1 files changed, 35 insertions, 6 deletions

diff --git a/testapi/opnfv_testapi/common/check.py b/testapi/opnfv_testapi/common/check.py
index 9b3ab01..18dc67d 100644
--- a/testapi/opnfv_testapi/common/check.py
+++ b/testapi/opnfv_testapi/common/check.py
@@ -21,7 +21,8 @@ from opnfv_testapi.db import api as dbapi
 def is_authorized(method):
     @functools.wraps(method)
     def wrapper(self, *args, **kwargs):
-        if CONF.api_authenticate and self.table in ['pods', 'projects', 'testcases', 'scenarios']:
+        resources = ['pods', 'projects', 'testcases', 'scenarios']
+        if CONF.api_authenticate and self.table in resources:
             testapi_id = self.get_secure_cookie(constants.TESTAPI_ID)
             if not testapi_id:
                 raises.Unauthorized(message.not_login())
@@ -29,13 +30,13 @@ def is_authorized(method):
             if not user_info:
                 raises.Unauthorized(message.not_lfid())
             if method.__name__ == "_create":
-                kwargs['owner'] = testapi_id
+                kwargs['creator'] = testapi_id
             if self.table in ['projects']:
                 query = kwargs.get('query')
                 if type(query) is not dict:
                     query_data = query()
                 else:
-                    if self.json_args is None:
+                    if self.json_args is None or 'name' not in self.json_args:
                         query_data = query
                     else:
                         query_data = self.json_args
@@ -47,6 +48,30 @@ def is_authorized(method):
     return wrapper
 
 
+def is_reource_tied(method):
+    @functools.wraps(method)
+    def wrapper(self, *args, **kwargs):
+        query_data = {}
+        tied_maps = {
+            'projects': ('testcases', 'project_name'),
+            'pods': ('results', 'pod_name'),
+            'testcases': ('results', 'case_name')
+        }
+        if self.table in tied_maps:
+            if method.__name__ == '_update':
+                if 'name' not in self.json_args:
+                    ret = yield gen.coroutine(method)(self, *args, **kwargs)
+                    raise gen.Return(ret)
+            query_data[tied_maps[self.table][1]] = kwargs.get('query')['name']
+            data = yield dbapi.db_find_one(tied_maps[self.table][0],
+                                           query_data)
+            if data:
+                raises.Unauthorized(message.tied_with_resource())
+        ret = yield gen.coroutine(method)(self, *args, **kwargs)
+        raise gen.Return(ret)
+    return wrapper
+
+
 def valid_token(method):
     @functools.wraps(method)
     def wrapper(self, *args, **kwargs):
@@ -136,8 +161,10 @@ def new_not_exists(xstep):
         if query:
             query_data = query()
             if self.table == 'pods':
-                if query_data.get('name') is not None:
-                    query_data['name'] = re.compile('\\b' + query_data.get('name') + '\\b', re.IGNORECASE)
+                if query_data.get('name'):
+                    query_data['name'] = re.compile(
+                        '\\b{}\\b'.format(query_data.get('name')),
+                        re.IGNORECASE)
             to_data = yield dbapi.db_find_one(self.table, query_data)
             if to_data:
                 raises.Forbidden(message.exist(self.table, query()))
@@ -165,7 +192,9 @@ def query_by_name(xstep):
     def wrap(self, *args, **kwargs):
         if 'name' in self.request.query_arguments.keys():
             query = kwargs.get('query', {})
-            query.update({'name': re.compile(self.get_query_argument('name'), re.IGNORECASE)})
+            query.update({
+                'name': re.compile(self.get_query_argument('name'),
+                                   re.IGNORECASE)})
             kwargs.update({'query': query})
 
         ret = yield gen.coroutine(xstep)(self, *args, **kwargs)