X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/76795a17c522fbaeeba395c9898ab1399e315a7d..refs/heads/gdb-git:/code/validation.py diff --git a/code/validation.py b/code/validation.py old mode 100644 new mode 100755 index 480d007..29cb310 --- a/code/validation.py +++ b/code/validation.py @@ -5,6 +5,7 @@ import getafsgroups import re import string import dns.resolver +from invirt import authz from invirt.database import Machine, NIC, Type, Disk, CDROM, Autoinstall, Owner from invirt.config import structs as config from invirt.common import InvalidInput, CodeError @@ -129,7 +130,7 @@ def haveAccess(user, state, machine): def owns(user, machine): """Return whether a user owns a machine""" - return user in expandLocker(machine.owner) + return user in authz.expandOwner(machine.owner) def validMachineName(name): """Check that name is valid for a machine name""" @@ -222,7 +223,7 @@ def testAdmin(user, admin, machine): return admin admin = 'system:' + admin try: - if user in getafsgroups.getAfsGroupMembers(admin, config.authz[0].cell): + if user in getafsgroups.getAfsGroupMembers(admin, config.authz.afs.cells[0].cell): return admin except getafsgroups.AfsProcessError, e: errmsg = str(e) @@ -241,8 +242,10 @@ def testOwner(user, owner, machine=None): return machine.owner if owner is None: raise InvalidInput('owner', owner, "Owner must be specified") + if '@' in owner: + raise InvalidInput('owner', owner, "No cross-realm Hesiod lockers allowed") try: - if user not in cache_acls.expandLocker(owner): + if user not in authz.expandOwner(owner): raise InvalidInput('owner', owner, 'You do not have access to the ' + owner + ' locker') except getafsgroups.AfsProcessError, e: @@ -256,9 +259,6 @@ def testContact(user, contact, machine=None): raise InvalidInput('contact', contact, "Not a valid email.") return contact -def testDisk(user, disksize, machine=None): - return disksize - def testName(user, name, machine=None): if name is None: return None