Commit e432e3d2 authored by Lukas Burgey's avatar Lukas Burgey

Add auth check for service exchange

parent 264736a0
......@@ -229,13 +229,20 @@ def topic_endpoint_apiclient(request, apiclient):
name = request.POST.get('name', '')
routing_key = request.POST.get('routing_key', '')
if name == 'groups':
if name == 'groups' or name == 'entitlements':
try:
group = Group.objects.get(name=routing_key)
vo = None
if name == 'groups':
vo = Group.objects.get(name=routing_key)
elif name == 'entitlements':
vo = Entitlement.objects.get(
# we strip the group authority from the routing key if it was included
name=Entitlement.extract_name(routing_key),
)
try:
models.Site.objects.get(
services__vos=group,
services__vos=vo,
client=apiclient,
)
return topic_auth_decision(request, ALLOW)
......@@ -246,19 +253,17 @@ def topic_endpoint_apiclient(request, apiclient):
except models.Site.DoesNotExist:
return topic_auth_decision(request, DENY)
except Group.DoesNotExist:
except (Group.DoesNotExist, Entitlement.DoesNotExist):
LOGGER.error('VO does not exist: %s', routing_key)
return topic_auth_decision(request, DENY)
if name == 'entitlements':
elif name == 'services':
try:
entitlement = Entitlement.objects.get(
# we strip the group authority from the routing key if it was included
name=Entitlement.extract_name(routing_key),
)
service = models.Service.objects.get(name=routing_key)
try:
models.Site.objects.get(
services__vos=entitlement,
services=service,
client=apiclient,
)
return topic_auth_decision(request, ALLOW)
......@@ -269,8 +274,8 @@ def topic_endpoint_apiclient(request, apiclient):
except models.Site.DoesNotExist:
return topic_auth_decision(request, DENY)
except Entitlement.DoesNotExist:
LOGGER.error('Entitlement does not exist: %s', routing_key)
except models.Service.DoesNotExist:
LOGGER.error('Service does not exist: %s', routing_key)
return topic_auth_decision(request, DENY)
return topic_auth_decision(request, DENY)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment