def delete(self, req, image_id, id): """ Removes a membership from the image. """ if req.context.read_only: raise webob.exc.HTTPForbidden() elif req.context.owner is None: raise webob.exc.HTTPUnauthorized(_("No authenticated user")) # Make sure the image exists try: image = db_api.image_get(req.context, image_id) except exception.NotFound: raise webob.exc.HTTPNotFound() except exception.NotAuthorized: # If it's private and doesn't belong to them, don't let on # that it exists msg = _("Access by %(user)s to image %(id)s " "denied") % ({ 'user': req.context.user, 'id': image_id }) logger.info(msg) raise webob.exc.HTTPNotFound() # Can they manipulate the membership? if not req.context.is_image_sharable(image): msg = _("No permission to share that image") raise webob.exc.HTTPForbidden(msg) # Look up an existing membership try: session = db_api.get_session() member_ref = db_api.image_member_find(req.context, image_id, id, session=session) db_api.image_member_delete(req.context, member_ref, session=session) except exception.NotFound: pass # Make an appropriate result return webob.exc.HTTPNoContent()
def update_all(self, req, image_id, body): """ Replaces the members of the image with those specified in the body. The body is a dict with the following format:: {"memberships": [ {"member_id": <MEMBER_ID>, ["can_share": [True|False]]}, ... ]} """ if req.context.read_only: raise webob.exc.HTTPForbidden() elif req.context.owner is None: raise webob.exc.HTTPUnauthorized(_("No authenticated user")) # Make sure the image exists session = db_api.get_session() try: image = db_api.image_get(req.context, image_id, session=session) except exception.NotFound: raise webob.exc.HTTPNotFound() except exception.NotAuthorized: # If it's private and doesn't belong to them, don't let on # that it exists msg = _("Access by %(user)s to image %(id)s " "denied") % ({ 'user': req.context.user, 'id': image_id }) logger.info(msg) raise webob.exc.HTTPNotFound() # Can they manipulate the membership? if not req.context.is_image_sharable(image): msg = _("No permission to share that image") raise webob.exc.HTTPForbidden(msg) # Get the membership list try: memb_list = body['memberships'] except Exception, e: # Malformed entity... msg = _("Invalid membership association: %s") % e raise webob.exc.HTTPBadRequest(explanation=msg)
def delete(self, req, image_id, id): """ Removes a membership from the image. """ if req.context.read_only: raise webob.exc.HTTPForbidden() elif req.context.owner is None: raise webob.exc.HTTPUnauthorized(_("No authenticated user")) # Make sure the image exists try: image = db_api.image_get(req.context, image_id) except exception.NotFound: raise webob.exc.HTTPNotFound() except exception.NotAuthorized: # If it's private and doesn't belong to them, don't let on # that it exists msg = _("Access by %(user)s to image %(id)s " "denied") % ({'user': req.context.user, 'id': image_id}) logger.info(msg) raise webob.exc.HTTPNotFound() # Can they manipulate the membership? if not req.context.is_image_sharable(image): msg = _("No permission to share that image") raise webob.exc.HTTPForbidden(msg) # Look up an existing membership try: session = db_api.get_session() member_ref = db_api.image_member_find(req.context, image_id, id, session=session) db_api.image_member_delete(req.context, member_ref, session=session) except exception.NotFound: pass # Make an appropriate result return webob.exc.HTTPNoContent()
def update_all(self, req, image_id, body): """ Replaces the members of the image with those specified in the body. The body is a dict with the following format:: {"memberships": [ {"member_id": <MEMBER_ID>, ["can_share": [True|False]]}, ... ]} """ if req.context.read_only: raise webob.exc.HTTPForbidden() elif req.context.owner is None: raise webob.exc.HTTPUnauthorized(_("No authenticated user")) # Make sure the image exists session = db_api.get_session() try: image = db_api.image_get(req.context, image_id, session=session) except exception.NotFound: raise webob.exc.HTTPNotFound() except exception.NotAuthorized: # If it's private and doesn't belong to them, don't let on # that it exists msg = _("Access by %(user)s to image %(id)s " "denied") % ({'user': req.context.user, 'id': image_id}) logger.info(msg) raise webob.exc.HTTPNotFound() # Can they manipulate the membership? if not req.context.is_image_sharable(image): msg = _("No permission to share that image") raise webob.exc.HTTPForbidden(msg) # Get the membership list try: memb_list = body['memberships'] except Exception, e: # Malformed entity... msg = _("Invalid membership association: %s") % e raise webob.exc.HTTPBadRequest(explanation=msg)
msg = _("No permission to share that image") raise webob.exc.HTTPForbidden(msg) # Determine the applicable can_share value can_share = None if body: try: can_share = bool(body['member']['can_share']) except Exception, e: # Malformed entity... msg = _("Invalid membership association: %s") % e raise webob.exc.HTTPBadRequest(explanation=msg) # Look up an existing membership... try: session = db_api.get_session() membership = db_api.image_member_find(req.context, image_id, id, session=session) if can_share is not None: values = dict(can_share=can_share) db_api.image_member_update(req.context, membership, values, session=session) except exception.NotFound: values = dict(image_id=image['id'], member=id, can_share=bool(can_share)) db_api.image_member_create(req.context, values, session=session)
msg = _("No permission to share that image") raise webob.exc.HTTPForbidden(msg) # Determine the applicable can_share value can_share = None if body: try: can_share = bool(body['member']['can_share']) except Exception, e: # Malformed entity... msg = _("Invalid membership association: %s") % e raise webob.exc.HTTPBadRequest(explanation=msg) # Look up an existing membership... try: session = db_api.get_session() membership = db_api.image_member_find(req.context, image_id, id, session=session) if can_share is not None: values = dict(can_share=can_share) db_api.image_member_update(req.context, membership, values, session=session) except exception.NotFound: values = dict(image_id=image['id'], member=id, can_share=bool(can_share)) db_api.image_member_create(req.context, values, session=session) return webob.exc.HTTPNoContent() def delete(self, req, image_id, id):