from PLC.Persons import Persons,Person
from PLC.Sites import Sites,Site
from PLC.Nodes import Nodes,Node
from PLC.Persons import Persons,Person
from PLC.Sites import Sites,Site
from PLC.Nodes import Nodes,Node
@staticmethod
def node_id_in_site (api, node_id_or_hostname, site):
if isinstance (node_id_or_hostname,int):
@staticmethod
def node_id_in_site (api, node_id_or_hostname, site):
if isinstance (node_id_or_hostname,int):
def slice_belongs_to_pi (api, slice, pi):
return slice['site_id'] in pi['site_ids']
def slice_belongs_to_pi (api, slice, pi):
return slice['site_id'] in pi['site_ids']
# authorization methods - check if a given caller can set tag on this object
# called in {Add,Update,Delete}<Class>Tags methods, and in the accessors created in factory
# attach these as <Class>.caller_may_write_tag so accessors can find it
def caller_may_write_node_tag (node, api, caller, tag_type):
# authorization methods - check if a given caller can set tag on this object
# called in {Add,Update,Delete}<Class>Tags methods, and in the accessors created in factory
# attach these as <Class>.caller_may_write_tag so accessors can find it
def caller_may_write_node_tag (node, api, caller, tag_type):
pass
elif not AuthorizeHelpers.caller_may_access_tag_type (api, caller, tag_type):
raise PLCPermissionDenied, "Role mismatch for writing tag %s"%(tag_type['tagname'])
elif AuthorizeHelpers.node_belongs_to_person (api, node, caller):
pass
pass
elif not AuthorizeHelpers.caller_may_access_tag_type (api, caller, tag_type):
raise PLCPermissionDenied, "Role mismatch for writing tag %s"%(tag_type['tagname'])
elif AuthorizeHelpers.node_belongs_to_person (api, node, caller):
pass
def caller_may_write_interface_tag (interface, api, caller, tag_type):
def caller_may_write_interface_tag (interface, api, caller, tag_type):
pass
elif not AuthorizeHelpers.caller_may_access_tag_type (api, caller, tag_type):
raise PLCPermissionDenied, "Role mismatch for writing tag %s"%(tag_type['tagname'])
pass
elif not AuthorizeHelpers.caller_may_access_tag_type (api, caller, tag_type):
raise PLCPermissionDenied, "Role mismatch for writing tag %s"%(tag_type['tagname'])
def caller_may_write_site_tag (site, api, caller, tag_type):
def caller_may_write_site_tag (site, api, caller, tag_type):
pass
elif not AuthorizeHelpers.caller_may_access_tag_type (api, caller, tag_type):
raise PLCPermissionDenied, "Role mismatch for writing tag %s"%(tag_type['tagname'])
pass
elif not AuthorizeHelpers.caller_may_access_tag_type (api, caller, tag_type):
raise PLCPermissionDenied, "Role mismatch for writing tag %s"%(tag_type['tagname'])
def caller_may_write_person_tag (person, api, caller, tag_type):
def caller_may_write_person_tag (person, api, caller, tag_type):
pass
# user can change tags on self
elif AuthorizeHelpers.person_may_access_person (api, caller, person):
pass
# user can change tags on self
elif AuthorizeHelpers.person_may_access_person (api, caller, person):
def caller_may_write_slice_tag (slice, api, caller, tag_type, node_id_or_hostname=None, nodegroup_id_or_name=None):
granted=False
def caller_may_write_slice_tag (slice, api, caller, tag_type, node_id_or_hostname=None, nodegroup_id_or_name=None):
granted=False
granted=True
# does caller have right role(s) ? this knows how to deal with caller being a node
elif not AuthorizeHelpers.caller_may_access_tag_type (api, caller, tag_type):
granted=True
# does caller have right role(s) ? this knows how to deal with caller being a node
elif not AuthorizeHelpers.caller_may_access_tag_type (api, caller, tag_type):
granted=False
# node callers: check the node is in the slice
elif isinstance(caller, Node):
# nodes can only set their own sliver tags
if node_id_or_hostname is None:
granted=False
# node callers: check the node is in the slice
elif isinstance(caller, Node):
# nodes can only set their own sliver tags
if node_id_or_hostname is None:
raise PLCPermissionDenied, "%s, node must be in slice when setting sliver tag"
# try all roles to find a match - tech are ignored b/c not in AddSliceTag.roles anyways
for role in AuthorizeHelpers.person_tag_type_common_roles(api,caller,tag_type):
raise PLCPermissionDenied, "%s, node must be in slice when setting sliver tag"
# try all roles to find a match - tech are ignored b/c not in AddSliceTag.roles anyways
for role in AuthorizeHelpers.person_tag_type_common_roles(api,caller,tag_type):
# regular users need to be in the slice
if role=='user':
if AuthorizeHelpers.person_in_slice(api, caller, slice):
# regular users need to be in the slice
if role=='user':
if AuthorizeHelpers.person_in_slice(api, caller, slice):
- raise PLCPermissionDenied, "Cannot write slice tag %s"%(tag_type['tagname'])
+# try: print "DEBUG: caller=%s"%caller
+# except: pass
+ raise PLCPermissionDenied, "Cannot write slice tag %s - %s"%(tag_type['tagname'],reason)