X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FMethods%2FDeleteIlink.py;h=0d07dfe3153d1c966f1f622498e45626fc691132;hb=d78f1325418f845b6cfda0d2d2e7a098f8e45482;hp=163a7b5ac73e5c1861558f620fc647a592e08e30;hpb=f5cd72e35593c96b9996ab4e49674cccc7525c48;p=plcapi.git diff --git a/PLC/Methods/DeleteIlink.py b/PLC/Methods/DeleteIlink.py index 163a7b5..0d07dfe 100644 --- a/PLC/Methods/DeleteIlink.py +++ b/PLC/Methods/DeleteIlink.py @@ -1,10 +1,6 @@ -# $Id$ -# $URL$ # # Thierry Parmentelat - INRIA # -# $Revision: 9423 $ -# from PLC.Faults import * from PLC.Method import Method @@ -17,11 +13,13 @@ from PLC.Nodes import Node, Nodes from PLC.Sites import Site, Sites from PLC.TagTypes import TagType, TagTypes +from PLC.AuthorizeHelpers import AuthorizeHelpers + class DeleteIlink(Method): """ Deletes the specified ilink - Attributes may require the caller to have a particular + Attributes may require the caller to have a particular role in order to be deleted, depending on the related tag type. Admins may delete attributes of any slice or sliver. @@ -46,30 +44,25 @@ class DeleteIlink(Method): raise PLCInvalidArgument, "No such ilink %r"%ilink_id ilink = ilinks[0] + src_if=Interfaces(self.api,ilink['src_interface_id'])[0] + dst_if=Interfaces(self.api,ilink['dst_interface_id'])[0] + tag_type_id = ilink['tag_type_id'] tag_type = TagTypes (self.api,[tag_type_id])[0] - required_min_role = tag_type ['min_role_id'] - - # check permission : it not admin, is the user affiliated with the right site - if 'admin' not in self.caller['roles']: - for key in ['src_interface_id','dst_interface_id']: - # locate interface - interface_id=ilink[key] - interface = Interfaces (self.api,interface_id)[0] - node_id=interface['node_id'] - node = Nodes (self.api,node_id) [0] - # locate site - site_id = node['site_id'] - site = Sites (self.api, [site_id]) [0] - # check caller is affiliated with this site - if self.caller['person_id'] not in site['person_ids']: - raise PLCPermissionDenied, "Not a member of the hosting site %s"%site['abbreviated_site'] - - if required_min_role is not None and \ - min(self.caller['role_ids']) > required_min_role: - raise PLCPermissionDenied, "Not allowed to modify the specified ilink, requires role %d",required_min_role + # check authorizations + if 'admin' in self.caller['roles']: + pass + elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type): + raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname']) + elif AuthorizeHelpers.interface_belongs_to_person (self.api, src_if, self.caller): + pass + elif src_if_id != dst_if_id and AuthorizeHelpers.interface_belongs_to_person (self.api, dst_if, self.caller): + pass + else: + raise PLCPermissionDenied, "%s: you must own either the src or dst interface"%self.name + ilink.delete() - self.object_ids = [ilink['src_interface_id'],ilink['dst_interface_id']] + self.object_ids = [ilink['src_interface_id'],ilink['dst_interface_id']] return 1