From c292f0b768fcaa05218cf5ffdda5672e6ea9ffe6 Mon Sep 17 00:00:00 2001 From: Mark Huang Date: Thu, 1 Feb 2007 05:03:24 +0000 Subject: [PATCH] allow node authentication --- PLC/Methods/GetAddressTypes.py | 2 +- PLC/Methods/GetAddresses.py | 2 +- PLC/Methods/GetBootStates.py | 2 +- PLC/Methods/GetConfFiles.py | 2 +- PLC/Methods/GetKeyTypes.py | 2 +- PLC/Methods/GetKeys.py | 6 ++++-- PLC/Methods/GetMessages.py | 10 +++++----- PLC/Methods/GetNetworkMethods.py | 2 +- PLC/Methods/GetNetworkTypes.py | 2 +- PLC/Methods/GetPCUs.py | 25 ++++++++++++++++--------- PLC/Methods/GetPeerName.py | 2 +- PLC/Methods/GetPeers.py | 2 +- PLC/Methods/GetPersons.py | 10 ++++++---- PLC/Methods/GetRoles.py | 3 +-- PLC/Methods/GetSliceAttributeTypes.py | 3 +-- PLC/Methods/GetSliceInstantiations.py | 3 +-- PLC/Methods/GetSlices.py | 13 ++++++++----- 17 files changed, 51 insertions(+), 40 deletions(-) diff --git a/PLC/Methods/GetAddressTypes.py b/PLC/Methods/GetAddressTypes.py index ed8ad3b1..d10be739 100644 --- a/PLC/Methods/GetAddressTypes.py +++ b/PLC/Methods/GetAddressTypes.py @@ -15,7 +15,7 @@ class GetAddressTypes(Method): returned. """ - roles = ['admin', 'pi', 'user', 'tech'] + roles = ['admin', 'pi', 'user', 'tech', 'node'] accepts = [ Auth(), diff --git a/PLC/Methods/GetAddresses.py b/PLC/Methods/GetAddresses.py index 24d5aa28..b299295e 100644 --- a/PLC/Methods/GetAddresses.py +++ b/PLC/Methods/GetAddresses.py @@ -14,7 +14,7 @@ class GetAddresses(Method): specified, only the specified details will be returned. """ - roles = ['admin', 'pi', 'user', 'tech'] + roles = ['admin', 'pi', 'user', 'tech', 'node'] accepts = [ Auth(), diff --git a/PLC/Methods/GetBootStates.py b/PLC/Methods/GetBootStates.py index 85540ff3..4cd31bea 100644 --- a/PLC/Methods/GetBootStates.py +++ b/PLC/Methods/GetBootStates.py @@ -9,7 +9,7 @@ class GetBootStates(Method): Returns an array of all valid node boot states. """ - roles = ['admin', 'pi', 'user', 'tech'] + roles = ['admin', 'pi', 'user', 'tech', 'node'] accepts = [ Auth() diff --git a/PLC/Methods/GetConfFiles.py b/PLC/Methods/GetConfFiles.py index c2204aa6..89d5250d 100644 --- a/PLC/Methods/GetConfFiles.py +++ b/PLC/Methods/GetConfFiles.py @@ -15,7 +15,7 @@ class GetConfFiles(Method): details will be returned. """ - roles = ['admin'] + roles = ['admin', 'node'] accepts = [ Auth(), diff --git a/PLC/Methods/GetKeyTypes.py b/PLC/Methods/GetKeyTypes.py index dd685de1..32bb6580 100644 --- a/PLC/Methods/GetKeyTypes.py +++ b/PLC/Methods/GetKeyTypes.py @@ -9,7 +9,7 @@ class GetKeyTypes(Method): Returns an array of all valid key types. """ - roles = ['admin', 'pi', 'user', 'tech'] + roles = ['admin', 'pi', 'user', 'tech', 'node'] accepts = [ Auth() diff --git a/PLC/Methods/GetKeys.py b/PLC/Methods/GetKeys.py index 73ad9b67..2d7550ca 100644 --- a/PLC/Methods/GetKeys.py +++ b/PLC/Methods/GetKeys.py @@ -2,6 +2,7 @@ from PLC.Faults import * from PLC.Method import Method from PLC.Parameter import Parameter, Mixed from PLC.Filter import Filter +from PLC.Persons import Person, Persons from PLC.Keys import Key, Keys from PLC.Auth import Auth @@ -17,7 +18,7 @@ class GetKeys(Method): keys. """ - roles = ['admin', 'pi', 'user', 'tech'] + roles = ['admin', 'pi', 'user', 'tech', 'node'] accepts = [ Auth(), @@ -33,7 +34,8 @@ class GetKeys(Method): keys = Keys(self.api, key_filter, return_fields) # If we are not admin, make sure to only return our own keys - if 'admin' not in self.caller['roles']: + if isinstance(self.caller, Person) and \ + 'admin' not in self.caller['roles']: keys = filter(lambda key: key['key_id'] in self.caller['key_ids'], keys) return keys diff --git a/PLC/Methods/GetMessages.py b/PLC/Methods/GetMessages.py index 1c9931fd..b0eb44e9 100644 --- a/PLC/Methods/GetMessages.py +++ b/PLC/Methods/GetMessages.py @@ -9,13 +9,13 @@ class GetMessages(Method): """ Returns an array of structs containing details about message templates. If message template_filter is specified and is an array - of message template identifiers or hostnames, or a struct of - message template attributes, only message templates matching the - filter will be returned. If return_fields is specified, only the - specified details will be returned. + of message template identifiers, or a struct of message template + attributes, only message templates matching the filter will be + returned. If return_fields is specified, only the specified + details will be returned. """ - roles = ['admin'] + roles = ['admin', 'node'] accepts = [ Auth(), diff --git a/PLC/Methods/GetNetworkMethods.py b/PLC/Methods/GetNetworkMethods.py index 88fe048d..cee914ac 100644 --- a/PLC/Methods/GetNetworkMethods.py +++ b/PLC/Methods/GetNetworkMethods.py @@ -9,7 +9,7 @@ class GetNetworkMethods(Method): Returns a list of all valid network methods. """ - roles = ['admin', 'pi', 'user', 'tech'] + roles = ['admin', 'pi', 'user', 'tech', 'node'] accepts = [ Auth() diff --git a/PLC/Methods/GetNetworkTypes.py b/PLC/Methods/GetNetworkTypes.py index eab232b6..dbddd9fc 100644 --- a/PLC/Methods/GetNetworkTypes.py +++ b/PLC/Methods/GetNetworkTypes.py @@ -9,7 +9,7 @@ class GetNetworkTypes(Method): Returns a list of all valid network types. """ - roles = ['admin', 'pi', 'user', 'tech'] + roles = ['admin', 'pi', 'user', 'tech', 'node'] accepts = [ Auth() diff --git a/PLC/Methods/GetPCUs.py b/PLC/Methods/GetPCUs.py index 13bd7dc6..28d50d6f 100644 --- a/PLC/Methods/GetPCUs.py +++ b/PLC/Methods/GetPCUs.py @@ -2,6 +2,9 @@ from PLC.Faults import * from PLC.Method import Method from PLC.Parameter import Parameter, Mixed from PLC.Filter import Filter +from PLC.Sites import Site, Sites +from PLC.Persons import Person, Persons +from PLC.Nodes import Node, Nodes from PLC.PCUs import PCU, PCUs from PLC.Auth import Auth @@ -17,7 +20,7 @@ class GetPCUs(Method): their sites. """ - roles = ['admin', 'pi', 'tech'] + roles = ['admin', 'pi', 'tech', 'node'] accepts = [ Auth(), @@ -29,14 +32,18 @@ class GetPCUs(Method): returns = [PCU.fields] def call(self, auth, pcu_filter = None, return_fields = None): - # If we are not admin, make sure to only return our own PCUs - if 'admin' not in self.caller['roles']: - # Get list of PCUs that we are able to view + # If we are not admin + if not (isinstance(self.caller, Person) and 'admin' in self.caller['roles']): + # Return only the PCUs at our site valid_pcu_ids = [] - if self.caller['site_ids']: - sites = Sites(self.api, self.caller['site_ids']) - for site in sites: - valid_pcu_ids += site['pcu_ids'] + + if isinstance(self.caller, Person): + site_ids = self.caller['site_ids'] + elif isinstance(self.caller, Node): + site_ids = [self.caller['site_id']] + + for site in Sites(self.api, site_ids): + valid_pcu_ids += site['pcu_ids'] if not valid_pcu_ids: return [] @@ -47,7 +54,7 @@ class GetPCUs(Method): pcus = PCUs(self.api, pcu_filter, return_fields) # Filter out PCUs that are not viewable - if 'admin' not in self.caller['roles']: + if not (isinstance(self.caller, Person) and 'admin' in self.caller['roles']): pcus = filter(lambda pcu: pcu['pcu_id'] in valid_pcu_ids, pcus) return pcus diff --git a/PLC/Methods/GetPeerName.py b/PLC/Methods/GetPeerName.py index ba5a5a78..30fbd945 100644 --- a/PLC/Methods/GetPeerName.py +++ b/PLC/Methods/GetPeerName.py @@ -9,7 +9,7 @@ class GetPeerName (Method): Returns this peer's name, as defined in the config as PLC_NAME """ - roles = ['admin', 'peer'] + roles = ['admin', 'peer', 'node'] accepts = [Auth()] diff --git a/PLC/Methods/GetPeers.py b/PLC/Methods/GetPeers.py index b7509b00..235c27cb 100644 --- a/PLC/Methods/GetPeers.py +++ b/PLC/Methods/GetPeers.py @@ -19,7 +19,7 @@ class GetPeers (Method): specified details will be returned. """ - roles = ['admin'] + roles = ['admin', 'node'] accepts = [ Auth(), diff --git a/PLC/Methods/GetPersons.py b/PLC/Methods/GetPersons.py index 6ac93ee5..458fdacd 100644 --- a/PLC/Methods/GetPersons.py +++ b/PLC/Methods/GetPersons.py @@ -18,10 +18,10 @@ class GetPersons(Method): Users and techs may only retrieve details about themselves. PIs may retrieve details about themselves and others at their - sites. Admins may retrieve details about all accounts. + sites. Admins and nodes may retrieve details about all accounts. """ - roles = ['admin', 'pi', 'user', 'tech'] + roles = ['admin', 'pi', 'user', 'tech', 'node'] accepts = [ Auth(), @@ -38,7 +38,8 @@ class GetPersons(Method): def call(self, auth, person_filter = None, return_fields = None): # If we are not admin, make sure to only return viewable accounts - if 'admin' not in self.caller['roles']: + if isinstance(self.caller, Person) and \ + 'admin' not in self.caller['roles']: # Get accounts that we are able to view valid_person_ids = [self.caller['person_id']] if 'pi' in self.caller['roles'] and self.caller['site_ids']: @@ -62,7 +63,8 @@ class GetPersons(Method): persons = Persons(self.api, person_filter, return_fields) # Filter out accounts that are not viewable - if 'admin' not in self.caller['roles']: + if isinstance(self.caller, Person) and \ + 'admin' not in self.caller['roles']: persons = filter(self.caller.can_view, persons) return persons diff --git a/PLC/Methods/GetRoles.py b/PLC/Methods/GetRoles.py index 7d7c264a..04566623 100644 --- a/PLC/Methods/GetRoles.py +++ b/PLC/Methods/GetRoles.py @@ -9,7 +9,7 @@ class GetRoles(Method): Get an array of structs containing details about all roles. """ - roles = ['admin', 'pi', 'user', 'tech'] + roles = ['admin', 'pi', 'user', 'tech', 'node'] accepts = [ Auth() @@ -17,6 +17,5 @@ class GetRoles(Method): returns = [Role.fields] - def call(self, auth): return Roles(self.api) diff --git a/PLC/Methods/GetSliceAttributeTypes.py b/PLC/Methods/GetSliceAttributeTypes.py index 2d533681..bc8f1ed1 100644 --- a/PLC/Methods/GetSliceAttributeTypes.py +++ b/PLC/Methods/GetSliceAttributeTypes.py @@ -14,7 +14,7 @@ class GetSliceAttributeTypes(Method): specified, only the specified details will be returned. """ - roles = ['admin', 'pi', 'user', 'tech'] + roles = ['admin', 'pi', 'user', 'tech', 'node'] accepts = [ Auth(), @@ -26,6 +26,5 @@ class GetSliceAttributeTypes(Method): returns = [SliceAttributeType.fields] - def call(self, auth, attribute_type_filter = None, return_fields = None): return SliceAttributeTypes(self.api, attribute_type_filter, return_fields) diff --git a/PLC/Methods/GetSliceInstantiations.py b/PLC/Methods/GetSliceInstantiations.py index 1cfcee92..174c2095 100644 --- a/PLC/Methods/GetSliceInstantiations.py +++ b/PLC/Methods/GetSliceInstantiations.py @@ -9,7 +9,7 @@ class GetSliceInstantiations(Method): Returns an array of all valid slice instantiation states. """ - roles = ['admin', 'pi', 'user', 'tech'] + roles = ['admin', 'pi', 'user', 'tech', 'node'] accepts = [ Auth() @@ -17,6 +17,5 @@ class GetSliceInstantiations(Method): returns = [SliceInstantiation.fields['instantiation']] - def call(self, auth): return [slice_instantiation['instantiation'] for slice_instantiation in SliceInstantiations(self.api)] diff --git a/PLC/Methods/GetSlices.py b/PLC/Methods/GetSlices.py index 2b856236..61f61c04 100644 --- a/PLC/Methods/GetSlices.py +++ b/PLC/Methods/GetSlices.py @@ -2,6 +2,7 @@ from PLC.Method import Method from PLC.Parameter import Parameter, Mixed from PLC.Filter import Filter from PLC.Auth import Auth +from PLC.Persons import Person, Persons from PLC.Slices import Slice, Slices class GetSlices(Method): @@ -13,12 +14,12 @@ class GetSlices(Method): specified details will be returned. Users may only query slices of which they are members. PIs may - query any of the slices at their sites. Admins may query any - slice. If a slice that cannot be queried is specified in + query any of the slices at their sites. Admins and nodes may query + any slice. If a slice that cannot be queried is specified in slice_filter, details about that slice will not be returned. """ - roles = ['admin', 'pi', 'user'] + roles = ['admin', 'pi', 'user', 'node'] accepts = [ Auth(), @@ -34,7 +35,8 @@ class GetSlices(Method): def call(self, auth, slice_filter = None, return_fields = None): # If we are not admin, make sure to return only viewable # slices. - if 'admin' not in self.caller['roles']: + if isinstance(self.caller, Person) and \ + 'admin' not in self.caller['roles']: # Get slices that we are able to view valid_slice_ids = self.caller['slice_ids'] if 'pi' in self.caller['roles'] and self.caller['site_ids']: @@ -51,7 +53,8 @@ class GetSlices(Method): slices = Slices(self.api, slice_filter, return_fields) # Filter out slices that are not viewable - if 'admin' not in self.caller['roles']: + if isinstance(self.caller, Person) and \ + 'admin' not in self.caller['roles']: slices = filter(lambda slice: slice['slice_id'] in valid_slice_ids, slices) return slices -- 2.47.0