Merge "Handle incorrect env_id" into release-0.4
This commit is contained in:
commit
c104c0c291
|
@ -38,6 +38,7 @@ def normalize_path(f):
|
|||
|
||||
|
||||
class Controller(object):
|
||||
@utils.verify_env
|
||||
@normalize_path
|
||||
def get(self, request, environment_id, path):
|
||||
log.debug(_('Services:Get <EnvId: {0}, '
|
||||
|
@ -54,6 +55,7 @@ class Controller(object):
|
|||
return result
|
||||
|
||||
@utils.verify_session
|
||||
@utils.verify_env
|
||||
@normalize_path
|
||||
def post(self, request, environment_id, path, body):
|
||||
secure_data = TokenSanitizer().sanitize(body)
|
||||
|
@ -69,6 +71,7 @@ class Controller(object):
|
|||
return result
|
||||
|
||||
@utils.verify_session
|
||||
@utils.verify_env
|
||||
@normalize_path
|
||||
def put(self, request, environment_id, path, body):
|
||||
log.debug(_('Services:Put <EnvId: {0}, Path: {2}, '
|
||||
|
@ -84,6 +87,7 @@ class Controller(object):
|
|||
return result
|
||||
|
||||
@utils.verify_session
|
||||
@utils.verify_env
|
||||
@normalize_path
|
||||
def delete(self, request, environment_id, path):
|
||||
log.debug(_('Services:Put <EnvId: {0}, '
|
||||
|
|
|
@ -16,12 +16,32 @@ import functools
|
|||
import logging
|
||||
from muranoapi.db.services.sessions import SessionServices, SessionState
|
||||
from webob import exc
|
||||
from muranoapi.db.models import Session
|
||||
from muranoapi.db.models import Session, Environment
|
||||
from muranoapi.db.session import get_session
|
||||
|
||||
log = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def verify_env(func):
|
||||
@functools.wraps(func)
|
||||
def __inner(self, request, environment_id, *args, **kwargs):
|
||||
unit = get_session()
|
||||
environment = unit.query(Environment).get(environment_id)
|
||||
if environment is None:
|
||||
log.info("Environment with id '{0}'"
|
||||
" not found".format(environment_id))
|
||||
raise exc.HTTPNotFound()
|
||||
|
||||
if hasattr(request, 'context'):
|
||||
if environment.tenant_id != request.context.tenant:
|
||||
log.info('User is not authorized to access'
|
||||
' this tenant resources')
|
||||
raise exc.HTTPUnauthorized()
|
||||
|
||||
return func(self, request, environment_id, *args, **kwargs)
|
||||
return __inner
|
||||
|
||||
|
||||
def verify_session(func):
|
||||
@functools.wraps(func)
|
||||
def __inner(self, request, *args, **kwargs):
|
||||
|
|
Loading…
Reference in New Issue