-# $Id$
#
# Thierry Parmentelat - INRIA
#
-# $Revision$
-#
-
from PLC.Faults import *
from PLC.Method import Method
from PLC.Parameter import Parameter, Mixed
from PLC.Auth import Auth
-from PLC.InterfaceTags import InterfaceTag, InterfaceTags
+from PLC.Sites import Sites
+from PLC.Nodes import Nodes
from PLC.Interfaces import Interface, Interfaces
+from PLC.TagTypes import TagType, TagTypes
+from PLC.InterfaceTags import InterfaceTag, InterfaceTags
-from PLC.Nodes import Nodes
-from PLC.Sites import Sites
+# need to import so the core classes get decorated with caller_may_write_tag
+from PLC.AuthorizeHelpers import AuthorizeHelpers
class UpdateInterfaceTag(Method):
"""
Updates the value of an existing interface setting
- Access rights depend on the tag type.
+ Admins have full access. Non-admins need to
+ (1) have at least one of the roles attached to the tagtype,
+ and (2) belong in the same site as the tagged subject.
Returns 1 if successful, faults otherwise.
"""
returns = Parameter(int, '1 if successful')
- object_type = 'Interface'
-
def call(self, auth, interface_tag_id, value):
interface_tags = InterfaceTags(self.api, [interface_tag_id])
if not interface_tags:
raise PLCInvalidArgument, "No such interface setting %r"%interface_tag_id
interface_tag = interface_tags[0]
- ### reproducing a check from UpdateSliceTag, looks dumb though
- interfaces = Interfaces(self.api, [interface_tag['interface_id']])
- if not interfaces:
- raise PLCInvalidArgument, "No such interface %r"%interface_tag['interface_id']
- interface = interfaces[0]
+ tag_type_id = interface_tag['tag_type_id']
+ tag_type = TagTypes (self.api,[tag_type_id])[0]
- assert interface_tag['interface_tag_id'] in interface['interface_tag_ids']
+ interfaces = Interfaces (self.api, interface_tag['interface_id'])
+ if not interfaces:
+ raise PLCInvalidArgument, "No such interface %d"%interface_tag['interface_id']
+ interface=interfaces[0]
- # check permission : it not admin, is the user affiliated with the right site
- if 'admin' not in self.caller['roles']:
- # locate node
- node = Nodes (self.api,[interface['node_id']])[0]
- # locate site
- site = Sites (self.api, [node['site_id']])[0]
- # check caller is affiliated with this site
- if self.caller['person_id'] not in site['person_ids']:
- raise PLCPermissionDenied, "Not a member of the hosting site %s"%site['abbreviated_site']
-
- required_min_role = tag_type ['min_role_id']
- if required_min_role is not None and \
- min(self.caller['role_ids']) > required_min_role:
- raise PLCPermissionDenied, "Not allowed to modify the specified interface setting, requires role %d",required_min_role
+ # check authorizations
+ interface.caller_may_write_tag(self.api, self.caller, tag_type)
interface_tag['value'] = value
interface_tag.sync()
- self.object_ids = [interface_tag['interface_tag_id']]
+ self.object_ids = [interface_tag['interface_tag_id']]
return 1