X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FMethods%2FUpdateNodeTag.py;h=d0b3d8e58b454735a49b91142996575fa8264e31;hb=b0164a712bd25c86814051931760707b2a619ad6;hp=386a5411ade5b4e6aad39d377fa3c5c65c5cd611;hpb=286cdfc25f6ef8fd3e0ed59a175bcf801b14038a;p=plcapi.git diff --git a/PLC/Methods/UpdateNodeTag.py b/PLC/Methods/UpdateNodeTag.py index 386a541..d0b3d8e 100644 --- a/PLC/Methods/UpdateNodeTag.py +++ b/PLC/Methods/UpdateNodeTag.py @@ -1,26 +1,27 @@ -# $Id# # # Thierry Parmentelat - INRIA # -# $Revision: 9423 $ -# from PLC.Faults import * from PLC.Method import Method from PLC.Parameter import Parameter, Mixed from PLC.Auth import Auth -from PLC.NodeTags import NodeTag, NodeTags +from PLC.Sites import Sites from PLC.Nodes import Node, Nodes +from PLC.TagTypes import TagType, TagTypes +from PLC.NodeTags import NodeTag, NodeTags -from PLC.Nodes import Nodes -from PLC.Sites import Sites +# need to import so the core classes get decorated with caller_may_write_tag +from PLC.AuthorizeHelpers import AuthorizeHelpers class UpdateNodeTag(Method): """ Updates the value of an existing node tag - Access rights depend on the node tag type. + Admins have full access. Non-admins need to + (1) have at least one of the roles attached to the tagtype, + and (2) belong in the same site as the tagged subject. Returns 1 if successful, faults otherwise. """ @@ -30,44 +31,30 @@ class UpdateNodeTag(Method): accepts = [ Auth(), NodeTag.fields['node_tag_id'], - NodeTag.fields['tagvalue'] + NodeTag.fields['value'] ] returns = Parameter(int, '1 if successful') - object_type = 'Node' - def call(self, auth, node_tag_id, value): node_tags = NodeTags(self.api, [node_tag_id]) if not node_tags: raise PLCInvalidArgument, "No such node tag %r"%node_tag_id node_tag = node_tags[0] - ### reproducing a check from UpdateSliceAttribute, looks dumb though - nodes = Nodes(self.api, [node_tag['node_id']]) - if not nodes: - raise PLCInvalidArgument, "No such node %r"%node_tag['node_id'] - node = nodes[0] + tag_type_id = node_tag['tag_type_id'] + tag_type = TagTypes (self.api,[tag_type_id])[0] - assert node_tag['node_tag_id'] in node['tag_ids'] + nodes = Nodes (self.api, node_tag['node_id']) + if not nodes: + raise PLCInvalidArgument, "No such node %d"%node_tag['node_id'] + node=nodes[0] - # check permission : it not admin, is the user affiliated with the right site - if 'admin' not in self.caller['roles']: - # locate node - node = Nodes (self.api,[node['node_id']])[0] - # locate site - site = Sites (self.api, [node['site_id']])[0] - # check caller is affiliated with this site - if self.caller['person_id'] not in site['person_ids']: - raise PLCPermissionDenied, "Not a member of the hosting site %s"%site['abbreviated_site'] - - required_min_role = tag_type ['min_role_id'] - if required_min_role is not None and \ - min(self.caller['role_ids']) > required_min_role: - raise PLCPermissionDenied, "Not allowed to modify the specified node tag, requires role %d",required_min_role + # check authorizations + node.caller_may_write_tag(self.api,self.caller,tag_type) - node_tag['tagvalue'] = value + node_tag['value'] = value node_tag.sync() - self.object_ids = [node_tag['node_tag_id']] + self.object_ids = [node_tag['node_tag_id']] return 1