Check session validity during env show api call

Moves the session check to utils file, together with check_env and applies the check during environment show API call, thus raising correct errors in case supplied session id is invalid or belongs to a different environment Change-Id: Ic10956b604cfc7243f07774e9da11caaf18794cd Closes-Bug: #1481099
2015-08-04 01:25:26 +03:00 · 2015-08-04 01:25:26 +03:00 · b2b224ce48
parent ff28f6922c
commit b2b224ce48
3 changed files with 26 additions and 17 deletions
--- a/murano/api/v1/environments.py
+++ b/murano/api/v1/environments.py
@ -30,6 +30,7 @@ from murano.db.services import core_services
 from murano.db.services import environments as envs
 from murano.db import session as db_session
 from murano.utils import check_env
+from murano.utils import check_session
 from murano.utils import verify_env

 LOG = logging.getLogger(__name__)
@ -99,6 +100,9 @@ class Controller(object):
        session_id = None
        if hasattr(request, 'context') and request.context.session:
            session_id = request.context.session
+        if session_id:
+            env_session = session.query(models.Session).get(session_id)
+            check_session(request, environment_id, env_session, session_id)

        # add services to env
        get_data = core_services.CoreServices.get_data
--- a/murano/api/v1/sessions.py
+++ b/murano/api/v1/sessions.py
@ -24,6 +24,7 @@ from murano.db.services import sessions
 from murano.db import session as db_session
 from murano.services import states
 from murano.utils import check_env
+from murano.utils import check_session

 LOG = logging.getLogger(__name__)
 API_NAME = 'Sessions'
@ -31,20 +32,6 @@ API_NAME = 'Sessions'

 class Controller(object):

-    def _check_session(self, request, environment_id, session, session_id):
-        if session is None:
-            msg = _('Session <SessionId {0}> is not found').format(session_id)
-            LOG.error(msg)
-            raise exc.HTTPNotFound(explanation=msg)
-
-        if session.environment_id != environment_id:
-            msg = _('Session <SessionId {0}> is not tied with Environment '
-                    '<EnvId {1}>').format(session_id, environment_id)
-            LOG.error(msg)
-            raise exc.HTTPNotFound(explanation=msg)
-
-        check_env(request, environment_id)
-
    @request_statistics.stats_count(API_NAME, 'Create')
    def configure(self, request, environment_id):
        LOG.debug('Session:Configure <EnvId: {0}>'.format(environment_id))
@ -72,7 +59,7 @@ class Controller(object):
        unit = db_session.get_session()
        session = unit.query(models.Session).get(session_id)

-        self._check_session(request, environment_id, session, session_id)
+        check_session(request, environment_id, session, session_id)

        user_id = request.context.user
        msg = _('User <UserId {0}> is not authorized to access session'
@ -95,7 +82,7 @@ class Controller(object):
        unit = db_session.get_session()
        session = unit.query(models.Session).get(session_id)

-        self._check_session(request, environment_id, session, session_id)
+        check_session(request, environment_id, session, session_id)

        user_id = request.context.user
        if session.user_id != user_id:
@ -122,7 +109,7 @@ class Controller(object):
        unit = db_session.get_session()
        session = unit.query(models.Session).get(session_id)

-        self._check_session(request, environment_id, session, session_id)
+        check_session(request, environment_id, session, session_id)

        if not sessions.SessionServices.validate(session):
            msg = _('Session <SessionId {0}> is invalid').format(session_id)
--- a/murano/utils.py
+++ b/murano/utils.py
@ -44,6 +44,24 @@ def check_env(request, environment_id):
    return environment


+def check_session(request, environment_id, session, session_id):
+    """Validate, that a session is ok."""
+    if session is None:
+        msg = _('Session <SessionId {id}> is not found').format(id=session_id)
+        LOG.error(msg)
+        raise exc.HTTPNotFound(explanation=msg)
+
+    if session.environment_id != environment_id:
+        msg = _('Session <SessionId {session_id}> is not tied '
+                'with Environment <EnvId {environment_id}>').format(
+                    session_id=session_id,
+                    environment_id=environment_id)
+        LOG.error(msg)
+        raise exc.HTTPNotFound(explanation=msg)
+
+    check_env(request, environment_id)
+
+
 def verify_env(func):
    @functools.wraps(func)
    def __inner(self, request, environment_id, *args, **kwargs):