Skip to content

Commit

Permalink
Ensures that permissions are set when _http_put_common
Browse files Browse the repository at this point in the history 
Without this patch permissions can be lost during
update operations.

Change-Id: I9c7488b4be00d4a4a960cdf8330dd3abd8454215
Closes-bug: #1378376
  • Loading branch information
Sylvain Afchain committed Oct 20, 2014
1 parent 782514f commit ed0ba01
Showing 1 changed file with 38 additions and 7 deletions.
45 changes: 38 additions & 7 deletions src/config/api-server/vnc_cfg_api_server.py
View file
Expand Up @@ -351,7 +351,7 @@ def __init__(self, args_str=None):
hostname = socket.gethostname()
self._sandesh.init_generator(module_name, hostname,
node_type_name, instance_id,
self._args.collectors,
self._args.collectors,
'vnc_api_server_context',
int(self._args.http_server_port),
['cfgm_common'], self._disc)
Expand Down Expand Up @@ -423,7 +423,7 @@ def set_admin_role(*args, **kwargs):
sysinfo_req = True
config_node_ip = self.get_server_ip()
cpu_info = vnc_cpu_info.CpuInfo(
self._sandesh.module(), self._sandesh.instance_id(), sysinfo_req,
self._sandesh.module(), self._sandesh.instance_id(), sysinfo_req,
self._sandesh, 60, config_node_ip)
self._cpu_info = cpu_info

Expand Down Expand Up @@ -1019,21 +1019,45 @@ def _ensure_id_perms_present(self, obj_type, obj_dict):
"""
Called at resource creation to ensure that id_perms is present in obj
"""
new_id_perms = self._get_default_id_perms(obj_type)
# retrieve object and permissions
id_perms = self._get_default_id_perms(obj_type)

obj_uuid = obj_dict.get('uuid')

if (('id_perms' not in obj_dict) or
(obj_dict['id_perms'] is None)):
obj_dict['id_perms'] = new_id_perms
# Resource creation
if obj_uuid is None:
obj_dict['id_perms'] = id_perms
return
# Resource already exist
try:
obj_dict['id_perms'] = self._db_conn.uuid_to_obj_perms(obj_uuid)
except NoIdError:
obj_dict['id_perms'] = id_perms

return

# retrieve the previous version of the id_perms
# from the database and update the id_perms with
# them.
if obj_uuid is not None:
try:
old_id_perms = self._db_conn.uuid_to_obj_perms(obj_uuid)
for field, value in old_id_perms.items():
if value is not None:
id_perms[field] = value
except NoIdError:
pass

# Start from default and update from obj_dict
req_id_perms = obj_dict['id_perms']
for key in ('enable', 'description', 'user_visible'):
if key in req_id_perms:
new_id_perms[key] = req_id_perms[key]
id_perms[key] = req_id_perms[key]
# TODO handle perms present in req_id_perms

obj_dict['id_perms'] = new_id_perms
obj_dict['id_perms'] = id_perms
# end _ensure_id_perms_present

def _get_default_id_perms(self, obj_type):
Expand Down Expand Up @@ -1220,6 +1244,13 @@ def _http_put_common(self, request, obj_type, obj_uuid, obj_fq_name,
uuid.UUID(obj_uuid),
persist=False)

# TODO remove this when the generator will be adapted to
# be consistent with the post method
obj_type = obj_type.replace('_', '-')

# Ensure object has at least default permissions set
self._ensure_id_perms_present(obj_type, obj_dict)

apiConfig = VncApiCommon()
apiConfig.object_type = obj_type.replace('-', '_')
apiConfig.identifier_name = fq_name_str
Expand Down Expand Up @@ -1330,7 +1361,7 @@ def _http_post_common(self, request, obj_type, obj_dict):
except NoIdError:
pass

# Ensure object has atleast default permissions set
# Ensure object has at least default permissions set
self._ensure_id_perms_present(obj_type, obj_dict)

# TODO check api + resource perms etc.
Expand Down

0 comments on commit ed0ba01

Please sign in to comment.