X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FMethods%2FUpdateInterfaceTag.py;h=bcd6fc01b2c2d86d1c6fccd6fdfff2cbc03dbc97;hb=8a488f82ba7892d6a6eb1265f0f327ec75b71149;hp=6d7e42405efa56fb7cba22563ccc31b5af13dd8b;hpb=f5cd72e35593c96b9996ab4e49674cccc7525c48;p=plcapi.git diff --git a/PLC/Methods/UpdateInterfaceTag.py b/PLC/Methods/UpdateInterfaceTag.py index 6d7e424..bcd6fc0 100644 --- a/PLC/Methods/UpdateInterfaceTag.py +++ b/PLC/Methods/UpdateInterfaceTag.py @@ -1,27 +1,27 @@ -# $Id$ -# $URL$ # # Thierry Parmentelat - INRIA # -# $Revision$ -# - from PLC.Faults import * from PLC.Method import Method from PLC.Parameter import Parameter, Mixed from PLC.Auth import Auth -from PLC.InterfaceTags import InterfaceTag, InterfaceTags +from PLC.Sites import Sites +from PLC.Nodes import Nodes from PLC.Interfaces import Interface, Interfaces +from PLC.TagTypes import TagType, TagTypes +from PLC.InterfaceTags import InterfaceTag, InterfaceTags -from PLC.Nodes import Nodes -from PLC.Sites import Sites +# need to import so the core classes get decorated with caller_may_write_tag +from PLC.AuthorizeHelpers import AuthorizeHelpers class UpdateInterfaceTag(Method): """ Updates the value of an existing interface setting - Access rights depend on the tag type. + Admins have full access. Non-admins need to + (1) have at least one of the roles attached to the tagtype, + and (2) belong in the same site as the tagged subject. Returns 1 if successful, faults otherwise. """ @@ -36,39 +36,25 @@ class UpdateInterfaceTag(Method): returns = Parameter(int, '1 if successful') - object_type = 'Interface' - def call(self, auth, interface_tag_id, value): interface_tags = InterfaceTags(self.api, [interface_tag_id]) if not interface_tags: raise PLCInvalidArgument, "No such interface setting %r"%interface_tag_id interface_tag = interface_tags[0] - ### reproducing a check from UpdateSliceTag, looks dumb though - interfaces = Interfaces(self.api, [interface_tag['interface_id']]) - if not interfaces: - raise PLCInvalidArgument, "No such interface %r"%interface_tag['interface_id'] - interface = interfaces[0] + tag_type_id = interface_tag['tag_type_id'] + tag_type = TagTypes (self.api,[tag_type_id])[0] - assert interface_tag['interface_tag_id'] in interface['interface_tag_ids'] + interfaces = Interfaces (self.api, interface_tag['interface_id']) + if not interfaces: + raise PLCInvalidArgument, "No such interface %d"%interface_tag['interface_id'] + interface=interfaces[0] - # check permission : it not admin, is the user affiliated with the right site - if 'admin' not in self.caller['roles']: - # locate node - node = Nodes (self.api,[interface['node_id']])[0] - # locate site - site = Sites (self.api, [node['site_id']])[0] - # check caller is affiliated with this site - if self.caller['person_id'] not in site['person_ids']: - raise PLCPermissionDenied, "Not a member of the hosting site %s"%site['abbreviated_site'] - - required_min_role = tag_type ['min_role_id'] - if required_min_role is not None and \ - min(self.caller['role_ids']) > required_min_role: - raise PLCPermissionDenied, "Not allowed to modify the specified interface setting, requires role %d",required_min_role + # check authorizations + interface.caller_may_write_tag(self.api, self.caller, tag_type) interface_tag['value'] = value interface_tag.sync() - self.object_ids = [interface_tag['interface_tag_id']] + self.object_ids = [interface_tag['interface_tag_id']] return 1