added administrator check for exposed methods

src/python/dm/common/service/dmSessionController.py

@@ -4,14 +4,11 @@
 # Base DM session controller class.
 #
 
-#######################################################################
-
 import cherrypy
+from dm.common.constants import dmRole
 from dm.common.service.dmController import DmController
 from dm.common.service.loginController import LoginController
 
-#######################################################################
-
 class DmSessionController(DmController):
     """ Base session controller class. """
 
@@ -65,10 +62,17 @@ class DmSessionController(DmController):
     @classmethod
     def isLoggedIn(cls):
         """ Returns True if session has been established. """
-        def check():
+        def userIsLoggedIn():
             role = cherrypy.session.get(LoginController.SESSION_ROLE_KEY, None)
             if role is not None:
                 return True
             return False
-        return check
+        return userIsLoggedIn
+
+    @classmethod
+    def isAdministrator(cls):
+        def userIsAdministrator():
+            result = (cherrypy.session.get(LoginController.SESSION_ROLE_KEY, None) == dmRole.DM_ADMIN_ROLE)
+            return result
+        return userIsAdministrator
 

src/python/dm/common/service/loginController.py

@@ -144,8 +144,8 @@ class LoginController(DmController):
             for condition in conditions:
                 # A condition is just a callable that returns true or false
                 if not condition():
-                    logger.debug('Authorization check %s failed for username %s' % (condition.func_name, username))
-                    errorMsg = 'Authorization check %s failed for user %s.' % (condition.func_name, username)
+                    logger.debug('Authorization check %s() failed for username %s' % (condition.func_name, username))
+                    errorMsg = 'Authorization check %s() failed for user %s.' % (condition.func_name, username)
                     raise DmHttpError(dmHttpStatus.DM_HTTP_UNAUTHORIZED, 'User Not Authorized', AuthorizationError(errorMsg))
         else:
             logger.debug('Username is not supplied')

src/python/dm/daq_web_service/service/experimentSessionController.py

@@ -16,7 +16,7 @@ class ExperimentSessionController(DmSessionController):
         self.experimentSessionControllerImpl = ExperimentSessionControllerImpl()
 
     @cherrypy.expose
-    @DmSessionController.require(DmSessionController.isLoggedIn())
+    @DmSessionController.require(DmSessionController.isAdministrator())
     @DmSessionController.execute
     def startDaq(self, **kwargs):
         name = kwargs.get('name')
@@ -32,7 +32,7 @@ class ExperimentSessionController(DmSessionController):
         return response
 
     @cherrypy.expose
-    @DmSessionController.require(DmSessionController.isLoggedIn())
+    @DmSessionController.require(DmSessionController.isAdministrator())
     @DmSessionController.execute
     def stopDaq(self, **kwargs):
         name = kwargs.get('name')
@@ -44,7 +44,7 @@ class ExperimentSessionController(DmSessionController):
         return response
 
     @cherrypy.expose
-    @DmSessionController.require(DmSessionController.isLoggedIn())
+    @DmSessionController.require(DmSessionController.isAdministrator())
     @DmSessionController.execute
     def startUpload(self, **kwargs):
         name = kwargs.get('name')