X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fadmin_topics.py;h=b41e4574dcd2497031651f82ddc8381b2e800441;hp=5008c601336b5153d747c222b775cefd19a16801;hb=refs%2Fchanges%2F53%2F8053%2F2;hpb=468aa2417a95de4c2af4ae4c2b5be5ac4c6b45d1 diff --git a/osm_nbi/admin_topics.py b/osm_nbi/admin_topics.py index 5008c60..b41e457 100644 --- a/osm_nbi/admin_topics.py +++ b/osm_nbi/admin_topics.py @@ -36,8 +36,8 @@ class UserTopic(BaseTopic): schema_edit = user_edit_schema multiproject = False - def __init__(self, db, fs, msg): - BaseTopic.__init__(self, db, fs, msg) + def __init__(self, db, fs, msg, auth): + BaseTopic.__init__(self, db, fs, msg, auth) @staticmethod def _get_project_filter(session): @@ -130,8 +130,8 @@ class ProjectTopic(BaseTopic): schema_edit = project_edit_schema multiproject = False - def __init__(self, db, fs, msg): - BaseTopic.__init__(self, db, fs, msg) + def __init__(self, db, fs, msg, auth): + BaseTopic.__init__(self, db, fs, msg, auth) @staticmethod def _get_project_filter(session): @@ -394,8 +394,8 @@ class UserTopicAuth(UserTopic): schema_edit = user_edit_schema def __init__(self, db, fs, msg, auth): - UserTopic.__init__(self, db, fs, msg) - self.auth = auth + UserTopic.__init__(self, db, fs, msg, auth) + # self.auth = auth def check_conflict_on_new(self, session, indata): """ @@ -530,7 +530,7 @@ class UserTopicAuth(UserTopic): rollback.append({"topic": self.topic, "_id": _id}) # del content["password"] - # self._send_msg("create", content) + # self._send_msg("created", content) return _id, None except ValidationError as e: raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY) @@ -545,8 +545,8 @@ class UserTopicAuth(UserTopic): """ # Allow _id to be a name or uuid filter_q = {self.id_field(self.topic, _id): _id} - users = self.auth.get_user_list(filter_q) - + # users = self.auth.get_user_list(filter_q) + users = self.list(session, filter_q) # To allow default filtering (Bug 853) if len(users) == 1: return users[0] elif len(users) > 1: @@ -676,9 +676,11 @@ class UserTopicAuth(UserTopic): :param filter_q: filter of data to be applied :return: The list, it can be empty if no one match the filter. """ - users = self.auth.get_user_list(filter_q) - - return users + user_list = self.auth.get_user_list(filter_q) + if not session["allow_show_user_project_role"]: + # Bug 853 - Default filtering + user_list = [usr for usr in user_list if usr["username"] == session["username"]] + return user_list def delete(self, session, _id, dry_run=False): """ @@ -707,8 +709,8 @@ class ProjectTopicAuth(ProjectTopic): schema_edit = project_edit_schema def __init__(self, db, fs, msg, auth): - ProjectTopic.__init__(self, db, fs, msg) - self.auth = auth + ProjectTopic.__init__(self, db, fs, msg, auth) + # self.auth = auth def check_conflict_on_new(self, session, indata): """ @@ -749,7 +751,7 @@ class ProjectTopicAuth(ProjectTopic): raise EngineException("You cannot rename project 'admin'", http_code=HTTPStatus.CONFLICT) # Check that project name is not used, regardless keystone already checks this - if self.auth.get_project_list(filter_q={"name": project_name}): + if project_name and self.auth.get_project_list(filter_q={"name": project_name}): raise EngineException("project '{}' is already used".format(project_name), HTTPStatus.CONFLICT) def check_conflict_on_del(self, session, _id, db_content): @@ -812,7 +814,7 @@ class ProjectTopicAuth(ProjectTopic): self.format_on_new(content, project_id=session["project_id"], make_public=session["public"]) _id = self.auth.create_project(content) rollback.append({"topic": self.topic, "_id": _id}) - # self._send_msg("create", content) + # self._send_msg("created", content) return _id, None except ValidationError as e: raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY) @@ -827,8 +829,8 @@ class ProjectTopicAuth(ProjectTopic): """ # Allow _id to be a name or uuid filter_q = {self.id_field(self.topic, _id): _id} - projects = self.auth.get_project_list(filter_q=filter_q) - + # projects = self.auth.get_project_list(filter_q=filter_q) + projects = self.list(session, filter_q) # To allow default filtering (Bug 853) if len(projects) == 1: return projects[0] elif len(projects) > 1: @@ -844,7 +846,13 @@ class ProjectTopicAuth(ProjectTopic): :param filter_q: filter of data to be applied :return: The list, it can be empty if no one match the filter. """ - return self.auth.get_project_list(filter_q) + project_list = self.auth.get_project_list(filter_q) + if not session["allow_show_user_project_role"]: + # Bug 853 - Default filtering + user = self.auth.get_user(session["username"]) + projects = [prm["project"] for prm in user["project_role_mappings"]] + project_list = [proj for proj in project_list if proj["_id"] in projects] + return project_list def delete(self, session, _id, dry_run=False): """ @@ -888,8 +896,7 @@ class ProjectTopicAuth(ProjectTopic): self.check_conflict_on_edit(session, content, indata, _id=_id) self.format_on_edit(content, indata) - if "name" in indata: - content["name"] = indata["name"] + deep_update_rfc7396(content, indata) self.auth.update_project(content["_id"], content) except ValidationError as e: raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY) @@ -903,8 +910,8 @@ class RoleTopicAuth(BaseTopic): multiproject = False def __init__(self, db, fs, msg, auth, ops): - BaseTopic.__init__(self, db, fs, msg) - self.auth = auth + BaseTopic.__init__(self, db, fs, msg, auth) + # self.auth = auth self.operations = ops # self.topic = "roles_operations" if isinstance(auth, AuthconnKeystone) else "roles" @@ -1072,7 +1079,8 @@ class RoleTopicAuth(BaseTopic): :return: dictionary, raise exception if not found. """ filter_q = {BaseTopic.id_field(self.topic, _id): _id} - roles = self.auth.get_role_list(filter_q) + # roles = self.auth.get_role_list(filter_q) + roles = self.list(session, filter_q) # To allow default filtering (Bug 853) if not roles: raise AuthconnNotFoundException("Not found any role with filter {}".format(filter_q)) elif len(roles) > 1: @@ -1087,7 +1095,13 @@ class RoleTopicAuth(BaseTopic): :param filter_q: filter of data to be applied :return: The list, it can be empty if no one match the filter. """ - return self.auth.get_role_list(filter_q) + role_list = self.auth.get_role_list(filter_q) + if not session["allow_show_user_project_role"]: + # Bug 853 - Default filtering + user = self.auth.get_user(session["username"]) + roles = [prm["role"] for prm in user["project_role_mappings"]] + role_list = [role for role in role_list if role["_id"] in roles] + return role_list def new(self, rollback, session, indata=None, kwargs=None, headers=None): """ @@ -1113,7 +1127,7 @@ class RoleTopicAuth(BaseTopic): content["_id"] = rid # _id = self.db.create(self.topic, content) rollback.append({"topic": self.topic, "_id": rid}) - # self._send_msg("create", content) + # self._send_msg("created", content) return rid, None except ValidationError as e: raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY)