return policy info in get_account, restricted mode in update_account
smbaker [Tue, 28 Aug 2012 02:22:32 +0000 (19:22 -0700)]
apps/gacks/API.py

index f69dcda..8c043c1 100644 (file)
@@ -760,7 +760,16 @@ class RemoteApi(AuthenticatedApi):
             acct.apply_inRate()
             if acct.is_dirty():
                 acct.commit()
-            return acct.as_dict()
+
+            result = acct.as_dict()
+
+            policy = self.policies.get_policy(acct.level, None)
+            if policy is not None:
+                result['term'] = policy.term
+                result['monthlyFee'] = policy.monthlyFee
+                result['upgrades'] = self.policies.get_upgrades(acct.level)
+
+            return result
         else:
             return None
 
@@ -803,23 +812,32 @@ class RemoteApi(AuthenticatedApi):
         return acct.id
 
     def update_account(self, authToken_str, args, mode="admin"):
+        """
+            args is a list of fields to update
+
+            mode is "admin", "restricted", or "user"
+               admin - superuser mode, all changes allowed
+               restricted - only allow things a user could do (used by gacksadmin for enduser changes)
+               user - restricted mode, and requires objectGID to match the account being changed
+        """
+
         (authToken, callerGID, objectGID) = self.authenticateToken(authToken_str, [args, mode])
 
         name = str_to_gacksid(args["name"])
         kind = args["kind"]
 
-        if (mode=="admin"):
+        if (mode=="admin") or (mode=="restricted"):
             self.acls.test_acl("accounts", objectGID.get_hrn(), "update")
+        else:
+            if (not hrn_matches_gacksid(objectGID.get_hrn(), name)):
+                raise GacksNotAuthorized("You don't have permission to update %s using objectGID %s" % (name, objectGID.get_hrn()) )
 
-        if (mode=="user"):
-            user_allowed_fields = ["name", "kind", "level"];
+        if (mode in ["user", "restricted"]):
+            user_allowed_fields = ["name", "kind", "level", "autoRenew", "freezeUnreserved"];
             for field in args:
                 if not (field in user_allowed_fields):
                     raise GacksFieldNotAllowed("you are not allowed to change %s" % field)
 
-            if (not hrn_matches_gacksid(objectGID.get_hrn(), name)):
-                raise GacksNotAuthorized("You don't have permission to update %s" % name)
-
         acct = self.accounts.get_account(name, kind, create_if_not_exist=False)
 
         if ("level" in args):
@@ -829,7 +847,7 @@ class RemoteApi(AuthenticatedApi):
             if not new_policy:
                 raise GacksUnknownPolicy("The service level %s does not exist" % new_level)
 
-            if (mode == "user"):
+            if (mode in ["user", "restricted"]):
                 if not (acct.level in new_policy.upgradeFrom):
                     raise GacksUpgradeNotAllowed("You are not allowed to upgrade from %s to %s" % (acct.level, new_level))