X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FMethods%2FAddInterfaceTag.py;h=b02b484442b0dadd6e8ebf75da585eb64d025c10;hb=aecd4a7e49bfbda039c08d9b9a2160a9e05183f9;hp=1ecff52ccf8a4e23d631823f48ab2fd4b653aa5b;hpb=77e4f177dfee85705c36298c3230b2e4a3e73467;p=plcapi.git diff --git a/PLC/Methods/AddInterfaceTag.py b/PLC/Methods/AddInterfaceTag.py index 1ecff52..b02b484 100644 --- a/PLC/Methods/AddInterfaceTag.py +++ b/PLC/Methods/AddInterfaceTag.py @@ -1,28 +1,28 @@ -# $Id$ # # Thierry Parmentelat - INRIA # -# $Revision$ -# from PLC.Faults import * from PLC.Method import Method from PLC.Parameter import Parameter, Mixed from PLC.Auth import Auth +from PLC.Sites import Sites +from PLC.Nodes import Nodes +from PLC.Interfaces import Interface, Interfaces from PLC.TagTypes import TagType, TagTypes from PLC.InterfaceTags import InterfaceTag, InterfaceTags -from PLC.Interfaces import Interface, Interfaces -from PLC.Nodes import Nodes -from PLC.Sites import Sites +# need to import so the core classes get decorated with caller_may_write_tag +from PLC.AuthorizeHelpers import AuthorizeHelpers class AddInterfaceTag(Method): """ Sets the specified setting for the specified interface to the specified value. - In general only tech(s), PI(s) and of course admin(s) are allowed to - do the change, but this is defined in the tag type object. + Admins have full access. Non-admins need to + (1) have at least one of the roles attached to the tagtype, + and (2) belong in the same site as the tagged subject. Returns the new interface_tag_id (> 0) if successful, faults otherwise. @@ -41,9 +41,6 @@ class AddInterfaceTag(Method): returns = Parameter(int, 'New interface_tag_id (> 0) if successful') - object_type = 'Interface' - - def call(self, auth, interface_id, tag_type_id_or_name, value): interfaces = Interfaces(self.api, [interface_id]) if not interfaces: @@ -55,7 +52,7 @@ class AddInterfaceTag(Method): raise PLCInvalidArgument, "No such tag type %r"%tag_type_id_or_name tag_type = tag_types[0] - # checks for existence - does not allow several different settings + # checks for existence - does not allow several different settings conflicts = InterfaceTags(self.api, {'interface_id':interface['interface_id'], 'tag_type_id':tag_type['tag_type_id']}) @@ -64,20 +61,8 @@ class AddInterfaceTag(Method): raise PLCInvalidArgument, "Interface %d already has setting %d"%(interface['interface_id'], tag_type['tag_type_id']) - # check permission : it not admin, is the user affiliated with the right site - if 'admin' not in self.caller['roles']: - # locate node - node = Nodes (self.api,[interface['node_id']])[0] - # locate site - site = Sites (self.api, [node['site_id']])[0] - # check caller is affiliated with this site - if self.caller['person_id'] not in site['person_ids']: - raise PLCPermissionDenied, "Not a member of the hosting site %s"%site['abbreviated_site'] - - required_min_role = tag_type ['min_role_id'] - if required_min_role is not None and \ - min(self.caller['role_ids']) > required_min_role: - raise PLCPermissionDenied, "Not allowed to modify the specified interface setting, requires role %d",required_min_role + # check authorizations + interface.caller_may_write_tag(self.api,self.caller,tag_type) interface_tag = InterfaceTag(self.api) interface_tag['interface_id'] = interface['interface_id'] @@ -85,6 +70,6 @@ class AddInterfaceTag(Method): interface_tag['value'] = value interface_tag.sync() - self.object_ids = [interface_tag['interface_tag_id']] + self.object_ids = [interface_tag['interface_tag_id']] return interface_tag['interface_tag_id']