X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fbase_topic.py;h=70c8dff5eac55ce0bed458a6d11276d32cfbde46;hp=7c6c99071f64b247e3f2e12b1dbbd518e984dd9b;hb=b3d0a0e94cc4572d81477754baf56c910e892be3;hpb=cf042d30e8b7a1a9cbd1b2064e83c5d20ffcec9b diff --git a/osm_nbi/base_topic.py b/osm_nbi/base_topic.py index 7c6c990..70c8dff 100644 --- a/osm_nbi/base_topic.py +++ b/osm_nbi/base_topic.py @@ -18,7 +18,7 @@ from uuid import uuid4 from http import HTTPStatus from time import time from osm_common.dbbase import deep_update_rfc7396 -from validation import validate_input, ValidationError, is_valid_uuid +from osm_nbi.validation import validate_input, ValidationError, is_valid_uuid __author__ = "Alfonso Tierno " @@ -27,7 +27,7 @@ class EngineException(Exception): def __init__(self, message, http_code=HTTPStatus.BAD_REQUEST): self.http_code = http_code - Exception.__init__(self, message) + super(Exception, self).__init__(message) def get_iterable(input_var): @@ -57,6 +57,8 @@ class BaseTopic: schema_edit = None # to_override multiproject = True # True if this Topic can be shared by several projects. Then it contains _admin.projects_read + default_quota = 500 + # Alternative ID Fields for some Topics alt_id_field = { "projects": "name", @@ -64,16 +66,17 @@ class BaseTopic: "roles": "name" } - def __init__(self, db, fs, msg): + def __init__(self, db, fs, msg, auth): self.db = db self.fs = fs self.msg = msg self.logger = logging.getLogger("nbi.engine") + self.auth = auth @staticmethod def id_field(topic, value): """Returns ID Field for given topic and field value""" - if topic in ["projects", "users"] and not is_valid_uuid(value): + if topic in BaseTopic.alt_id_field.keys() and not is_valid_uuid(value): return BaseTopic.alt_id_field[topic] else: return "_id" @@ -84,6 +87,29 @@ class BaseTopic: return {} return indata + def check_quota(self, session): + """ + Check whether topic quota is exceeded by the given project + Used by relevant topics' 'new' function to decide whether or not creation of the new item should be allowed + :param projects: projects (tuple) for which quota should be checked + :param override: boolean. If true, don't raise ValidationError even though quota be exceeded + :return: None + :raise: + DbException if project not found + ValidationError if quota exceeded and not overridden + """ + if session["force"] or session["admin"]: + return + projects = session["project_id"] + for project in projects: + proj = self.auth.get_project(project) + pid = proj["_id"] + quota = proj.get("quotas", {}).get(self.topic, self.default_quota) + count = self.db.count(self.topic, {"_admin.projects_read": pid}) + if count >= quota: + name = proj["name"] + raise ValidationError("{} quota ({}) exceeded for project {} ({})".format(self.topic, quota, name, pid)) + def _validate_input_new(self, input, force=False): """ Validates input user content for a new entry. It uses jsonschema. Some overrides will use pyangbind @@ -163,7 +189,7 @@ class BaseTopic: """ Check that the data to be edited/uploaded is valid :param session: contains "username", "admin", "force", "public", "project_id", "set_project" - :param final_content: data once modified. This methdo may change it. + :param final_content: data once modified. This method may change it. :param edit_content: incremental data that contains the modifications to apply :param _id: internal _id :return: None or raises EngineException @@ -192,7 +218,10 @@ class BaseTopic: :param _id: If not None, ignore this entry that are going to change :return: None or raises EngineException """ - _filter = self._get_project_filter(session) + if not self.multiproject: + _filter = {} + else: + _filter = self._get_project_filter(session) _filter["name"] = name if _id: _filter["_id.neq"] = _id @@ -206,7 +235,7 @@ class BaseTopic: :param content: descriptor to be modified :param project_id: if included, it add project read/write permissions. Can be None or a list :param make_public: if included it is generated as public for reading. - :return: None, but content is modified + :return: op_id: operation id on asynchronous operation, None otherwise. In addition content is modified """ now = time() if "_admin" not in content: @@ -223,12 +252,20 @@ class BaseTopic: content["_admin"]["projects_read"].append("ANY") if not content["_admin"].get("projects_write"): content["_admin"]["projects_write"] = list(project_id) + return None @staticmethod def format_on_edit(final_content, edit_content): + """ + Modifies final_content to admin information upon edition + :param final_content: final content to be stored at database + :param edit_content: user requested update content + :return: operation id, if this edit implies an asynchronous operation; None otherwise + """ if final_content.get("_admin"): now = time() final_content["_admin"]["modified"] = now + return None def _send_msg(self, action, content): if self.topic_msg: @@ -288,7 +325,10 @@ class BaseTopic: :param _id: server internal id :return: dictionary, raise exception if not found. """ - filter_db = self._get_project_filter(session) + if not self.multiproject: + filter_db = {} + else: + filter_db = self._get_project_filter(session) # To allow project&user addressing by name AS WELL AS _id filter_db[BaseTopic.id_field(self.topic, _id)] = _id return self.db.get_one(self.topic, filter_db) @@ -315,8 +355,8 @@ class BaseTopic: """ if not filter_q: filter_q = {} - - filter_q.update(self._get_project_filter(session)) + if self.multiproject: + filter_q.update(self._get_project_filter(session)) # TODO transform data for SOL005 URL requests. Transform filtering # TODO implement "field-type" query string SOL005 @@ -330,20 +370,27 @@ class BaseTopic: :param indata: data to be inserted :param kwargs: used to override the indata descriptor :param headers: http request headers - :return: _id: identity of the inserted data. + :return: _id, op_id: + _id: identity of the inserted data. + op_id: operation id if this is asynchronous, None otherwise """ try: + if self.multiproject: + self.check_quota(session) + content = self._remove_envelop(indata) # Override descriptor with query string kwargs self._update_input_with_kwargs(content, kwargs) content = self._validate_input_new(content, force=session["force"]) self.check_conflict_on_new(session, content) - self.format_on_new(content, project_id=session["project_id"], make_public=session["public"]) + op_id = self.format_on_new(content, project_id=session["project_id"], make_public=session["public"]) _id = self.db.create(self.topic, content) rollback.append({"topic": self.topic, "_id": _id}) - self._send_msg("create", content) - return _id + if op_id: + content["op_id"] = op_id + self._send_msg("created", content) + return _id, op_id except ValidationError as e: raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY) @@ -371,7 +418,8 @@ class BaseTopic: # TODO add admin to filter, validate rights if not filter_q: filter_q = {} - filter_q.update(self._get_project_filter(session)) + if self.multiproject: + filter_q.update(self._get_project_filter(session)) return self.db.del_list(self.topic, filter_q) def delete_extra(self, session, _id, db_content): @@ -392,7 +440,7 @@ class BaseTopic: :param session: contains "username", "admin", "force", "public", "project_id", "set_project" :param _id: server internal id :param dry_run: make checking but do not delete - :return: dictionary with deleted item _id. It raises EngineException on error: not found, conflict, ... + :return: operation id (None if there is not operation), raise exception if error or not found, conflict, ... """ # To allow addressing projects and users by name AS WELL AS by _id @@ -405,21 +453,24 @@ class BaseTopic: if dry_run: return None - filter_q.update(self._get_project_filter(session)) + if self.multiproject: + filter_q.update(self._get_project_filter(session)) if self.multiproject and session["project_id"]: # remove reference from project_read. If not last delete + # if this topic is not part of session["project_id"] no midification at database is done and an exception + # is raised self.db.set_one(self.topic, filter_q, update_dict=None, pull={"_admin.projects_read": {"$in": session["project_id"]}}) # try to delete if there is not any more reference from projects. Ignore if it is not deleted filter_q = {'_id': _id, '_admin.projects_read': [[], ["ANY"]]} v = self.db.del_one(self.topic, filter_q, fail_on_empty=False) if not v or not v["deleted"]: - return v + return None else: - v = self.db.del_one(self.topic, filter_q) + self.db.del_one(self.topic, filter_q) self.delete_extra(session, _id, item_content) self._send_msg("deleted", {"_id": _id}) - return v + return None def edit(self, session, _id, indata=None, kwargs=None, content=None): """ @@ -429,7 +480,7 @@ class BaseTopic: :param indata: contains the changes to apply :param kwargs: modifies indata :param content: original content of the item - :return: + :return: op_id: operation id if this is processed asynchronously, None otherwise """ indata = self._remove_envelop(indata) @@ -446,16 +497,20 @@ class BaseTopic: if not content: content = self.show(session, _id) deep_update_rfc7396(content, indata) + + # To allow project addressing by name AS WELL AS _id. Get the _id, just in case the provided one is a name + _id = content.get("_id") or _id + self.check_conflict_on_edit(session, content, indata, _id=_id) - self.format_on_edit(content, indata) - # To allow project addressing by name AS WELL AS _id - # self.db.replace(self.topic, _id, content) - cid = content.get("_id") - self.db.replace(self.topic, cid if cid else _id, content) + op_id = self.format_on_edit(content, indata) + + self.db.replace(self.topic, _id, content) indata.pop("_admin", None) + if op_id: + indata["op_id"] = op_id indata["_id"] = _id - self._send_msg("edit", indata) - return _id + self._send_msg("edited", indata) + return op_id except ValidationError as e: raise EngineException(e, HTTPStatus.UNPROCESSABLE_ENTITY)