Compare revisions

Bharath Vamsi Adurti · garciadeblas · Bharath Vamsi Adurti · garciadeblas · 1188c195 · 1188c195
--- a/osm_nbi/admin_topics.py
+++ b/osm_nbi/admin_topics.py
@@ -1079,6 +1079,45 @@ class UserTopicAuth(UserTopic):
                    indata["add_project_role_mappings"].append(
                        {"project": proj, "role": rid}
                    )
+            if (
+                indata.get("remove_project_role_mappings")
+                or indata.get("add_project_role_mappings")
+                or indata.get("project_role_mappings")
+            ):
+                user_details = self.db.get_one("users", {"_id": session.get("user_id")})
+                edit_role = False
+                for pr in user_details["project_role_mappings"]:
+                    role_id = pr.get("role")
+                    role_details = self.db.get_one("roles", {"_id": role_id})
+                    if role_details["permissions"].get("default"):
+                        if "roles" not in role_details["permissions"] or role_details[
+                            "permissions"
+                        ].get("roles"):
+                            edit_role = True
+                    elif role_details["permissions"].get("roles"):
+                        edit_role = True
+                if not edit_role:
+                    raise EngineException(
+                        "User {} has no privileges to edit or delete project-role mappings".format(
+                            session.get("username")
+                        ),
+                        http_code=HTTPStatus.UNPROCESSABLE_ENTITY,
+                    )
+
+            # password change
+            if indata.get("password"):
+                if not session.get("admin_show"):
+                    if not indata.get("system_admin_id"):
+                        if _id != session["user_id"]:
+                            raise EngineException(
+                                "You are not allowed to change other users password",
+                                http_code=HTTPStatus.BAD_REQUEST,
+                            )
+                        if not indata.get("old_password"):
+                            raise EngineException(
+                                "Password change requires old password or admin ID",
+                                http_code=HTTPStatus.BAD_REQUEST,
+                            )

            # user = self.show(session, _id)   # Already in 'content'
            original_mapping = content["project_role_mappings"]

--- a/osm_nbi/nbi.py
+++ b/osm_nbi/nbi.py
@@ -1510,7 +1510,9 @@ class Server(object):
            "force": False,
            "project_id": (token_info["project_id"],),
            "username": token_info["username"],
+            "user_id": token_info["user_id"],
            "admin": token_info["admin"],
+            "admin_show": token_info["admin_show"],
            "public": None,
            "allow_show_user_project_role": token_info["allow_show_user_project_role"],
        }

--- a/osm_nbi/tests/test_admin_topics.py
+++ b/osm_nbi/tests/test_admin_topics.py
@@ -926,6 +926,8 @@ class Test_UserTopicAuth(TestCase):
        uid = str(uuid4())
        pid1 = str(uuid4())
        rid1 = str(uuid4())
+        self.fake_session["user_id"] = uid
+        self.fake_session["admin_show"] = True
        prms = [
            {
                "project": pid1,
@@ -953,6 +955,14 @@ class Test_UserTopicAuth(TestCase):
                {"_id": rid2, "name": "role-2"},
                {"_id": rid1, "name": "role-1"},
            ]
+
+            role = {
+                "_id": rid1,
+                "name": "role-1",
+                "permissions": {"default": False, "admin": False, "roles": True},
+            }
+            self.db.create("users", user)
+            self.db.create("roles", role)
            new_name = "new-user-name"
            new_pasw = "New@pwd1"
            add_prms = [{"project": pid2, "role": rid2}]
No results found