← Back to branch summary

~ubuntu-branches/ubuntu/raring/glance/raring-proposed

« back to all changes in this revision

Viewing changes to glance/api/authorization.py

  • Committer: Package Import Robot
  • Author(s): Chuck Short, James Page, Chuck Short
  • Date: 2013-03-20 07:42:22 UTC
  • mfrom: (1.1.50)
  • Revision ID: package-import@ubuntu.com-20130320074222-d8oochgvhjooh1a5
Tags: 1:2013.1~rc1-0ubuntu1
[ James Page ]
* d/watch: Update uversionmangle to deal with upstream versioning
  changes, remove tarballs.openstack.org.

[ Chuck Short ]
* New upstrem release
* debian/control: Clean up build-dependencies:
  - Drop python-argparse referenced in pydist-overrides
  - Drop python-swift no longer needed.
  - Drop python-dateutils no longer needed.
  - Drop python-glacneclient no longer needed.
  - Added python-anyjson to build-depends.
  - Use python-keystoneclient instead of python-keystone.
  - Added python-lxml to build-depends.
  - Added python-swiftclientto build-depends.
  - Added python-passlib to build-depends.
* debian/rules: Set the PYTHONPATH for the tests.

Show diffs side-by-side

added added

removed removed

Lines of Context:
glance/api/authorization.py
14
14
#    under the License.
15
15
 
16
16
from glance.common import exception
17
 
import glance.domain
 
17
import glance.domain.proxy
18
18
 
19
19
 
20
20
def is_image_mutable(context, image):
53
53
        return ImmutableMemberProxy(member)
54
54
 
55
55
 
56
 
class ImageRepoProxy(glance.domain.ImageRepoProxy):
 
56
class ImageRepoProxy(glance.domain.proxy.Repo):
57
57
 
58
58
    def __init__(self, image_repo, context):
59
59
        self.context = context
60
60
        self.image_repo = image_repo
61
 
        super(ImageRepoProxy, self).__init__(image_repo)
 
61
        proxy_kwargs = {'context': self.context}
 
62
        super(ImageRepoProxy, self).__init__(image_repo,
 
63
                                             item_proxy_class=ImageProxy,
 
64
                                             item_proxy_kwargs=proxy_kwargs)
62
65
 
63
 
    def get(self, *args, **kwargs):
64
 
        image = self.image_repo.get(*args, **kwargs)
 
66
    def get(self, image_id):
 
67
        image = self.image_repo.get(image_id)
65
68
        return proxy_image(self.context, image)
66
69
 
67
70
    def list(self, *args, **kwargs):
69
72
        return [proxy_image(self.context, i) for i in images]
70
73
 
71
74
 
72
 
class ImageMembershipRepoProxy(glance.domain.ImageMembershipRepoProxy):
 
75
class ImageMemberRepoProxy(glance.domain.proxy.Repo):
73
76
 
74
 
    def __init__(self, member_repo, context):
75
 
        self.context = context
 
77
    def __init__(self, member_repo, image, context):
76
78
        self.member_repo = member_repo
77
 
        super(ImageMembershipRepoProxy, self).__init__(member_repo)
 
79
        self.image = image
 
80
        self.context = context
 
81
        super(ImageMemberRepoProxy, self).__init__(member_repo)
78
82
 
79
83
    def get(self, member_id):
80
84
        if (self.context.is_admin or
81
 
            self.context.owner == self.member_repo.image.owner or
 
85
            self.context.owner == self.image.owner or
82
86
            self.context.owner == member_id):
83
87
            member = self.member_repo.get(member_id)
84
88
            return proxy_member(self.context, member)
89
93
    def list(self, *args, **kwargs):
90
94
        members = self.member_repo.list(*args, **kwargs)
91
95
        if (self.context.is_admin or
92
 
            self.context.owner == self.member_repo.image.owner):
 
96
            self.context.owner == self.image.owner):
93
97
            return [proxy_member(self.context, m) for m in members]
94
98
        for member in members:
95
99
            if member.member_id == self.context.owner:
96
100
                return [proxy_member(self.context, member)]
97
101
        message = _("You cannot get image member for %s")
98
 
        raise exception.Forbidden(message % self.member_repo.image.image_id)
 
102
        raise exception.Forbidden(message % self.image.image_id)
99
103
 
100
104
    def remove(self, image_member):
101
 
        if (self.member_repo.image.owner == self.context.owner or
 
105
        if (self.image.owner == self.context.owner or
102
106
            self.context.is_admin):
103
107
            self.member_repo.remove(image_member)
104
108
        else:
105
109
            message = _("You cannot delete image member for %s")
106
110
            raise exception.Forbidden(message
107
 
                                      % self.member_repo.image.image_id)
 
111
                                      % self.image.image_id)
108
112
 
109
113
    def add(self, image_member):
110
 
        if (self.member_repo.image.owner == self.context.owner or
 
114
        if (self.image.owner == self.context.owner or
111
115
            self.context.is_admin):
112
116
            return self.member_repo.add(image_member)
113
117
        else:
114
118
            message = _("You cannot add image member for %s")
115
119
            raise exception.Forbidden(message
116
 
                                      % self.member_repo.image.image_id)
 
120
                                      % self.image.image_id)
117
121
 
118
122
    def save(self, image_member):
119
123
        if (self.context.is_admin or
125
129
            raise exception.Forbidden(message % image_member.member_id)
126
130
 
127
131
 
128
 
class ImageFactoryProxy(object):
 
132
class ImageFactoryProxy(glance.domain.proxy.ImageFactory):
129
133
 
130
134
    def __init__(self, image_factory, context):
131
135
        self.image_factory = image_factory
132
136
        self.context = context
 
137
        kwargs = {'context': self.context}
 
138
        super(ImageFactoryProxy, self).__init__(image_factory,
 
139
                                                proxy_class=ImageProxy,
 
140
                                                proxy_kwargs=kwargs)
133
141
 
134
142
    def new_image(self, **kwargs):
135
143
        owner = kwargs.pop('owner', self.context.owner)
140
148
                            "owned by '%s'.")
141
149
                raise exception.Forbidden(message % owner)
142
150
 
143
 
        return self.image_factory.new_image(owner=owner, **kwargs)
 
151
        return super(ImageFactoryProxy, self).new_image(owner=owner, **kwargs)
144
152
 
145
153
 
146
154
class ImageMemberFactoryProxy(object):
180
188
    return property(get_attr, forbidden, forbidden)
181
189
 
182
190
 
 
191
class ImmutableLocations(list):
 
192
    def forbidden(self, *args, **kwargs):
 
193
        message = _("You are not permitted to modify locations "
 
194
                    "for this image.")
 
195
        raise exception.Forbidden(message)
 
196
 
 
197
    append = forbidden
 
198
    extend = forbidden
 
199
    insert = forbidden
 
200
    pop = forbidden
 
201
    remove = forbidden
 
202
    reverse = forbidden
 
203
    sort = forbidden
 
204
    __delitem__ = forbidden
 
205
    __delslice__ = forbidden
 
206
    __iadd__ = forbidden
 
207
    __imul__ = forbidden
 
208
    __setitem__ = forbidden
 
209
    __setslice__ = forbidden
 
210
 
 
211
 
183
212
class ImmutableProperties(dict):
184
213
    def forbidden_key(self, key, *args, **kwargs):
185
214
        message = _("You are not permitted to modify '%s' on this image.")
227
256
    min_disk = _immutable_attr('base', 'min_disk')
228
257
    min_ram = _immutable_attr('base', 'min_ram')
229
258
    protected = _immutable_attr('base', 'protected')
230
 
    location = _immutable_attr('base', 'location')
 
259
    locations = _immutable_attr('base', 'locations', proxy=ImmutableLocations)
231
260
    checksum = _immutable_attr('base', 'checksum')
232
261
    owner = _immutable_attr('base', 'owner')
233
262
    disk_format = _immutable_attr('base', 'disk_format')
243
272
 
244
273
    def get_member_repo(self):
245
274
        member_repo = self.base.get_member_repo()
246
 
        return ImageMembershipRepoProxy(member_repo, self.context)
 
275
        return ImageMemberRepoProxy(member_repo, self, self.context)
 
276
 
 
277
    def get_data(self):
 
278
        return self.base.get_data()
 
279
 
 
280
    def set_data(self, *args, **kwargs):
 
281
        message = _("You are not permitted to upload data for this image.")
 
282
        raise exception.Forbidden(message)
247
283
 
248
284
 
249
285
class ImmutableMemberProxy(object):
258
294
    updated_at = _immutable_attr('base', 'updated_at')
259
295
 
260
296
 
261
 
class ImageProxy(glance.domain.ImageProxy):
 
297
class ImageProxy(glance.domain.proxy.Image):
262
298
 
263
299
    def __init__(self, image, context):
264
300
        self.image = image
271
307
            raise exception.Forbidden(message)
272
308
        else:
273
309
            member_repo = self.image.get_member_repo(**kwargs)
274
 
            return ImageMembershipRepoProxy(member_repo, self.context)
 
310
            return ImageMemberRepoProxy(member_repo, self, self.context)