def delete(self, result_id): curr_user = self.get_secure_cookie(auth_const.OPENID) curr_user_role = self.get_secure_cookie(auth_const.ROLE) if curr_user is not None: query = {'_id': objectid.ObjectId(result_id)} test_data = yield dbapi.db_find_one(self.table, query) if not test_data: raises.NotFound(message.not_found(self.table, query)) if curr_user == test_data['owner'] or \ curr_user_role.find('administrator') != -1: self._delete(query=query) else: raises.Forbidden(message.no_auth()) else: raises.Unauthorized(message.no_auth())
def _post(self): query = {'openid': self.json_args['reviewer_openid']} user = yield dbapi.db_find_one('users', query) if not user: raises.Forbidden(message.unauthorized()) role = self.get_secure_cookie(auth_const.ROLE) if 'reviewer' not in role.split(','): raises.Unauthorized(message.no_auth()) test = yield dbapi.db_find_one('tests', {'id': self.json_args['test_id']}) if test['owner'] == self.json_args['reviewer_openid']: self.finish_request({ 'code': 403, 'msg': 'No permision to review own results' }) return query = { 'reviewer_openid': self.json_args['reviewer_openid'], 'test_id': self.json_args['test_id'] } review = yield dbapi.db_find_one(self.table, query) if review: if review['outcome'] != self.json_args['outcome']: yield dbapi.db_update( self.table, query, { '$set': { 'outcome': self.json_args['outcome'], 'creation_date': datetime.now() } }) self.finish_request() else: self.json_args['reviewer_name'] = user['fullname'] self.json_args['reviewer_email'] = user['email'] self._create(miss_fields=[], carriers=[])
def check_auth(self, item, value): logging.debug('check_auth') user = self.get_secure_cookie(auth_const.OPENID) query = {} if item == "status": if value == "private" or value == "review": logging.debug('check review') query['user_id'] = user data = yield dbapi.db_find_one('applications', query) if data: logging.debug('results are bound to an application') raise gen.Return((False, message.no_auth())) if value == "verified": logging.debug('check verify') query['role'] = {"$regex": ".*administrator.*"} query['openid'] = user data = yield dbapi.db_find_one('users', query) if not data: logging.debug('not found') raise gen.Return((False, message.no_auth())) raise gen.Return((True, {}))
def put(self): db_keys = [] openid = self.get_secure_cookie(auth_const.OPENID) if openid: query = {'openid': openid} user = yield dbapi.db_find_one(self.table, query) if not user: raises.NotFound(message.not_found(self.table, query)) self._update(query=query, db_keys=db_keys) else: raises.Unauthorized(message.no_auth())
def get(self): """ @description: Retrieve result(s) for a test project on a specific pod. @notes: Retrieve result(s) for a test project on a specific pod. Available filters for this request are : - id : Test id - period : x last days, incompatible with from/to - from : starting time in 2016-01-01 or 2016-01-01 00:01:23 - to : ending time in 2016-01-01 or 2016-01-01 00:01:23 - signed : get logined user result GET /results/project=functest&case=vPing&version=Arno-R1 \ &pod=pod_name&period=15&signed @return 200: all test results consist with query, empty list if no result is found @rtype: L{Tests} """ def descend_limit(): descend = self.get_query_argument('descend', 'true') return -1 if descend.lower() == 'true' else 1 def last_limit(): return self.get_int('last', self.get_query_argument('last', 0)) def page_limit(): return self.get_int('page', self.get_query_argument('page', 0)) limitations = { 'sort': { '_id': descend_limit() }, 'last': last_limit(), 'page': page_limit(), 'per_page': CONF.api_results_per_page } curr_user = self.get_secure_cookie(auth_const.OPENID) if curr_user is None: raises.Unauthorized(message.no_auth()) review = self.request.query_arguments.pop('review', None) query = yield self.set_query() if review: yield self._list(query=query, res_op=self.check_review, **limitations) else: yield self._list(query=query, **limitations) logging.debug('list end')
def _del(self): query = {'openid': self.json_args['reviewer_openid']} user = yield dbapi.db_find_one('users', query) if not user: raises.Forbidden(message.unauthorized()) role = self.get_secure_cookie(auth_const.ROLE) if 'reviewer' not in role.split(','): raises.Unauthorized(message.no_auth()) test = yield dbapi.db_find_one( 'tests', {'id': self.json_args['test_id']}) if test['owner'] == self.json_args['reviewer_openid']: self.finish_request({'code': 403, 'msg': 'No permision to review own results'}) return query = { 'reviewer_openid': self.json_args['reviewer_openid'], 'test_id': self.json_args['test_id'] } yield dbapi.db_delete(self.table, query) self.finish_request()