Skip to content

Commit

Permalink
Ensures that permissions are set when _http_put_common
Browse files Browse the repository at this point in the history 
Without this patch permissions can be lost during
update operations.

Closes-bug: #1378376
(cherry picked from commit ed0ba01)
Change-Id: I9c7488b4be00d4a4a960cdf8330dd3abd8454215
  • Loading branch information
Sylvain Afchain authored and Édouard Thuleau committed Oct 28, 2014
1 parent a9aa0fb commit 09df45a
Showing 1 changed file with 38 additions and 7 deletions.
45 changes: 38 additions & 7 deletions src/config/api-server/vnc_cfg_api_server.py
View file
Expand Up @@ -352,7 +352,7 @@ def __init__(self, args_str=None):
hostname = socket.gethostname()
self._sandesh.init_generator(module_name, hostname,
node_type_name, instance_id,
self._args.collectors,
self._args.collectors,
'vnc_api_server_context',
int(self._args.http_server_port),
['cfgm_common', 'sandesh'], self._disc)
Expand Down Expand Up @@ -415,7 +415,7 @@ def __init__(self, args_str=None):
sysinfo_req = True
config_node_ip = self.get_server_ip()
cpu_info = vnc_cpu_info.CpuInfo(
self._sandesh.module(), self._sandesh.instance_id(), sysinfo_req,
self._sandesh.module(), self._sandesh.instance_id(), sysinfo_req,
self._sandesh, 60, config_node_ip)
self._cpu_info = cpu_info

Expand Down Expand Up @@ -1004,21 +1004,45 @@ def _ensure_id_perms_present(self, obj_type, obj_dict):
"""
Called at resource creation to ensure that id_perms is present in obj
"""
new_id_perms = self._get_default_id_perms(obj_type)
# retrieve object and permissions
id_perms = self._get_default_id_perms(obj_type)

obj_uuid = obj_dict.get('uuid')

if (('id_perms' not in obj_dict) or
(obj_dict['id_perms'] is None)):
obj_dict['id_perms'] = new_id_perms
# Resource creation
if obj_uuid is None:
obj_dict['id_perms'] = id_perms
return
# Resource already exist
try:
obj_dict['id_perms'] = self._db_conn.uuid_to_obj_perms(obj_uuid)
except NoIdError:
obj_dict['id_perms'] = id_perms

return

# retrieve the previous version of the id_perms
# from the database and update the id_perms with
# them.
if obj_uuid is not None:
try:
old_id_perms = self._db_conn.uuid_to_obj_perms(obj_uuid)
for field, value in old_id_perms.items():
if value is not None:
id_perms[field] = value
except NoIdError:
pass

# Start from default and update from obj_dict
req_id_perms = obj_dict['id_perms']
for key in ('enable', 'description', 'user_visible'):
if key in req_id_perms:
new_id_perms[key] = req_id_perms[key]
id_perms[key] = req_id_perms[key]
# TODO handle perms present in req_id_perms

obj_dict['id_perms'] = new_id_perms
obj_dict['id_perms'] = id_perms
# end _ensure_id_perms_present

def _get_default_id_perms(self, obj_type):
Expand Down Expand Up @@ -1205,6 +1229,13 @@ def _http_put_common(self, request, obj_type, obj_uuid, obj_fq_name,
uuid.UUID(obj_uuid),
persist=False)

# TODO remove this when the generator will be adapted to
# be consistent with the post method
obj_type = obj_type.replace('_', '-')

# Ensure object has at least default permissions set
self._ensure_id_perms_present(obj_type, obj_dict)

apiConfig = VncApiCommon()
apiConfig.object_type = obj_type.replace('-', '_')
apiConfig.identifier_name = fq_name_str
Expand Down Expand Up @@ -1315,7 +1346,7 @@ def _http_post_common(self, request, obj_type, obj_dict):
except NoIdError:
pass

# Ensure object has atleast default permissions set
# Ensure object has at least default permissions set
self._ensure_id_perms_present(obj_type, obj_dict)

# TODO check api + resource perms etc.
Expand Down

0 comments on commit 09df45a

Please sign in to comment.