X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FMethods%2FUpdateSliceTag.py;h=bbfb33e8ca69f9993fab45512d6faaf56b80fdd6;hb=6bef7b35eec76ff66332cb20f58eb7703c2116f9;hp=932d63853a9aafbfd887ea8dfe1611fa282975ba;hpb=63843be537c8964c4ebf44b55f8ef1db21c13c63;p=plcapi.git diff --git a/PLC/Methods/UpdateSliceTag.py b/PLC/Methods/UpdateSliceTag.py index 932d638..bbfb33e 100644 --- a/PLC/Methods/UpdateSliceTag.py +++ b/PLC/Methods/UpdateSliceTag.py @@ -1,13 +1,21 @@ -# $Id$ -# $URL$ +# +# Thierry Parmentelat - INRIA +# from PLC.Faults import * from PLC.Method import Method from PLC.Parameter import Parameter, Mixed -from PLC.SliceTags import SliceTag, SliceTags +from PLC.Auth import Auth + +from PLC.TagTypes import TagTypes, TagType from PLC.Nodes import Node from PLC.Slices import Slice, Slices +from PLC.SliceTags import SliceTag, SliceTags from PLC.InitScripts import InitScript, InitScripts -from PLC.Auth import Auth + +from PLC.AuthorizeHelpers import AuthorizeHelpers + +# need to import so the core classes get decorated with caller_may_write_tag +from PLC.AuthorizeHelpers import AuthorizeHelpers class UpdateSliceTag(Method): """ @@ -26,7 +34,7 @@ class UpdateSliceTag(Method): accepts = [ Auth(), SliceTag.fields['slice_tag_id'], - Mixed(SliceTag.fields['value'], + Mixed(SliceTag.fields['value'], InitScript.fields['name']) ] @@ -35,40 +43,30 @@ class UpdateSliceTag(Method): def call(self, auth, slice_tag_id, value): slice_tags = SliceTags(self.api, [slice_tag_id]) if not slice_tags: - raise PLCInvalidArgument, "No such slice attribute" + raise PLCInvalidArgument("No such slice attribute") slice_tag = slice_tags[0] + tag_type_id = slice_tag['tag_type_id'] + tag_type = TagTypes (self.api,[tag_type_id])[0] + slices = Slices(self.api, [slice_tag['slice_id']]) if not slices: - raise PLCInvalidArgument, "No such slice" + raise PLCInvalidArgument("No such slice %d"%slice_tag['slice_id']) slice = slices[0] assert slice_tag['slice_tag_id'] in slice['slice_tag_ids'] - if not isinstance(self.caller, Node): - if 'admin' not in self.caller['roles']: - if self.caller['person_id'] in slice['person_ids']: - pass - elif 'pi' not in self.caller['roles']: - raise PLCPermissionDenied, "Not a member of the specified slice" - elif slice['site_id'] not in self.caller['site_ids']: - raise PLCPermissionDenied, "Specified slice not associated with any of your sites" - - if slice_tag['min_role_id'] is not None and \ - min(self.caller['role_ids']) > slice_tag['min_role_id']: - raise PLCPermissionDenied, "Not allowed to update the specified attribute" - else: - ### make node's min_role_id == PI min_role_id - node_role_id = 20 - if slice_tag['min_role_id'] is not None and node_role_id >= slice_tag['min_role_id']: - raise PLCPermissionDenied, "Not allowed to update the specified slice attribute" - - if slice_tag['tagname'] in ['initscript']: + # check authorizations + node_id_or_hostname=slice_tag['node_id'] + nodegroup_id_or_name=slice_tag['nodegroup_id'] + slice.caller_may_write_tag(self.api,self.caller,tag_type,node_id_or_hostname,nodegroup_id_or_name) + + if slice_tag['tagname'] in ['initscript']: initscripts = InitScripts(self.api, {'enabled': True, 'name': value}) if not initscripts: - raise PLCInvalidArgument, "No such plc initscript" + raise PLCInvalidArgument("No such plc initscript") - slice_tag['value'] = unicode(value) + slice_tag['value'] = str(value) slice_tag.sync() - self.event_objects = {'SliceTag': [slice_tag['slice_tag_id']]} + self.event_objects = {'SliceTag': [slice_tag['slice_tag_id']]} return 1