Skip to content

Commit

Permalink
refactor: change UserConfig model and authorization policy
Browse files Browse the repository at this point in the history
Signed-off-by: Jongmin Kim <[email protected]>
  • Loading branch information
whdalsrnt committed Mar 17, 2022
1 parent bb5eb2b commit ff48258
Show file tree
Hide file tree
Showing 6 changed files with 50 additions and 23 deletions.
10 changes: 5 additions & 5 deletions src/spaceone/config/manager/user_config_manager.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ def _rollback(user_config_vo):
return user_config_vo

def update_user_config(self, params):
user_config_vo: UserConfig = self.get_user_config(params['name'], params['domain_id'])
user_config_vo: UserConfig = self.get_user_config(params['name'], params['user_id'], params['domain_id'])
return self.update_user_config_by_vo(params, user_config_vo)

def update_user_config_by_vo(self, params, user_config_vo):
Expand All @@ -36,12 +36,12 @@ def _rollback(old_data):

return user_config_vo.update(params)

def delete_user_config(self, name, domain_id):
user_config_vo: UserConfig = self.get_user_config(name, domain_id)
def delete_user_config(self, name, user_id, domain_id):
user_config_vo: UserConfig = self.get_user_config(name, user_id, domain_id)
user_config_vo.delete()

def get_user_config(self, name, domain_id, only=None):
return self.user_config_model.get(name=name, domain_id=domain_id, only=only)
def get_user_config(self, name, user_id, domain_id, only=None):
return self.user_config_model.get(name=name, user_id=user_id, domain_id=domain_id, only=only)

def filter_user_configs(self, **conditions):
return self.user_config_model.filter(**conditions)
Expand Down
4 changes: 2 additions & 2 deletions src/spaceone/config/model/user_config_model.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,10 @@ class UserConfigTag(EmbeddedDocument):


class UserConfig(MongoModel):
name = StringField(max_length=255, unique_with='domain_id')
name = StringField(max_length=255, unique_with=['user_id', 'domain_id'])
data = DictField()
tags = ListField(EmbeddedDocumentField(UserConfigTag))
user_id = StringField(max_length=40, default=None, null=True)
user_id = StringField(max_length=40)
domain_id = StringField(max_length=40)
created_at = DateTimeField(auto_now_add=True)
updated_at = DateTimeField(auto_now=True)
Expand Down
2 changes: 1 addition & 1 deletion src/spaceone/config/service/domain_config_service.py
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ def set(self, params):
if 'tags' in params:
params['tags'] = utils.dict_to_tags(params['tags'])

domain_config_vos = self.domain_config_mgr.filter_domain_configs(domain_id=domain_id)
domain_config_vos = self.domain_config_mgr.filter_domain_configs(domain_id=domain_id, name=params['name'])

if domain_config_vos.count() == 0:
return self.domain_config_mgr.create_domain_config(params)
Expand Down
34 changes: 24 additions & 10 deletions src/spaceone/config/service/user_config_service.py
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,7 @@ def create(self, params):
user_config_vo (object)
"""

user_type = self.transaction.get_meta('authorization.user_type')
if user_type == 'DOMAIN_OWNER':
raise ERROR_PERMISSION_DENIED()
self._check_permission(params['domain_id'])

params['user_id'] = self.transaction.get_meta('user_id')

Expand All @@ -63,6 +61,10 @@ def update(self, params):
user_config_vo (object)
"""

self._check_permission(params['domain_id'])

params['user_id'] = self.transaction.get_meta('user_id')

if 'tags' in params:
params['tags'] = utils.dict_to_tags(params['tags'])

Expand All @@ -85,19 +87,19 @@ def set(self, params):
user_config_vo (object)
"""

domain_id = params['domain_id']
self._check_permission(params['domain_id'])

params['user_id'] = self.transaction.get_meta('user_id')

user_type = self.transaction.get_meta('authorization.user_type')
if user_type == 'DOMAIN_OWNER':
raise ERROR_PERMISSION_DENIED()

params['user_id'] = self.transaction.get_meta('user_id')
user_id = params['user_id']

if 'tags' in params:
params['tags'] = utils.dict_to_tags(params['tags'])

user_config_vos = self.user_config_mgr.filter_user_configs(domain_id=domain_id, user_id=user_id)
user_config_vos = self.user_config_mgr.filter_user_configs(domain_id=params['domain_id'],
user_id=params['user_id'], name=params['name'])

if user_config_vos.count() == 0:
return self.user_config_mgr.create_user_config(params)
Expand All @@ -119,7 +121,10 @@ def delete(self, params):
None
"""

self.user_config_mgr.delete_user_config(params['name'], params['domain_id'])
self._check_permission(params['domain_id'])
user_id = self.transaction.get_meta('user_id')

self.user_config_mgr.delete_user_config(params['name'], user_id, params['domain_id'])

@transaction(append_meta={'authorization.scope': 'USER'})
@check_required(['name', 'domain_id'])
Expand All @@ -137,7 +142,9 @@ def get(self, params):
user_config_vo (object)
"""

return self.user_config_mgr.get_user_config(params['name'], params['domain_id'], params.get('only'))
user_id = self.transaction.get_meta('user_id')

return self.user_config_mgr.get_user_config(params['name'], user_id, params['domain_id'], params.get('only'))

@transaction(append_meta={
'authorization.scope': 'USER',
Expand Down Expand Up @@ -190,3 +197,10 @@ def stat(self, params):

query = params.get('query', {})
return self.user_config_mgr.state_user_configs(query)

def _check_permission(self, request_domain_id):
user_type = self.transaction.get_meta('authorization.user_type')
user_domain_id = self.transaction.get_meta('domain_id')

if user_type == 'DOMAIN_OWNER' or request_domain_id != user_domain_id:
raise ERROR_PERMISSION_DENIED()
1 change: 1 addition & 0 deletions test/factory/user_config_factory.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,5 +23,6 @@ class Meta:
}
]
domain_id = utils.generate_id('domain')
user_id = utils.generate_id('user')
updated_at = factory.Faker('date_time')
created_at = factory.Faker('date_time')
22 changes: 17 additions & 5 deletions test/service/test_user_config_service.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ def setUpClass(cls):
connect('test', host='mongomock://localhost')

cls.domain_id = utils.generate_id('domain')
cls.user_id = utils.generate_id('user')
cls.transaction = Transaction({
'service': 'config',
'api_class': 'UserConfig'
Expand Down Expand Up @@ -51,10 +52,12 @@ def test_create_user_config(self, *args):
'tags': {
utils.random_string(): utils.random_string()
},
'domain_id': utils.generate_id('domain')
'domain_id': self.domain_id
}

self.transaction.method = 'create'
self.transaction.set_meta('user_id', self.user_id)
self.transaction.set_meta('domain_id', self.domain_id)
user_config_svc = UserConfigService(transaction=self.transaction)
user_config_vo = user_config_svc.create(params.copy())

Expand All @@ -69,7 +72,7 @@ def test_create_user_config(self, *args):

@patch.object(MongoModel, 'connect', return_value=None)
def test_update_user_config(self, *args):
new_user_config_vo = UserConfigFactory(domain_id=self.domain_id)
new_user_config_vo = UserConfigFactory(domain_id=self.domain_id, user_id=self.user_id)

params = {
'name': new_user_config_vo.name,
Expand All @@ -83,6 +86,8 @@ def test_update_user_config(self, *args):
}

self.transaction.method = 'update'
self.transaction.set_meta('user_id', self.user_id)
self.transaction.set_meta('domain_id', self.domain_id)
user_config_svc = UserConfigService(transaction=self.transaction)
user_config_vo = user_config_svc.update(params.copy())

Expand All @@ -104,10 +109,12 @@ def test_set_user_config(self, *args):
'tags': {
utils.random_string(): utils.random_string()
},
'domain_id': utils.generate_id('domain')
'domain_id': self.domain_id
}

self.transaction.method = 'set'
self.transaction.set_meta('user_id', self.user_id)
self.transaction.set_meta('domain_id', self.domain_id)
user_config_svc = UserConfigService(transaction=self.transaction)
user_config_vo = user_config_svc.create(params.copy())

Expand All @@ -122,29 +129,33 @@ def test_set_user_config(self, *args):

@patch.object(MongoModel, 'connect', return_value=None)
def test_delete_user_config(self, *args):
new_user_config_vo = UserConfigFactory(domain_id=self.domain_id)
new_user_config_vo = UserConfigFactory(domain_id=self.domain_id, user_id=self.user_id)

params = {
'name': new_user_config_vo.name,
'domain_id': self.domain_id
}

self.transaction.method = 'delete'
self.transaction.set_meta('user_id', self.user_id)
self.transaction.set_meta('domain_id', self.domain_id)
user_config_svc = UserConfigService(transaction=self.transaction)
result = user_config_svc.delete(params.copy())

self.assertIsNone(result)

@patch.object(MongoModel, 'connect', return_value=None)
def test_get_user_config(self, *args):
new_user_config_vo = UserConfigFactory(domain_id=self.domain_id)
new_user_config_vo = UserConfigFactory(domain_id=self.domain_id, user_id=self.user_id)

params = {
'name': new_user_config_vo.name,
'domain_id': self.domain_id
}

self.transaction.method = 'get'
self.transaction.set_meta('user_id', self.user_id)
self.transaction.set_meta('domain_id', self.domain_id)
user_config_svc = UserConfigService(transaction=self.transaction)
user_config_vo = user_config_svc.get(params.copy())

Expand All @@ -164,6 +175,7 @@ def test_list_user_configs_by_name(self, *args):
}

self.transaction.method = 'list'
self.transaction.set_meta('user_id', 'test_user')
user_config_svc = UserConfigService(transaction=self.transaction)
user_config_vos, total_count = user_config_svc.list(params.copy())
UserConfigsInfo(user_config_vos, total_count)
Expand Down

0 comments on commit ff48258

Please sign in to comment.