2 # Thierry Parmentelat - INRIA
4 from PLC.Faults import *
5 from PLC.Method import Method
6 from PLC.Parameter import Parameter, Mixed
7 from PLC.Auth import Auth
9 from PLC.SliceTags import SliceTag, SliceTags
10 from PLC.Slices import Slice, Slices
11 from PLC.Nodes import Node, Nodes
13 from PLC.AuthorizeHelpers import AuthorizeHelpers
15 class DeleteSliceTag(Method):
17 Deletes the specified slice or sliver attribute.
19 Attributes may require the caller to have a particular role in
20 order to be deleted. Users may only delete attributes of
21 slices or slivers of which they are members. PIs may only delete
22 attributes of slices or slivers at their sites, or of which they
23 are members. Admins may delete attributes of any slice or sliver.
25 Returns 1 if successful, faults otherwise.
28 roles = ['admin', 'pi', 'user', 'tech']
32 SliceTag.fields['slice_tag_id']
35 returns = Parameter(int, '1 if successful')
37 def call(self, auth, slice_tag_id):
38 slice_tags = SliceTags(self.api, [slice_tag_id])
40 raise PLCInvalidArgument, "No such slice attribute"
41 slice_tag = slice_tags[0]
43 slices = Slices(self.api, [slice_tag['slice_id']])
45 raise PLCInvalidArgument, "No such slice"
48 assert slice_tag['slice_tag_id'] in slice['slice_tag_ids']
50 # check authorizations
51 node_id_or_hostname=slice_tag['node_id']
52 nodegroup_id_or_name=slice_tag['nodegroup_id']
54 if 'admin' in self.caller['roles']:
56 # does caller have right role(s) ? this knows how to deal with self.caller being a node
57 elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
59 # node callers: check the node is in the slice
60 elif isinstance(self.caller, Node):
61 # nodes can only set their own sliver tags
62 if node_id_or_hostname is None:
64 elif not AuthorizeHelpers.node_match_id (self.api, self.caller, node_id_or_hostname):
66 elif not AuthorizeHelpers.node_in_slice (self.api, self.caller, slice):
68 # caller is a non-admin person
70 # only admins can handle slice tags on a nodegroup
71 if nodegroup_id_or_name:
72 raise PLCPermissionDenied, "%s, cannot set slice tag %s on nodegroup - restricted to admins"%\
73 (self.name,tag_type['tagname'])
74 # if a node is specified it is expected to be in the slice
75 if node_id_or_hostname:
76 if not AuthorizeHelpers.node_id_in_slice (self.api, node_id_or_hostname, slice):
77 raise PLCPermissionDenied, "%s, node must be in slice when setting sliver tag"
78 # try all roles to find a match - tech are ignored b/c not in AddSliceTag.roles anyways
79 for role in AuthorizeHelpers.person_tag_type_common_roles(self.api,self.caller,tag_type):
80 # regular users need to be in the slice
82 if AuthorizeHelpers.person_in_slice(self.api, self.caller, slice):
84 # for convenience, pi's can tweak all the slices in their site
86 if AuthorizeHelpers.slice_belongs_to_pi (self.api, slice, self.caller):
89 raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname'])
92 self.event_objects = {'SliceTag': [slice_tag['slice_tag_id']]}