[elbe-devel] [PATCH 03/10] elbepack: projectmanager/db: remove permission checks
Thomas Weißschuh
thomas.weissschuh at linutronix.de
Fri Feb 28 14:59:14 CET 2025
The usermanagemant is going away, so remove the user-based permission
checks.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh at linutronix.de>
---
elbepack/daemons/soap/esoap.py | 18 +----------------
elbepack/db.py | 14 --------------
elbepack/projectmanager.py | 44 +++++++++++++-----------------------------
3 files changed, 14 insertions(+), 62 deletions(-)
diff --git a/elbepack/daemons/soap/esoap.py b/elbepack/daemons/soap/esoap.py
index d93cc5be3fc261158d972f6d86b966c7a161ddda..0d470b27af642abb1a360458668849b2bef6b19f 100644
--- a/elbepack/daemons/soap/esoap.py
+++ b/elbepack/daemons/soap/esoap.py
@@ -100,13 +100,11 @@ class ESoap (ServiceBase):
@rpc(String, _returns=SoapProject)
@authenticated_uid
def get_project(self, uid, builddir):
- self.app.pm.open_project(uid, builddir)
return self.app.pm.db.get_project_data(builddir)
@rpc(String, _returns=Array(SoapFile))
@authenticated_uid
def get_files(self, uid, builddir):
- self.app.pm.open_project(uid, builddir)
files = self.app.pm.db.get_project_files(builddir)
return files
@@ -130,8 +128,7 @@ class ESoap (ServiceBase):
fp.flush()
self.app.pm.db.reset_busy(builddir, 'has_changes')
if fname == 'source.xml':
- self.app.pm.open_project(
- uid, builddir, url_validation=ValidationMode.NO_CHECK)
+ self.app.pm.open_project(builddir, url_validation=ValidationMode.NO_CHECK)
self.app.pm.set_project_xml(builddir, fn)
return -2
@@ -179,9 +176,6 @@ class ESoap (ServiceBase):
@rpc(String)
@authenticated_uid
def start_cdrom(self, uid, builddir):
- self.app.pm.open_project(
- uid, builddir, url_validation=ValidationMode.NO_CHECK)
-
cdrom_fname = os.path.join(builddir, 'uploaded_cdrom.iso')
# Now write empty File
@@ -191,9 +185,6 @@ class ESoap (ServiceBase):
@rpc(String, String)
@authenticated_uid
def append_cdrom(self, uid, builddir, data):
- self.app.pm.open_project(
- uid, builddir, url_validation=ValidationMode.NO_CHECK)
-
cdrom_fname = os.path.join(builddir, 'uploaded_cdrom.iso')
# Now append data to cdrom_file
@@ -209,8 +200,6 @@ class ESoap (ServiceBase):
@rpc(String)
@authenticated_uid
def start_pdebuild(self, uid, builddir):
- self.app.pm.open_project(uid, builddir)
-
pdebuild_fname = os.path.join(builddir, 'current_pdebuild.tar.gz')
# Now write empty File
@@ -220,8 +209,6 @@ class ESoap (ServiceBase):
@rpc(String, String)
@authenticated_uid
def append_pdebuild(self, uid, builddir, data):
- self.app.pm.open_project(uid, builddir)
-
pdebuild_fname = os.path.join(builddir, 'current_pdebuild.tar.gz')
# Now write empty File
@@ -260,7 +247,6 @@ class ESoap (ServiceBase):
@rpc(String)
@authenticated_uid
def reset_project(self, uid, builddir):
- self.app.pm.open_project(uid, builddir)
self.app.pm.db.reset_project(builddir, True)
@rpc(String)
@@ -300,7 +286,6 @@ class ESoap (ServiceBase):
@rpc(String, _returns=String.customize(max_occurs='unbounded'))
@authenticated_uid
def list_packages(self, uid, builddir):
- self.app.pm.open_project(uid, builddir)
r = []
for _, _, filenames in os.walk(
os.path.join(builddir, 'repo/pool/main')):
@@ -311,7 +296,6 @@ class ESoap (ServiceBase):
@rpc(String, String)
@authenticated_uid
def tar_prjrepo(self, uid, builddir, filename):
- self.app.pm.open_project(uid, builddir)
with tarfile.open(os.path.join(builddir, filename), 'w:gz') as tar:
tar.add(
os.path.join(
diff --git a/elbepack/db.py b/elbepack/db.py
index ee07380a967c9014698e61e6d7f6af3932289db1..0baa57faac24a11bc70f1f01b3117fd372a44d33 100644
--- a/elbepack/db.py
+++ b/elbepack/db.py
@@ -384,20 +384,6 @@ class ElbeDB:
p.status = new_status
- def get_owner_id(self, builddir):
- with session_scope(self.session) as s:
- try:
- p = s.query(Project).filter(Project.builddir == builddir).\
- one()
- except NoResultFound:
- raise ElbeDBError(
- f'project {builddir} is not registered in the database')
-
- if p.owner_id is None:
- return None
-
- return int(p.owner_id)
-
def get_project_files(self, builddir):
# Can throw: ElbeDBError
with session_scope(self.session) as s:
diff --git a/elbepack/projectmanager.py b/elbepack/projectmanager.py
index b93493cb3af36e206d4a85ba867c4205672f9af1..a49d39a00034e698e98a450bb2e592e7c2b2521b 100644
--- a/elbepack/projectmanager.py
+++ b/elbepack/projectmanager.py
@@ -26,11 +26,6 @@ class ProjectManagerError(Exception):
pass
-class PermissionDenied(ProjectManagerError):
- def __init__(self, builddir):
- super().__init__(f'permission denied for project in {builddir}')
-
-
class InvalidState(ProjectManagerError):
pass
@@ -72,11 +67,9 @@ class ProjectManager:
def open_project(
self,
- userid,
builddir,
url_validation=ValidationMode.CHECK_ALL,
allow_busy=True):
- self._check_project_permission(userid, builddir)
# Load project from the database
ep = self.db.load_project(builddir,
@@ -87,15 +80,13 @@ class ProjectManager:
return ep
def del_project(self, userid, builddir):
- self._check_project_permission(userid, builddir)
-
self.db.del_project(builddir)
def set_project_xml(self, builddir, xml_file):
self.db.set_xml(builddir, xml_file)
def set_upload_cdrom(self, userid, builddir, url_validation):
- ep = self.open_project(userid, builddir, url_validation, allow_busy=False)
+ ep = self.open_project(builddir, url_validation, allow_busy=False)
ep.xml.set_cdrom_mirror(
path.join(
ep.builddir,
@@ -112,20 +103,20 @@ class ProjectManager:
build_bin,
build_src,
skip_pbuilder):
- ep = self.open_project(userid, builddir, allow_busy=False)
+ ep = self.open_project(builddir, allow_busy=False)
self.worker.enqueue(BuildJob(ep, build_bin, build_src,
skip_pbuilder))
def update_pbuilder(self, userid, builddir):
- ep = self.open_project(userid, builddir, allow_busy=False)
+ ep = self.open_project(builddir, allow_busy=False)
self.worker.enqueue(UpdatePbuilderJob(ep))
def build_pbuilder(self, userid, builddir, cross, noccache, ccachesize):
- ep = self.open_project(userid, builddir, allow_busy=False)
+ ep = self.open_project(builddir, allow_busy=False)
self.worker.enqueue(CreatePbuilderJob(ep, ccachesize, cross, noccache))
def build_pdebuild(self, userid, builddir, profile, cross):
- ep = self.open_project(userid, builddir, allow_busy=False)
+ ep = self.open_project(builddir, allow_busy=False)
if (not path.isdir(path.join(ep.builddir, 'pbuilder')) and
not path.isdir(path.join(ep.builddir, 'pbuilder_cross'))):
raise InvalidState('No pbuilder exists: run "elbe pbuilder '
@@ -134,7 +125,7 @@ class ProjectManager:
self.worker.enqueue(PdebuildJob(ep, profile, cross))
def set_orig_fname(self, userid, builddir, fname):
- ep = self.open_project(userid, builddir, allow_busy=False)
+ ep = self.open_project(builddir, allow_busy=False)
# Write empty File
with open(os.path.join(builddir, fname), 'w'):
pass
@@ -148,7 +139,7 @@ class ProjectManager:
ep.orig_files.append(fname)
def get_orig_fname(self, userid, builddir):
- ep = self.open_project(userid, builddir, allow_busy=False)
+ ep = self.open_project(builddir, allow_busy=False)
if (not path.isdir(path.join(ep.builddir, 'pbuilder')) and
not path.isdir(path.join(ep.builddir, 'pbuilder_cross'))):
raise InvalidState('No pbuilder exists: run "elbe pbuilder '
@@ -157,28 +148,28 @@ class ProjectManager:
return ep.orig_fname
def build_chroot_tarball(self, userid, builddir):
- ep = self.open_project(userid, builddir, allow_busy=False)
+ ep = self.open_project(builddir, allow_busy=False)
self.worker.enqueue(BuildChrootTarJob(ep))
def build_sysroot(self, userid, builddir):
- ep = self.open_project(userid, builddir, allow_busy=False)
+ ep = self.open_project(builddir, allow_busy=False)
self.worker.enqueue(BuildSysrootJob(ep))
def build_sdk(self, userid, builddir):
- ep = self.open_project(userid, builddir, allow_busy=False)
+ ep = self.open_project(builddir, allow_busy=False)
self.worker.enqueue(BuildSDKJob(ep))
def build_cdroms(self, userid, builddir, build_bin, build_src):
- ep = self.open_project(userid, builddir, allow_busy=False)
+ ep = self.open_project(builddir, allow_busy=False)
self.worker.enqueue(BuildCDROMsJob(ep, build_bin, build_src))
def rm_log(self, userid, builddir):
- ep = self.open_project(userid, builddir)
+ ep = self.open_project(builddir)
with open(os.path.join(ep.builddir, 'log.txt'), 'wb', 0):
pass
def add_deb_package(self, userid, builddir, filename):
- ep = self.open_project(userid, builddir)
+ ep = self.open_project(builddir)
t = os.path.splitext(filename)[1] # filetype of uploaded file
pkg_name = filename.split('_')[0]
@@ -196,18 +187,9 @@ class ProjectManager:
ep.repo.finalize()
def project_is_busy(self, userid, builddir):
- self._check_project_permission(userid, builddir)
-
msg = read_loggingQ(builddir)
return self.db.is_busy(builddir), msg
def _assert_not_busy(self, ep):
if self.db.is_busy(ep.builddir):
raise InvalidState(f'project {ep.builddir} is busy')
-
- def _check_project_permission(self, userid, builddir):
- if self.db.get_owner_id(builddir) != userid:
- # Project of another user, deny access
- raise PermissionDenied(builddir)
-
- # User is owner, so allow it
--
2.48.1
More information about the elbe-devel
mailing list