Commit 8309066c authored by Leigh Stoller's avatar Leigh Stoller

Convert a bunch of (improper) uses of TBProjAccessCheck() to method

calls on the project object.
parent 5eb71585
......@@ -126,9 +126,9 @@ $template = Template->Lookup($guid, $version);
if (!defined($template)) {
tbdie("Experiment template $guid/$version does not exist!");
}
if (! TBProjAccessCheck($user_uid,
$template->pid(), $template->gid(),
TB_PROJECT_READINFO)) {
my $project = $template->GetProject();
if (! $project->AccessCheck($this_user, TB_PROJECT_READINFO)) {
tberror("You do not have permission to export template $guid/$version");
exit(1);
}
......
......@@ -103,11 +103,8 @@ $template = Template->Lookup($template_guid, $template_vers);
if (!defined($template)) {
tbdie("Experiment template $template_guid/$template_vers does not exist!");
}
if (! TBProjAccessCheck($user_uid,
$template->pid(), $template->gid(),
TB_PROJECT_CREATEEXPT)) {
tberror("You do not have permission to add metadata to template ".
"$template_guid/$template_vers");
if (! $template->AccessCheck($this_user, TB_EXPT_MODIFY)) {
tberror("You do not have permission to modify $template");
exit(1);
}
......
......@@ -104,6 +104,7 @@ use libtblog;
use libArchive;
use Template;
use libaudit;
use Project;
use User;
# In libdb
......@@ -159,8 +160,12 @@ ParseArgs();
#
# Make sure UID is allowed to create experiments in this project.
#
if (! TBProjAccessCheck($user_uid, $pid, $gid, TB_PROJECT_CREATEEXPT)) {
tbdie("You do not have permission to create experiments in $pid/$gid");
my $project = Project->Lookup($pid, $eid);
if (!defined($project)) {
tbdie("Could not map project $pid/$eid to its object!");
}
if (! $project->AccessCheck($this_user, TB_PROJECT_CREATEEXPT)) {
tbdie("You do not have permission to create templates in $pid/$gid");
}
#
......
......@@ -227,13 +227,10 @@ if (!defined($archive)) {
}
#
# Check project permission.
# Check permission.
#
if (! TBProjAccessCheck($user_uid,
$template->pid(), $template->gid(),
TB_PROJECT_CREATEEXPT)) {
tberror("You do not have permission to instantiate template ".
"$guid/$version");
if (! $template->AccessCheck($this_user, TB_EXPT_MODIFY)) {
tberror("You do not have permission to start/stop runs in $instance!");
exit(1);
}
......
......@@ -185,9 +185,11 @@ $template = Template->Lookup($guid, $version);
if (!defined($template)) {
tbdie("Experiment template $guid/$version does not exist!");
}
if (! TBProjAccessCheck($user_uid,
$template->pid(), $template->gid(),
TB_PROJECT_CREATEEXPT)) {
my $project = $template->GetProject();
if (!defined($project)) {
tbdie("Could not get project for $template");
}
if (! $project->AccessCheck($this_user, TB_PROJECT_CREATEEXPT)) {
tberror("You do not have permission to instantiate template ".
"$guid/$version");
exit(1);
......
......@@ -130,10 +130,8 @@ $template = Template->Lookup($guid, $version);
if (!defined($template)) {
tbdie("Experiment template $guid/$version does not exist!");
}
if (! TBProjAccessCheck($user_uid,
$template->pid(), $template->gid(),
TB_PROJECT_READINFO)) {
tberror("You do not have permission to export template $guid/$version");
if (! $template->AccessCheck($this_user, TB_EXPT_READINFO)) {
tberror("You do not have permission to access template $guid/$version");
exit(1);
}
my $pid = $template->pid();
......
......@@ -104,9 +104,7 @@ $template = Template->Lookup($template_guid, $template_vers);
if (!defined($template)) {
tbdie("Experiment template $template_guid/$template_vers does not exist!");
}
if (! TBProjAccessCheck($user_uid,
$template->pid(), $template->gid(),
TB_PROJECT_CREATEEXPT)) {
if (! $template->AccessCheck($this_user, TB_EXPT_MODIFY)) {
tberror("You do not have permission to add metadata to template ".
"$template_guid/$template_vers");
exit(1);
......
......@@ -168,9 +168,11 @@ $template = Template->Lookup($guid, $version);
if (!defined($template)) {
tbdie("Experiment template $guid/$version does not exist!");
}
if (! TBProjAccessCheck($user_uid,
$template->pid(), $template->gid(),
TB_PROJECT_CREATEEXPT)) {
my $project = $template->GetProject();
if (!defined($project)) {
tbdie("Could not get project for $template");
}
if (! $project->AccessCheck($this_user, TB_PROJECT_CREATEEXPT)) {
tberror("You do not have permission to instantiate template ".
"$guid/$version");
exit(1);
......
......@@ -137,9 +137,7 @@ $template = Template->Lookup($guid, $version);
if (!defined($template)) {
tbdie("Experiment template $guid/$version does not exist!");
}
if (! TBProjAccessCheck($user_uid,
$template->pid(), $template->gid(),
TB_PROJECT_CREATEEXPT)) {
if (! $template->AccessCheck($this_user, TB_EXPT_DESTROY)) {
tberror("You do not have permission to terminate template instance ".
"$eid in template $guid/$version");
exit(1);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment