X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fbase_topic.py;h=e849bb843ee8c4dcb5a9f8cb1a0562db72abccc3;hp=52e02af9c6b2c7556c5d1930f0d91047f29c4d25;hb=990ac461246c2449534955f8e5c73ecbc295f4dc;hpb=bee3bad8d15fe0893855d0dff92cef4351629edb

diff --git a/osm_nbi/base_topic.py b/osm_nbi/base_topic.py
index 52e02af..e849bb8 100644
--- a/osm_nbi/base_topic.py
+++ b/osm_nbi/base_topic.py
@@ -19,6 +19,7 @@ from http import HTTPStatus
 from time import time
 from osm_common.dbbase import deep_update_rfc7396
 from osm_nbi.validation import validate_input, ValidationError, is_valid_uuid
+from yaml import safe_load, YAMLError
 
 __author__ = "Alfonso Tierno <alfonso.tiernosepulveda@telefonica.com>"
 
@@ -151,7 +152,7 @@ class BaseTopic:
     def _get_project_filter(session):
         """
         Generates a filter dictionary for querying database, so that only allowed items for this project can be
-        addressed. Only propietary or public can be used. Allowed projects are at _admin.project_read/write. If it is
+        addressed. Only proprietary or public can be used. Allowed projects are at _admin.project_read/write. If it is
         not present or contains ANY mean public.
         :param session: contains:
             project_id: project list this session has rights to access. Can be empty, one or several
@@ -301,11 +302,12 @@ class BaseTopic:
         pass
 
     @staticmethod
-    def _update_input_with_kwargs(desc, kwargs):
+    def _update_input_with_kwargs(desc, kwargs, yaml_format=False):
         """
         Update descriptor with the kwargs. It contains dot separated keys
         :param desc: dictionary to be updated
         :param kwargs: plain dictionary to be used for updating.
+        :param yaml_format: get kwargs values as yaml format.
         :return: None, 'desc' is modified. It raises EngineException.
         """
         if not kwargs:
@@ -325,7 +327,7 @@ class BaseTopic:
                     else:
                         raise EngineException(
                             "Invalid query string '{}'. Descriptor is not a list nor dict at '{}'".format(k, kitem))
-                update_content[kitem_old] = v
+                update_content[kitem_old] = v if not yaml_format else safe_load(v)
         except KeyError:
             raise EngineException(
                 "Invalid query string '{}'. Descriptor does not contain '{}'".format(k, kitem_old))
@@ -335,6 +337,8 @@ class BaseTopic:
         except IndexError:
             raise EngineException(
                 "Invalid query string '{}'. Index '{}' out of  range".format(k, kitem_old))
+        except YAMLError:
+            raise EngineException("Invalid query string '{}' yaml format".format(k))
 
     def show(self, session, _id):
         """
@@ -464,30 +468,39 @@ class BaseTopic:
         """
 
         # To allow addressing projects and users by name AS WELL AS by _id
-        filter_q = {BaseTopic.id_field(self.topic, _id): _id}
+        if not self.multiproject:
+            filter_q = {}
+        else:
+            filter_q = self._get_project_filter(session)
+        filter_q[self.id_field(self.topic, _id)] = _id
         item_content = self.db.get_one(self.topic, filter_q)
 
-        # TODO add admin to filter, validate rights
-        # data = self.get_item(topic, _id)
         self.check_conflict_on_del(session, _id, item_content)
         if dry_run:
             return None
         
-        if self.multiproject:
-            filter_q.update(self._get_project_filter(session))
         if self.multiproject and session["project_id"]:
-            # remove reference from project_read. If not last delete
-            # if this topic is not part of session["project_id"] no midification at database is done and an exception
-            # is raised
-            self.db.set_one(self.topic, filter_q, update_dict=None,
-                            pull={"_admin.projects_read": {"$in": session["project_id"]}})
-            # try to delete if there is not any more reference from projects. Ignore if it is not deleted
-            filter_q = {'_id': _id, '_admin.projects_read': [[], ["ANY"]]}
-            v = self.db.del_one(self.topic, filter_q, fail_on_empty=False)
-            if not v or not v["deleted"]:
+            # remove reference from project_read if there are more projects referencing it. If it last one,
+            # do not remove reference, but delete
+            other_projects_referencing = next((p for p in item_content["_admin"]["projects_read"]
+                                               if p not in session["project_id"]), None)
+
+            # check if there are projects referencing it (apart from ANY, that means, public)....
+            if other_projects_referencing:
+                # remove references but not delete
+                update_dict_pull = {"_admin.projects_read.{}".format(p): None for p in session["project_id"]}
+                update_dict_pull.update({"_admin.projects_write.{}".format(p): None for p in session["project_id"]})
+                self.db.set_one(self.topic, filter_q, update_dict=None, pull=update_dict_pull)
                 return None
-        else:
-            self.db.del_one(self.topic, filter_q)
+            else:
+                can_write = next((p for p in item_content["_admin"]["projects_write"] if p == "ANY" or
+                                  p in session["project_id"]), None)
+                if not can_write:
+                    raise EngineException("You have not write permission to delete it",
+                                          http_code=HTTPStatus.UNAUTHORIZED)
+
+        # delete
+        self.db.del_one(self.topic, filter_q)
         self.delete_extra(session, _id, item_content, not_send_msg=not_send_msg)
         self._send_msg("deleted", {"_id": _id}, not_send_msg=not_send_msg)
         return None