schema_edit = user_edit_schema
multiproject = False
- def __init__(self, db, fs, msg):
- BaseTopic.__init__(self, db, fs, msg)
+ def __init__(self, db, fs, msg, auth):
+ BaseTopic.__init__(self, db, fs, msg, auth)
@staticmethod
def _get_project_filter(session):
schema_edit = project_edit_schema
multiproject = False
- def __init__(self, db, fs, msg):
- BaseTopic.__init__(self, db, fs, msg)
+ def __init__(self, db, fs, msg, auth):
+ BaseTopic.__init__(self, db, fs, msg, auth)
@staticmethod
def _get_project_filter(session):
schema_edit = user_edit_schema
def __init__(self, db, fs, msg, auth):
- UserTopic.__init__(self, db, fs, msg)
- self.auth = auth
+ UserTopic.__init__(self, db, fs, msg, auth)
+ # self.auth = auth
def check_conflict_on_new(self, session, indata):
"""
rollback.append({"topic": self.topic, "_id": _id})
# del content["password"]
- # self._send_msg("create", content)
+ # self._send_msg("created", content)
return _id, None
except ValidationError as e:
raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY)
"""
# Allow _id to be a name or uuid
filter_q = {self.id_field(self.topic, _id): _id}
- users = self.auth.get_user_list(filter_q)
-
+ # users = self.auth.get_user_list(filter_q)
+ users = self.list(session, filter_q) # To allow default filtering (Bug 853)
if len(users) == 1:
return users[0]
elif len(users) > 1:
:param filter_q: filter of data to be applied
:return: The list, it can be empty if no one match the filter.
"""
- users = self.auth.get_user_list(filter_q)
-
- return users
+ user_list = self.auth.get_user_list(filter_q)
+ if not session["allow_show_user_project_role"]:
+ # Bug 853 - Default filtering
+ user_list = [usr for usr in user_list if usr["username"] == session["username"]]
+ return user_list
def delete(self, session, _id, dry_run=False):
"""
schema_edit = project_edit_schema
def __init__(self, db, fs, msg, auth):
- ProjectTopic.__init__(self, db, fs, msg)
- self.auth = auth
+ ProjectTopic.__init__(self, db, fs, msg, auth)
+ # self.auth = auth
def check_conflict_on_new(self, session, indata):
"""
raise EngineException("You cannot rename project 'admin'", http_code=HTTPStatus.CONFLICT)
# Check that project name is not used, regardless keystone already checks this
- if self.auth.get_project_list(filter_q={"name": project_name}):
+ if project_name and self.auth.get_project_list(filter_q={"name": project_name}):
raise EngineException("project '{}' is already used".format(project_name), HTTPStatus.CONFLICT)
def check_conflict_on_del(self, session, _id, db_content):
self.format_on_new(content, project_id=session["project_id"], make_public=session["public"])
_id = self.auth.create_project(content)
rollback.append({"topic": self.topic, "_id": _id})
- # self._send_msg("create", content)
+ # self._send_msg("created", content)
return _id, None
except ValidationError as e:
raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY)
"""
# Allow _id to be a name or uuid
filter_q = {self.id_field(self.topic, _id): _id}
- projects = self.auth.get_project_list(filter_q=filter_q)
-
+ # projects = self.auth.get_project_list(filter_q=filter_q)
+ projects = self.list(session, filter_q) # To allow default filtering (Bug 853)
if len(projects) == 1:
return projects[0]
elif len(projects) > 1:
:param filter_q: filter of data to be applied
:return: The list, it can be empty if no one match the filter.
"""
- return self.auth.get_project_list(filter_q)
+ project_list = self.auth.get_project_list(filter_q)
+ if not session["allow_show_user_project_role"]:
+ # Bug 853 - Default filtering
+ user = self.auth.get_user(session["username"])
+ projects = [prm["project"] for prm in user["project_role_mappings"]]
+ project_list = [proj for proj in project_list if proj["_id"] in projects]
+ return project_list
def delete(self, session, _id, dry_run=False):
"""
self.check_conflict_on_edit(session, content, indata, _id=_id)
self.format_on_edit(content, indata)
- if "name" in indata:
- content["name"] = indata["name"]
+ deep_update_rfc7396(content, indata)
self.auth.update_project(content["_id"], content)
except ValidationError as e:
raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY)
multiproject = False
def __init__(self, db, fs, msg, auth, ops):
- BaseTopic.__init__(self, db, fs, msg)
- self.auth = auth
+ BaseTopic.__init__(self, db, fs, msg, auth)
+ # self.auth = auth
self.operations = ops
# self.topic = "roles_operations" if isinstance(auth, AuthconnKeystone) else "roles"
:return: dictionary, raise exception if not found.
"""
filter_q = {BaseTopic.id_field(self.topic, _id): _id}
- roles = self.auth.get_role_list(filter_q)
+ # roles = self.auth.get_role_list(filter_q)
+ roles = self.list(session, filter_q) # To allow default filtering (Bug 853)
if not roles:
raise AuthconnNotFoundException("Not found any role with filter {}".format(filter_q))
elif len(roles) > 1:
:param filter_q: filter of data to be applied
:return: The list, it can be empty if no one match the filter.
"""
- return self.auth.get_role_list(filter_q)
+ role_list = self.auth.get_role_list(filter_q)
+ if not session["allow_show_user_project_role"]:
+ # Bug 853 - Default filtering
+ user = self.auth.get_user(session["username"])
+ roles = [prm["role"] for prm in user["project_role_mappings"]]
+ role_list = [role for role in role_list if role["_id"] in roles]
+ return role_list
def new(self, rollback, session, indata=None, kwargs=None, headers=None):
"""
content["_id"] = rid
# _id = self.db.create(self.topic, content)
rollback.append({"topic": self.topic, "_id": rid})
- # self._send_msg("create", content)
+ # self._send_msg("created", content)
return rid, None
except ValidationError as e:
raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY)