Commit 4b0b3078 authored by Dionysis Grigoropoulos's avatar Dionysis Grigoropoulos
Browse files

cyclades: Properly handle subnet/floating_ip IDs

* Propery handle IDs that weren't an integer
parent e173ca00
......@@ -165,10 +165,7 @@ def create_subnet(request):
def get_subnet(request, sub_id):
"""Show info of a specific subnet"""
user_id = request.user_uniq
subnet = subnets.get_subnet(sub_id)
if (subnet.network.userid != user_id) and (subnet.network.public is False):
raise api.faults.Unauthorized("You're not allowed to view this subnet")
subnet = subnets.get_subnet(sub_id, user_id)
subnet_dict = subnet_to_dict(subnet)
data = json.dumps({'subnet': subnet_dict})
......
......@@ -274,6 +274,7 @@ def get_floating_ip_by_address(userid, address, for_update=False):
def get_floating_ip_by_id(userid, floating_ip_id, for_update=False):
try:
floating_ip_id = int(floating_ip_id)
objects = IPAddress.objects
if for_update:
objects = objects.select_for_update()
......@@ -282,6 +283,8 @@ def get_floating_ip_by_id(userid, floating_ip_id, for_update=False):
except IPAddress.DoesNotExist:
raise faults.ItemNotFound("Floating IP with ID %s does not exist." %
floating_ip_id)
except (ValueError, TypeError):
raise faults.BadRequest("Invalid Floating IP ID %s" % floating_ip_id)
def backend_has_free_public_ip(backend):
......
......@@ -42,6 +42,7 @@ from django.db.models import Q
from snf_django.lib import api
from snf_django.lib.api import faults
from synnefo.logic import utils
from synnefo.api import util
from synnefo.db.models import Subnet, Network, IPPoolTable
......@@ -148,14 +149,22 @@ def _create_subnet(network_id, user_id, cidr, name, ipversion=4, gateway=None,
return sub
def get_subnet(sub_id):
"""Show info of a specific subnet"""
log.debug('get_subnet %s', sub_id)
def get_subnet(subnet_id, user_id, for_update=False):
"""Return a Subnet instance or raise ItemNotFound."""
try:
subnets = Subnet.objects
return subnets.get(id=sub_id)
objects = Subnet.objects
subnet_id = int(subnet_id)
subnet = objects.get(id=subnet_id)
if (subnet.network.userid != user_id) and (subnet.network.public is
False):
raise api.faults.Unauthorized("You're not allowed to view this "
"subnet")
return subnet
except (ValueError, TypeError):
raise faults.BadRequest("Invalid subnet ID '%s'" % subnet_id)
except Subnet.DoesNotExist:
raise api.faults.ItemNotFound("Subnet not found")
raise faults.ItemNotFound("Subnet '%s' not found." % subnet_id)
def delete_subnet():
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment