def validate_update(self, user, current_user): """ Validates required fields, username, verifies if the user exists, verifies that the user is not root and that belongs to ovsdb_user group Returns None when valid else returns error json dict """ validation_result = self.__validate_required_fields__(user, OP_UPDATE) if validation_result is not None: return validation_result username = user.configuration.username validation_result = self.__validate_username__(username) if validation_result is not None: return validation_result if user_utils.user_exists(username): # Avoid update a root user if username == "root": error_message = "Permission denied."\ "Cannot update the root user." validation_result = to_json_error(error_message, None, None) return validation_result # Avoid update users from another group if not user_utils.check_user_group(username, DEFAULT_USER_GRP): error_message = "Unknown user %s" % username validation_result = to_json_error(error_message, None, None) return validation_result else: error_message = "User %s doesn't exists." % username validation_result = to_json_error(error_message, None, None) return validation_result return None
def validate_delete(self, username, current_user): """ This functions verifies the following: User is not root User is not the current user User belongs to ovsdb_user group User is not the last user at ovsdb_group Returns None when valid else returns error json dict """ # Avoid delete a root user if username == "root": error_message = "Permission denied." \ "Cannot remove the root user." validation_result = to_json_error(error_message, None, None) return validation_result # Avoid to delete the current user if username == current_user["username"]: error_message = "Permission denied." \ "Cannot remove the current user." validation_result = to_json_error(error_message, None, None) return validation_result # Avoid delete system users. if not user_utils.check_user_group(username, DEFAULT_USER_GRP): validation_result = to_json_error("Unknown user %s" % username, None, None) return validation_result # Check if deleting the last user from that group if user_utils.get_group_user_count(DEFAULT_USER_GRP) <= 1: validation_result = "Cannot delete the last user %s" % username validation_result = to_json_error(error_message, None, None) return validation_result return None