X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FMethods%2FDeleteNodeTag.py;h=bd99f0eca012e97323a338172c0465e3718619cc;hb=0c28b6c095054293cc35c75a7a601486a4c249ff;hp=9b3fdb8e07c4e26fd2ed55be8681ce40b7bc2ecc;hpb=641a829a3412936f80849d2bb43af54c4480d197;p=plcapi.git diff --git a/PLC/Methods/DeleteNodeTag.py b/PLC/Methods/DeleteNodeTag.py index 9b3fdb8..bd99f0e 100644 --- a/PLC/Methods/DeleteNodeTag.py +++ b/PLC/Methods/DeleteNodeTag.py @@ -1,34 +1,31 @@ -# $Id$ -# $URL$ # # Thierry Parmentelat - INRIA # -# $Revision: 9423 $ -# from PLC.Faults import * from PLC.Method import Method from PLC.Parameter import Parameter, Mixed from PLC.Auth import Auth -from PLC.NodeTags import NodeTag, NodeTags +from PLC.Sites import Site, Sites from PLC.Nodes import Node, Nodes +from PLC.TagTypes import TagType, TagTypes +from PLC.NodeTags import NodeTag, NodeTags -from PLC.Nodes import Node, Nodes -from PLC.Sites import Site, Sites +from PLC.AuthorizeHelpers import AuthorizeHelpers class DeleteNodeTag(Method): """ Deletes the specified node tag - Attributes may require the caller to have a particular role in order - to be deleted, depending on the related node tag type. - Admins may delete attributes of any slice or sliver. + Admins have full access. Non-admins need to + (1) have at least one of the roles attached to the tagtype, + and (2) belong in the same site as the tagged subject. Returns 1 if successful, faults otherwise. """ - roles = ['admin', 'pi', 'user'] + roles = ['admin', 'pi', 'user', 'tech'] accepts = [ Auth(), @@ -37,37 +34,25 @@ class DeleteNodeTag(Method): returns = Parameter(int, '1 if successful') - object_type = 'Node' - - def call(self, auth, node_tag_id): node_tags = NodeTags(self.api, [node_tag_id]) if not node_tags: raise PLCInvalidArgument, "No such node tag %r"%node_tag_id node_tag = node_tags[0] - ### reproducing a check from UpdateSliceTag, looks dumb though - nodes = Nodes(self.api, [node_tag['node_id']]) - if not nodes: - raise PLCInvalidArgument, "No such node %r"%node_tag['node_id'] - node = nodes[0] - - assert node_tag['node_tag_id'] in node['node_tag_ids'] - - # check permission : it not admin, is the user affiliated with the right site - if 'admin' not in self.caller['roles']: - # locate node - node = Nodes (self.api,[node['node_id']])[0] - # locate site - site = Sites (self.api, [node['site_id']])[0] - # check caller is affiliated with this site - if self.caller['person_id'] not in site['person_ids']: - raise PLCPermissionDenied, "Not a member of the hosting site %s"%site['abbreviated_site'] - - required_min_role = tag_type ['min_role_id'] - if required_min_role is not None and \ - min(self.caller['role_ids']) > required_min_role: - raise PLCPermissionDenied, "Not allowed to modify the specified node tag, requires role %d",required_min_role + tag_type_id = node_tag['tag_type_id'] + tag_type = TagTypes (self.api,[tag_type_id])[0] + node = Nodes (self.api, node_tag['node_id']) + + # check authorizations + if 'admin' in self.caller['roles']: + pass + elif not AuthorizeHelpers.person_access_tag_type (self.api, self.caller, tag_type): + raise PLCPermissionDenied, "%s, no permission to use this tag type"%self.name + elif AuthorizeHelpers.node_belongs_to_person (self.api, node, self.caller): + pass + else: + raise PLCPermissionDenied, "%s: you must belong in the same site as subject node"%self.name node_tag.delete() self.object_ids = [node_tag['node_tag_id']]