Commit e432e3d2 authored by Lukas Burgey's avatar Lukas Burgey

Add auth check for service exchange

parent 264736a0
...@@ -229,13 +229,20 @@ def topic_endpoint_apiclient(request, apiclient): ...@@ -229,13 +229,20 @@ def topic_endpoint_apiclient(request, apiclient):
name = request.POST.get('name', '') name = request.POST.get('name', '')
routing_key = request.POST.get('routing_key', '') routing_key = request.POST.get('routing_key', '')
if name == 'groups': if name == 'groups' or name == 'entitlements':
try: try:
group = Group.objects.get(name=routing_key) vo = None
if name == 'groups':
vo = Group.objects.get(name=routing_key)
elif name == 'entitlements':
vo = Entitlement.objects.get(
# we strip the group authority from the routing key if it was included
name=Entitlement.extract_name(routing_key),
)
try: try:
models.Site.objects.get( models.Site.objects.get(
services__vos=group, services__vos=vo,
client=apiclient, client=apiclient,
) )
return topic_auth_decision(request, ALLOW) return topic_auth_decision(request, ALLOW)
...@@ -246,19 +253,17 @@ def topic_endpoint_apiclient(request, apiclient): ...@@ -246,19 +253,17 @@ def topic_endpoint_apiclient(request, apiclient):
except models.Site.DoesNotExist: except models.Site.DoesNotExist:
return topic_auth_decision(request, DENY) return topic_auth_decision(request, DENY)
except Group.DoesNotExist: except (Group.DoesNotExist, Entitlement.DoesNotExist):
LOGGER.error('VO does not exist: %s', routing_key)
return topic_auth_decision(request, DENY) return topic_auth_decision(request, DENY)
if name == 'entitlements': elif name == 'services':
try: try:
entitlement = Entitlement.objects.get( service = models.Service.objects.get(name=routing_key)
# we strip the group authority from the routing key if it was included
name=Entitlement.extract_name(routing_key),
)
try: try:
models.Site.objects.get( models.Site.objects.get(
services__vos=entitlement, services=service,
client=apiclient, client=apiclient,
) )
return topic_auth_decision(request, ALLOW) return topic_auth_decision(request, ALLOW)
...@@ -269,8 +274,8 @@ def topic_endpoint_apiclient(request, apiclient): ...@@ -269,8 +274,8 @@ def topic_endpoint_apiclient(request, apiclient):
except models.Site.DoesNotExist: except models.Site.DoesNotExist:
return topic_auth_decision(request, DENY) return topic_auth_decision(request, DENY)
except Entitlement.DoesNotExist: except models.Service.DoesNotExist:
LOGGER.error('Entitlement does not exist: %s', routing_key) LOGGER.error('Service does not exist: %s', routing_key)
return topic_auth_decision(request, DENY) return topic_auth_decision(request, DENY)
return topic_auth_decision(request, DENY) return topic_auth_decision(request, DENY)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment