X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=osm_nbi%2Fadmin_topics.py;h=b0dc0877432eadbd717569208e57c74c574b7ec3;hb=44603906f6eeefb0546b9fa26cd0fb4a6e346c4a;hp=eb8c988498909313afe81a43c84201606b306c0b;hpb=871f8888918592d5c2357a8034e1b0f098a26fee;p=osm%2FNBI.git diff --git a/osm_nbi/admin_topics.py b/osm_nbi/admin_topics.py index eb8c988..b0dc087 100644 --- a/osm_nbi/admin_topics.py +++ b/osm_nbi/admin_topics.py @@ -471,18 +471,20 @@ class UserTopicAuth(UserTopic): @staticmethod def format_on_show(content): """ - Modifies the content of the role information to separate the role + Modifies the content of the role information to separate the role metadata from the role definition. """ project_role_mappings = [] for project in content["projects"]: for role in project["roles"]: - project_role_mappings.append([project, role]) - + project_role_mappings.append({"project": project["_id"], "role": role["_id"]}) + del content["projects"] content["project_role_mappings"] = project_role_mappings + return content + def new(self, rollback, session, indata=None, kwargs=None, headers=None): """ Creates a new entry into the authentication backend. @@ -504,7 +506,11 @@ class UserTopicAuth(UserTopic): content = self._validate_input_new(content, session["force"]) self.check_conflict_on_new(session, content) self.format_on_new(content, session["project_id"], make_public=session["public"]) - _id = self.auth.create_user(content["username"], content["password"]) + _id = self.auth.create_user(content["username"], content["password"])["_id"] + + for mapping in content["project_role_mappings"]: + self.auth.assign_role_to_user(_id, mapping["project"], mapping["role"]) + rollback.append({"topic": self.topic, "_id": _id}) del content["password"] # self._send_msg("create", content) @@ -559,25 +565,25 @@ class UserTopicAuth(UserTopic): user = self.show(session, _id) original_mapping = user["project_role_mappings"] edit_mapping = content["project_role_mappings"] - - mappings_to_remove = [mapping for mapping in original_mapping + + mappings_to_remove = [mapping for mapping in original_mapping if mapping not in edit_mapping] - + mappings_to_add = [mapping for mapping in edit_mapping if mapping not in original_mapping] - + for mapping in mappings_to_remove: self.auth.remove_role_from_user( - user["name"], - mapping[0], - mapping[1] + user["name"], + mapping["project"], + mapping["role"] ) - + for mapping in mappings_to_add: self.auth.assign_role_to_user( user["name"], - mapping[0], - mapping[1] + mapping["project"], + mapping["role"] ) return content["_id"] @@ -618,8 +624,8 @@ class UserTopicAuth(UserTopic): class ProjectTopicAuth(ProjectTopic): # topic = "projects" # topic_msg = "projects" - # schema_new = project_new_schema - # schema_edit = project_edit_schema + schema_new = project_new_schema + schema_edit = project_edit_schema def __init__(self, db, fs, msg, auth): ProjectTopic.__init__(self, db, fs, msg) @@ -932,8 +938,7 @@ class RoleTopicAuth(BaseTopic): :param _id: server internal id :return: dictionary, raise exception if not found. """ - filter_db = self._get_project_filter(session) - filter_db["_id"] = _id + filter_db = {"_id": _id} role = self.db.get_one(self.topic, filter_db) new_role = dict(role) @@ -1012,8 +1017,7 @@ class RoleTopicAuth(BaseTopic): :return: dictionary with deleted item _id. It raises EngineException on error: not found, conflict, ... """ self.check_conflict_on_del(session, _id, None) - filter_q = self._get_project_filter(session) - filter_q["_id"] = _id + filter_q = {"_id": _id} if not dry_run: self.auth.delete_role(_id) v = self.db.del_one(self.topic, filter_q)