Esempio n. 1
0
    def delete(self, req, image_id, id):
        """
        Removes a membership from the image.
        """
        if req.context.read_only:
            raise webob.exc.HTTPForbidden()
        elif req.context.owner is None:
            raise webob.exc.HTTPUnauthorized(_("No authenticated user"))

        # Make sure the image exists
        try:
            image = db_api.image_get(req.context, image_id)
        except exception.NotFound:
            raise webob.exc.HTTPNotFound()
        except exception.NotAuthorized:
            # If it's private and doesn't belong to them, don't let on
            # that it exists
            msg = _("Access by %(user)s to image %(id)s "
                    "denied") % ({
                        'user': req.context.user,
                        'id': image_id
                    })
            logger.info(msg)
            raise webob.exc.HTTPNotFound()

        # Can they manipulate the membership?
        if not req.context.is_image_sharable(image):
            msg = _("No permission to share that image")
            raise webob.exc.HTTPForbidden(msg)

        # Look up an existing membership
        try:
            session = db_api.get_session()
            member_ref = db_api.image_member_find(req.context,
                                                  image_id,
                                                  id,
                                                  session=session)
            db_api.image_member_delete(req.context,
                                       member_ref,
                                       session=session)
        except exception.NotFound:
            pass

        # Make an appropriate result
        return webob.exc.HTTPNoContent()
Esempio n. 2
0
    def update_all(self, req, image_id, body):
        """
        Replaces the members of the image with those specified in the
        body.  The body is a dict with the following format::

            {"memberships": [
                {"member_id": <MEMBER_ID>,
                 ["can_share": [True|False]]}, ...
            ]}
        """
        if req.context.read_only:
            raise webob.exc.HTTPForbidden()
        elif req.context.owner is None:
            raise webob.exc.HTTPUnauthorized(_("No authenticated user"))

        # Make sure the image exists
        session = db_api.get_session()
        try:
            image = db_api.image_get(req.context, image_id, session=session)
        except exception.NotFound:
            raise webob.exc.HTTPNotFound()
        except exception.NotAuthorized:
            # If it's private and doesn't belong to them, don't let on
            # that it exists
            msg = _("Access by %(user)s to image %(id)s "
                    "denied") % ({
                        'user': req.context.user,
                        'id': image_id
                    })
            logger.info(msg)
            raise webob.exc.HTTPNotFound()

        # Can they manipulate the membership?
        if not req.context.is_image_sharable(image):
            msg = _("No permission to share that image")
            raise webob.exc.HTTPForbidden(msg)

        # Get the membership list
        try:
            memb_list = body['memberships']
        except Exception, e:
            # Malformed entity...
            msg = _("Invalid membership association: %s") % e
            raise webob.exc.HTTPBadRequest(explanation=msg)
Esempio n. 3
0
    def delete(self, req, image_id, id):
        """
        Removes a membership from the image.
        """
        if req.context.read_only:
            raise webob.exc.HTTPForbidden()
        elif req.context.owner is None:
            raise webob.exc.HTTPUnauthorized(_("No authenticated user"))

        # Make sure the image exists
        try:
            image = db_api.image_get(req.context, image_id)
        except exception.NotFound:
            raise webob.exc.HTTPNotFound()
        except exception.NotAuthorized:
            # If it's private and doesn't belong to them, don't let on
            # that it exists
            msg = _("Access by %(user)s to image %(id)s "
                    "denied") % ({'user': req.context.user,
                    'id': image_id})
            logger.info(msg)
            raise webob.exc.HTTPNotFound()

        # Can they manipulate the membership?
        if not req.context.is_image_sharable(image):
            msg = _("No permission to share that image")
            raise webob.exc.HTTPForbidden(msg)

        # Look up an existing membership
        try:
            session = db_api.get_session()
            member_ref = db_api.image_member_find(req.context,
                                                  image_id,
                                                  id,
                                                  session=session)
            db_api.image_member_delete(req.context,
                                       member_ref,
                                       session=session)
        except exception.NotFound:
            pass

        # Make an appropriate result
        return webob.exc.HTTPNoContent()
Esempio n. 4
0
    def update_all(self, req, image_id, body):
        """
        Replaces the members of the image with those specified in the
        body.  The body is a dict with the following format::

            {"memberships": [
                {"member_id": <MEMBER_ID>,
                 ["can_share": [True|False]]}, ...
            ]}
        """
        if req.context.read_only:
            raise webob.exc.HTTPForbidden()
        elif req.context.owner is None:
            raise webob.exc.HTTPUnauthorized(_("No authenticated user"))

        # Make sure the image exists
        session = db_api.get_session()
        try:
            image = db_api.image_get(req.context, image_id, session=session)
        except exception.NotFound:
            raise webob.exc.HTTPNotFound()
        except exception.NotAuthorized:
            # If it's private and doesn't belong to them, don't let on
            # that it exists
            msg = _("Access by %(user)s to image %(id)s "
                    "denied") % ({'user': req.context.user,
                    'id': image_id})
            logger.info(msg)
            raise webob.exc.HTTPNotFound()

        # Can they manipulate the membership?
        if not req.context.is_image_sharable(image):
            msg = _("No permission to share that image")
            raise webob.exc.HTTPForbidden(msg)

        # Get the membership list
        try:
            memb_list = body['memberships']
        except Exception, e:
            # Malformed entity...
            msg = _("Invalid membership association: %s") % e
            raise webob.exc.HTTPBadRequest(explanation=msg)
Esempio n. 5
0
            msg = _("No permission to share that image")
            raise webob.exc.HTTPForbidden(msg)

        # Determine the applicable can_share value
        can_share = None
        if body:
            try:
                can_share = bool(body['member']['can_share'])
            except Exception, e:
                # Malformed entity...
                msg = _("Invalid membership association: %s") % e
                raise webob.exc.HTTPBadRequest(explanation=msg)

        # Look up an existing membership...
        try:
            session = db_api.get_session()
            membership = db_api.image_member_find(req.context,
                                                  image_id,
                                                  id,
                                                  session=session)
            if can_share is not None:
                values = dict(can_share=can_share)
                db_api.image_member_update(req.context,
                                           membership,
                                           values,
                                           session=session)
        except exception.NotFound:
            values = dict(image_id=image['id'],
                          member=id,
                          can_share=bool(can_share))
            db_api.image_member_create(req.context, values, session=session)
Esempio n. 6
0
            msg = _("No permission to share that image")
            raise webob.exc.HTTPForbidden(msg)

        # Determine the applicable can_share value
        can_share = None
        if body:
            try:
                can_share = bool(body['member']['can_share'])
            except Exception, e:
                # Malformed entity...
                msg = _("Invalid membership association: %s") % e
                raise webob.exc.HTTPBadRequest(explanation=msg)

        # Look up an existing membership...
        try:
            session = db_api.get_session()
            membership = db_api.image_member_find(req.context,
                                                  image_id, id,
                                                  session=session)
            if can_share is not None:
                values = dict(can_share=can_share)
                db_api.image_member_update(req.context, membership, values,
                                           session=session)
        except exception.NotFound:
            values = dict(image_id=image['id'], member=id,
                          can_share=bool(can_share))
            db_api.image_member_create(req.context, values, session=session)

        return webob.exc.HTTPNoContent()

    def delete(self, req, image_id, id):