diff options
Diffstat (limited to 'testapi/opnfv_testapi/common')
| -rw-r--r-- | testapi/opnfv_testapi/common/check.py | 8 | ||||
| -rw-r--r-- | testapi/opnfv_testapi/common/message.py | 4 |
2 files changed, 11 insertions, 1 deletions
diff --git a/testapi/opnfv_testapi/common/check.py b/testapi/opnfv_testapi/common/check.py index 667578f..432a6c1 100644 --- a/testapi/opnfv_testapi/common/check.py +++ b/testapi/opnfv_testapi/common/check.py @@ -21,7 +21,7 @@ from opnfv_testapi.db import api as dbapi def is_authorized(method): @functools.wraps(method) def wrapper(self, *args, **kwargs): - if CONF.api_authenticate and self.table in ['pods']: + if CONF.api_authenticate and self.table in ['pods', 'projects']: testapi_id = self.get_secure_cookie(constants.TESTAPI_ID) if not testapi_id: raises.Unauthorized(message.not_login()) @@ -29,6 +29,12 @@ def is_authorized(method): if not user_info: raises.Unauthorized(message.not_lfid()) kwargs['owner'] = testapi_id + if self.table in ['projects']: + query = kwargs.get('query') + query_data = query() + group = "opnfv-gerrit-" + query_data['name'] + "-submitters" + if group not in user_info['groups']: + raises.Unauthorized(message.no_permission()) ret = yield gen.coroutine(method)(self, *args, **kwargs) raise gen.Return(ret) return wrapper diff --git a/testapi/opnfv_testapi/common/message.py b/testapi/opnfv_testapi/common/message.py index 3e14f72..b92b7f0 100644 --- a/testapi/opnfv_testapi/common/message.py +++ b/testapi/opnfv_testapi/common/message.py @@ -60,3 +60,7 @@ def no_update(): def must_int(name): return '{} must be int'.format(name) + + +def no_permission(): + return 'You do not have permission to perform this action' |