from django.utils.encoding import smart_unicode, smart_str
from xml.dom import minidom
-from pithos.api.faults import (Fault, NotModified, BadRequest, Unauthorized, ItemNotFound, Conflict,
+from pithos.api.faults import (Fault, NotModified, BadRequest, Unauthorized, Forbidden, ItemNotFound, Conflict,
LengthRequired, PreconditionFailed, RequestEntityTooLarge, RangeNotSatisfiable, UnprocessableEntity)
from pithos.api.util import (rename_meta_key, format_header_key, printable_header_dict, get_account_headers,
put_account_headers, get_container_headers, put_container_headers, get_object_headers, put_object_headers,
def authenticate(request):
# Normal Response Codes: 204
# Error Response Codes: serviceUnavailable (503),
- # unauthorized (401),
+ # forbidden (403),
# badRequest (400)
x_auth_user = request.META.get('HTTP_X_AUTH_USER')
meta = request.backend.get_account_meta(request.user, x)
groups = request.backend.get_account_groups(request.user, x)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
else:
rename_meta_key(meta, 'modified', 'last_modified')
rename_meta_key(meta, 'until_timestamp', 'x_account_until_timestamp')
def account_meta(request, v_account):
# Normal Response Codes: 204
# Error Response Codes: serviceUnavailable (503),
- # unauthorized (401),
+ # forbidden (403),
# badRequest (400)
until = get_int_parameter(request.GET.get('until'))
groups = request.backend.get_account_groups(request.user, v_account)
policy = request.backend.get_account_policy(request.user, v_account)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
validate_modification_preconditions(request, meta)
def account_update(request, v_account):
# Normal Response Codes: 202
# Error Response Codes: serviceUnavailable (503),
- # unauthorized (401),
+ # forbidden (403),
# badRequest (400)
meta, groups = get_account_headers(request)
request.backend.update_account_groups(request.user, v_account,
groups, replace)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except ValueError:
raise BadRequest('Invalid groups header')
if meta or replace:
request.backend.update_account_meta(request.user, v_account, meta,
replace)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
return HttpResponse(status=202)
@api_method('GET', format_allowed=True)
# Normal Response Codes: 200, 204
# Error Response Codes: serviceUnavailable (503),
# itemNotFound (404),
- # unauthorized (401),
+ # forbidden (403),
# badRequest (400)
until = get_int_parameter(request.GET.get('until'))
groups = request.backend.get_account_groups(request.user, v_account)
policy = request.backend.get_account_policy(request.user, v_account)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
validate_modification_preconditions(request, meta)
containers = request.backend.list_containers(request.user, v_account,
marker, limit, shared, until)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
containers = []
policy = request.backend.get_container_policy(request.user,
v_account, x)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
pass
else:
# Normal Response Codes: 204
# Error Response Codes: serviceUnavailable (503),
# itemNotFound (404),
- # unauthorized (401),
+ # forbidden (403),
# badRequest (400)
until = get_int_parameter(request.GET.get('until'))
policy = request.backend.get_container_policy(request.user, v_account,
v_container)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Container does not exist')
# Normal Response Codes: 201, 202
# Error Response Codes: serviceUnavailable (503),
# itemNotFound (404),
- # unauthorized (401),
+ # forbidden (403),
# badRequest (400)
meta, policy = get_container_headers(request)
request.backend.put_container(request.user, v_account, v_container, policy)
ret = 201
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except ValueError:
raise BadRequest('Invalid policy header')
except NameError:
request.backend.update_container_policy(request.user, v_account,
v_container, policy, replace=False)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Container does not exist')
except ValueError:
request.backend.update_container_meta(request.user, v_account,
v_container, meta, replace=False)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Container does not exist')
# Normal Response Codes: 202
# Error Response Codes: serviceUnavailable (503),
# itemNotFound (404),
- # unauthorized (401),
+ # forbidden (403),
# badRequest (400)
meta, policy = get_container_headers(request)
request.backend.update_container_policy(request.user, v_account,
v_container, policy, replace)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Container does not exist')
except ValueError:
request.backend.update_container_meta(request.user, v_account,
v_container, meta, replace)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Container does not exist')
# Error Response Codes: serviceUnavailable (503),
# conflict (409),
# itemNotFound (404),
- # unauthorized (401),
+ # forbidden (403),
# badRequest (400)
until = get_int_parameter(request.GET.get('until'))
request.backend.delete_container(request.user, v_account, v_container,
until)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Container does not exist')
except IndexError:
# Normal Response Codes: 200, 204
# Error Response Codes: serviceUnavailable (503),
# itemNotFound (404),
- # unauthorized (401),
+ # forbidden (403),
# badRequest (400)
until = get_int_parameter(request.GET.get('until'))
policy = request.backend.get_container_policy(request.user, v_account,
v_container)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Container does not exist')
v_container, prefix, delimiter, marker,
limit, virtual, keys, shared, until)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Container does not exist')
permissions = None
public = None
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
pass
else:
# Normal Response Codes: 204
# Error Response Codes: serviceUnavailable (503),
# itemNotFound (404),
- # unauthorized (401),
+ # forbidden (403),
# badRequest (400)
version = request.GET.get('version')
permissions = None
public = None
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Object does not exist')
except IndexError:
# rangeNotSatisfiable (416),
# preconditionFailed (412),
# itemNotFound (404),
- # unauthorized (401),
+ # forbidden (403),
# badRequest (400),
# notModified (304)
v = request.backend.list_versions(request.user, v_account,
v_container, v_object)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
d = {'versions': v}
if request.serialization == 'xml':
d['object'] = v_object
permissions = None
public = None
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Object does not exist')
except IndexError:
objects = request.backend.list_objects(request.user, v_account,
src_container, prefix=src_name, virtual=False)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except ValueError:
raise BadRequest('Invalid X-Object-Manifest header')
except NameError:
sizes.append(s)
hashmaps.append(h)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Object does not exist')
except IndexError:
sizes.append(s)
hashmaps.append(h)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Object does not exist')
except IndexError:
# lengthRequired (411),
# conflict (409),
# itemNotFound (404),
- # unauthorized (401),
+ # forbidden (403),
# badRequest (400)
# Evaluate conditions.
meta = request.backend.get_object_meta(request.user, v_account,
v_container, v_object)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
meta = {}
validate_matching_preconditions(request, meta)
v_account, v_container, v_object, size, hashmap, meta,
True, permissions)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except IndexError, e:
raise Conflict('\n'.join(e.data) + '\n')
except NameError:
request.backend.update_object_public(request.user, v_account,
v_container, v_object, public)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Object does not exist')
# Normal Response Codes: 201
# Error Response Codes: serviceUnavailable (503),
# itemNotFound (404),
- # unauthorized (401),
+ # forbidden (403),
# badRequest (400)
if not request.FILES.has_key('X-Object-Data'):
version_id = request.backend.update_object_hashmap(request.user,
v_account, v_container, v_object, size, hashmap, meta, True)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Container does not exist')
except QuotaError:
# Normal Response Codes: 201
# Error Response Codes: serviceUnavailable (503),
# itemNotFound (404),
- # unauthorized (401),
+ # forbidden (403),
# badRequest (400)
dest_account = smart_unicode(request.META.get('HTTP_DESTINATION_ACCOUNT'), strings_only=True)
meta = request.backend.get_object_meta(request.user, v_account,
v_container, v_object, src_version)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except (NameError, IndexError):
raise ItemNotFound('Container or object does not exist')
validate_matching_preconditions(request, meta)
# Normal Response Codes: 201
# Error Response Codes: serviceUnavailable (503),
# itemNotFound (404),
- # unauthorized (401),
+ # forbidden (403),
# badRequest (400)
dest_account = smart_unicode(request.META.get('HTTP_DESTINATION_ACCOUNT'), strings_only=True)
meta = request.backend.get_object_meta(request.user, v_account,
v_container, v_object)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Container or object does not exist')
validate_matching_preconditions(request, meta)
# Error Response Codes: serviceUnavailable (503),
# conflict (409),
# itemNotFound (404),
- # unauthorized (401),
+ # forbidden (403),
# badRequest (400)
meta, permissions, public = get_object_headers(request)
content_type = meta.get('Content-Type')
prev_meta = request.backend.get_object_meta(request.user, v_account,
v_container, v_object)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Object does not exist')
request.backend.update_object_permissions(request.user,
v_account, v_container, v_object, permissions)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Object does not exist')
except ValueError:
request.backend.update_object_public(request.user, v_account,
v_container, v_object, public)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Object does not exist')
if meta or replace:
version_id = request.backend.update_object_meta(request.user,
v_account, v_container, v_object, meta, replace)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Object does not exist')
response['X-Object-Version'] = version_id
size, hashmap = request.backend.get_object_hashmap(request.user,
v_account, v_container, v_object)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Object does not exist')
src_size, src_hashmap = request.backend.get_object_hashmap(request.user,
src_account, src_container, src_name, src_version)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Source object does not exist')
v_account, v_container, v_object, size, hashmap, meta,
replace, permissions)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Container does not exist')
except ValueError:
request.backend.update_object_public(request.user, v_account,
v_container, v_object, public)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Object does not exist')
# Normal Response Codes: 204
# Error Response Codes: serviceUnavailable (503),
# itemNotFound (404),
- # unauthorized (401),
+ # forbidden (403),
# badRequest (400)
until = get_int_parameter(request.GET.get('until'))
request.backend.delete_object(request.user, v_account, v_container,
v_object, until)
except NotAllowedError:
- raise Unauthorized('Access denied')
+ raise Forbidden('Not allowed')
except NameError:
raise ItemNotFound('Object does not exist')
return HttpResponse(status=204)
'content_type',
'content_encoding',
'last_modified',)}
- self.return_codes = (400, 401, 404, 503,)
+ self.return_codes = (400, 401, 403, 404, 503,)
def tearDown(self):
self._clean_account()
size = size + int(m['x-container-bytes-used'])
self.assertEqual(meta['x-account-bytes-used'], str(size))
- def test_get_account_401(self):
- self.assert_raises_fault(401,
+ def test_get_account_403(self):
+ self.assert_raises_fault(403,
self.invalid_client.retrieve_account_metadata)
def test_get_account_meta_until(self):
containers = self.client.list_containers()
self.assertEquals(self.containers, containers)
- def test_list_401(self):
- self.assert_raises_fault(401, self.invalid_client.list_containers)
+ def test_list_403(self):
+ self.assert_raises_fault(403, self.invalid_client.list_containers)
def test_list_with_limit(self):
limit = 2
def test_invalid_account_update_meta(self):
meta = {'test':'test', 'tost':'tost'}
- self.assert_raises_fault(401,
+ self.assert_raises_fault(403,
self.invalid_client.update_account_metadata,
**meta)
'0009',
'διογένης',
get_api())
- self.assert_not_raises_fault(401, chef.retrieve_object_metadata,
+ self.assert_not_raises_fault(403, chef.retrieve_object_metadata,
'φάκελος', 'ο1', account=get_user())
#check write access
self.client.share_object('φάκελος', 'ο1', ['διογένης'], read=False)
new_data = get_random_data()
- self.assert_not_raises_fault(401, chef.update_object,
+ self.assert_not_raises_fault(403, chef.update_object,
'φάκελος', 'ο1', StringIO(new_data),
account=get_user())
for token, account in OTHER_ACCOUNTS.items():
cl = Pithos_Client(get_server(), token, account, get_api())
if account in authorized or any:
- self.assert_not_raises_fault(401, cl.retrieve_object_metadata,
+ self.assert_not_raises_fault(403, cl.retrieve_object_metadata,
'c', 'o', account=get_user())
else:
- self.assert_raises_fault(401, cl.retrieve_object_metadata,
+ self.assert_raises_fault(403, cl.retrieve_object_metadata,
'c', 'o', account=get_user())
#check inheritance
for token, account in OTHER_ACCOUNTS.items():
cl = Pithos_Client(get_server(), token, account, get_api())
if account in authorized or any:
- self.assert_not_raises_fault(401, cl.retrieve_object_metadata,
+ self.assert_not_raises_fault(403, cl.retrieve_object_metadata,
'c', 'o/also-shared', account=get_user())
else:
- self.assert_raises_fault(401, cl.retrieve_object_metadata,
+ self.assert_raises_fault(403, cl.retrieve_object_metadata,
'c', 'o/also-shared', account=get_user())
def assert_write(self, o_data, authorized=[], any=False):
new_data = get_random_data()
if account in authorized or any:
# test write access
- self.assert_not_raises_fault(401, cl.update_object,
+ self.assert_not_raises_fault(403, cl.update_object,
'c', 'o', StringIO(new_data),
account=get_user())
try:
self.assertEqual(new_data, server_data[len(o_data):])
o_data = server_data
except Fault, f:
- self.failIf(f.status == 401)
+ self.failIf(f.status == 403)
else:
- self.assert_raises_fault(401, cl.update_object,
+ self.assert_raises_fault(403, cl.update_object,
'c', 'o', StringIO(new_data),
account=get_user())
new_data = get_random_data()
if account in authorized or any:
# test write access
- self.assert_not_raises_fault(401, cl.update_object,
+ self.assert_not_raises_fault(403, cl.update_object,
'c', o['name'],
StringIO(new_data),
account=get_user())
self.assertEqual(new_data, server_data[len(o_data):])
o_data = server_data
except Fault, f:
- self.failIf(f.status == 401)
+ self.failIf(f.status == 403)
else:
- self.assert_raises_fault(401, cl.update_object,
+ self.assert_raises_fault(403, cl.update_object,
'c', o['name'],
StringIO(new_data),
account=get_user())