From: Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr>
Date: Wed, 24 Nov 2010 09:55:54 +0000 (+0100)
Subject: protect GetPersonTags to avoid disclosing person emails
X-Git-Tag: plcapi-5.0-19~35
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=84db9c69cdc4e4cd161f546aeabcde799fcea2ba;p=plcapi.git

protect GetPersonTags to avoid disclosing person emails
---

diff --git a/PLC/Methods/GetPersonTags.py b/PLC/Methods/GetPersonTags.py
index be85340..3830d80 100644
--- a/PLC/Methods/GetPersonTags.py
+++ b/PLC/Methods/GetPersonTags.py
@@ -7,6 +7,7 @@ from PLC.Parameter import Parameter, Mixed
 from PLC.Filter import Filter
 from PLC.Auth import Auth
 
+from PLC.Persons import Person, Persons
 from PLC.PersonTags import PersonTag, PersonTags
 
 class GetPersonTags(Method):
@@ -20,7 +21,7 @@ class GetPersonTags(Method):
     the specified details will be returned.
     """
 
-    roles = ['admin', 'pi', 'user', 'node']
+    roles = ['admin', 'pi', 'user', 'tech']
 
     accepts = [
         Auth(),
@@ -35,6 +36,39 @@ class GetPersonTags(Method):
 
     def call(self, auth, person_tag_filter = None, return_fields = None):
 
+        # only persons can call this (as per roles, but..)
+        if not isinstance(self.caller,Person):
+            return []
+
+        # If we are not admin, make sure to only return viewable accounts
+        valid_person_ids=None
+        added_fields=[]
+        if 'admin' not in self.caller['roles']:
+            # Get accounts that we are able to view
+            valid_person_ids = [self.caller['person_id']]
+            if 'pi' in self.caller['roles'] and self.caller['site_ids']:
+                sites = Sites(self.api, self.caller['site_ids'])
+                for site in sites:
+                    valid_person_ids += site['person_ids']
+
+            if not valid_person_ids:
+                return []
+            
+            # if we have to filter out on person_id, make sure this is returned from db
+            if return_fields:
+                added_fields = set(['person_id']).difference(return_fields)
+                return_fields += added_fields
+
         person_tags = PersonTags(self.api, person_tag_filter, return_fields)
+        
+        if valid_person_ids is not None:
+            person_tags = [ person_tag for person_tag in person_tags 
+                            if person_tag['person_id'] in valid_person_ids]
 
+        # Remove added fields if not initially specified
+        if added_fields:
+            for person_tag in person_tags:
+                for field in added_fields:
+                    if field in person_tag:
+                        del person_tag[field]
         return person_tags