def validate_action(context, action_str, tenant_id, auto_apply, visible,
priority_apply, full_access):
admin_options_str = None
option_strs = []
if tenant_id is None:
option_strs.append(_("Tenant: %s") % Modules.MATCH_ALL_NAME)
if auto_apply:
option_strs.append(_("Auto: %s") % auto_apply)
if not visible:
option_strs.append(_("Visible: %s") % visible)
if priority_apply:
option_strs.append(_("Priority: %s") % priority_apply)
if full_access is not None:
if full_access and option_strs:
admin_options_str = "(" + ", ".join(option_strs) + ")"
raise exception.InvalidModelError(
errors=_('Cannot make module full access: %s') %
admin_options_str)
option_strs.append(_("Full Access: %s") % full_access)
if option_strs:
admin_options_str = "(" + ", ".join(option_strs) + ")"
if not context.is_admin and admin_options_str:
raise exception.ModuleAccessForbidden(
action=action_str, options=admin_options_str)
return admin_options_str
def validate_action(context, action_str, tenant_id, auto_apply, visible):
error_str = None
if not context.is_admin:
option_strs = []
if tenant_id is None:
option_strs.append(_("Tenant: %s") % Modules.MATCH_ALL_NAME)
if auto_apply:
option_strs.append(_("Auto: %s") % auto_apply)
if not visible:
option_strs.append(_("Visible: %s") % visible)
if option_strs:
error_str = "(" + " ".join(option_strs) + ")"
if error_str:
raise exception.ModuleAccessForbidden(
action=action_str, options=error_str)
def update(context, module, original_module):
Module.enforce_live_update(original_module.id,
original_module.live_update,
original_module.md5)
full_access = Module.is_full_access(context, module.tenant_id,
module.auto_apply, module.visible)
# we don't allow any changes to 'is_admin' modules by non-admin
if original_module.is_admin and not context.is_admin:
raise exception.ModuleAccessForbidden(
action='update', options='(Module is an admin module)')
# we don't allow any changes to admin-only attributes by non-admin
admin_options = Module.validate_action(
context, 'update', module.tenant_id, module.auto_apply,
module.visible, module.priority_apply, full_access)
# make sure we set the is_admin flag, but only if it was
# originally is_admin or we changed an admin option
module.is_admin = original_module.is_admin or (1
if admin_options else 0)
# but we turn it on/off if full_access is specified
if full_access is not None:
module.is_admin = 0 if full_access else 1
ds_id, ds_ver_id = Module.validate_datastore(
module.datastore_id, module.datastore_version_id)
if module.contents != original_module.contents:
md5, processed_contents = Module.process_contents(module.contents)
module.md5 = md5
module.contents = processed_contents
else:
# on load the contents were decrypted, so
# we need to put the encrypted contents back before we update
module.contents = original_module.encrypted_contents
if module.datastore_id:
module.datastore_id = ds_id
if module.datastore_version_id:
module.datastore_version_id = ds_ver_id
module.updated = datetime.utcnow()
DBModule.save(module)
