X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/daa95318e6cee597593b33f77a99cd224c8be893..6d171bbcd3eb2d5d60fc6c4bc9ef12608421d7c1:/code/validation.py?ds=sidebyside diff --git a/code/validation.py b/code/validation.py index d291d61..f6e4a59 100644 --- a/code/validation.py +++ b/code/validation.py @@ -4,7 +4,8 @@ import cache_acls import getafsgroups import re import string -from sipb_xen_database import Machine, NIC, Type, Disk, CDROM, Autoinstall +from invirt.database import Machine, NIC, Type, Disk, CDROM, Autoinstall +from invirt.config import structs as config from webcommon import InvalidInput MAX_MEMORY_TOTAL = 512 @@ -125,7 +126,8 @@ def cantAddVm(owner, g): def haveAccess(user, state, machine): """Return whether a user has administrative access to a machine""" - return state.overlord or user in cache_acls.accessList(machine) + return (user in cache_acls.accessList(machine) + or (machine.adminable and state.isadmin)) def owns(user, machine): """Return whether a user owns a machine""" @@ -135,8 +137,8 @@ def validMachineName(name): """Check that name is valid for a machine name""" if not name: return False - charset = string.ascii_letters + string.digits + '-_' - if name[0] in '-_' or len(name) > 22: + charset = string.lowercase + string.digits + '-' + if '-' in (name[0], name[-1]) or len(name) > 63: return False for x in name: if x not in charset: @@ -157,7 +159,7 @@ def validMemory(owner, g, memory, machine=None, on=True): raise InvalidInput('memory', memory, "Minimum %s MiB" % MIN_MEMORY_SINGLE) max_val = maxMemory(owner, g, machine, on) - if not g.overlord and memory > max_val: + if not g.isadmin and memory > max_val: raise InvalidInput('memory', memory, 'Maximum %s MiB for %s' % (max_val, owner)) return memory @@ -166,7 +168,7 @@ def validDisk(owner, g, disk, machine=None): """Parse and validate limits for disk for a given owner and machine.""" try: disk = float(disk) - if not g.overlord and disk > maxDisk(owner, machine): + if not g.isadmin and disk > maxDisk(owner, machine): raise InvalidInput('disk', disk, "Maximum %s G" % maxDisk(owner, machine)) disk = int(disk * 1024) @@ -222,7 +224,7 @@ def testAdmin(user, admin, machine): return admin admin = 'system:' + admin try: - if user in getafsgroups.getAfsGroupMembers(admin, 'athena.mit.edu'): + if user in getafsgroups.getAfsGroupMembers(admin, config.authz[0].cell): return admin except getafsgroups.AfsProcessError, e: errmsg = str(e) @@ -264,11 +266,12 @@ def testDisk(user, disksize, machine=None): def testName(user, name, machine=None): if name is None: return None + name = name.lower() if machine is not None and name == machine.name: return None if not Machine.select_by(name=name): if not validMachineName(name): - raise InvalidInput('name', name, 'You must provide a machine name. Max 22 chars, alnum plus \'-\' and \'_\'.') + raise InvalidInput('name', name, 'You must provide a machine name. Max 63 chars, alnum plus \'-\', does not begin or end with \'-\'.') return name raise InvalidInput('name', name, "Name is already taken.")