From 7479f29b3d0a613d459cd26b31eab38f00a00b22 Mon Sep 17 00:00:00 2001
From: SerenaFeng <feng.xiaowei@zte.com.cn>
Date: Mon, 11 Sep 2017 12:37:22 +0800
Subject: leverage LFID authentication to pod creation

only valid linux foundation user is allowed to create the new pod
add owner field in pods to track the pod creator

Change-Id: Icada07152069f7c826bfa6122cb86db8c4e3bf68
Signed-off-by: SerenaFeng <feng.xiaowei@zte.com.cn>
---
 testapi/opnfv_testapi/common/check.py   | 17 +++++++++++++++++
 testapi/opnfv_testapi/common/message.py |  8 ++++++++
 2 files changed, 25 insertions(+)

(limited to 'testapi/opnfv_testapi/common')

diff --git a/testapi/opnfv_testapi/common/check.py b/testapi/opnfv_testapi/common/check.py
index 9ded48d..e80b1c6 100644
--- a/testapi/opnfv_testapi/common/check.py
+++ b/testapi/opnfv_testapi/common/check.py
@@ -11,11 +11,28 @@ import re
 
 from tornado import gen
 
+from opnfv_testapi.common import constants
 from opnfv_testapi.common import message
 from opnfv_testapi.common import raises
 from opnfv_testapi.db import api as dbapi
 
 
+def is_authorized(method):
+    @functools.wraps(method)
+    def wrapper(self, *args, **kwargs):
+        if self.table in ['pods']:
+            testapi_id = self.get_secure_cookie(constants.TESTAPI_ID)
+            if not testapi_id:
+                raises.Unauthorized(message.not_login())
+            user_info = yield dbapi.db_find_one('users', {'user': testapi_id})
+            if not user_info:
+                raises.Unauthorized(message.not_lfid())
+            kwargs['owner'] = testapi_id
+        ret = yield gen.coroutine(method)(self, *args, **kwargs)
+        raise gen.Return(ret)
+    return wrapper
+
+
 def valid_token(method):
     @functools.wraps(method)
     def wrapper(self, *args, **kwargs):
diff --git a/testapi/opnfv_testapi/common/message.py b/testapi/opnfv_testapi/common/message.py
index 951cbaf..8b5c3fb 100644
--- a/testapi/opnfv_testapi/common/message.py
+++ b/testapi/opnfv_testapi/common/message.py
@@ -42,6 +42,14 @@ def invalid_token():
     return 'Invalid Token'
 
 
+def not_login():
+    return 'TestAPI id is not provided'
+
+
+def not_lfid():
+    return 'Not a valid Linux Foundation Account'
+
+
 def no_update():
     return 'Nothing to update'
 
-- 
cgit 1.2.3-korg