Commit 8309066c authored by Leigh Stoller's avatar Leigh Stoller

Convert a bunch of (improper) uses of TBProjAccessCheck() to method

calls on the project object.
parent 5eb71585
...@@ -126,9 +126,9 @@ $template = Template->Lookup($guid, $version); ...@@ -126,9 +126,9 @@ $template = Template->Lookup($guid, $version);
if (!defined($template)) { if (!defined($template)) {
tbdie("Experiment template $guid/$version does not exist!"); tbdie("Experiment template $guid/$version does not exist!");
} }
if (! TBProjAccessCheck($user_uid,
$template->pid(), $template->gid(), my $project = $template->GetProject();
TB_PROJECT_READINFO)) { if (! $project->AccessCheck($this_user, TB_PROJECT_READINFO)) {
tberror("You do not have permission to export template $guid/$version"); tberror("You do not have permission to export template $guid/$version");
exit(1); exit(1);
} }
......
...@@ -103,11 +103,8 @@ $template = Template->Lookup($template_guid, $template_vers); ...@@ -103,11 +103,8 @@ $template = Template->Lookup($template_guid, $template_vers);
if (!defined($template)) { if (!defined($template)) {
tbdie("Experiment template $template_guid/$template_vers does not exist!"); tbdie("Experiment template $template_guid/$template_vers does not exist!");
} }
if (! TBProjAccessCheck($user_uid, if (! $template->AccessCheck($this_user, TB_EXPT_MODIFY)) {
$template->pid(), $template->gid(), tberror("You do not have permission to modify $template");
TB_PROJECT_CREATEEXPT)) {
tberror("You do not have permission to add metadata to template ".
"$template_guid/$template_vers");
exit(1); exit(1);
} }
......
...@@ -104,6 +104,7 @@ use libtblog; ...@@ -104,6 +104,7 @@ use libtblog;
use libArchive; use libArchive;
use Template; use Template;
use libaudit; use libaudit;
use Project;
use User; use User;
# In libdb # In libdb
...@@ -159,8 +160,12 @@ ParseArgs(); ...@@ -159,8 +160,12 @@ ParseArgs();
# #
# Make sure UID is allowed to create experiments in this project. # Make sure UID is allowed to create experiments in this project.
# #
if (! TBProjAccessCheck($user_uid, $pid, $gid, TB_PROJECT_CREATEEXPT)) { my $project = Project->Lookup($pid, $eid);
tbdie("You do not have permission to create experiments in $pid/$gid"); if (!defined($project)) {
tbdie("Could not map project $pid/$eid to its object!");
}
if (! $project->AccessCheck($this_user, TB_PROJECT_CREATEEXPT)) {
tbdie("You do not have permission to create templates in $pid/$gid");
} }
# #
......
...@@ -227,13 +227,10 @@ if (!defined($archive)) { ...@@ -227,13 +227,10 @@ if (!defined($archive)) {
} }
# #
# Check project permission. # Check permission.
# #
if (! TBProjAccessCheck($user_uid, if (! $template->AccessCheck($this_user, TB_EXPT_MODIFY)) {
$template->pid(), $template->gid(), tberror("You do not have permission to start/stop runs in $instance!");
TB_PROJECT_CREATEEXPT)) {
tberror("You do not have permission to instantiate template ".
"$guid/$version");
exit(1); exit(1);
} }
......
...@@ -185,9 +185,11 @@ $template = Template->Lookup($guid, $version); ...@@ -185,9 +185,11 @@ $template = Template->Lookup($guid, $version);
if (!defined($template)) { if (!defined($template)) {
tbdie("Experiment template $guid/$version does not exist!"); tbdie("Experiment template $guid/$version does not exist!");
} }
if (! TBProjAccessCheck($user_uid, my $project = $template->GetProject();
$template->pid(), $template->gid(), if (!defined($project)) {
TB_PROJECT_CREATEEXPT)) { tbdie("Could not get project for $template");
}
if (! $project->AccessCheck($this_user, TB_PROJECT_CREATEEXPT)) {
tberror("You do not have permission to instantiate template ". tberror("You do not have permission to instantiate template ".
"$guid/$version"); "$guid/$version");
exit(1); exit(1);
......
...@@ -130,10 +130,8 @@ $template = Template->Lookup($guid, $version); ...@@ -130,10 +130,8 @@ $template = Template->Lookup($guid, $version);
if (!defined($template)) { if (!defined($template)) {
tbdie("Experiment template $guid/$version does not exist!"); tbdie("Experiment template $guid/$version does not exist!");
} }
if (! TBProjAccessCheck($user_uid, if (! $template->AccessCheck($this_user, TB_EXPT_READINFO)) {
$template->pid(), $template->gid(), tberror("You do not have permission to access template $guid/$version");
TB_PROJECT_READINFO)) {
tberror("You do not have permission to export template $guid/$version");
exit(1); exit(1);
} }
my $pid = $template->pid(); my $pid = $template->pid();
......
...@@ -104,9 +104,7 @@ $template = Template->Lookup($template_guid, $template_vers); ...@@ -104,9 +104,7 @@ $template = Template->Lookup($template_guid, $template_vers);
if (!defined($template)) { if (!defined($template)) {
tbdie("Experiment template $template_guid/$template_vers does not exist!"); tbdie("Experiment template $template_guid/$template_vers does not exist!");
} }
if (! TBProjAccessCheck($user_uid, if (! $template->AccessCheck($this_user, TB_EXPT_MODIFY)) {
$template->pid(), $template->gid(),
TB_PROJECT_CREATEEXPT)) {
tberror("You do not have permission to add metadata to template ". tberror("You do not have permission to add metadata to template ".
"$template_guid/$template_vers"); "$template_guid/$template_vers");
exit(1); exit(1);
......
...@@ -168,9 +168,11 @@ $template = Template->Lookup($guid, $version); ...@@ -168,9 +168,11 @@ $template = Template->Lookup($guid, $version);
if (!defined($template)) { if (!defined($template)) {
tbdie("Experiment template $guid/$version does not exist!"); tbdie("Experiment template $guid/$version does not exist!");
} }
if (! TBProjAccessCheck($user_uid, my $project = $template->GetProject();
$template->pid(), $template->gid(), if (!defined($project)) {
TB_PROJECT_CREATEEXPT)) { tbdie("Could not get project for $template");
}
if (! $project->AccessCheck($this_user, TB_PROJECT_CREATEEXPT)) {
tberror("You do not have permission to instantiate template ". tberror("You do not have permission to instantiate template ".
"$guid/$version"); "$guid/$version");
exit(1); exit(1);
......
...@@ -137,9 +137,7 @@ $template = Template->Lookup($guid, $version); ...@@ -137,9 +137,7 @@ $template = Template->Lookup($guid, $version);
if (!defined($template)) { if (!defined($template)) {
tbdie("Experiment template $guid/$version does not exist!"); tbdie("Experiment template $guid/$version does not exist!");
} }
if (! TBProjAccessCheck($user_uid, if (! $template->AccessCheck($this_user, TB_EXPT_DESTROY)) {
$template->pid(), $template->gid(),
TB_PROJECT_CREATEEXPT)) {
tberror("You do not have permission to terminate template instance ". tberror("You do not have permission to terminate template instance ".
"$eid in template $guid/$version"); "$eid in template $guid/$version");
exit(1); exit(1);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment