site=Sites(api,[node['site_id']])[0]
return AuthorizeHelpers.person_in_site (api, person, site)
except:
+ import traceback
return False
# does the slice belong to the site that the (pi) user is in ?
def slice_belongs_to_pi (api, slice, pi):
return slice['site_id'] in pi['site_ids']
+
+# authorization method - check if a given caller can set tag on this object
+# called in {Add,Update,Delete}NodeTags methods and in the accessors factory
+def caller_may_write_node_tag (node, api, caller, tag_type):
+ if 'admin' in caller['roles']:
+ pass
+ elif not AuthorizeHelpers.caller_may_access_tag_type (api, caller, tag_type):
+ raise PLCPermissionDenied, "Role mismatch for writing tag %s"%(tag_type['tagname'])
+ elif AuthorizeHelpers.node_belongs_to_person (api, node, caller):
+ pass
+ else:
+ raise PLCPermissionDenied, "Writing node tag: must belong in the same site as %s"%\
+ (node['hostname'])
+
+setattr(Node,'caller_may_write_tag',caller_may_write_node_tag)
+
from PLC.TagTypes import TagType, TagTypes
from PLC.NodeTags import NodeTag, NodeTags
-from PLC.AuthorizeHelpers import AuthorizeHelpers
-
class AddNodeTag(Method):
"""
Sets the specified tag for the specified node
raise PLCInvalidArgument, "Node %d already has tag %d"%(node['node_id'],
tag_type['tag_type_id'])
-
# check authorizations
- if 'admin' in self.caller['roles']:
- pass
- elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
- raise PLCPermissionDenied, "%s, forbidden tag %s (%s)"%(self.name,tag_type['tagname'],self.caller['email'])
- elif AuthorizeHelpers.node_belongs_to_person (self.api, node, self.caller):
- pass
- else:
- raise PLCPermissionDenied, "%s: caller %r must belong in the same site as subject node %s"%\
- (self.name,self.caller,node['hostname'])
-
+ node.caller_may_write_tag(self.api,self.caller,tag_type)
node_tag = NodeTag(self.api)
node_tag['node_id'] = node['node_id']
from PLC.TagTypes import TagType, TagTypes
from PLC.NodeTags import NodeTag, NodeTags
-from PLC.AuthorizeHelpers import AuthorizeHelpers
-
class DeleteNodeTag(Method):
"""
Deletes the specified node tag
node=nodes[0]
# check authorizations
- if 'admin' in self.caller['roles']:
- pass
- elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
- raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname'])
- elif AuthorizeHelpers.node_belongs_to_person (self.api, node, self.caller):
- pass
- else:
- raise PLCPermissionDenied, "%s: you must belong in the same site as subject node"%self.name
+ node.caller_may_write_tag(self.api,self.caller,tag_type)
node_tag.delete()
self.object_ids = [node_tag['node_tag_id']]
from PLC.TagTypes import TagType, TagTypes
from PLC.NodeTags import NodeTag, NodeTags
-from PLC.AuthorizeHelpers import AuthorizeHelpers
-
class UpdateNodeTag(Method):
"""
Updates the value of an existing node tag
node=nodes[0]
# check authorizations
- if 'admin' in self.caller['roles']:
- pass
- elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
- raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname'])
- elif AuthorizeHelpers.node_belongs_to_person (self.api, node, self.caller):
- pass
- else:
- raise PLCPermissionDenied, "%s: you must belong in the same site as subject node"%self.name
-
+ node.caller_may_write_tag(self.api,self.caller,tag_type)
node_tag['value'] = value
node_tag.sync()
git://git.onelab.eu / plcapi.git / commitdiff