[PATCH] add missed permission check in RootExports.wrapperRPM
cqi at redhat.com
cqi at redhat.com
Tue Feb 10 15:01:52 UTC 2015
From: Chenxiong Qi <cqi at redhat.com>
according to the docstring and the behavior in other similar methods,
permission should be checked against current session before increasing
priority. RootExports.wrapperRPM has no such step.
The process of adjusting priority gets refactored to avoid duplicated code.
---
hub/kojihub.py | 60 +++++++++++++++++++++----------------------------------
1 files changed, 23 insertions(+), 37 deletions(-)
diff --git a/hub/kojihub.py b/hub/kojihub.py
index 92fc889..61fb498 100644
--- a/hub/kojihub.py
+++ b/hub/kojihub.py
@@ -7002,6 +7002,20 @@ class RootExports(object):
context.session.assertPerm('admin')
return make_task('restartHosts', [], priority=priority)
+ def _adjust_priority(self, priority):
+ """Adjust priority relative to the default priority
+
+ priority: the amount to increase (or decrease) the task priority,
+ relative to the default priority; higher values mean lower
+ priority. Only admins have the right to specify a negative
+ priority here, otherwise, ActionNotAllowed will be raised.
+ returns final priority
+ """
+ if priority < 0:
+ if not context.session.hasPerm('admin'):
+ raise koji.ActionNotAllowed, 'only admins may create high-priority tasks'
+ return koji.PRIO_DEFAULT + priority
+
def build(self, src, target, opts=None, priority=None, channel=None):
"""Create a build task
@@ -7015,10 +7029,7 @@ class RootExports(object):
opts = {}
taskOpts = {}
if priority:
- if priority < 0:
- if not context.session.hasPerm('admin'):
- raise koji.ActionNotAllowed, 'only admins may create high-priority tasks'
- taskOpts['priority'] = koji.PRIO_DEFAULT + priority
+ taskOpts['priority'] = self._adjust_priority(priority)
if channel:
taskOpts['channel'] = channel
return make_task('build',[src, target, opts],**taskOpts)
@@ -7040,10 +7051,7 @@ class RootExports(object):
opts = {}
taskOpts = {}
if priority:
- if priority < 0:
- if not context.session.hasPerm('admin'):
- raise koji.ActionNotAllowed, 'only admins may create high-priority tasks'
- taskOpts['priority'] = koji.PRIO_DEFAULT + priority
+ taskOpts['priority'] = self._adjust_priority(priority)
if channel:
taskOpts['channel'] = channel
@@ -7067,10 +7075,7 @@ class RootExports(object):
opts = {}
taskOpts = {}
if priority:
- if priority < 0:
- if not context.session.hasPerm('admin'):
- raise koji.ActionNotAllowed, 'only admins may create high-priority tasks'
- taskOpts['priority'] = koji.PRIO_DEFAULT + priority
+ taskOpts['priority'] = self._adjust_priority(priority)
if channel:
taskOpts['channel'] = channel
@@ -7111,7 +7116,7 @@ class RootExports(object):
taskOpts = {}
if priority:
- taskOpts['priority'] = koji.PRIO_DEFAULT + priority
+ taskOpts['priority'] = self._adjust_priority(priority)
taskOpts['channel'] = channel
return make_task('wrapperRPM', [url, build_target, build, None, opts], **taskOpts)
@@ -7132,10 +7137,7 @@ class RootExports(object):
raise koji.GenericError, "Maven support not enabled"
taskOpts = {}
if priority:
- if priority < 0:
- if not context.session.hasPerm('admin'):
- raise koji.ActionNotAllowed, 'only admins may create high-priority tasks'
- taskOpts['priority'] = koji.PRIO_DEFAULT + priority
+ taskOpts['priority'] = self._adjust_priority(priority)
if channel:
taskOpts['channel'] = channel
@@ -7166,10 +7168,7 @@ class RootExports(object):
opts = {}
taskOpts = {}
if priority:
- if priority < 0:
- if not context.session.hasPerm('admin'):
- raise koji.ActionNotAllowed, 'only admins may create high-priority tasks'
- taskOpts['priority'] = koji.PRIO_DEFAULT + priority
+ taskOpts['priority'] = self._adjust_priority(priority)
if channel:
taskOpts['channel'] = channel
@@ -7190,12 +7189,7 @@ class RootExports(object):
taskOpts = {'channel': img_type}
taskOpts['arch'] = arch
if priority:
- if priority < 0:
- if not context.session.hasPerm('admin'):
- raise koji.ActionNotAllowed, \
- 'only admins may create high-priority tasks'
-
- taskOpts['priority'] = koji.PRIO_DEFAULT + priority
+ taskOpts['priority'] = self._adjust_priority(priority)
return make_task(img_type, [name, version, arch, target, ksfile, opts], **taskOpts)
@@ -7208,12 +7202,8 @@ class RootExports(object):
context.session.assertPerm('image')
taskOpts = {'channel': 'image'}
if priority:
- if priority < 0:
- if not context.session.hasPerm('admin'):
- raise koji.ActionNotAllowed, \
- 'only admins may create high-priority tasks'
+ taskOpts['priority'] = self._adjust_priority(priority)
- taskOpts['priority'] = koji.PRIO_DEFAULT + priority
if not opts.has_key('scratch') and not opts.has_key('indirection_template_url'):
raise koji.ActionNotAllowed, 'Non-scratch builds must provide url for the indirection template'
@@ -7228,12 +7218,8 @@ class RootExports(object):
context.session.assertPerm('image')
taskOpts = {'channel': 'image'}
if priority:
- if priority < 0:
- if not context.session.hasPerm('admin'):
- raise koji.ActionNotAllowed, \
- 'only admins may create high-priority tasks'
+ taskOpts['priority'] = self._adjust_priority(priority)
- taskOpts['priority'] = koji.PRIO_DEFAULT + priority
if not opts.has_key('scratch') and not opts.has_key('ksurl'):
raise koji.ActionNotAllowed, 'Non-scratch builds must provide ksurl'
--
1.7.1
More information about the buildsys
mailing list