From: Adurti Date: Tue, 7 May 2024 06:04:37 +0000 (+0000) Subject: Bug 2351 Fixed: Able to Update user role even with project user role X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=76d4b765f629fa33904fb0d5ee42cfc9803e590a;p=osm%2FNBI.git Bug 2351 Fixed: Able to Update user role even with project user role Change-Id: I787b76f53219d24113dd3cb30ea3cafd18933d8f Signed-off-by: Adurti --- diff --git a/osm_nbi/admin_topics.py b/osm_nbi/admin_topics.py index 02a9737..46bddeb 100644 --- a/osm_nbi/admin_topics.py +++ b/osm_nbi/admin_topics.py @@ -1079,6 +1079,30 @@ class UserTopicAuth(UserTopic): indata["add_project_role_mappings"].append( {"project": proj, "role": rid} ) + if ( + indata.get("remove_project_role_mappings") + or indata.get("add_project_role_mappings") + or indata.get("project_role_mappings") + ): + user_details = self.db.get_one("users", {"_id": session.get("user_id")}) + edit_role = False + for pr in user_details["project_role_mappings"]: + role_id = pr.get("role") + role_details = self.db.get_one("roles", {"_id": role_id}) + if role_details["permissions"].get("default"): + if "roles" not in role_details["permissions"] or role_details[ + "permissions" + ].get("roles"): + edit_role = True + elif role_details["permissions"].get("roles"): + edit_role = True + if not edit_role: + raise EngineException( + "User {} has no privileges to edit or delete project-role mappings".format( + session.get("username") + ), + http_code=HTTPStatus.UNPROCESSABLE_ENTITY, + ) # user = self.show(session, _id) # Already in 'content' original_mapping = content["project_role_mappings"] diff --git a/osm_nbi/nbi.py b/osm_nbi/nbi.py index d169cdd..1bb7927 100644 --- a/osm_nbi/nbi.py +++ b/osm_nbi/nbi.py @@ -1510,6 +1510,7 @@ class Server(object): "force": False, "project_id": (token_info["project_id"],), "username": token_info["username"], + "user_id": token_info["user_id"], "admin": token_info["admin"], "public": None, "allow_show_user_project_role": token_info["allow_show_user_project_role"], diff --git a/osm_nbi/tests/test_admin_topics.py b/osm_nbi/tests/test_admin_topics.py index 4da4d61..a4c4918 100755 --- a/osm_nbi/tests/test_admin_topics.py +++ b/osm_nbi/tests/test_admin_topics.py @@ -926,6 +926,7 @@ class Test_UserTopicAuth(TestCase): uid = str(uuid4()) pid1 = str(uuid4()) rid1 = str(uuid4()) + self.fake_session["user_id"] = uid prms = [ { "project": pid1, @@ -953,6 +954,14 @@ class Test_UserTopicAuth(TestCase): {"_id": rid2, "name": "role-2"}, {"_id": rid1, "name": "role-1"}, ] + + role = { + "_id": rid1, + "name": "role-1", + "permissions": {"default": False, "admin": False, "roles": True}, + } + self.db.create("users", user) + self.db.create("roles", role) new_name = "new-user-name" new_pasw = "New@pwd1" add_prms = [{"project": pid2, "role": rid2}]