-# $Id$
+#
+# Thierry Parmentelat - INRIA
+#
from PLC.Faults import *
from PLC.Method import Method
from PLC.Parameter import Parameter, Mixed
+from PLC.Auth import Auth
+
from PLC.SliceTags import SliceTag, SliceTags
+from PLC.Nodes import Node
from PLC.Slices import Slice, Slices
from PLC.InitScripts import InitScript, InitScripts
-from PLC.Auth import Auth
+
+from PLC.AuthorizeHelpers import AuthorizeHelpers
+
+# need to import so the core classes get decorated with caller_may_write_tag
+from PLC.AuthorizeHelpers import AuthorizeHelpers
class UpdateSliceTag(Method):
"""
Returns 1 if successful, faults otherwise.
"""
- roles = ['admin', 'pi', 'user']
+ roles = ['admin', 'pi', 'user', 'node']
accepts = [
Auth(),
SliceTag.fields['slice_tag_id'],
- Mixed(SliceTag.fields['value'],
+ Mixed(SliceTag.fields['value'],
InitScript.fields['name'])
]
raise PLCInvalidArgument, "No such slice attribute"
slice_tag = slice_tags[0]
+ tag_type_id = node_tag['tag_type_id']
+ tag_type = TagTypes (self.api,[tag_type_id])[0]
+
slices = Slices(self.api, [slice_tag['slice_id']])
if not slices:
- raise PLCInvalidArgument, "No such slice"
+ raise PLCInvalidArgument, "No such slice %d"%slice_tag['slice_id']
slice = slices[0]
assert slice_tag['slice_tag_id'] in slice['slice_tag_ids']
- if 'admin' not in self.caller['roles']:
- if self.caller['person_id'] in slice['person_ids']:
- pass
- elif 'pi' not in self.caller['roles']:
- raise PLCPermissionDenied, "Not a member of the specified slice"
- elif slice['site_id'] not in self.caller['site_ids']:
- raise PLCPermissionDenied, "Specified slice not associated with any of your sites"
-
- if slice_tag['min_role_id'] is not None and \
- min(self.caller['role_ids']) > slice_tag['min_role_id']:
- raise PLCPermissionDenied, "Not allowed to update the specified attribute"
-
- if slice_tag['tagname'] in ['initscript']:
+ # check authorizations
+ node_id_or_hostname=slice_tag['node_id']
+ nodegroup_id_or_name=slice_tag['nodegroup_id']
+ slice.caller_may_write_tag(self.api,self.caller,tag_type,node_id_or_hostname,nodegroup_id_or_name)
+
+ if slice_tag['tagname'] in ['initscript']:
initscripts = InitScripts(self.api, {'enabled': True, 'name': value})
if not initscripts:
- raise PLCInvalidArgument, "No such plc initscript"
+ raise PLCInvalidArgument, "No such plc initscript"
slice_tag['value'] = unicode(value)
slice_tag.sync()
- self.event_objects = {'SliceTag': [slice_tag['slice_tag_id']]}
+ self.event_objects = {'SliceTag': [slice_tag['slice_tag_id']]}
return 1
git://git.onelab.eu / plcapi.git / blobdiff