def put(self, id, **kw): """Handler for update item. Should return full info with updates.""" product = db.get_product(id) vendor_id = product['organization_id'] vendor = db.get_organization(vendor_id) is_admin = (api_utils.check_user_is_foundation_admin() or api_utils.check_user_is_vendor_admin(vendor_id)) if not is_admin: pecan.abort(403, 'Forbidden.') product_info = {'id': id} if 'name' in kw: product_info['name'] = kw['name'] if 'description' in kw: product_info['description'] = kw['description'] if 'product_ref_id' in kw: product_info['product_ref_id'] = kw['product_ref_id'] if 'public' in kw: # user can mark product as public only if # his/her vendor is public(official) public = api_utils.str_to_bool(kw['public']) if (vendor['type'] not in (const.OFFICIAL_VENDOR, const.FOUNDATION) and public): pecan.abort(403, 'Forbidden.') product_info['public'] = public if 'properties' in kw: product_info['properties'] = json.dumps(kw['properties']) db.update_product(product_info) pecan.response.status = 200 product = db.get_product(id) product['can_manage'] = True return product
def get_one(self, id, version_id): """Get specific version information.""" product = db.get_product(id) vendor_id = product['organization_id'] is_admin = (api_utils.check_user_is_foundation_admin() or api_utils.check_user_is_vendor_admin(vendor_id)) if not product['public'] and not is_admin: pecan.abort(403, 'Forbidden.') allowed_keys = ['id', 'product_id', 'version', 'cpid'] return db.get_product_version(version_id, allowed_keys=allowed_keys)
def get_one(self, id): """Get information about product.""" allowed_keys = ['id', 'name', 'description', 'product_ref_id', 'product_type', 'public', 'properties', 'created_at', 'updated_at', 'organization_id', 'created_by_user', 'type'] product = db.get_product(id, allowed_keys=allowed_keys) vendor_id = product['organization_id'] is_admin = (api_utils.check_user_is_foundation_admin() or api_utils.check_user_is_vendor_admin(vendor_id)) if not is_admin and not product['public']: pecan.abort(403, 'Forbidden.') if not is_admin: admin_only_keys = ['created_by_user', 'created_at', 'updated_at', 'properties'] for key in product.keys(): if key in admin_only_keys: product.pop(key) product['can_manage'] = is_admin return product
def check_user_is_product_admin(product_id): """Check if the current user is in the vendor group for a product.""" product = db.get_product(product_id) vendor_id = product['organization_id'] return check_user_is_vendor_admin(vendor_id)
def get(self): """Get information of all uploaded test results. Get information of all uploaded test results in descending chronological order. Make it possible to specify some input parameters for filtering. For example: /v1/results?page=<page number>&cpid=1234. By default, page is set to page number 1, if the page parameter is not specified. """ expected_input_params = [ const.START_DATE, const.END_DATE, const.CPID, const.SIGNED, const.VERIFICATION_STATUS, const.PRODUCT_ID ] filters = api_utils.parse_input_params(expected_input_params) if const.PRODUCT_ID in filters: product = db.get_product(filters[const.PRODUCT_ID]) vendor_id = product['organization_id'] is_admin = (api_utils.check_user_is_foundation_admin() or api_utils.check_user_is_vendor_admin(vendor_id)) if is_admin: filters[const.ALL_PRODUCT_TESTS] = True elif not product['public']: pecan.abort(403, 'Forbidden.') records_count = db.get_test_records_count(filters) page_number, total_pages_number = \ api_utils.get_page_number(records_count) try: per_page = CONF.api.results_per_page results = db.get_test_records(page_number, per_page, filters) is_foundation = api_utils.check_user_is_foundation_admin() for result in results: if not (api_utils.check_owner(result['id']) or is_foundation): # Don't expose product info if the product is not public. if (result.get('product_version') and not result['product_version']['product_info'] ['public']): result['product_version'] = None # Only show all metadata if the user is the owner or a # member of the Foundation group. result['meta'] = { k: v for k, v in result['meta'].items() if k in MetadataController.rw_access_keys } result.update({ 'url': parse.urljoin(CONF.ui_url, CONF.api.test_results_url) % result['id'] }) page = { 'results': results, 'pagination': { 'current_page': page_number, 'total_pages': total_pages_number } } except Exception as ex: LOG.debug('An error occurred during ' 'operation with database: %s' % str(ex)) pecan.abort(500) return page
def check_user_is_product_admin(product_id, user_id=None): """Check if the current user is in the vendor group for a product.""" product = db.get_product(product_id) vendor_id = product['organization_id'] return check_user_is_vendor_admin(vendor_id, user_id=user_id)