#
# Thierry Parmentelat - INRIA
#
-# $Revision: 9423 $
-#
from PLC.Faults import *
from PLC.Method import Method
from PLC.Auth import Auth
from PLC.Ilinks import Ilink, Ilinks
-from PLC.Nodes import Node, Nodes
-
+from PLC.Interfaces import Interface, Interfaces
from PLC.Nodes import Node, Nodes
from PLC.Sites import Site, Sites
+from PLC.TagTypes import TagType, TagTypes
+
+from PLC.AuthorizeHelpers import AuthorizeHelpers
class DeleteIlink(Method):
"""
Deletes the specified ilink
- Attributes may require the caller to have a particular role in order
- to be deleted, depending on the related ilink type.
+ Attributes may require the caller to have a particular
+ role in order to be deleted, depending on the related tag type.
Admins may delete attributes of any slice or sliver.
Returns 1 if successful, faults otherwise.
returns = Parameter(int, '1 if successful')
- object_type = 'Node'
+ object_type = 'Interface'
def call(self, auth, ilink_id):
raise PLCInvalidArgument, "No such ilink %r"%ilink_id
ilink = ilinks[0]
- ### reproducing a check from UpdateSliceAttribute, looks dumb though
- nodes = Nodes(self.api, [ilink['node_id']])
- if not nodes:
- raise PLCInvalidArgument, "No such node %r"%ilink['node_id']
- node = nodes[0]
-
- assert ilink['ilink_id'] in node['tag_ids']
-
- # check permission : it not admin, is the user affiliated with the right site
- if 'admin' not in self.caller['roles']:
- # locate node
- node = Nodes (self.api,[node['node_id']])[0]
- # locate site
- site = Sites (self.api, [node['site_id']])[0]
- # check caller is affiliated with this site
- if self.caller['person_id'] not in site['person_ids']:
- raise PLCPermissionDenied, "Not a member of the hosting site %s"%site['abbreviated_site']
-
- required_min_role = link_type ['min_role_id']
- if required_min_role is not None and \
- min(self.caller['role_ids']) > required_min_role:
- raise PLCPermissionDenied, "Not allowed to modify the specified ilink, requires role %d",required_min_role
-
+ src_if=Interfaces(self.api,ilink['src_interface_id'])[0]
+ dst_if=Interfaces(self.api,ilink['dst_interface_id'])[0]
+
+ tag_type_id = ilink['tag_type_id']
+ tag_type = TagTypes (self.api,[tag_type_id])[0]
+
+ # check authorizations
+ if 'admin' in self.caller['roles']:
+ pass
+ elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
+ raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname'])
+ elif AuthorizeHelpers.interface_belongs_to_person (self.api, src_if, self.caller):
+ pass
+ elif src_if_id != dst_if_id and AuthorizeHelpers.interface_belongs_to_person (self.api, dst_if, self.caller):
+ pass
+ else:
+ raise PLCPermissionDenied, "%s: you must own either the src or dst interface"%self.name
+
ilink.delete()
- self.object_ids = [ilink['ilink_id']]
+ self.object_ids = [ilink['src_interface_id'],ilink['dst_interface_id']]
return 1