X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fbase_topic.py;h=1f7f5d49fb805fa7b6549297bf0c904ce9c06561;hp=1bc906c2b4d63594f84a2a129dac715125e35e7e;hb=d7749588e6cc73661d052fc5bb41605e1b588128;hpb=714954e34ba8af38c696a802c789699ae0299648 diff --git a/osm_nbi/base_topic.py b/osm_nbi/base_topic.py index 1bc906c..1f7f5d4 100644 --- a/osm_nbi/base_topic.py +++ b/osm_nbi/base_topic.py @@ -19,6 +19,7 @@ from http import HTTPStatus from time import time from osm_common.dbbase import deep_update_rfc7396 from osm_nbi.validation import validate_input, ValidationError, is_valid_uuid +from yaml import safe_load, YAMLError __author__ = "Alfonso Tierno " @@ -113,7 +114,7 @@ class BaseTopic: DbException if project not found ValidationError if quota exceeded and not overridden """ - if session["force"] or session["admin"]: + if session["force"]: return projects = session["project_id"] for project in projects: @@ -123,7 +124,8 @@ class BaseTopic: count = self.db.count(self.topic, {"_admin.projects_read": pid}) if count >= quota: name = proj["name"] - raise ValidationError("{} quota ({}) exceeded for project {} ({})".format(self.topic, quota, name, pid)) + raise ValidationError("quota ({}={}) exceeded for project {} ({})".format(self.topic, quota, name, pid), + http_code=HTTPStatus.UNAUTHORIZED) def _validate_input_new(self, input, force=False): """ @@ -151,7 +153,7 @@ class BaseTopic: def _get_project_filter(session): """ Generates a filter dictionary for querying database, so that only allowed items for this project can be - addressed. Only propietary or public can be used. Allowed projects are at _admin.project_read/write. If it is + addressed. Only proprietary or public can be used. Allowed projects are at _admin.project_read/write. If it is not present or contains ANY mean public. :param session: contains: project_id: project list this session has rights to access. Can be empty, one or several @@ -282,10 +284,13 @@ class BaseTopic: final_content["_admin"]["modified"] = now return None - def _send_msg(self, action, content): - if self.topic_msg: + def _send_msg(self, action, content, not_send_msg=None): + if self.topic_msg and not_send_msg is not False: content.pop("_admin", None) - self.msg.write(self.topic_msg, action, content) + if isinstance(not_send_msg, list): + not_send_msg.append((self.topic_msg, action, content)) + else: + self.msg.write(self.topic_msg, action, content) def check_conflict_on_del(self, session, _id, db_content): """ @@ -298,11 +303,12 @@ class BaseTopic: pass @staticmethod - def _update_input_with_kwargs(desc, kwargs): + def _update_input_with_kwargs(desc, kwargs, yaml_format=False): """ Update descriptor with the kwargs. It contains dot separated keys :param desc: dictionary to be updated :param kwargs: plain dictionary to be used for updating. + :param yaml_format: get kwargs values as yaml format. :return: None, 'desc' is modified. It raises EngineException. """ if not kwargs: @@ -322,7 +328,7 @@ class BaseTopic: else: raise EngineException( "Invalid query string '{}'. Descriptor is not a list nor dict at '{}'".format(k, kitem)) - update_content[kitem_old] = v + update_content[kitem_old] = v if not yaml_format else safe_load(v) except KeyError: raise EngineException( "Invalid query string '{}'. Descriptor does not contain '{}'".format(k, kitem_old)) @@ -332,6 +338,8 @@ class BaseTopic: except IndexError: raise EngineException( "Invalid query string '{}'. Index '{}' out of range".format(k, kitem_old)) + except YAMLError: + raise EngineException("Invalid query string '{}' yaml format".format(k)) def show(self, session, _id): """ @@ -437,7 +445,7 @@ class BaseTopic: filter_q.update(self._get_project_filter(session)) return self.db.del_list(self.topic, filter_q) - def delete_extra(self, session, _id, db_content): + def delete_extra(self, session, _id, db_content, not_send_msg=None): """ Delete other things apart from database entry of a item _id. e.g.: other associated elements at database and other file system storage @@ -445,46 +453,57 @@ class BaseTopic: :param _id: server internal id :param db_content: The database content of the _id. It is already deleted when reached this method, but the content is needed in same cases + :param not_send_msg: To not send message (False) or store content (list) instead :return: None if ok or raises EngineException with the problem """ pass - def delete(self, session, _id, dry_run=False): + def delete(self, session, _id, dry_run=False, not_send_msg=None): """ Delete item by its internal _id :param session: contains "username", "admin", "force", "public", "project_id", "set_project" :param _id: server internal id :param dry_run: make checking but do not delete + :param not_send_msg: To not send message (False) or store content (list) instead :return: operation id (None if there is not operation), raise exception if error or not found, conflict, ... """ # To allow addressing projects and users by name AS WELL AS by _id - filter_q = {BaseTopic.id_field(self.topic, _id): _id} + if not self.multiproject: + filter_q = {} + else: + filter_q = self._get_project_filter(session) + filter_q[self.id_field(self.topic, _id)] = _id item_content = self.db.get_one(self.topic, filter_q) - # TODO add admin to filter, validate rights - # data = self.get_item(topic, _id) self.check_conflict_on_del(session, _id, item_content) if dry_run: return None - if self.multiproject: - filter_q.update(self._get_project_filter(session)) if self.multiproject and session["project_id"]: - # remove reference from project_read. If not last delete - # if this topic is not part of session["project_id"] no midification at database is done and an exception - # is raised - self.db.set_one(self.topic, filter_q, update_dict=None, - pull={"_admin.projects_read": {"$in": session["project_id"]}}) - # try to delete if there is not any more reference from projects. Ignore if it is not deleted - filter_q = {'_id': _id, '_admin.projects_read': [[], ["ANY"]]} - v = self.db.del_one(self.topic, filter_q, fail_on_empty=False) - if not v or not v["deleted"]: + # remove reference from project_read if there are more projects referencing it. If it last one, + # do not remove reference, but delete + other_projects_referencing = next((p for p in item_content["_admin"]["projects_read"] + if p not in session["project_id"]), None) + + # check if there are projects referencing it (apart from ANY, that means, public).... + if other_projects_referencing: + # remove references but not delete + update_dict_pull = {"_admin.projects_read.{}".format(p): None for p in session["project_id"]} + update_dict_pull.update({"_admin.projects_write.{}".format(p): None for p in session["project_id"]}) + self.db.set_one(self.topic, filter_q, update_dict=None, pull=update_dict_pull) return None - else: - self.db.del_one(self.topic, filter_q) - self.delete_extra(session, _id, item_content) - self._send_msg("deleted", {"_id": _id}) + else: + can_write = next((p for p in item_content["_admin"]["projects_write"] if p == "ANY" or + p in session["project_id"]), None) + if not can_write: + raise EngineException("You have not write permission to delete it", + http_code=HTTPStatus.UNAUTHORIZED) + + # delete + self.db.del_one(self.topic, filter_q) + self.delete_extra(session, _id, item_content, not_send_msg=not_send_msg) + self._send_msg("deleted", {"_id": _id}, not_send_msg=not_send_msg) return None def edit(self, session, _id, indata=None, kwargs=None, content=None):