def test_acls_job(self):
job = MockMr1Job()
assert_true(can_view_job('test', job))
assert_true(can_modify_job('test', job))
assert_false(can_view_job('test2', job))
assert_false(can_modify_job('test2', job))
def test_acls_job(self):
job = MockMr1Job()
assert_true(can_view_job('test', job))
assert_true(can_modify_job('test', job))
assert_false(can_view_job('test2', job))
assert_false(can_modify_job('test2', job))
def test_acls_job(self):
response = self.c.get('/jobbrowser/jobs/job_1356251510842_0054') # Check in perm decorator
assert_true(can_view_job('test', response.context['job']))
assert_true(can_modify_job('test', response.context['job']))
response2 = self.c2.get('/jobbrowser/jobs/job_1356251510842_0054')
assert_true('don't have permission to access job' in response2.content, response2.content)
assert_false(can_view_job('test2', response.context['job']))
assert_false(can_modify_job('test2', response.context['job']))
def test_acls_job(self):
response = self.c.get("/jobbrowser/jobs/job_1356251510842_0054") # Check in perm decorator
assert_true(can_view_job("test", response.context["job"]))
assert_true(can_modify_job("test", response.context["job"]))
response2 = self.c2.get("/jobbrowser/jobs/job_1356251510842_0054")
assert_true("don't have permission to access job" in response2.content, response2.content)
assert_false(can_view_job("test2", response.context["job"]))
assert_false(can_modify_job("test2", response.context["job"]))
def test_acls_job(self):
response = self.c.get('/jobbrowser/jobs/job_1356251510842_0054') # Check in perm decorator
assert_true(can_view_job('test', response.context['job']))
assert_true(can_modify_job('test', response.context['job']))
response2 = self.c2.get('/jobbrowser/jobs/job_1356251510842_0054')
assert_true('don't have permission to access job' in response2.content, response2.content)
assert_false(can_view_job('test2', response.context['job']))
assert_false(can_modify_job('test2', response.context['job']))
def decorate(request, *args, **kwargs):
jobid = kwargs['job']
job = get_job(request, job_id=jobid)
if not SHARE_JOBS.get() and not request.user.is_superuser \
and job.user != request.user.username and not can_view_job(request.user.username, job):
raise PopupException(
_("You don't have permission to access job %(id)s.") %
{'id': jobid})
kwargs['job'] = job
return view_func(request, *args, **kwargs)
def decorate(request, *args, **kwargs):
jobid = kwargs['job']
try:
job = get_job(request, job_id=jobid)
except ApplicationNotRunning as e:
LOG.warn(
'Job %s has not yet been accepted by the RM, will poll for status.'
% jobid)
return job_not_assigned(request, jobid, request.path)
if not SHARE_JOBS.get() and not is_admin(request.user) \
and job.user != request.user.username and not can_view_job(request.user.username, job):
raise PopupException(
_("You don't have permission to access job %(id)s.") %
{'id': jobid})
kwargs['job'] = job
return view_func(request, *args, **kwargs)
def check_job_permission(view_func):
"""
Ensure that the user has access to the job.
Assumes that the wrapped function takes a 'jobid' param named 'job'.
"""
def decorate(request, *args, **kwargs):
jobid = kwargs['job']
try:
job = get_job(request, job_id=jobid)
except ApplicationNotRunning, e:
LOG.warn('Job %s has not yet been accepted by the RM, will poll for status.' % jobid)
return job_not_assigned(request, jobid, request.path)
if not SHARE_JOBS.get() and not request.user.is_superuser \
and job.user != request.user.username and not can_view_job(request.user.username, job):
raise PopupException(_("You don't have permission to access job %(id)s.") % {'id': jobid})
kwargs['job'] = job
return view_func(request, *args, **kwargs)
def check_job_permission(view_func):
"""
Ensure that the user has access to the job.
Assumes that the wrapped function takes a 'jobid' param named 'job'.
"""
def decorate(request, *args, **kwargs):
jobid = kwargs['job']
try:
job = get_job(request, job_id=jobid)
except ApplicationNotRunning, e:
LOG.warn('Job %s has not yet been accepted by the RM, will poll for status.' % jobid)
return job_not_assigned(request, jobid, request.path)
if not SHARE_JOBS.get() and not request.user.is_superuser \
and job.user != request.user.username and not can_view_job(request.user.username, job):
raise PopupException(_("You don't have permission to access job %(id)s.") % {'id': jobid})
kwargs['job'] = job
return view_func(request, *args, **kwargs)
if e.job.get('state',
'').lower() == 'accepted' and 'kill' in request.path:
rm_api = resource_manager_api.get_resource_manager()
job = Application(e.job, rm_api)
else:
# reverse() seems broken, using request.path but beware, it discards GET and POST info
return job_not_assigned(request, jobid, request.path)
except JobExpired, e:
raise PopupException(
_('Job %s has expired.') % jobid,
detail=_('Cannot be found on the History Server.'))
except Exception, e:
raise PopupException(_('Could not find job %s.') % jobid, detail=e)
if not SHARE_JOBS.get() and not request.user.is_superuser \
and job.user != request.user.username and not can_view_job(request.user.username, job):
raise PopupException(
_("You don't have permission to access job %(id)s.") %
{'id': jobid})
kwargs['job'] = job
return view_func(request, *args, **kwargs)
return wraps(view_func)(decorate)
def job_not_assigned(request, jobid, path):
if request.GET.get('format') == 'json':
result = {'status': -1, 'message': ''}
try:
get_api(request.user, request.jt).get_job(jobid=jobid)
try:
job = get_api(request.user, request.jt).get_job(jobid=jobid)
except ApplicationNotRunning, e:
if e.job.get('state', '').lower() == 'accepted' and 'kill' in request.path:
rm_api = resource_manager_api.get_resource_manager(request.user)
job = Application(e.job, rm_api)
else:
# reverse() seems broken, using request.path but beware, it discards GET and POST info
return job_not_assigned(request, jobid, request.path)
except JobExpired, e:
raise PopupException(_('Job %s has expired.') % jobid, detail=_('Cannot be found on the History Server.'))
except Exception, e:
raise PopupException(_('Could not find job %s.') % jobid, detail=e)
if not SHARE_JOBS.get() and not request.user.is_superuser \
and job.user != request.user.username and not can_view_job(request.user.username, job):
raise PopupException(_("You don't have permission to access job %(id)s.") % {'id': jobid})
kwargs['job'] = job
return view_func(request, *args, **kwargs)
return wraps(view_func)(decorate)
def job_not_assigned(request, jobid, path):
if request.GET.get('format') == 'json':
result = {'status': -1, 'message': ''}
try:
get_api(request.user, request.jt).get_job(jobid=jobid)
result['status'] = 0
except ApplicationNotRunning, e:
result['status'] = 1
job = Application(e.job, rm_api)
else:
# reverse() seems broken, using request.path but beware, it discards GET and POST info
return job_not_assigned(request, jobid, request.path)
except JobExpired, e:
raise PopupException(_("Job %s has expired.") % jobid, detail=_("Cannot be found on the History Server."))
except Exception, e:
msg = "Could not find job %s."
LOGGER.exception(msg % jobid)
raise PopupException(_(msg) % jobid, detail=e)
if (
not SHARE_JOBS.get()
and not request.user.is_superuser
and job.user != request.user.username
and not can_view_job(request.user.username, job)
):
raise PopupException(_("You don't have permission to access job %(id)s.") % {"id": jobid})
kwargs["job"] = job
return view_func(request, *args, **kwargs)
return wraps(view_func)(decorate)
def job_not_assigned(request, jobid, path):
if request.GET.get("format") == "json":
result = {"status": -1, "message": ""}
try:
get_api(request.user, request.jt).get_job(jobid=jobid)
result["status"] = 0