def testRepositoryMismatch(self): try: raise errors.RepositoryMismatch('right', 'wrong') except Exception, err: assert (str(err) == 'Repository name mismatch. The correct repository name ' 'is "right", but it was accessed as "wrong". Check for ' 'incorrect repositoryMap configuration entries.')
def commitCheck(self, authToken, nameVersionList): """ checks that we can commit to a list of (name, version) tuples """ self.log(3, authToken[0], "entitlements=%s" % (authToken[2], ), nameVersionList) checkDict = {} # nameVersionList can actually be an iterator, so we need to keep # a list of the trove names we're dealing with troveList = [] # first check that we handle all the labels we're asked about for i, (n, v) in enumerate(nameVersionList): label = v.branch().label() if label.getHost() not in self.serverNameList: raise errors.RepositoryMismatch(self.serverNameList, label.getHost()) l = checkDict.setdefault(label.asString(), set()) troveList.append(n) l.add(i) # default to all failing retlist = [False] * len(troveList) if not authToken[0]: return retlist # check groupIds. this is the same as the self.check() function cu = self.db.cursor() try: groupIds = self.getAuthRoles(cu, authToken) except errors.InsufficientPermission: return retlist if not len(groupIds): return retlist # build the query statement for permissions check stmt = """ select Items.item from Permissions join Items using (itemId) """ where = ["Permissions.canWrite=1"] where.append("Permissions.userGroupId IN (%s)" % ",".join("%d" % x for x in groupIds)) if len(checkDict): where.append("""( Permissions.labelId = 0 OR Permissions.labelId in (select labelId from Labels where label=?) )""") stmt += "WHERE " + " AND ".join(where) # we need to test for each label separately in case we have # mutiple troves living of multiple lables with different # permission settings for label in checkDict.iterkeys(): cu.execute(stmt, label) patterns = [x[0] for x in cu] for i in checkDict[label]: for pattern in patterns: if self.checkTrove(pattern, troveList[i]): retlist[i] = True break return retlist
def batchCheck(self, authToken, troveList, write=False, cu=None): """ checks access permissions for a set of *existing* troves in the repository """ # troveTupList is a list of (name, VFS) tuples self.log(3, authToken[0], "entitlements=%s write=%s" % (authToken[2], int(bool(write))), troveList) # process/check the troveList, which can be an iterator checkList = [] for i, (n, v, f) in enumerate(troveList): h = versions.VersionFromString(v).getHost() if h not in self.serverNameList: raise errors.RepositoryMismatch(self.serverNameList, h) checkList.append((i, n, v, f)) # default to all failing retlist = [False] * len(checkList) if not authToken[0]: return retlist # check groupIds if cu is None: cu = self.db.cursor() try: groupIds = self.getAuthRoles(cu, authToken) except errors.InsufficientPermission: return retlist if not len(groupIds): return retlist resetTable(cu, "tmpNVF") self.db.bulkload("tmpNVF", checkList, ["idx", "name", "version", "flavor"], start_transaction=False) self.db.analyze("tmpNVF") writeCheck = '' if write: writeCheck = "and ugi.canWrite = 1" cu.execute(""" select t.idx, i.instanceId from tmpNVF as t join Items on t.name = Items.item join Versions on t.version = Versions.version join Flavors on t.flavor = Flavors.flavor join Instances as i on i.itemId = Items.itemId and i.versionId = Versions.versionId and i.flavorId = Flavors.flavorId join UserGroupInstancesCache as ugi on i.instanceId = ugi.instanceId where ugi.userGroupId in (%s) %s""" % (",".join("%d" % x for x in groupIds), writeCheck)) for i, instanceId in cu: retlist[i] = True return retlist
def getFileContents(self, itemList): contents = [] for item in itemList: (fileId, fileVersion) = item[0:2] # the get trove netclient provides doesn't work with a # FilesystemRepository (it needs to create a change set which gets # passed) if fileVersion.getHost() in self.serverNameList: fileObj = item[2] cont = filecontents.FromDataStore(self.contentsStore, fileObj.contents.sha1()) else: raise errors.RepositoryMismatch(self.serverNameList, fileVersion.getHost()) contents.append(cont) return contents
def getFileVersion(self, pathId, fileId, fileVersion, withContents = 0): # the get trove netclient provides doesn't work with a # FilesystemRepository (it needs to create a change set which gets # passed) if fileVersion.getHost() not in self.serverNameList: raise errors.RepositoryMismatch(self.serverNameList, fileVersion.getHost()) fileObj = self.troveStore.getFile(pathId, fileId) if withContents: if fileObj.hasContents: cont = filecontents.FromDataStore(self.contentsStore, file.contents.sha1()) else: cont = None return (fileObj, cont) return fileObj
def check(self, authToken, write=False, label=None, trove=None, remove=False, allowAnonymous=True): self.log( 3, authToken[0], "entitlements=%s write=%s label=%s trove=%s remove=%s" % (authToken[2], int(bool(write)), label, trove, int(bool(remove)))) if label and label.getHost() not in self.serverNameList: raise errors.RepositoryMismatch(self.serverNameList, label.getHost()) if not authToken[0]: return False cu = self.db.cursor() try: groupIds = self.getAuthRoles(cu, authToken, allowAnonymous=allowAnonymous) except errors.InsufficientPermission: return False if len(groupIds) < 1: return False elif not label and not trove and not remove and not write: # no more checks to do -- the authentication information is valid return True stmt = """ select Items.item from Permissions join items using (itemId) """ params = [] where = [] if len(groupIds): where.append("Permissions.userGroupId IN (%s)" % ",".join("%d" % x for x in groupIds)) if label: where.append(""" ( Permissions.labelId = 0 OR Permissions.labelId in ( select labelId from Labels where Labels.label = ? ) ) """) params.append(label.asString()) if write: where.append("Permissions.canWrite=1") if remove: where.append("Permissions.canRemove=1") if where: stmt += "WHERE " + " AND ".join(where) self.log(4, stmt, params) cu.execute(stmt, params) for (pattern, ) in cu: if self.checkTrove(pattern, trove): return True return False