From 32d42a05cf80c43b6282098cf98444439fba6a3c Mon Sep 17 00:00:00 2001
From: Sinisa Veseli <sveseli@aps.anl.gov>
Date: Wed, 15 Apr 2015 13:19:25 +0000
Subject: [PATCH] added administrator check for exposed methods
---
.../dm/common/service/dmSessionController.py | 16 ++++++++++------
src/python/dm/common/service/loginController.py | 4 ++--
.../service/experimentSessionController.py | 6 +++---
3 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/src/python/dm/common/service/dmSessionController.py b/src/python/dm/common/service/dmSessionController.py
index 33af1a21..1216a504 100755
--- a/src/python/dm/common/service/dmSessionController.py
+++ b/src/python/dm/common/service/dmSessionController.py
@@ -4,14 +4,11 @@
# Base DM session controller class.
#
-#######################################################################
-
import cherrypy
+from dm.common.constants import dmRole
from dm.common.service.dmController import DmController
from dm.common.service.loginController import LoginController
-#######################################################################
-
class DmSessionController(DmController):
""" Base session controller class. """
@@ -65,10 +62,17 @@ class DmSessionController(DmController):
@classmethod
def isLoggedIn(cls):
""" Returns True if session has been established. """
- def check():
+ def userIsLoggedIn():
role = cherrypy.session.get(LoginController.SESSION_ROLE_KEY, None)
if role is not None:
return True
return False
- return check
+ return userIsLoggedIn
+
+ @classmethod
+ def isAdministrator(cls):
+ def userIsAdministrator():
+ result = (cherrypy.session.get(LoginController.SESSION_ROLE_KEY, None) == dmRole.DM_ADMIN_ROLE)
+ return result
+ return userIsAdministrator
diff --git a/src/python/dm/common/service/loginController.py b/src/python/dm/common/service/loginController.py
index 9b2e6bb3..62a4c2a8 100755
--- a/src/python/dm/common/service/loginController.py
+++ b/src/python/dm/common/service/loginController.py
@@ -144,8 +144,8 @@ class LoginController(DmController):
for condition in conditions:
# A condition is just a callable that returns true or false
if not condition():
- logger.debug('Authorization check %s failed for username %s' % (condition.func_name, username))
- errorMsg = 'Authorization check %s failed for user %s.' % (condition.func_name, username)
+ logger.debug('Authorization check %s() failed for username %s' % (condition.func_name, username))
+ errorMsg = 'Authorization check %s() failed for user %s.' % (condition.func_name, username)
raise DmHttpError(dmHttpStatus.DM_HTTP_UNAUTHORIZED, 'User Not Authorized', AuthorizationError(errorMsg))
else:
logger.debug('Username is not supplied')
diff --git a/src/python/dm/daq_web_service/service/experimentSessionController.py b/src/python/dm/daq_web_service/service/experimentSessionController.py
index 532e663c..652da9c2 100755
--- a/src/python/dm/daq_web_service/service/experimentSessionController.py
+++ b/src/python/dm/daq_web_service/service/experimentSessionController.py
@@ -16,7 +16,7 @@ class ExperimentSessionController(DmSessionController):
self.experimentSessionControllerImpl = ExperimentSessionControllerImpl()
@cherrypy.expose
- @DmSessionController.require(DmSessionController.isLoggedIn())
+ @DmSessionController.require(DmSessionController.isAdministrator())
@DmSessionController.execute
def startDaq(self, **kwargs):
name = kwargs.get('name')
@@ -32,7 +32,7 @@ class ExperimentSessionController(DmSessionController):
return response
@cherrypy.expose
- @DmSessionController.require(DmSessionController.isLoggedIn())
+ @DmSessionController.require(DmSessionController.isAdministrator())
@DmSessionController.execute
def stopDaq(self, **kwargs):
name = kwargs.get('name')
@@ -44,7 +44,7 @@ class ExperimentSessionController(DmSessionController):
return response
@cherrypy.expose
- @DmSessionController.require(DmSessionController.isLoggedIn())
+ @DmSessionController.require(DmSessionController.isAdministrator())
@DmSessionController.execute
def startUpload(self, **kwargs):
name = kwargs.get('name')
--
GitLab