def index(self, req, namespace, marker=None, limit=None, sort_key='created_at', sort_dir='desc', filters=None): try: ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: namespace_obj = ns_repo.get(namespace) except exception.Forbidden: # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise exception.NotFound(msg) # NOTE(abhishekk): This is just a "do you have permission to # list objects" check. Each object is checked against # get_metadef_object below. api_policy.MetadefAPIPolicy( req.context, md_resource=namespace_obj, enforcer=self.policy).get_metadef_objects() filters = filters or dict() filters['namespace'] = namespace object_repo = self.gateway.get_metadef_object_repo( req.context, authorization_layer=False) db_metaobject_list = object_repo.list(marker=marker, limit=limit, sort_key=sort_key, sort_dir=sort_dir, filters=filters) object_list = [ MetadefObject.to_wsme_model(obj, get_object_href(namespace, obj), self.obj_schema_link) for obj in db_metaobject_list if api_policy.MetadefAPIPolicy( req.context, md_resource=obj.namespace, enforcer=self.policy).check('get_metadef_object') ] metadef_objects = MetadefObjects() metadef_objects.objects = object_list except exception.Forbidden as e: LOG.debug( "User not permitted to retrieve metadata objects within " "'%s' namespace", namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg) return metadef_objects
def show(self, req, namespace, object_name): meta_object_repo = self.gateway.get_metadef_object_repo( req.context, authorization_layer=False) try: ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: namespace_obj = ns_repo.get(namespace) except exception.Forbidden: # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise exception.NotFound(msg) # NOTE(abhishekk): Metadef objects are associated with # namespace, so made provision to pass namespace here # for visibility check api_policy.MetadefAPIPolicy( req.context, md_resource=namespace_obj, enforcer=self.policy).get_metadef_object() metadef_object = meta_object_repo.get(namespace, object_name) return MetadefObject.to_wsme_model( metadef_object, get_object_href(namespace, metadef_object), self.obj_schema_link) except exception.Forbidden as e: LOG.debug( "User not permitted to show metadata object '%s' " "within '%s' namespace", namespace, object_name) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg)
def delete(self, req, namespace, object_name): meta_repo = self.gateway.get_metadef_object_repo( req.context, authorization_layer=False) try: ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: # NOTE(abhishekk): Verifying that namespace is visible # to user namespace_obj = ns_repo.get(namespace) except exception.Forbidden: # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise exception.NotFound(msg) # NOTE(abhishekk): Metadef object is created for Metadef namespaces # Here we are just checking if user is authorized to delete metadef # object or not. api_policy.MetadefAPIPolicy( req.context, md_resource=namespace_obj, enforcer=self.policy).delete_metadef_object() metadef_object = meta_repo.get(namespace, object_name) metadef_object.delete() meta_repo.remove(metadef_object) except exception.Forbidden as e: LOG.debug( "User not permitted to delete metadata object '%s' " "within '%s' namespace", object_name, namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg)
def delete_properties(self, req, namespace): ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: namespace_obj = ns_repo.get(namespace) except (exception.Forbidden, exception.NotFound): # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise webob.exc.HTTPNotFound(explanation=msg) try: # NOTE(abhishekk): This call currently checks whether user # has permission to delete the namespace or not before deleting # the objects associated with it. api_policy.MetadefAPIPolicy( req.context, md_resource=namespace_obj, enforcer=self.policy).delete_metadef_namespace() namespace_obj.delete() ns_repo.remove_properties(namespace_obj) except exception.Forbidden as e: LOG.debug( "User not permitted to delete metadata properties " "within '%s' namespace", namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg)
def delete(self, req, namespace): namespace_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: namespace_obj = namespace_repo.get(namespace) except (exception.Forbidden, exception.NotFound): # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise webob.exc.HTTPNotFound(explanation=msg) try: # NOTE(abhishekk): Here we are just checking user is authorized to # delete the namespace or not. api_policy.MetadefAPIPolicy( req.context, md_resource=namespace_obj, enforcer=self.policy).delete_metadef_namespace() namespace_obj.delete() namespace_repo.remove(namespace_obj) except exception.Forbidden as e: LOG.debug( "User not permitted to delete metadata namespace " "'%s'", namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg)
def index(self, req): try: filters = {'namespace': None} rs_type_repo = self.gateway.get_metadef_resource_type_repo( req.context, authorization_layer=False) # NOTE(abhishekk): Here we are just checking if user is # authorized to view/list metadef resource types or not. # Also there is no relation between list_metadef_resource_types # and get_metadef_resource_type policies so can not enforce # get_metadef_resource_type policy on individual resource # type here. api_policy.MetadefAPIPolicy( req.context, enforcer=self.policy).list_metadef_resource_types() db_resource_type_list = rs_type_repo.list(filters=filters) resource_type_list = [ ResourceType.to_wsme_model(resource_type) for resource_type in db_resource_type_list ] resource_types = ResourceTypes() resource_types.resource_types = resource_type_list except exception.Forbidden as e: LOG.debug("User not permitted to retrieve metadata resource types " "index") raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg) return resource_types
def index(self, req, namespace): ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: namespace_obj = ns_repo.get(namespace) except (exception.Forbidden, exception.NotFound): # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise webob.exc.HTTPNotFound(explanation=msg) try: # NOTE(abhishekk): This is just a "do you have permission to # list properties" check. Each property is checked against # get_metadef_property below. api_policy.MetadefAPIPolicy( req.context, md_resource=namespace_obj, enforcer=self.policy).get_metadef_properties() filters = dict() filters['namespace'] = namespace prop_repo = self.gateway.get_metadef_property_repo( req.context, authorization_layer=False) db_properties = prop_repo.list(filters=filters) property_list = Namespace.to_model_properties(db_properties) namespace_properties = PropertyTypes() namespace_properties.properties = property_list except exception.Forbidden as e: LOG.debug( "User not permitted to retrieve metadata properties " "within '%s' namespace", namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg) return namespace_properties
def delete(self, req, namespace, property_name): prop_repo = self.gateway.get_metadef_property_repo( req.context, authorization_layer=False) ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: namespace_obj = ns_repo.get(namespace) except (exception.Forbidden, exception.NotFound): # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise webob.exc.HTTPNotFound(explanation=msg) try: # NOTE(abhishekk): Metadef property is created for Metadef # namespaces. Here we are just checking if user is authorized # to delete metadef property or not. api_policy.MetadefAPIPolicy( req.context, md_resource=namespace_obj, enforcer=self.policy).remove_metadef_property() property_type = prop_repo.get(namespace, property_name) property_type.delete() prop_repo.remove(property_type) except exception.Forbidden as e: LOG.debug( "User not permitted to delete metadata property '%s' " "within '%s' namespace", property_name, namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg)
def setUp(self): super(TestMetadefAPIPolicy, self).setUp() self.enforcer = mock.MagicMock() self.md_resource = mock.MagicMock() self.context = mock.MagicMock() self.policy = policy.MetadefAPIPolicy(self.context, self.md_resource, enforcer=self.enforcer)
def index(self, req, namespace, marker=None, limit=None, sort_key='created_at', sort_dir='desc', filters=None): ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: namespace_obj = ns_repo.get(namespace) except (exception.Forbidden, exception.NotFound): # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise webob.exc.HTTPNotFound(explanation=msg) try: # NOTE(abhishekk): This is just a "do you have permission to # list tags" check. Each object is checked against # get_metadef_tag below. api_policy.MetadefAPIPolicy( req.context, md_resource=namespace_obj, enforcer=self.policy).get_metadef_tags() filters = filters or dict() filters['namespace'] = namespace tag_repo = self.gateway.get_metadef_tag_repo( req.context, authorization_layer=False) if marker: metadef_tag = tag_repo.get(namespace, marker) marker = metadef_tag.tag_id db_metatag_list = tag_repo.list(marker=marker, limit=limit, sort_key=sort_key, sort_dir=sort_dir, filters=filters) tag_list = [ MetadefTag(**{'name': db_metatag.name}) for db_metatag in db_metatag_list ] metadef_tags = MetadefTags() metadef_tags.tags = tag_list except exception.Forbidden as e: LOG.debug( "User not permitted to retrieve metadata tags " "within '%s' namespace", namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg) return metadef_tags
def show(self, req, namespace): ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: namespace_obj = ns_repo.get(namespace) except (exception.Forbidden, exception.NotFound): # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise webob.exc.HTTPNotFound(explanation=msg) try: # NOTE(abhishekk): Here we are just checking if user is # authorized to view/list metadef resource types or not. # Each resource_type is checked against # get_metadef_resource_type below. api_policy.MetadefAPIPolicy( req.context, md_resource=namespace_obj, enforcer=self.policy).list_metadef_resource_types() filters = {'namespace': namespace} rs_type_repo = self.gateway.get_metadef_resource_type_repo( req.context, authorization_layer=False) db_type_list = rs_type_repo.list(filters=filters) rs_type_list = [ ResourceTypeAssociation.to_wsme_model(rs_type) for rs_type in db_type_list if api_policy.MetadefAPIPolicy( req.context, md_resource=rs_type.namespace, enforcer=self.policy).check('get_metadef_resource_type') ] resource_types = ResourceTypeAssociations() resource_types.resource_type_associations = rs_type_list except exception.Forbidden as e: LOG.debug( "User not permitted to retrieve metadata resource types " "within '%s' namespace", namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg) return resource_types
def show(self, req, namespace, property_name, filters=None): ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: namespace_obj = ns_repo.get(namespace) except (exception.Forbidden, exception.NotFound): # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise webob.exc.HTTPNotFound(explanation=msg) try: # NOTE(abhishekk): Metadef properties are associated with # namespace, so made provision to pass namespace here # for visibility check api_pol = api_policy.MetadefAPIPolicy(req.context, md_resource=namespace_obj, enforcer=self.policy) api_pol.get_metadef_property() if filters and filters['resource_type']: # Verify that you can fetch resource type details api_pol.get_metadef_resource_type() rs_repo = self.gateway.get_metadef_resource_type_repo( req.context, authorization_layer=False) db_resource_type = rs_repo.get(filters['resource_type'], namespace) prefix = db_resource_type.prefix if prefix and property_name.startswith(prefix): property_name = property_name[len(prefix):] else: msg = (_("Property %(property_name)s does not start " "with the expected resource type association " "prefix of '%(prefix)s'.") % { 'property_name': property_name, 'prefix': prefix }) raise exception.NotFound(msg) prop_repo = self.gateway.get_metadef_property_repo( req.context, authorization_layer=False) db_property = prop_repo.get(namespace, property_name) property = self._to_model(db_property) except exception.Forbidden as e: LOG.debug( "User not permitted to show metadata property '%s' " "within '%s' namespace", property_name, namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg) return property
def update(self, req, metadata_object, namespace, object_name): meta_repo = self.gateway.get_metadef_object_repo( req.context, authorization_layer=False) try: ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: # NOTE(abhishekk): Verifying that namespace is visible # to user namespace_obj = ns_repo.get(namespace) except exception.Forbidden: # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise exception.NotFound(msg) # NOTE(abhishekk): Metadef object is created for Metadef namespaces # Here we are just checking if user is authorized to modify metadef # object or not. api_policy.MetadefAPIPolicy( req.context, md_resource=namespace_obj, enforcer=self.policy).modify_metadef_object() metadef_object = meta_repo.get(namespace, object_name) metadef_object._old_name = metadef_object.name metadef_object.name = wsme_utils._get_value(metadata_object.name) metadef_object.description = wsme_utils._get_value( metadata_object.description) metadef_object.required = wsme_utils._get_value( metadata_object.required) metadef_object.properties = wsme_utils._get_value( metadata_object.properties) updated_metadata_obj = meta_repo.save(metadef_object) except exception.Invalid as e: msg = (_("Couldn't update metadata object: %s") % encodeutils.exception_to_unicode(e)) raise webob.exc.HTTPBadRequest(explanation=msg) except exception.Forbidden as e: LOG.debug( "User not permitted to update metadata object '%s' " "within '%s' namespace ", object_name, namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg) except exception.Duplicate as e: raise webob.exc.HTTPConflict(explanation=e.msg) return MetadefObject.to_wsme_model( updated_metadata_obj, get_object_href(namespace, updated_metadata_obj), self.obj_schema_link)
def update(self, req, user_ns, namespace): namespace_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: ns_obj = namespace_repo.get(namespace) except (exception.Forbidden, exception.NotFound): # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise webob.exc.HTTPNotFound(explanation=msg) try: # NOTE(abhishekk): Here we are just checking if use is authorized # to modify the namespace or not api_policy.MetadefAPIPolicy( req.context, md_resource=ns_obj, enforcer=self.policy).modify_metadef_namespace() ns_obj._old_namespace = ns_obj.namespace ns_obj.namespace = wsme_utils._get_value(user_ns.namespace) ns_obj.display_name = wsme_utils._get_value(user_ns.display_name) ns_obj.description = wsme_utils._get_value(user_ns.description) # Following optional fields will default to same values as in # create namespace if not specified ns_obj.visibility = (wsme_utils._get_value(user_ns.visibility) or 'private') ns_obj.protected = (wsme_utils._get_value(user_ns.protected) or False) ns_obj.owner = (wsme_utils._get_value(user_ns.owner) or req.context.owner) updated_namespace = namespace_repo.save(ns_obj) except exception.Invalid as e: msg = (_("Couldn't update metadata namespace: %s") % encodeutils.exception_to_unicode(e)) raise webob.exc.HTTPBadRequest(explanation=msg) except exception.Forbidden as e: LOG.debug( "User not permitted to update metadata namespace " "'%s'", namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg) except exception.Duplicate as e: raise webob.exc.HTTPConflict(explanation=e.msg) return Namespace.to_wsme_model(updated_namespace, get_namespace_href(updated_namespace), self.ns_schema_link)
def create_tags(self, req, metadata_tags, namespace): tag_factory = self.gateway.get_metadef_tag_factory( req.context, authorization_layer=False) tag_repo = self.gateway.get_metadef_tag_repo(req.context, authorization_layer=False) ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: namespace_obj = ns_repo.get(namespace) except (exception.Forbidden, exception.NotFound): # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise webob.exc.HTTPNotFound(explanation=msg) try: # NOTE(abhishekk): Metadef tags is created for Metadef namespaces # Here we are just checking if user is authorized to create metadef # tag or not. api_policy.MetadefAPIPolicy( req.context, md_resource=namespace_obj, enforcer=self.policy).add_metadef_tags() tag_list = [] for metadata_tag in metadata_tags.tags: tag_list.append( tag_factory.new_tag(namespace=namespace, **metadata_tag.to_dict())) tag_repo.add_tags(tag_list) tag_list_out = [ MetadefTag(**{'name': db_metatag.name}) for db_metatag in tag_list ] metadef_tags = MetadefTags() metadef_tags.tags = tag_list_out except exception.Forbidden as e: LOG.debug( "User not permitted to create metadata tags within " "'%s' namespace", namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg) except exception.Duplicate as e: raise webob.exc.HTTPConflict(explanation=e.msg) return metadef_tags
def create(self, req, namespace, tag_name): tag_factory = self.gateway.get_metadef_tag_factory( req.context, authorization_layer=False) tag_repo = self.gateway.get_metadef_tag_repo(req.context, authorization_layer=False) ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: namespace_obj = ns_repo.get(namespace) except (exception.Forbidden, exception.NotFound): # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise webob.exc.HTTPNotFound(explanation=msg) tag_name_as_dict = {'name': tag_name} try: self.schema.validate(tag_name_as_dict) except exception.InvalidObject as e: raise webob.exc.HTTPBadRequest(explanation=e.msg) try: # NOTE(abhishekk): Metadef tags is created for Metadef namespaces # Here we are just checking if user is authorized to create metadef # tag or not. api_policy.MetadefAPIPolicy( req.context, md_resource=namespace_obj, enforcer=self.policy).add_metadef_tag() new_meta_tag = tag_factory.new_tag(namespace=namespace, **tag_name_as_dict) tag_repo.add(new_meta_tag) except exception.Invalid as e: msg = (_("Couldn't create metadata tag: %s") % encodeutils.exception_to_unicode(e)) raise webob.exc.HTTPBadRequest(explanation=msg) except exception.Forbidden as e: LOG.debug( "User not permitted to create metadata tag within " "'%s' namespace", namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg) except exception.Duplicate as e: raise webob.exc.HTTPConflict(explanation=e.msg) return MetadefTag.to_wsme_model(new_meta_tag)
def delete(self, req, namespace, resource_type): rs_type_repo = self.gateway.get_metadef_resource_type_repo( req.context, authorization_layer=False) ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: namespace_obj = ns_repo.get(namespace) except (exception.Forbidden, exception.NotFound): # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise webob.exc.HTTPNotFound(explanation=msg) try: # NOTE(abhishekk): Metadef resource type is created for Metadef # namespaces. Here we are just checking if user is authorized # to delete metadef resource types or not. api_policy.MetadefAPIPolicy( req.context, md_resource=namespace_obj, enforcer=self.policy).remove_metadef_resource_type_association( ) filters = {} found = False filters['namespace'] = namespace db_resource_type_list = rs_type_repo.list(filters=filters) for db_resource_type in db_resource_type_list: if db_resource_type.name == resource_type: db_resource_type.delete() rs_type_repo.remove(db_resource_type) found = True if not found: raise exception.NotFound() except exception.Forbidden as e: LOG.debug( "User not permitted to delete metadata resource type " "'%s' within '%s' namespace", resource_type, namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound: msg = (_("Failed to find resource type %(resourcetype)s to " "delete") % { 'resourcetype': resource_type }) LOG.error(msg) raise webob.exc.HTTPNotFound(explanation=msg)
def create(self, req, metadata_object, namespace): object_factory = self.gateway.get_metadef_object_factory( req.context, authorization_layer=False) object_repo = self.gateway.get_metadef_object_repo( req.context, authorization_layer=False) try: ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: # NOTE(abhishekk): Verifying that namespace is visible # to user namespace_obj = ns_repo.get(namespace) except exception.Forbidden: # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise exception.NotFound(msg) # NOTE(abhishekk): Metadef object is created for Metadef namespaces # Here we are just checking if user is authorized to create metadef # object or not. api_policy.MetadefAPIPolicy( req.context, md_resource=namespace_obj, enforcer=self.policy).add_metadef_object() new_meta_object = object_factory.new_object( namespace=namespace, **metadata_object.to_dict()) object_repo.add(new_meta_object) except exception.Forbidden as e: LOG.debug( "User not permitted to create metadata object within " "'%s' namespace", namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.Invalid as e: msg = (_("Couldn't create metadata object: %s") % encodeutils.exception_to_unicode(e)) raise webob.exc.HTTPBadRequest(explanation=msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg) except exception.Duplicate as e: raise webob.exc.HTTPConflict(explanation=e.msg) return MetadefObject.to_wsme_model( new_meta_object, get_object_href(namespace, new_meta_object), self.obj_schema_link)
def update(self, req, namespace, property_name, property_type): prop_repo = self.gateway.get_metadef_property_repo( req.context, authorization_layer=False) ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: namespace_obj = ns_repo.get(namespace) except (exception.Forbidden, exception.NotFound): # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise webob.exc.HTTPNotFound(explanation=msg) try: # NOTE(abhishekk): Metadef property is created for Metadef # namespaces. Here we are just checking if user is authorized # to update metadef property or not. api_policy.MetadefAPIPolicy( req.context, md_resource=namespace_obj, enforcer=self.policy).modify_metadef_property() db_property_type = prop_repo.get(namespace, property_name) db_property_type._old_name = db_property_type.name db_property_type.name = property_type.name db_property_type.schema = (self._to_dict(property_type))['schema'] updated_property_type = prop_repo.save(db_property_type) except exception.Invalid as e: msg = (_("Couldn't update metadata property: %s") % encodeutils.exception_to_unicode(e)) raise webob.exc.HTTPBadRequest(explanation=msg) except exception.Forbidden as e: LOG.debug( "User not permitted to update metadata property '%s' " "within '%s' namespace", property_name, namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg) except exception.Duplicate as e: raise webob.exc.HTTPConflict(explanation=e.msg) return self._to_model(updated_property_type)
def update(self, req, metadata_tag, namespace, tag_name): meta_repo = self.gateway.get_metadef_tag_repo( req.context, authorization_layer=False) ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: namespace_obj = ns_repo.get(namespace) except (exception.Forbidden, exception.NotFound): # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise webob.exc.HTTPNotFound(explanation=msg) try: # NOTE(abhishekk): Metadef tags is created for Metadef namespaces # Here we are just checking if user is authorized to update metadef # tag or not. api_policy.MetadefAPIPolicy( req.context, md_resource=namespace_obj, enforcer=self.policy).modify_metadef_tag() metadef_tag = meta_repo.get(namespace, tag_name) metadef_tag._old_name = metadef_tag.name metadef_tag.name = wsme_utils._get_value(metadata_tag.name) updated_metadata_tag = meta_repo.save(metadef_tag) except exception.Invalid as e: msg = (_("Couldn't update metadata tag: %s") % encodeutils.exception_to_unicode(e)) raise webob.exc.HTTPBadRequest(explanation=msg) except exception.Forbidden as e: LOG.debug( "User not permitted to update metadata tag '%s' " "within '%s' namespace", tag_name, namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg) except exception.Duplicate as e: raise webob.exc.HTTPConflict(explanation=e.msg) return MetadefTag.to_wsme_model(updated_metadata_tag)
def create(self, req, resource_type, namespace): rs_type_factory = self.gateway.get_metadef_resource_type_factory( req.context, authorization_layer=False) rs_type_repo = self.gateway.get_metadef_resource_type_repo( req.context, authorization_layer=False) ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: namespace_obj = ns_repo.get(namespace) except (exception.Forbidden, exception.NotFound): # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project msg = _("Namespace %s not found") % namespace raise webob.exc.HTTPNotFound(explanation=msg) try: # NOTE(abhishekk): Metadef resource type is created for Metadef # namespaces. Here we are just checking if user is authorized # to create metadef resource types or not. api_policy.MetadefAPIPolicy( req.context, md_resource=namespace_obj, enforcer=self.policy).add_metadef_resource_type_association() new_resource_type = rs_type_factory.new_resource_type( namespace=namespace, **resource_type.to_dict()) rs_type_repo.add(new_resource_type) except exception.Forbidden as e: LOG.debug( "User not permitted to create metadata resource type " "within '%s' namespace", namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg) except exception.Duplicate as e: raise webob.exc.HTTPConflict(explanation=e.msg) return ResourceTypeAssociation.to_wsme_model(new_resource_type)
def show(self, req, namespace, filters=None): try: # Get namespace ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) try: namespace_obj = ns_repo.get(namespace) policy_check = api_policy.MetadefAPIPolicy( req.context, md_resource=namespace_obj, enforcer=self.policy) policy_check.get_metadef_namespace() except (exception.Forbidden, webob.exc.HTTPForbidden): LOG.debug("User not permitted to show namespace '%s'", namespace) # NOTE (abhishekk): Returning 404 Not Found as the # namespace is outside of this user's project raise webob.exc.HTTPNotFound() # NOTE(abhishekk): We also need to fetch resource_types, objects, # properties, tags associated with namespace, so better to check # whether user has permissions for the same. policy_check.list_metadef_resource_types() policy_check.get_metadef_objects() policy_check.get_metadef_properties() policy_check.get_metadef_tags() namespace_detail = Namespace.to_wsme_model( namespace_obj, get_namespace_href(namespace_obj), self.ns_schema_link) ns_filters = dict() ns_filters['namespace'] = namespace # Get objects object_repo = self.gateway.get_metadef_object_repo( req.context, authorization_layer=False) db_metaobject_list = object_repo.list(filters=ns_filters) object_list = [ MetadefObject.to_wsme_model( db_metaobject, get_object_href(namespace, db_metaobject), self.obj_schema_link) for db_metaobject in db_metaobject_list ] if object_list: namespace_detail.objects = object_list # Get resource type associations rs_repo = self.gateway.get_metadef_resource_type_repo( req.context, authorization_layer=False) db_resource_type_list = rs_repo.list(filters=ns_filters) resource_type_list = [ ResourceTypeAssociation.to_wsme_model(resource_type) for resource_type in db_resource_type_list ] if resource_type_list: namespace_detail.resource_type_associations = ( resource_type_list) # Get properties prop_repo = self.gateway.get_metadef_property_repo( req.context, authorization_layer=False) db_properties = prop_repo.list(filters=ns_filters) property_list = Namespace.to_model_properties(db_properties) if property_list: namespace_detail.properties = property_list if filters and filters['resource_type']: namespace_detail = self._prefix_property_name( namespace_detail, filters['resource_type']) # Get tags tag_repo = self.gateway.get_metadef_tag_repo( req.context, authorization_layer=False) db_metatag_list = tag_repo.list(filters=ns_filters) tag_list = [ MetadefTag(**{'name': db_metatag.name}) for db_metatag in db_metatag_list ] if tag_list: namespace_detail.tags = tag_list except exception.Forbidden as e: LOG.debug("User not permitted to show metadata namespace " "'%s'", namespace) raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg) return namespace_detail
def index(self, req, marker=None, limit=None, sort_key='created_at', sort_dir='desc', filters=None): try: ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) policy_check = api_policy.MetadefAPIPolicy(req.context, enforcer=self.policy) # NOTE(abhishekk): This is just a "do you have permission to # list namespace" check. Each namespace is checked against # get_metadef_namespace below. policy_check.get_metadef_namespaces() # NOTE(abhishekk): We also need to fetch resource_types associated # with namespaces, so better to check we have permission for the # same in advance. policy_check.list_metadef_resource_types() # Get namespace id if marker: namespace_obj = ns_repo.get(marker) marker = namespace_obj.namespace_id database_ns_list = ns_repo.list(marker=marker, limit=limit, sort_key=sort_key, sort_dir=sort_dir, filters=filters) ns_list = [ ns for ns in database_ns_list if api_policy.MetadefAPIPolicy( req.context, md_resource=ns, enforcer=self.policy).check( 'get_metadef_namespace') ] rs_repo = (self.gateway.get_metadef_resource_type_repo( req.context, authorization_layer=False)) for db_namespace in ns_list: # Get resource type associations filters = dict() filters['namespace'] = db_namespace.namespace repo_rs_type_list = rs_repo.list(filters=filters) resource_type_list = [ ResourceTypeAssociation.to_wsme_model(resource_type) for resource_type in repo_rs_type_list ] if resource_type_list: db_namespace.resource_type_associations = ( resource_type_list) namespace_list = [ Namespace.to_wsme_model(db_namespace, get_namespace_href(db_namespace), self.ns_schema_link) for db_namespace in ns_list ] namespaces = Namespaces() namespaces.namespaces = namespace_list if len(namespace_list) != 0 and len(namespace_list) == limit: namespaces.next = ns_list[-1].namespace except exception.Forbidden as e: LOG.debug("User not permitted to retrieve metadata namespaces " "index") raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg) return namespaces
def create(self, req, namespace): try: namespace_created = False # Create Namespace ns_factory = self.gateway.get_metadef_namespace_factory( req.context, authorization_layer=False) ns_repo = self.gateway.get_metadef_namespace_repo( req.context, authorization_layer=False) # NOTE(abhishekk): Here we are going to check if user is authorized # to create namespace, resource_types, objects, properties etc. policy_check = api_policy.MetadefAPIPolicy(req.context, enforcer=self.policy) policy_check.add_metadef_namespace() if namespace.resource_type_associations: policy_check.add_metadef_resource_type_association() if namespace.objects: policy_check.add_metadef_object() if namespace.properties: policy_check.add_metadef_property() if namespace.tags: policy_check.add_metadef_tag() # NOTE(abhishekk): As we are getting rid of auth layer, this # is the place where we should add owner if it is not specified # in request. kwargs = namespace.to_dict() if 'owner' not in kwargs: kwargs.update({'owner': req.context.owner}) new_namespace = ns_factory.new_namespace(**kwargs) ns_repo.add(new_namespace) namespace_created = True # Create Resource Types if namespace.resource_type_associations: rs_factory = (self.gateway.get_metadef_resource_type_factory( req.context, authorization_layer=False)) rs_repo = self.gateway.get_metadef_resource_type_repo( req.context, authorization_layer=False) for resource_type in namespace.resource_type_associations: new_resource = rs_factory.new_resource_type( namespace=namespace.namespace, **resource_type.to_dict()) rs_repo.add(new_resource) # Create Objects if namespace.objects: object_factory = self.gateway.get_metadef_object_factory( req.context, authorization_layer=False) object_repo = self.gateway.get_metadef_object_repo( req.context, authorization_layer=False) for metadata_object in namespace.objects: new_meta_object = object_factory.new_object( namespace=namespace.namespace, **metadata_object.to_dict()) object_repo.add(new_meta_object) # Create Tags if namespace.tags: tag_factory = self.gateway.get_metadef_tag_factory( req.context, authorization_layer=False) tag_repo = self.gateway.get_metadef_tag_repo( req.context, authorization_layer=False) for metadata_tag in namespace.tags: new_meta_tag = tag_factory.new_tag( namespace=namespace.namespace, **metadata_tag.to_dict()) tag_repo.add(new_meta_tag) # Create Namespace Properties if namespace.properties: prop_factory = (self.gateway.get_metadef_property_factory( req.context, authorization_layer=False)) prop_repo = self.gateway.get_metadef_property_repo( req.context, authorization_layer=False) for (name, value) in namespace.properties.items(): new_property_type = (prop_factory.new_namespace_property( namespace=namespace.namespace, **self._to_property_dict(name, value))) prop_repo.add(new_property_type) except exception.Invalid as e: msg = (_("Couldn't create metadata namespace: %s") % encodeutils.exception_to_unicode(e)) raise webob.exc.HTTPBadRequest(explanation=msg) except exception.Forbidden as e: self._cleanup_namespace(ns_repo, namespace, namespace_created) LOG.debug("User not permitted to create metadata namespace") raise webob.exc.HTTPForbidden(explanation=e.msg) except exception.NotFound as e: self._cleanup_namespace(ns_repo, namespace, namespace_created) raise webob.exc.HTTPNotFound(explanation=e.msg) except exception.Duplicate as e: self._cleanup_namespace(ns_repo, namespace, namespace_created) raise webob.exc.HTTPConflict(explanation=e.msg) # Return the user namespace as we don't expose the id to user new_namespace.properties = namespace.properties new_namespace.objects = namespace.objects new_namespace.resource_type_associations = ( namespace.resource_type_associations) new_namespace.tags = namespace.tags return Namespace.to_wsme_model(new_namespace, get_namespace_href(new_namespace), self.ns_schema_link)