diff options
| author | Stevan Radaković <stevan.radakovic@linaro.org> | 2014-02-17 18:06:06 +0100 |
|---|---|---|
| committer | Linaro Code Review <review@review.linaro.org> | 2014-02-25 17:25:24 +0000 |
| commit | ad4d6896f1d74e499791e013b15633ba54f0675f (patch) | |
| tree | eca57ab2c4138ce90f20c01c7b2c12346007b531 /dashboard_app/xmlrpc.py | |
| parent | de663c84a3c99904879f27362b85cb17753cf909 (diff) | |
Fix bug #1280018.
This change enables superuser to access/edit all filters and image reports on the dashboard regardless of their 'public' status.
Furthermore it allows superuser reading of private bundle streams and creating ones as well (although in case of private user bundles it creates one for the superuser).
Change-Id: I4b4f534c2f2e5168a93b005781e1eac21be1d847
Diffstat (limited to 'dashboard_app/xmlrpc.py')
| -rw-r--r-- | dashboard_app/xmlrpc.py | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/dashboard_app/xmlrpc.py b/dashboard_app/xmlrpc.py index ef68fea36..9f8648860 100644 --- a/dashboard_app/xmlrpc.py +++ b/dashboard_app/xmlrpc.py @@ -105,7 +105,10 @@ class DashboardAPI(ExposedAPI): def _put(self, content, content_filename, pathname): try: logging.debug("Getting bundle stream") - bundle_stream = BundleStream.objects.accessible_by_principal(self.user).get(pathname=pathname) + if self.user.is_superuser: + bundle_stream = BundleStream.objects.get(pathname=pathname) + else: + bundle_stream = BundleStream.objects.accessible_by_principal(self.user).get(pathname=pathname) except BundleStream.DoesNotExist: logging.debug("Bundle stream does not exist, aborting") raise xmlrpclib.Fault(errors.NOT_FOUND, @@ -300,7 +303,10 @@ class DashboardAPI(ExposedAPI): """ try: logging.debug("Getting bundle stream") - bundle_stream = BundleStream.objects.accessible_by_principal(self.user).get(pathname=pathname) + if self.user.is_superuser: + bundle_stream = BundleStream.objects.get(pathname=pathname) + else: + bundle_stream = BundleStream.objects.accessible_by_principal(self.user).get(pathname=pathname) except BundleStream.DoesNotExist: logging.debug("Bundle stream does not exist, aborting") raise xmlrpclib.Fault(errors.NOT_FOUND, @@ -518,7 +524,11 @@ class DashboardAPI(ExposedAPI): - personal streams are accessible to owners - team streams are accessible to team members """ - bundle_streams = BundleStream.objects.accessible_by_principal(self.user) + if self.user.is_superuser: + bundle_streams = BundleStream.objects.all() + else: + bundle_streams = BundleStream.objects.accessible_by_principal( + self.user) return [ { 'pathname': bundle_stream.pathname, @@ -585,7 +595,10 @@ class DashboardAPI(ExposedAPI): - team streams are accessible to team members """ try: - bundle_stream = BundleStream.objects.accessible_by_principal(self.user).get(pathname=pathname) + if self.user.is_superuser: + bundle_stream = BundleStream.objects.get(pathname=pathname) + else: + bundle_stream = BundleStream.objects.accessible_by_principal(self.user).get(pathname=pathname) except BundleStream.DoesNotExist: raise xmlrpclib.Fault(errors.NOT_FOUND, "Bundle stream not found") return [ @@ -723,14 +736,18 @@ class DashboardAPI(ExposedAPI): assert is_anonymous is False assert self.user is not None if user_name is not None: - if user_name != self.user.username: - raise xmlrpclib.Fault( - errors.FORBIDDEN, - "Only user {user!r} could create this stream".format(user=user_name)) + if not self.user.is_superuser: + if user_name != self.user.username: + raise xmlrpclib.Fault( + errors.FORBIDDEN, + "Only user {user!r} could create this stream".format(user=user_name)) user = self.user # map to real user object elif group_name is not None: try: - group = self.user.groups.get(name=group_name) + if self.user.is_superuser: + group = Group.objects.get(name=group_name) + else: + group = self.user.groups.get(name=group_name) except Group.DoesNotExist: raise xmlrpclib.Fault( errors.FORBIDDEN, |