53
53
return ImmutableMemberProxy(member)
56
class ImageRepoProxy(glance.domain.ImageRepoProxy):
56
class ImageRepoProxy(glance.domain.proxy.Repo):
58
58
def __init__(self, image_repo, context):
59
59
self.context = context
60
60
self.image_repo = image_repo
61
super(ImageRepoProxy, self).__init__(image_repo)
61
proxy_kwargs = {'context': self.context}
62
super(ImageRepoProxy, self).__init__(image_repo,
63
item_proxy_class=ImageProxy,
64
item_proxy_kwargs=proxy_kwargs)
63
def get(self, *args, **kwargs):
64
image = self.image_repo.get(*args, **kwargs)
66
def get(self, image_id):
67
image = self.image_repo.get(image_id)
65
68
return proxy_image(self.context, image)
67
70
def list(self, *args, **kwargs):
69
72
return [proxy_image(self.context, i) for i in images]
72
class ImageMembershipRepoProxy(glance.domain.ImageMembershipRepoProxy):
75
class ImageMemberRepoProxy(glance.domain.proxy.Repo):
74
def __init__(self, member_repo, context):
75
self.context = context
77
def __init__(self, member_repo, image, context):
76
78
self.member_repo = member_repo
77
super(ImageMembershipRepoProxy, self).__init__(member_repo)
80
self.context = context
81
super(ImageMemberRepoProxy, self).__init__(member_repo)
79
83
def get(self, member_id):
80
84
if (self.context.is_admin or
81
self.context.owner == self.member_repo.image.owner or
85
self.context.owner == self.image.owner or
82
86
self.context.owner == member_id):
83
87
member = self.member_repo.get(member_id)
84
88
return proxy_member(self.context, member)
89
93
def list(self, *args, **kwargs):
90
94
members = self.member_repo.list(*args, **kwargs)
91
95
if (self.context.is_admin or
92
self.context.owner == self.member_repo.image.owner):
96
self.context.owner == self.image.owner):
93
97
return [proxy_member(self.context, m) for m in members]
94
98
for member in members:
95
99
if member.member_id == self.context.owner:
96
100
return [proxy_member(self.context, member)]
97
101
message = _("You cannot get image member for %s")
98
raise exception.Forbidden(message % self.member_repo.image.image_id)
102
raise exception.Forbidden(message % self.image.image_id)
100
104
def remove(self, image_member):
101
if (self.member_repo.image.owner == self.context.owner or
105
if (self.image.owner == self.context.owner or
102
106
self.context.is_admin):
103
107
self.member_repo.remove(image_member)
105
109
message = _("You cannot delete image member for %s")
106
110
raise exception.Forbidden(message
107
% self.member_repo.image.image_id)
111
% self.image.image_id)
109
113
def add(self, image_member):
110
if (self.member_repo.image.owner == self.context.owner or
114
if (self.image.owner == self.context.owner or
111
115
self.context.is_admin):
112
116
return self.member_repo.add(image_member)
114
118
message = _("You cannot add image member for %s")
115
119
raise exception.Forbidden(message
116
% self.member_repo.image.image_id)
120
% self.image.image_id)
118
122
def save(self, image_member):
119
123
if (self.context.is_admin or
125
129
raise exception.Forbidden(message % image_member.member_id)
128
class ImageFactoryProxy(object):
132
class ImageFactoryProxy(glance.domain.proxy.ImageFactory):
130
134
def __init__(self, image_factory, context):
131
135
self.image_factory = image_factory
132
136
self.context = context
137
kwargs = {'context': self.context}
138
super(ImageFactoryProxy, self).__init__(image_factory,
139
proxy_class=ImageProxy,
134
142
def new_image(self, **kwargs):
135
143
owner = kwargs.pop('owner', self.context.owner)
140
148
"owned by '%s'.")
141
149
raise exception.Forbidden(message % owner)
143
return self.image_factory.new_image(owner=owner, **kwargs)
151
return super(ImageFactoryProxy, self).new_image(owner=owner, **kwargs)
146
154
class ImageMemberFactoryProxy(object):
180
188
return property(get_attr, forbidden, forbidden)
191
class ImmutableLocations(list):
192
def forbidden(self, *args, **kwargs):
193
message = _("You are not permitted to modify locations "
195
raise exception.Forbidden(message)
204
__delitem__ = forbidden
205
__delslice__ = forbidden
208
__setitem__ = forbidden
209
__setslice__ = forbidden
183
212
class ImmutableProperties(dict):
184
213
def forbidden_key(self, key, *args, **kwargs):
185
214
message = _("You are not permitted to modify '%s' on this image.")
227
256
min_disk = _immutable_attr('base', 'min_disk')
228
257
min_ram = _immutable_attr('base', 'min_ram')
229
258
protected = _immutable_attr('base', 'protected')
230
location = _immutable_attr('base', 'location')
259
locations = _immutable_attr('base', 'locations', proxy=ImmutableLocations)
231
260
checksum = _immutable_attr('base', 'checksum')
232
261
owner = _immutable_attr('base', 'owner')
233
262
disk_format = _immutable_attr('base', 'disk_format')
244
273
def get_member_repo(self):
245
274
member_repo = self.base.get_member_repo()
246
return ImageMembershipRepoProxy(member_repo, self.context)
275
return ImageMemberRepoProxy(member_repo, self, self.context)
278
return self.base.get_data()
280
def set_data(self, *args, **kwargs):
281
message = _("You are not permitted to upload data for this image.")
282
raise exception.Forbidden(message)
249
285
class ImmutableMemberProxy(object):
258
294
updated_at = _immutable_attr('base', 'updated_at')
261
class ImageProxy(glance.domain.ImageProxy):
297
class ImageProxy(glance.domain.proxy.Image):
263
299
def __init__(self, image, context):
264
300
self.image = image
271
307
raise exception.Forbidden(message)
273
309
member_repo = self.image.get_member_repo(**kwargs)
274
return ImageMembershipRepoProxy(member_repo, self.context)
310
return ImageMemberRepoProxy(member_repo, self, self.context)