Commit 135269b5 authored by Rémi Duraffort's avatar Rémi Duraffort
Browse files

XMLRPC: use django permissions to manage accesses

An admin can now delegate some permissions to normal users without needing to
give them super user access.
parent dcf5e135
......@@ -56,18 +56,20 @@ from lava_scheduler_app.schema import (
# pylint: disable=no-self-use
def check_superuser(f):
""" decorator to check that the caller is a super-user """
@wraps(f)
def wrapper(self, *args, **kwargs):
self._authenticate()
if not self.user.is_superuser:
raise xmlrpc.client.Fault(
403,
"User '%s' is not superuser." % self.user.username
)
return f(self, *args, **kwargs)
return wrapper
def check_perm(perm):
""" decorator to check that the caller has the given permission """
def decorator(f):
@wraps(f)
def wrapper(self, *args, **kwargs):
self._authenticate()
if not self.user.has_perm(perm):
raise xmlrpc.client.Fault(
403,
"User '%s' is missing permission %s ." % (self.user.username, perm)
)
return f(self, *args, **kwargs)
return wrapper
return decorator
def build_device_status_display(state, health):
......
......@@ -21,13 +21,13 @@ import xmlrpc.client
from django.db import IntegrityError
from linaro_django_xmlrpc.models import ExposedV2API
from lava_scheduler_app.api import check_superuser
from lava_scheduler_app.api import check_perm
from lava_scheduler_app.models import Alias
class SchedulerAliasesAPI(ExposedV2API):
@check_superuser
@check_perm("lava_scheduler_app.add_alias")
def add(self, name):
"""
Name
......@@ -54,7 +54,7 @@ class SchedulerAliasesAPI(ExposedV2API):
raise xmlrpc.client.Fault(
400, "Bad request: %s" % exc.message)
@check_superuser
@check_perm("lava_scheduler_app.delete_alias")
def delete(self, name):
"""
Name
......
......@@ -26,7 +26,7 @@ import xmlrpc.client
from django.db import IntegrityError
from linaro_django_xmlrpc.models import ExposedV2API
from lava_scheduler_app.api import check_superuser
from lava_scheduler_app.api import check_perm
from lava_scheduler_app.models import Alias, DeviceType
......@@ -42,7 +42,7 @@ class SchedulerDeviceTypesAPI(ExposedV2API):
available_types.sort()
return available_types
@check_superuser
@check_perm("lava_scheduler_app.add_devicetype")
def add(self, name, description, display, owners_only,
health_frequency, health_denominator):
"""
......@@ -183,7 +183,7 @@ class SchedulerDeviceTypesAPI(ExposedV2API):
else:
raise xmlrpc.client.Fault(400, "Unable to read device-type configuration: %s" % exc.strerror)
@check_superuser
@check_perm("lava_scheduler_app.change_devicetype")
def set_health_check(self, name, config):
"""
Name
......@@ -225,7 +225,7 @@ class SchedulerDeviceTypesAPI(ExposedV2API):
raise xmlrpc.client.Fault(
400, "Unable to write health-check: %s" % exc.strerror)
@check_superuser
@check_perm("lava_scheduler_app.change_devicetype")
def set_template(self, name, config):
"""
Name
......@@ -348,7 +348,7 @@ class SchedulerDeviceTypesAPI(ExposedV2API):
return dt_dict
@check_superuser
@check_perm("lava_scheduler_app.change_devicetype")
def update(self, name, description, display, owners_only, health_frequency,
health_denominator, health_disabled):
"""
......@@ -423,7 +423,8 @@ class SchedulerDeviceTypesAPI(ExposedV2API):
class SchedulerDeviceTypesAliasesAPI(ExposedV2API):
@check_superuser
@check_perm("lava_scheduler_app.add_alias")
@check_perm("lava_scheduler_app.change_devicetype")
def add(self, name, alias):
"""
Name
......@@ -487,7 +488,7 @@ class SchedulerDeviceTypesAliasesAPI(ExposedV2API):
return [a.name for a in dt.aliases.all().order_by("name")]
@check_superuser
@check_perm("lava_scheduler_app.change_devicetype")
def delete(self, name, alias):
"""
Name
......
......@@ -25,7 +25,7 @@ from django.core.exceptions import ValidationError
from django.db import IntegrityError, transaction
from linaro_django_xmlrpc.models import ExposedV2API
from lava_scheduler_app.api import check_superuser
from lava_scheduler_app.api import check_perm
from lava_scheduler_app.models import (
Device,
DeviceType,
......@@ -36,7 +36,7 @@ from lava_scheduler_app.models import (
class SchedulerDevicesAPI(ExposedV2API):
@check_superuser
@check_perm("lava_scheduler_app.add_device")
def add(self, hostname, type_name, worker_hostname,
user_name=None, group_name=None, public=True,
health=None, description=None):
......@@ -171,7 +171,7 @@ class SchedulerDevicesAPI(ExposedV2API):
404, "Device '%s' does not have a configuration" % hostname)
return xmlrpc.client.Binary(config.encode('utf-8'))
@check_superuser
@check_perm("lava_scheduler_app.change_device")
def set_dictionary(self, hostname, dictionary):
"""
Name
......@@ -297,7 +297,7 @@ class SchedulerDevicesAPI(ExposedV2API):
return device_dict
@check_superuser
@check_perm("lava_scheduler_app.change_device")
def update(self, hostname, worker_hostname=None, user_name=None,
group_name=None, public=True, health=None, description=None):
"""
......@@ -391,7 +391,8 @@ class SchedulerDevicesAPI(ExposedV2API):
class SchedulerDevicesTagsAPI(ExposedV2API):
@check_superuser
@check_perm("lava_scheduler_app.add_tag")
@check_perm("lava_scheduler_app.change_device")
def add(self, hostname, name):
"""
Name
......@@ -451,7 +452,7 @@ class SchedulerDevicesTagsAPI(ExposedV2API):
return [t.name for t in device.tags.all()]
@check_superuser
@check_perm("lava_scheduler_app.change_device")
def delete(self, hostname, name):
"""
Name
......
......@@ -21,13 +21,13 @@ import xmlrpc.client
from django.db import IntegrityError
from linaro_django_xmlrpc.models import ExposedV2API
from lava_scheduler_app.api import check_superuser
from lava_scheduler_app.api import check_perm
from lava_scheduler_app.models import Tag
class SchedulerTagsAPI(ExposedV2API):
@check_superuser
@check_perm("lava_scheduler_app.add_tag")
def add(self, name, description=None):
"""
Name
......@@ -56,7 +56,7 @@ class SchedulerTagsAPI(ExposedV2API):
raise xmlrpc.client.Fault(
400, "Bad request: %s" % exc.message)
@check_superuser
@check_perm("lava_scheduler_app.delete_tag")
def delete(self, name):
"""
Name
......
......@@ -23,13 +23,13 @@ import xmlrpc.client
from django.db import IntegrityError, transaction
from linaro_django_xmlrpc.models import ExposedV2API
from lava_scheduler_app.api import check_superuser
from lava_scheduler_app.api import check_perm
from lava_scheduler_app.models import Worker
class SchedulerWorkersAPI(ExposedV2API):
@check_superuser
@check_perm("lava_scheduler_app.add_worker")
def add(self, hostname, description=None, disabled=False):
"""
Name
......@@ -97,7 +97,7 @@ class SchedulerWorkersAPI(ExposedV2API):
raise xmlrpc.client.Fault(
404, "Worker '%s' does not have a configuration" % hostname)
@check_superuser
@check_perm("lava_scheduler_app.change_worker")
def set_config(self, hostname, config):
"""
Name
......@@ -189,7 +189,7 @@ class SchedulerWorkersAPI(ExposedV2API):
"devices": [d.hostname for d in worker.device_set.all().order_by("hostname")],
"last_ping": worker.last_ping}
@check_superuser
@check_perm("lava_scheduler_app.change_worker")
def update(self, hostname, description=None, health=None):
"""
Name
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment