-# $Id#
#
# Thierry Parmentelat - INRIA
#
-# $Revision$
-#
from PLC.Faults import *
from PLC.Method import Method
from PLC.Parameter import Parameter, Mixed
from PLC.Auth import Auth
+from PLC.Sites import Sites
+from PLC.Nodes import Nodes
+from PLC.Interfaces import Interface, Interfaces
from PLC.TagTypes import TagType, TagTypes
from PLC.InterfaceTags import InterfaceTag, InterfaceTags
-from PLC.Interfaces import Interface, Interfaces
-from PLC.Nodes import Nodes
-from PLC.Sites import Sites
+# need to import so the core classes get decorated with caller_may_write_tag
+from PLC.AuthorizeHelpers import AuthorizeHelpers
class AddInterfaceTag(Method):
"""
Sets the specified setting for the specified interface
to the specified value.
- In general only tech(s), PI(s) and of course admin(s) are allowed to
- do the change, but this is defined in the tag type object.
+ Admins have full access. Non-admins need to
+ (1) have at least one of the roles attached to the tagtype,
+ and (2) belong in the same site as the tagged subject.
Returns the new interface_tag_id (> 0) if successful, faults
otherwise.
returns = Parameter(int, 'New interface_tag_id (> 0) if successful')
- object_type = 'Interface'
-
-
def call(self, auth, interface_id, tag_type_id_or_name, value):
interfaces = Interfaces(self.api, [interface_id])
if not interfaces:
raise PLCInvalidArgument, "No such tag type %r"%tag_type_id_or_name
tag_type = tag_types[0]
- # checks for existence - does not allow several different settings
+ # checks for existence - does not allow several different settings
conflicts = InterfaceTags(self.api,
{'interface_id':interface['interface_id'],
'tag_type_id':tag_type['tag_type_id']})
raise PLCInvalidArgument, "Interface %d already has setting %d"%(interface['interface_id'],
tag_type['tag_type_id'])
- # check permission : it not admin, is the user affiliated with the right site
- if 'admin' not in self.caller['roles']:
- # locate node
- node = Nodes (self.api,[interface['node_id']])[0]
- # locate site
- site = Sites (self.api, [node['site_id']])[0]
- # check caller is affiliated with this site
- if self.caller['person_id'] not in site['person_ids']:
- raise PLCPermissionDenied, "Not a member of the hosting site %s"%site['abbreviated_site']
-
- required_min_role = tag_type ['min_role_id']
- if required_min_role is not None and \
- min(self.caller['role_ids']) > required_min_role:
- raise PLCPermissionDenied, "Not allowed to modify the specified interface setting, requires role %d",required_min_role
+ # check authorizations
+ interface.caller_may_write_tag(self.api,self.caller,tag_type)
interface_tag = InterfaceTag(self.api)
interface_tag['interface_id'] = interface['interface_id']
interface_tag['value'] = value
interface_tag.sync()
- self.object_ids = [interface_tag['interface_tag_id']]
+ self.object_ids = [interface_tag['interface_tag_id']]
return interface_tag['interface_tag_id']
git://git.onelab.eu / plcapi.git / blobdiff