Commit da74ae57 authored by Rémi Duraffort's avatar Rémi Duraffort
Browse files

XML-RPC: add a decorator for is_superuser check

Change-Id: I9fd0bc6c9011a1c90ea8908047476f9d0bc61b19
parent 49f370cd
from functools import wraps
from simplejson import JSONDecodeError
import xmlrpclib
import yaml
from simplejson import JSONDecodeError
from django.conf import settings
from django.core.exceptions import PermissionDenied
from django.db.models import Count, Q
......@@ -33,6 +35,20 @@ from lava_scheduler_app.schema import (
# pylint: disable=no-self-use
def check_superuser(f):
""" decorator to check that the caller is a super-user """
@wraps(f)
def wrapper(self, *args, **kwargs):
self._authenticate()
if not self.user.is_superuser:
raise xmlrpclib.Fault(
403,
"User '%s' is not superuser." % self.user.username
)
return f(self, *args, **kwargs)
return wrapper
class SchedulerAPI(ExposedAPI):
def submit_job(self, job_data):
......
......@@ -23,6 +23,7 @@ import xmlrpclib
from django.db import IntegrityError
from linaro_django_xmlrpc.models import ExposedAPI
from lava_scheduler_app.api import check_superuser
from lava_scheduler_app.models import Alias, DeviceType
......@@ -38,6 +39,7 @@ class SchedulerDeviceTypesAPI(ExposedAPI):
available_types.sort()
return available_types
@check_superuser
def add(self, name, description, display, owners_only,
health_frequency, health_denominator):
"""
......@@ -71,13 +73,6 @@ class SchedulerDeviceTypesAPI(ExposedAPI):
------------
None
"""
self._authenticate()
if not self.user.is_superuser:
raise xmlrpclib.Fault(
403,
"User '%s' is not superuser." % self.user.username
)
if health_denominator == "hours":
health_denominator = DeviceType.HEALTH_PER_HOUR
elif health_denominator == "jobs":
......@@ -95,6 +90,7 @@ class SchedulerDeviceTypesAPI(ExposedAPI):
raise xmlrpclib.Fault(
400, "Bad request: device-type name is already used.")
@check_superuser
def get_template(self, name):
"""
Name
......@@ -115,13 +111,6 @@ class SchedulerDeviceTypesAPI(ExposedAPI):
------------
The device-type configuration
"""
self._authenticate()
if not self.user.is_superuser:
raise xmlrpclib.Fault(
403,
"User '%s' is not superuser." % self.user.username
)
if name not in self._available_device_types():
raise xmlrpclib.Fault(
404, "Device-type '%s' was not found." % name)
......@@ -135,6 +124,7 @@ class SchedulerDeviceTypesAPI(ExposedAPI):
raise xmlrpclib.Fault(
400, "Unable to read device-type configuration: %s" % exc.strerror)
@check_superuser
def set_template(self, name, config):
"""
Name
......@@ -157,13 +147,6 @@ class SchedulerDeviceTypesAPI(ExposedAPI):
------------
None
"""
self._authenticate()
if not self.user.is_superuser:
raise xmlrpclib.Fault(
403,
"User '%s' is not superuser." % self.user.username
)
# Validate the name (should not be a path)
if name != os.path.basename(name):
raise xmlrpclib.Fault(
......@@ -259,6 +242,7 @@ class SchedulerDeviceTypesAPI(ExposedAPI):
return dt_dict
@check_superuser
def update(self, name, description, display, owners_only, health_frequency,
health_denominator, health_disabled):
"""
......@@ -296,13 +280,6 @@ class SchedulerDeviceTypesAPI(ExposedAPI):
------------
None
"""
self._authenticate()
if not self.user.is_superuser:
raise xmlrpclib.Fault(
403,
"User '%s' is not superuser." % self.user.username
)
try:
dt = DeviceType.objects.get(name=name)
except DeviceType.DoesNotExist:
......@@ -340,6 +317,7 @@ class SchedulerDeviceTypesAPI(ExposedAPI):
class SchedulerDeviceTypesAliasesAPI(ExposedAPI):
@check_superuser
def add(self, name, alias):
"""
Name
......@@ -362,13 +340,6 @@ class SchedulerDeviceTypesAliasesAPI(ExposedAPI):
------------
None
"""
self._authenticate()
if not self.user.is_superuser:
raise xmlrpclib.Fault(
403,
"User '%s' is not superuser." % self.user.username
)
try:
dt = DeviceType.objects.get(name=name)
except DeviceType.DoesNotExist:
......@@ -410,6 +381,7 @@ class SchedulerDeviceTypesAliasesAPI(ExposedAPI):
return [a.name for a in dt.aliases.all().order_by("name")]
@check_superuser
def delete(self, name, alias):
"""
Name
......@@ -431,13 +403,6 @@ class SchedulerDeviceTypesAliasesAPI(ExposedAPI):
------------
None
"""
self._authenticate()
if not self.user.is_superuser:
raise xmlrpclib.Fault(
403,
"User '%s' is not superuser." % self.user.username
)
try:
dt = DeviceType.objects.get(name=name)
except DeviceType.DoesNotExist:
......
......@@ -23,6 +23,7 @@ from django.core.exceptions import ValidationError
from django.db import IntegrityError
from linaro_django_xmlrpc.models import ExposedAPI
from lava_scheduler_app.api import check_superuser
from lava_scheduler_app.models import (
Device,
DeviceType,
......@@ -34,6 +35,7 @@ from lava_scheduler_app.models import (
class SchedulerDevicesAPI(ExposedAPI):
@check_superuser
def add(self, hostname, type_name, worker_hostname,
user_name=None, group_name=None, public=True,
status=None, health_status=None, description=None):
......@@ -79,13 +81,6 @@ class SchedulerDevicesAPI(ExposedAPI):
------------
None
"""
self._authenticate()
if not self.user.is_superuser:
raise xmlrpclib.Fault(
403,
"User '%s' is not superuser." % self.user.username
)
user = group = None
try:
device_type = DeviceType.objects.get(name=type_name)
......@@ -129,6 +124,7 @@ class SchedulerDevicesAPI(ExposedAPI):
raise xmlrpclib.Fault(
400, "Bad request: %s" % exc.message)
@check_superuser
def get_dictionary(self, hostname, render=False):
"""
Name
......@@ -151,13 +147,6 @@ class SchedulerDevicesAPI(ExposedAPI):
------------
The device dictionary
"""
self._authenticate()
if not self.user.is_superuser:
raise xmlrpclib.Fault(
403,
"User '%s' is not superuser." % self.user.username
)
try:
device = Device.objects.get(hostname=hostname)
except Device.DoesNotExist:
......@@ -172,9 +161,10 @@ class SchedulerDevicesAPI(ExposedAPI):
config = device.load_configuration(output_format="raw" if not render else "yaml")
if config is None:
raise xmlrpclib.Fault(
404, "Device '%s' does not have a confguration" % hostname)
404, "Device '%s' does not have a configuration" % hostname)
return xmlrpclib.Binary(config.encode('utf-8'))
@check_superuser
def set_dictionary(self, hostname, dictionary):
"""
Name
......@@ -197,13 +187,6 @@ class SchedulerDevicesAPI(ExposedAPI):
------------
True if the dictionary was saved to file, False otherwise.
"""
self._authenticate()
if not self.user.is_superuser:
raise xmlrpclib.Fault(
403,
"User '%s' is not superuser." % self.user.username
)
try:
device = Device.objects.get(hostname=hostname)
except Device.DoesNotExist:
......@@ -232,9 +215,10 @@ class SchedulerDevicesAPI(ExposedAPI):
This function returns an XML-RPC array in which each item is a
dictionary with device information
"""
devices = Device.objects.all().order_by("hostname")
devices = Device.objects.all()
if not show_all:
devices = Device.objects.exclude(status=Device.RETIRED)
devices = devices.order_by("hostname")
ret = []
for device in devices:
......@@ -307,6 +291,7 @@ class SchedulerDevicesAPI(ExposedAPI):
return device_dict
@check_superuser
def update(self, hostname, worker_hostname=None, user_name=None,
group_name=None, public=True, status=None, health_status=None,
description=None):
......@@ -348,13 +333,6 @@ class SchedulerDevicesAPI(ExposedAPI):
------------
None
"""
self._authenticate()
if not self.user.is_superuser:
raise xmlrpclib.Fault(
403,
"User '%s' is not superuser." % self.user.username
)
try:
device = Device.objects.get(hostname=hostname)
except Device.DoesNotExist:
......@@ -416,6 +394,7 @@ class SchedulerDevicesAPI(ExposedAPI):
class SchedulerDevicesTagsAPI(ExposedAPI):
@check_superuser
def add(self, hostname, name):
"""
Name
......@@ -438,13 +417,6 @@ class SchedulerDevicesTagsAPI(ExposedAPI):
------------
None
"""
self._authenticate()
if not self.user.is_superuser:
raise xmlrpclib.Fault(
403,
"User '%s' is not superuser." % self.user.username
)
try:
device = Device.objects.get(hostname=hostname)
except Device.DoesNotExist:
......@@ -482,6 +454,7 @@ class SchedulerDevicesTagsAPI(ExposedAPI):
return [t.name for t in device.tags.all()]
@check_superuser
def delete(self, hostname, name):
"""
Name
......@@ -503,13 +476,6 @@ class SchedulerDevicesTagsAPI(ExposedAPI):
------------
None
"""
self._authenticate()
if not self.user.is_superuser:
raise xmlrpclib.Fault(
403,
"User '%s' is not superuser." % self.user.username
)
try:
device = Device.objects.get(hostname=hostname)
except Device.DoesNotExist:
......
......@@ -22,11 +22,13 @@ from django.contrib.auth.models import AnonymousUser
from django.db import IntegrityError
from linaro_django_xmlrpc.models import ExposedAPI
from lava_scheduler_app.api import check_superuser
from lava_scheduler_app.models import Tag
class SchedulerTagsAPI(ExposedAPI):
@check_superuser
def add(self, name, description=None):
"""
Name
......@@ -49,19 +51,13 @@ class SchedulerTagsAPI(ExposedAPI):
------------
None
"""
self._authenticate()
if not self.user.is_superuser:
raise xmlrpclib.Fault(
403,
"User '%s' is not superuser." % self.user.username
)
try:
Tag.objects.create(name=name, description=description)
except IntegrityError as exc:
raise xmlrpclib.Fault(
400, "Bad request: %s" % exc.message)
@check_superuser
def delete(self, name):
"""
Name
......
......@@ -22,11 +22,13 @@ import xmlrpclib
from django.db import IntegrityError
from linaro_django_xmlrpc.models import ExposedAPI
from lava_scheduler_app.api import check_superuser
from lava_scheduler_app.models import Worker
class SchedulerWorkersAPI(ExposedAPI):
@check_superuser
def add(self, hostname, description=None, disabled=False):
"""
Name
......@@ -51,13 +53,6 @@ class SchedulerWorkersAPI(ExposedAPI):
------------
None
"""
self._authenticate()
if not self.user.is_superuser:
raise xmlrpclib.Fault(
403,
"User '%s' is not superuser." % self.user.username
)
try:
Worker.objects.create(hostname=hostname,
description=description,
......@@ -100,6 +95,7 @@ class SchedulerWorkersAPI(ExposedAPI):
raise xmlrpclib.Fault(
404, "Worker '%s' does not have a configuration" % hostname)
@check_superuser
def set_config(self, hostname, config):
"""
Name
......@@ -122,13 +118,6 @@ class SchedulerWorkersAPI(ExposedAPI):
------------
True if the configuration was saved to file, False otherwise.
"""
self._authenticate()
if not self.user.is_superuser:
raise xmlrpclib.Fault(
403,
"User '%s' is not superuser." % self.user.username
)
try:
Worker.objects.get(hostname=hostname)
except Worker.DoesNotExist:
......@@ -197,6 +186,7 @@ class SchedulerWorkersAPI(ExposedAPI):
"hidden": not worker.display,
"devices": worker.device_set.count()}
@check_superuser
def update(self, hostname, description=None, disabled=None):
"""
Name
......@@ -221,13 +211,6 @@ class SchedulerWorkersAPI(ExposedAPI):
------------
None
"""
self._authenticate()
if not self.user.is_superuser:
raise xmlrpclib.Fault(
403,
"User '%s' is not superuser." % self.user.username
)
try:
worker = Worker.objects.get(hostname=hostname)
except Worker.DoesNotExist:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment