All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit 8309066c authored by Leigh B. Stoller's avatar Leigh B. Stoller

Convert a bunch of (improper) uses of TBProjAccessCheck() to method

calls on the project object.
parent 5eb71585
......@@ -126,9 +126,9 @@ $template = Template->Lookup($guid, $version);
if (!defined($template)) {
tbdie("Experiment template $guid/$version does not exist!");
}
if (! TBProjAccessCheck($user_uid,
$template->pid(), $template->gid(),
TB_PROJECT_READINFO)) {
my $project = $template->GetProject();
if (! $project->AccessCheck($this_user, TB_PROJECT_READINFO)) {
tberror("You do not have permission to export template $guid/$version");
exit(1);
}
......
......@@ -103,11 +103,8 @@ $template = Template->Lookup($template_guid, $template_vers);
if (!defined($template)) {
tbdie("Experiment template $template_guid/$template_vers does not exist!");
}
if (! TBProjAccessCheck($user_uid,
$template->pid(), $template->gid(),
TB_PROJECT_CREATEEXPT)) {
tberror("You do not have permission to add metadata to template ".
"$template_guid/$template_vers");
if (! $template->AccessCheck($this_user, TB_EXPT_MODIFY)) {
tberror("You do not have permission to modify $template");
exit(1);
}
......
......@@ -104,6 +104,7 @@ use libtblog;
use libArchive;
use Template;
use libaudit;
use Project;
use User;
# In libdb
......@@ -159,8 +160,12 @@ ParseArgs();
#
# Make sure UID is allowed to create experiments in this project.
#
if (! TBProjAccessCheck($user_uid, $pid, $gid, TB_PROJECT_CREATEEXPT)) {
tbdie("You do not have permission to create experiments in $pid/$gid");
my $project = Project->Lookup($pid, $eid);
if (!defined($project)) {
tbdie("Could not map project $pid/$eid to its object!");
}
if (! $project->AccessCheck($this_user, TB_PROJECT_CREATEEXPT)) {
tbdie("You do not have permission to create templates in $pid/$gid");
}
#
......
......@@ -227,13 +227,10 @@ if (!defined($archive)) {
}
#
# Check project permission.
# Check permission.
#
if (! TBProjAccessCheck($user_uid,
$template->pid(), $template->gid(),
TB_PROJECT_CREATEEXPT)) {
tberror("You do not have permission to instantiate template ".
"$guid/$version");
if (! $template->AccessCheck($this_user, TB_EXPT_MODIFY)) {
tberror("You do not have permission to start/stop runs in $instance!");
exit(1);
}
......
......@@ -185,9 +185,11 @@ $template = Template->Lookup($guid, $version);
if (!defined($template)) {
tbdie("Experiment template $guid/$version does not exist!");
}
if (! TBProjAccessCheck($user_uid,
$template->pid(), $template->gid(),
TB_PROJECT_CREATEEXPT)) {
my $project = $template->GetProject();
if (!defined($project)) {
tbdie("Could not get project for $template");
}
if (! $project->AccessCheck($this_user, TB_PROJECT_CREATEEXPT)) {
tberror("You do not have permission to instantiate template ".
"$guid/$version");
exit(1);
......
......@@ -130,10 +130,8 @@ $template = Template->Lookup($guid, $version);
if (!defined($template)) {
tbdie("Experiment template $guid/$version does not exist!");
}
if (! TBProjAccessCheck($user_uid,
$template->pid(), $template->gid(),
TB_PROJECT_READINFO)) {
tberror("You do not have permission to export template $guid/$version");
if (! $template->AccessCheck($this_user, TB_EXPT_READINFO)) {
tberror("You do not have permission to access template $guid/$version");
exit(1);
}
my $pid = $template->pid();
......
......@@ -104,9 +104,7 @@ $template = Template->Lookup($template_guid, $template_vers);
if (!defined($template)) {
tbdie("Experiment template $template_guid/$template_vers does not exist!");
}
if (! TBProjAccessCheck($user_uid,
$template->pid(), $template->gid(),
TB_PROJECT_CREATEEXPT)) {
if (! $template->AccessCheck($this_user, TB_EXPT_MODIFY)) {
tberror("You do not have permission to add metadata to template ".
"$template_guid/$template_vers");
exit(1);
......
......@@ -168,9 +168,11 @@ $template = Template->Lookup($guid, $version);
if (!defined($template)) {
tbdie("Experiment template $guid/$version does not exist!");
}
if (! TBProjAccessCheck($user_uid,
$template->pid(), $template->gid(),
TB_PROJECT_CREATEEXPT)) {
my $project = $template->GetProject();
if (!defined($project)) {
tbdie("Could not get project for $template");
}
if (! $project->AccessCheck($this_user, TB_PROJECT_CREATEEXPT)) {
tberror("You do not have permission to instantiate template ".
"$guid/$version");
exit(1);
......
......@@ -137,9 +137,7 @@ $template = Template->Lookup($guid, $version);
if (!defined($template)) {
tbdie("Experiment template $guid/$version does not exist!");
}
if (! TBProjAccessCheck($user_uid,
$template->pid(), $template->gid(),
TB_PROJECT_CREATEEXPT)) {
if (! $template->AccessCheck($this_user, TB_EXPT_DESTROY)) {
tberror("You do not have permission to terminate template instance ".
"$eid in template $guid/$version");
exit(1);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment