prevent the delete/update for projects

author thuva4 <tharma.thuva@gmail.com>

Thu, 22 Feb 2018 04:27:30 +0000 (09:57 +0530)

committer thuva4 <tharma.thuva@gmail.com>

Thu, 22 Feb 2018 04:29:11 +0000 (09:59 +0530)
author thuva4 <tharma.thuva@gmail.com>
Thu, 22 Feb 2018 04:27:30 +0000 (09:57 +0530)
committer thuva4 <tharma.thuva@gmail.com>
Thu, 22 Feb 2018 04:29:11 +0000 (09:59 +0530)
diff --git a/testapi/opnfv_testapi/common/check.py b/testapi/opnfv_testapi/common/check.py

index 1a66dd7..7f866dd 100644 (file)
--- a/testapi/opnfv_testapi/common/check.py
+++ b/testapi/opnfv_testapi/common/check.py
@@ -47,6 +47,20 @@ def is_authorized(method):
      return wrapper
  
  
+def is_allowed(method):
+    @functools.wraps(method)
+    def wrapper(self, *args, **kwargs):
+        if self.table == 'projects':
+            query_data = {}
+            query_data['project_name'] = kwargs.get('query')['name']
+            data = yield dbapi.db_find_one('testcases', query_data)
+            if data:
+                raises.Unauthorized(message.tied_with_resource())
+        ret = yield gen.coroutine(method)(self, *args, **kwargs)
+        raise gen.Return(ret)
+    return wrapper
+
+
  def valid_token(method):
      @functools.wraps(method)
      def wrapper(self, *args, **kwargs):
diff --git a/testapi/opnfv_testapi/common/message.py b/testapi/opnfv_testapi/common/message.py

index b92b7f0..7c62894 100644 (file)
--- a/testapi/opnfv_testapi/common/message.py
+++ b/testapi/opnfv_testapi/common/message.py
@@ -64,3 +64,7 @@ def must_int(name):
  
  def no_permission():
      return 'You do not have permission to perform this action'
+
+
+def tied_with_resource():
+    return 'Selected resource is associated with other resources'
diff --git a/testapi/opnfv_testapi/handlers/base_handlers.py b/testapi/opnfv_testapi/handlers/base_handlers.py

index 537077d..ed4aeb2 100644 (file)
--- a/testapi/opnfv_testapi/handlers/base_handlers.py
+++ b/testapi/opnfv_testapi/handlers/base_handlers.py
@@ -179,6 +179,7 @@ class GenericApiHandler(web.RequestHandler):
      @gen.coroutine
      @check.not_exist
      @check.is_authorized
+    @check.is_allowed
      def _delete(self, data, query=None):
          yield dbapi.db_delete(self.table, query)
          self.finish_request()
@@ -189,6 +190,7 @@ class GenericApiHandler(web.RequestHandler):
      @check.not_exist
      @check.updated_one_not_exist
      @check.is_authorized
+    @check.is_allowed
      def _update(self, data, query=None, **kwargs):
          data = self.table_cls.from_dict(data)
          update_req = self._update_requests(data)
diff --git a/testapi/opnfv_testapi/tests/unit/handlers/test_project.py b/testapi/opnfv_testapi/tests/unit/handlers/test_project.py

index cbd1a4e..884dd68 100644 (file)
--- a/testapi/opnfv_testapi/tests/unit/handlers/test_project.py
+++ b/testapi/opnfv_testapi/tests/unit/handlers/test_project.py
@@ -12,6 +12,7 @@ import urllib
  
  from opnfv_testapi.common import message
  from opnfv_testapi.models import project_models
+from opnfv_testapi.models import testcase_models as tcm
  from opnfv_testapi.tests.unit import executor
  from opnfv_testapi.tests.unit.handlers import test_base as base
  
@@ -23,6 +24,9 @@ class TestProjectBase(base.TestBase):
                                                           'qtip-ssh test')
          self.req_e = project_models.ProjectCreateRequest('functest',
                                                           'functest test')
+        self.testcase_d = tcm.TestcaseCreateRequest.from_dict(
+            self.load_json('testcase_d'))
+        self.project = 'qtip'
          self.get_res = project_models.Project
          self.list_res = project_models.Projects
          self.update_res = project_models.Project
@@ -149,6 +153,13 @@ class TestProjectUpdate(TestProjectBase):
      def test_noUpdate(self):
          return self.req_d, self.req_d.name
  
+    @executor.mock_valid_lfid()
+    @executor.update(httplib.UNAUTHORIZED, message.tied_with_resource())
+    def test_updateNotAllowed(self):
+        self.create_help('/api/v1/projects/%s/cases', self.testcase_d, self.req_d.name)
+        req = project_models.ProjectUpdateRequest('apex', 'apex test')
+        return req, self.req_d.name
+
      @executor.mock_valid_lfid()
      @executor.update(httplib.OK, '_assert_update')
      def test_success(self):
@@ -177,6 +188,12 @@ class TestProjectDelete(TestProjectBase):
      def test_notFound(self):
          return 'notFound'
  
+    @executor.mock_valid_lfid()
+    @executor.delete(httplib.UNAUTHORIZED, message.tied_with_resource())
+    def test_deleteNotAllowed(self):
+        self.create_help('/api/v1/projects/%s/cases', self.testcase_d, self.req_d.name)
+        return self.req_d.name
+
      @executor.mock_valid_lfid()
      @executor.delete(httplib.OK, '_assert_delete')
      def test_success(self):
author	thuva4 <tharma.thuva@gmail.com>
	Thu, 22 Feb 2018 04:27:30 +0000 (09:57 +0530)
committer	thuva4 <tharma.thuva@gmail.com>
	Thu, 22 Feb 2018 04:29:11 +0000 (09:59 +0530)
testapi/opnfv_testapi/common/check.py		patch \| blob \| history
testapi/opnfv_testapi/common/message.py		patch \| blob \| history
testapi/opnfv_testapi/handlers/base_handlers.py		patch \| blob \| history
testapi/opnfv_testapi/tests/unit/handlers/test_project.py		patch \| blob \| history