From b2b224ce481721d6dd0ef22b6841c719ec758cd2 Mon Sep 17 00:00:00 2001
From: Kirill Zaitsev <kzaitsev@mirantis.com>
Date: Tue, 4 Aug 2015 01:25:26 +0300
Subject: [PATCH] Check session validity during env show api call

Moves the session check to utils file, together with check_env and
applies the check during environment show API call, thus raising correct
errors in case supplied session id is invalid or belongs to a different
environment

Change-Id: Ic10956b604cfc7243f07774e9da11caaf18794cd
Closes-Bug: #1481099
---
 murano/api/v1/environments.py |  4 ++++
 murano/api/v1/sessions.py     | 21 ++++-----------------
 murano/utils.py               | 18 ++++++++++++++++++
 3 files changed, 26 insertions(+), 17 deletions(-)

diff --git a/murano/api/v1/environments.py b/murano/api/v1/environments.py
index df8308612..c4183e14f 100644
--- a/murano/api/v1/environments.py
+++ b/murano/api/v1/environments.py
@@ -30,6 +30,7 @@ from murano.db.services import core_services
 from murano.db.services import environments as envs
 from murano.db import session as db_session
 from murano.utils import check_env
+from murano.utils import check_session
 from murano.utils import verify_env
 
 LOG = logging.getLogger(__name__)
@@ -99,6 +100,9 @@ class Controller(object):
         session_id = None
         if hasattr(request, 'context') and request.context.session:
             session_id = request.context.session
+        if session_id:
+            env_session = session.query(models.Session).get(session_id)
+            check_session(request, environment_id, env_session, session_id)
 
         # add services to env
         get_data = core_services.CoreServices.get_data
diff --git a/murano/api/v1/sessions.py b/murano/api/v1/sessions.py
index 2c42a19b2..4d3345fc1 100644
--- a/murano/api/v1/sessions.py
+++ b/murano/api/v1/sessions.py
@@ -24,6 +24,7 @@ from murano.db.services import sessions
 from murano.db import session as db_session
 from murano.services import states
 from murano.utils import check_env
+from murano.utils import check_session
 
 LOG = logging.getLogger(__name__)
 API_NAME = 'Sessions'
@@ -31,20 +32,6 @@ API_NAME = 'Sessions'
 
 class Controller(object):
 
-    def _check_session(self, request, environment_id, session, session_id):
-        if session is None:
-            msg = _('Session <SessionId {0}> is not found').format(session_id)
-            LOG.error(msg)
-            raise exc.HTTPNotFound(explanation=msg)
-
-        if session.environment_id != environment_id:
-            msg = _('Session <SessionId {0}> is not tied with Environment '
-                    '<EnvId {1}>').format(session_id, environment_id)
-            LOG.error(msg)
-            raise exc.HTTPNotFound(explanation=msg)
-
-        check_env(request, environment_id)
-
     @request_statistics.stats_count(API_NAME, 'Create')
     def configure(self, request, environment_id):
         LOG.debug('Session:Configure <EnvId: {0}>'.format(environment_id))
@@ -72,7 +59,7 @@ class Controller(object):
         unit = db_session.get_session()
         session = unit.query(models.Session).get(session_id)
 
-        self._check_session(request, environment_id, session, session_id)
+        check_session(request, environment_id, session, session_id)
 
         user_id = request.context.user
         msg = _('User <UserId {0}> is not authorized to access session'
@@ -95,7 +82,7 @@ class Controller(object):
         unit = db_session.get_session()
         session = unit.query(models.Session).get(session_id)
 
-        self._check_session(request, environment_id, session, session_id)
+        check_session(request, environment_id, session, session_id)
 
         user_id = request.context.user
         if session.user_id != user_id:
@@ -122,7 +109,7 @@ class Controller(object):
         unit = db_session.get_session()
         session = unit.query(models.Session).get(session_id)
 
-        self._check_session(request, environment_id, session, session_id)
+        check_session(request, environment_id, session, session_id)
 
         if not sessions.SessionServices.validate(session):
             msg = _('Session <SessionId {0}> is invalid').format(session_id)
diff --git a/murano/utils.py b/murano/utils.py
index 15ffd9113..4ad42cfbc 100644
--- a/murano/utils.py
+++ b/murano/utils.py
@@ -44,6 +44,24 @@ def check_env(request, environment_id):
     return environment
 
 
+def check_session(request, environment_id, session, session_id):
+    """Validate, that a session is ok."""
+    if session is None:
+        msg = _('Session <SessionId {id}> is not found').format(id=session_id)
+        LOG.error(msg)
+        raise exc.HTTPNotFound(explanation=msg)
+
+    if session.environment_id != environment_id:
+        msg = _('Session <SessionId {session_id}> is not tied '
+                'with Environment <EnvId {environment_id}>').format(
+                    session_id=session_id,
+                    environment_id=environment_id)
+        LOG.error(msg)
+        raise exc.HTTPNotFound(explanation=msg)
+
+    check_env(request, environment_id)
+
+
 def verify_env(func):
     @functools.wraps(func)
     def __inner(self, request, environment_id, *args, **kwargs):