Exemple #1
0
    def update(self, req, image_id, id, body=None):
        """
        Adds a membership to the image, or updates an existing one.
        If a body is present, it is a dict with the following format::

            {"member": {
                "can_share": [True|False]
            }}

        If "can_share" is provided, the member's ability to share is
        set accordingly.  If it is not provided, existing memberships
        remain unchanged and new memberships default to False.
        """
        if req.context.read_only:
            raise webob.exc.HTTPForbidden()
        elif req.context.owner is None:
            raise webob.exc.HTTPUnauthorized(_("No authenticated user"))

        # Make sure the image exists
        try:
            image = db_api.image_get(req.context, image_id)
        except exception.NotFound:
            raise webob.exc.HTTPNotFound()
        except exception.NotAuthorized:
            # If it's private and doesn't belong to them, don't let on
            # that it exists
            msg = _("Access by %(user)s to image %(id)s "
                    "denied") % ({
                        'user': req.context.user,
                        'id': image_id
                    })
            logger.info(msg)
            raise webob.exc.HTTPNotFound()

        # Can they manipulate the membership?
        if not req.context.is_image_sharable(image):
            msg = _("No permission to share that image")
            raise webob.exc.HTTPForbidden(msg)

        # Determine the applicable can_share value
        can_share = None
        if body:
            try:
                can_share = bool(body['member']['can_share'])
            except Exception, e:
                # Malformed entity...
                msg = _("Invalid membership association: %s") % e
                raise webob.exc.HTTPBadRequest(explanation=msg)
Exemple #2
0
    def show(self, req, id):
        """Return data about the given image id."""
        try:
            image = db_api.image_get(req.context, id)
        except exception.NotFound:
            raise exc.HTTPNotFound()
        except exception.NotAuthorized:
            # If it's private and doesn't belong to them, don't let on
            # that it exists
            msg = _("Access by %(user)s to image %(id)s "
                    "denied") % ({'user': req.context.user,
                    'id': id})
            logger.info(msg)
            raise exc.HTTPNotFound()

        return dict(image=make_image_dict(image))
Exemple #3
0
    def update(self, req, image_id, id, body=None):
        """
        Adds a membership to the image, or updates an existing one.
        If a body is present, it is a dict with the following format::

            {"member": {
                "can_share": [True|False]
            }}

        If "can_share" is provided, the member's ability to share is
        set accordingly.  If it is not provided, existing memberships
        remain unchanged and new memberships default to False.
        """
        if req.context.read_only:
            raise webob.exc.HTTPForbidden()
        elif req.context.owner is None:
            raise webob.exc.HTTPUnauthorized(_("No authenticated user"))

        # Make sure the image exists
        try:
            image = db_api.image_get(req.context, image_id)
        except exception.NotFound:
            raise webob.exc.HTTPNotFound()
        except exception.NotAuthorized:
            # If it's private and doesn't belong to them, don't let on
            # that it exists
            msg = _("Access by %(user)s to image %(id)s "
                    "denied") % ({'user': req.context.user,
                    'id': image_id})
            logger.info(msg)
            raise webob.exc.HTTPNotFound()

        # Can they manipulate the membership?
        if not req.context.is_image_sharable(image):
            msg = _("No permission to share that image")
            raise webob.exc.HTTPForbidden(msg)

        # Determine the applicable can_share value
        can_share = None
        if body:
            try:
                can_share = bool(body['member']['can_share'])
            except Exception, e:
                # Malformed entity...
                msg = _("Invalid membership association: %s") % e
                raise webob.exc.HTTPBadRequest(explanation=msg)
Exemple #4
0
    def delete(self, req, image_id, id):
        """
        Removes a membership from the image.
        """
        if req.context.read_only:
            raise webob.exc.HTTPForbidden()
        elif req.context.owner is None:
            raise webob.exc.HTTPUnauthorized(_("No authenticated user"))

        # Make sure the image exists
        try:
            image = db_api.image_get(req.context, image_id)
        except exception.NotFound:
            raise webob.exc.HTTPNotFound()
        except exception.NotAuthorized:
            # If it's private and doesn't belong to them, don't let on
            # that it exists
            msg = _("Access by %(user)s to image %(id)s "
                    "denied") % ({
                        'user': req.context.user,
                        'id': image_id
                    })
            logger.info(msg)
            raise webob.exc.HTTPNotFound()

        # Can they manipulate the membership?
        if not req.context.is_image_sharable(image):
            msg = _("No permission to share that image")
            raise webob.exc.HTTPForbidden(msg)

        # Look up an existing membership
        try:
            session = db_api.get_session()
            member_ref = db_api.image_member_find(req.context,
                                                  image_id,
                                                  id,
                                                  session=session)
            db_api.image_member_delete(req.context,
                                       member_ref,
                                       session=session)
        except exception.NotFound:
            pass

        # Make an appropriate result
        return webob.exc.HTTPNoContent()
Exemple #5
0
    def show(self, req, id):
        """Return data about the given image id."""
        try:
            image = db_api.image_get(req.context, id)
        except exception.NotFound:
            raise exc.HTTPNotFound()
        except exception.NotAuthorized:
            # If it's private and doesn't belong to them, don't let on
            # that it exists
            msg = _("Access by %(user)s to image %(id)s "
                    "denied") % ({
                        'user': req.context.user,
                        'id': id
                    })
            logger.info(msg)
            raise exc.HTTPNotFound()

        return dict(image=make_image_dict(image))
Exemple #6
0
    def update_all(self, req, image_id, body):
        """
        Replaces the members of the image with those specified in the
        body.  The body is a dict with the following format::

            {"memberships": [
                {"member_id": <MEMBER_ID>,
                 ["can_share": [True|False]]}, ...
            ]}
        """
        if req.context.read_only:
            raise webob.exc.HTTPForbidden()
        elif req.context.owner is None:
            raise webob.exc.HTTPUnauthorized(_("No authenticated user"))

        # Make sure the image exists
        session = db_api.get_session()
        try:
            image = db_api.image_get(req.context, image_id, session=session)
        except exception.NotFound:
            raise webob.exc.HTTPNotFound()
        except exception.NotAuthorized:
            # If it's private and doesn't belong to them, don't let on
            # that it exists
            msg = _("Access by %(user)s to image %(id)s "
                    "denied") % ({
                        'user': req.context.user,
                        'id': image_id
                    })
            logger.info(msg)
            raise webob.exc.HTTPNotFound()

        # Can they manipulate the membership?
        if not req.context.is_image_sharable(image):
            msg = _("No permission to share that image")
            raise webob.exc.HTTPForbidden(msg)

        # Get the membership list
        try:
            memb_list = body['memberships']
        except Exception, e:
            # Malformed entity...
            msg = _("Invalid membership association: %s") % e
            raise webob.exc.HTTPBadRequest(explanation=msg)
Exemple #7
0
    def delete(self, req, image_id, id):
        """
        Removes a membership from the image.
        """
        if req.context.read_only:
            raise webob.exc.HTTPForbidden()
        elif req.context.owner is None:
            raise webob.exc.HTTPUnauthorized(_("No authenticated user"))

        # Make sure the image exists
        try:
            image = db_api.image_get(req.context, image_id)
        except exception.NotFound:
            raise webob.exc.HTTPNotFound()
        except exception.NotAuthorized:
            # If it's private and doesn't belong to them, don't let on
            # that it exists
            msg = _("Access by %(user)s to image %(id)s "
                    "denied") % ({'user': req.context.user,
                    'id': image_id})
            logger.info(msg)
            raise webob.exc.HTTPNotFound()

        # Can they manipulate the membership?
        if not req.context.is_image_sharable(image):
            msg = _("No permission to share that image")
            raise webob.exc.HTTPForbidden(msg)

        # Look up an existing membership
        try:
            session = db_api.get_session()
            member_ref = db_api.image_member_find(req.context,
                                                  image_id,
                                                  id,
                                                  session=session)
            db_api.image_member_delete(req.context,
                                       member_ref,
                                       session=session)
        except exception.NotFound:
            pass

        # Make an appropriate result
        return webob.exc.HTTPNoContent()
Exemple #8
0
    def update_all(self, req, image_id, body):
        """
        Replaces the members of the image with those specified in the
        body.  The body is a dict with the following format::

            {"memberships": [
                {"member_id": <MEMBER_ID>,
                 ["can_share": [True|False]]}, ...
            ]}
        """
        if req.context.read_only:
            raise webob.exc.HTTPForbidden()
        elif req.context.owner is None:
            raise webob.exc.HTTPUnauthorized(_("No authenticated user"))

        # Make sure the image exists
        session = db_api.get_session()
        try:
            image = db_api.image_get(req.context, image_id, session=session)
        except exception.NotFound:
            raise webob.exc.HTTPNotFound()
        except exception.NotAuthorized:
            # If it's private and doesn't belong to them, don't let on
            # that it exists
            msg = _("Access by %(user)s to image %(id)s "
                    "denied") % ({'user': req.context.user,
                    'id': image_id})
            logger.info(msg)
            raise webob.exc.HTTPNotFound()

        # Can they manipulate the membership?
        if not req.context.is_image_sharable(image):
            msg = _("No permission to share that image")
            raise webob.exc.HTTPForbidden(msg)

        # Get the membership list
        try:
            memb_list = body['memberships']
        except Exception, e:
            # Malformed entity...
            msg = _("Invalid membership association: %s") % e
            raise webob.exc.HTTPBadRequest(explanation=msg)
Exemple #9
0
    def index(self, req, image_id):
        """
        Get the members of an image.
        """
        try:
            image = db_api.image_get(req.context, image_id)
        except exception.NotFound:
            raise webob.exc.HTTPNotFound()
        except exception.NotAuthorized:
            # If it's private and doesn't belong to them, don't let on
            # that it exists
            msg = _("Access by %(user)s to image %(id)s "
                    "denied") % ({'user': req.context.user,
                    'id': image_id})
            logger.info(msg)
            raise webob.exc.HTTPNotFound()

        return dict(members=make_member_list(image['members'],
                                             member_id='member',
                                             can_share='can_share'))
Exemple #10
0
    def index(self, req, image_id):
        """
        Get the members of an image.
        """
        try:
            image = db_api.image_get(req.context, image_id)
        except exception.NotFound:
            raise webob.exc.HTTPNotFound()
        except exception.NotAuthorized:
            # If it's private and doesn't belong to them, don't let on
            # that it exists
            msg = _("Access by %(user)s to image %(id)s "
                    "denied") % ({
                        'user': req.context.user,
                        'id': image_id
                    })
            logger.info(msg)
            raise webob.exc.HTTPNotFound()

        return dict(members=make_member_list(
            image['members'], member_id='member', can_share='can_share'))
Exemple #11
0
 def test_image_get_force_allow_deleted(self):
     db_api.image_destroy(self.adm_context, UUID1)
     image = db_api.image_get(self.context, UUID1, force_show_deleted=True)
     self.assertEquals(image['id'], FIXTURES[0]['id'])
Exemple #12
0
 def test_image_get(self):
     image = db_api.image_get(self.context, UUID1)
     self.assertEquals(image['id'], FIXTURES[0]['id'])
Exemple #13
0
 def test_image_get_force_allow_deleted(self):
     db_api.image_destroy(self.adm_context, UUID1)
     image = db_api.image_get(self.context, UUID1, force_show_deleted=True)
     self.assertEquals(image['id'], FIXTURES[0]['id'])
Exemple #14
0
 def test_image_get(self):
     image = db_api.image_get(self.context, UUID1)
     self.assertEquals(image['id'], FIXTURES[0]['id'])