wraps(method) def wrapper(self, *args, **kwargs): @@ -136,8 +169,10 @@ def new_not_exists(xstep): if query: query_data = query() if self.table == 'pods': - if query_data.get('name') is not None: - query_data['name'] = re.compile('\\b' + query_data.get('name') + '\\b', re.IGNORECASE) + if query_data.get('name'): + query_data['name'] = re.compile( + '\\b{}\\b'.format(query_data.get('name')), + re.IGNORECASE) to_data = yield dbapi.db_find_one(self.table, query_data) if to_data: raises.Forbidden(message.exist(self.table, query())) @@ -165,7 +200,9 @@ def query_by_name(xstep): def wrap(self, *args, **kwargs): if 'name' in self.request.query_arguments.keys(): query = kwargs.get('query', {}) - query.update({'name': re.compile(self.get_query_argument('name'), re.IGNORECASE)}) + query.update({ + 'name': re.compile(self.get_query_argument('name'), + re.IGNORECASE)}) kwargs.update({'query': query}) ret = yield gen.coroutine(xstep)(self, *args, **kwargs) |