X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/2e270ab2393e21798dc43d99b0078a92c17a5196..refs/heads/andersk:/code/validation.py?ds=inline diff --git a/code/validation.py b/code/validation.py index 5018ca3..26a49a3 100755 --- a/code/validation.py +++ b/code/validation.py @@ -57,13 +57,13 @@ class Validate: if vmtype is not None: self.vmtype = validVmType(vmtype) if cdrom is not None: - if not CDROM.query().get(cdrom): + if not CDROM.query.get(cdrom): raise CodeError("Invalid cdrom type '%s'" % cdrom) self.cdrom = cdrom if autoinstall is not None: #raise InvalidInput('autoinstall', 'install', # "The autoinstaller has been temporarily disabled") - self.autoinstall = Autoinstall.query().get(autoinstall) + self.autoinstall = Autoinstall.query.get(autoinstall) def getMachinesByOwner(owner, machine=None): @@ -74,7 +74,7 @@ def getMachinesByOwner(owner, machine=None): """ if machine: owner = machine.owner - return Machine.query().filter_by(owner=owner) + return Machine.query.filter_by(owner=owner) def maxMemory(owner, g, machine=None, on=True): """Return the maximum memory for a machine or a user. @@ -107,9 +107,10 @@ def maxDisk(owner, machine=None): machine_id = machine.machine_id else: machine_id = None - disk_usage = Disk.query().filter(Disk.c.machine_id != machine_id).\ - join('machine').\ - filter_by(owner=owner).sum(Disk.c.size) or 0 + disk_usage_query = Disk.query.filter(Disk.machine_id != machine_id).\ + join('machine').filter_by(owner=owner) + + disk_usage = sum([m.size for m in disk_usage_query]) or 0 return min(quota_single, quota_total-disk_usage/1024.) def cantAddVm(owner, g): @@ -181,7 +182,7 @@ def validDisk(owner, g, disk, machine=None): def validVmType(vm_type): if vm_type is None: return None - t = Type.query().get(vm_type) + t = Type.query.get(vm_type) if t is None: raise CodeError("Invalid vm type '%s'" % vm_type) return t @@ -198,7 +199,7 @@ def testMachineId(user, state, machine_id, exists=True): machine_id = int(machine_id) except ValueError: raise InvalidInput('machine_id', machine_id, "Must be an integer.") - machine = Machine.query().get(machine_id) + machine = Machine.query.get(machine_id) if exists and machine is None: raise InvalidInput('machine_id', machine_id, "Does not exist.") if machine is not None and not haveAccess(user, state, machine): @@ -209,8 +210,7 @@ def testMachineId(user, state, machine_id, exists=True): def testAdmin(user, admin, machine): """Determine whether a user can set the admin of a machine to this value. - Return the value to set the admin field to (possibly 'system:' + - admin). XXX is modifying this a good idea? + Return the value to set the admin field to (possibly 'system:' + admin). """ if admin is None: return None @@ -218,20 +218,17 @@ def testAdmin(user, admin, machine): return admin if admin == user: return admin + # we do not require that the user be in the admin group; + # just that it is a non-empty set + if authz.expandAdmin(admin): + return admin if ':' not in admin: - if cache_acls.isUser(admin): - return admin - admin = 'system:' + admin - try: - if user in getafsgroups.getAfsGroupMembers(admin, config.authz.afs.cells[0].cell): - return admin - except getafsgroups.AfsProcessError, e: - errmsg = str(e) - if errmsg.startswith("pts: User or group doesn't exist"): - errmsg = 'The group "%s" does not exist.' % admin - raise InvalidInput('administrator', admin, errmsg) - #XXX Should we require that user is in the admin group? - return admin + if authz.expandAdmin('system:' + admin): + return 'system:' + admin + errmsg = 'No user "%s" or non-empty group "system:%s" found.' % (admin, admin) + else: + errmsg = 'No non-empty group "%s" found.' % (admin,) + raise InvalidInput('administrator', admin, errmsg) def testOwner(user, owner, machine=None): """Determine whether a user can set the owner of a machine to this value.