fix: schedule creation authorization and no-wipe validation

grafuls · grafuls · commit a06cab7b4586 · 2025-01-16T14:05:30.000+01:00
feat: added ostype to self-schedule closes: #563 closes: #564 closes: #565 Change-Id: I9b7d31a505fd325cc5fa138ed472179d0aa41e4d
diff --git a/src/quads/server/blueprints/__init__.py b/src/quads/server/blueprints/__init__.py
@@ -76,7 +76,7 @@ def decorated_function(*args, **kwargs) -> Response:
                     "error": "Bad Request",
                 }
                 return Response(response=json.dumps(response), status=400)
-            g.current_user = username
+            g.current_user = current_user
             return f(*args, **kwargs)
 
         return decorated_function
diff --git a/src/quads/server/blueprints/assignments.py b/src/quads/server/blueprints/assignments.py
@@ -244,6 +244,7 @@ def create_self_assignment() -> Response:
     qinq = data.get("qinq")
     wipe = data.get("wipe")
     cc_user = data.get("cc_user")
+    ostype = data.get("ostype")
 
     required_fields = [
         "description",
@@ -308,6 +309,7 @@ def create_self_assignment() -> Response:
         "ccuser": cc_user,
         "is_self_schedule": True,
         "cloud": _cloud.name,
+        "ostype": ostype,
     }
     if _vlan:
         kwargs["vlan_id"] = int(vlan)
@@ -456,7 +458,7 @@ def terminate_assignment(assignment_id) -> Response:
         }
         return make_response(jsonify(response), 400)
 
-    username = g.current_user.split("@")[0]
+    username = g.current_user.email.split("@")[0]
     if username != _assignment.owner:
         response = {
             "status_code": 403,
diff --git a/src/quads/server/blueprints/schedules.py b/src/quads/server/blueprints/schedules.py
@@ -1,6 +1,6 @@
 from datetime import datetime, timedelta
 
-from flask import Blueprint, Response, jsonify, make_response, request
+from flask import Blueprint, Response, g, jsonify, make_response, request
 
 from quads.config import Config
 from quads.server.blueprints import check_access
@@ -114,6 +114,13 @@ def create_schedule() -> Response:
             "message": f"No active assignment for cloud: {cloud}",
         }
         return make_response(jsonify(response), 400)
+    if not _assignment.is_self_schedule and "admin" not in [role.name for role in g.current_user.roles]:
+        response = {
+            "status_code": 403,
+            "error": "Forbidden",
+            "message": f"You({g.current_user.email}) don't have permission to create a schedule on {cloud}",
+        }
+        return make_response(jsonify(response), 403)
 
     existing_schedules = ScheduleDao.get_current_schedule(cloud=_cloud)
     if _assignment.is_self_schedule and len(existing_schedules) >= Config.get("ssm_host_limit", 10):
diff --git a/src/quads/tools/validate_env.py b/src/quads/tools/validate_env.py
@@ -409,6 +409,9 @@ async def main(_args, _logger=None):  # pragma: no cover
             except Exception as ex:
                 logger.debug(ex)
                 logger.info("Failed validation for %s" % ass.cloud.name)
+        elif _schedule_count and not _assignment.wipe:
+            logger.info(f"Auto-Validating {ass.cloud.name} as marked for no wipe")
+            quads.update_assignment(ass.id, {"validated": True})
 
 
 if __name__ == "__main__":  # pragma: no cover

Original file line number	Diff line number	Diff line change
`@@ -76,7 +76,7 @@ def decorated_function(args, *kwargs) -> Response:`
`76`	`76`	`"error": "Bad Request",`
`77`	`77`	`}`
`78`	`78`	`return Response(response=json.dumps(response), status=400)`
`79`		`- g.current_user = username`
	`79`	`+ g.current_user = current_user`
`80`	`80`	`return f(args, *kwargs)`
`81`	`81`
`82`	`82`	`return decorated_function`