def validate_action(context, action_str, tenant_id, auto_apply, visible, priority_apply, full_access): admin_options_str = None option_strs = [] if tenant_id is None: option_strs.append(_("Tenant: %s") % Modules.MATCH_ALL_NAME) if auto_apply: option_strs.append(_("Auto: %s") % auto_apply) if not visible: option_strs.append(_("Visible: %s") % visible) if priority_apply: option_strs.append(_("Priority: %s") % priority_apply) if full_access is not None: if full_access and option_strs: admin_options_str = "(" + ", ".join(option_strs) + ")" raise exception.InvalidModelError( errors=_('Cannot make module full access: %s') % admin_options_str) option_strs.append(_("Full Access: %s") % full_access) if option_strs: admin_options_str = "(" + ", ".join(option_strs) + ")" if not context.is_admin and admin_options_str: raise exception.ModuleAccessForbidden( action=action_str, options=admin_options_str) return admin_options_str
def validate_action(context, action_str, tenant_id, auto_apply, visible): error_str = None if not context.is_admin: option_strs = [] if tenant_id is None: option_strs.append(_("Tenant: %s") % Modules.MATCH_ALL_NAME) if auto_apply: option_strs.append(_("Auto: %s") % auto_apply) if not visible: option_strs.append(_("Visible: %s") % visible) if option_strs: error_str = "(" + " ".join(option_strs) + ")" if error_str: raise exception.ModuleAccessForbidden( action=action_str, options=error_str)
def update(context, module, original_module): Module.enforce_live_update(original_module.id, original_module.live_update, original_module.md5) full_access = Module.is_full_access(context, module.tenant_id, module.auto_apply, module.visible) # we don't allow any changes to 'is_admin' modules by non-admin if original_module.is_admin and not context.is_admin: raise exception.ModuleAccessForbidden( action='update', options='(Module is an admin module)') # we don't allow any changes to admin-only attributes by non-admin admin_options = Module.validate_action( context, 'update', module.tenant_id, module.auto_apply, module.visible, module.priority_apply, full_access) # make sure we set the is_admin flag, but only if it was # originally is_admin or we changed an admin option module.is_admin = original_module.is_admin or (1 if admin_options else 0) # but we turn it on/off if full_access is specified if full_access is not None: module.is_admin = 0 if full_access else 1 ds_id, ds_ver_id = Module.validate_datastore( module.datastore_id, module.datastore_version_id) if module.contents != original_module.contents: md5, processed_contents = Module.process_contents(module.contents) module.md5 = md5 module.contents = processed_contents else: # on load the contents were decrypted, so # we need to put the encrypted contents back before we update module.contents = original_module.encrypted_contents if module.datastore_id: module.datastore_id = ds_id if module.datastore_version_id: module.datastore_version_id = ds_ver_id module.updated = datetime.utcnow() DBModule.save(module)