def delete(self, request, obj_id):
with transaction.atomic():
critic_prjs = list()
for e_item in Expiration.objects.filter(registration__userid=obj_id):
prj_man_ids = get_prjman_ids(request, e_item.project.projectid)
if len(prj_man_ids) == 1 and prj_man_ids[0] == obj_id:
critic_prjs.append(e_item.project.projectname)
if len(critic_prjs) > 0:
msg = _("User is the unique admin for %s") % ", ".join(critic_prjs)
messages.error(request, msg)
raise Exception(msg)
tmpres = EMail.objects.filter(registration__userid=obj_id)
user_email = tmpres[0].email if tmpres else None
user_name = tmpres[0].registration.username if tmpres else None
Registration.objects.filter(userid=obj_id).delete()
super(DeleteUsersAction, self).delete(request, obj_id)
noti_params = {
'username' : user_name
}
notifyUser(request=request, rcpt=user_email, action=USER_PURGED_TYPE,
context=noti_params, dst_user_id=obj_id)
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = REQID_REGEX.search(data['requestid'])
with transaction.atomic():
q_args = {
'registration__regid': int(usr_and_prj.group(1)),
'project__projectname': usr_and_prj.group(2)
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
project_name = prj_req.project.projectname
project_id = prj_req.project.projectid
user_name = prj_req.registration.username
user_id = prj_req.registration.userid
#
# clear request
#
prj_req.delete()
#
# send notification to project managers and users
#
tmpres = EMail.objects.filter(registration__userid=user_id)
user_email = tmpres[0].email if tmpres else None
m_userids = get_prjman_ids(request, project_id)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [x.email for x in tmpres]
noti_params = {
'username': user_name,
'project': project_name,
'notes': data['reason']
}
notifyProject(request=self.request,
rcpt=m_emails,
action=SUBSCR_FORCED_NO_TYPE,
context=noti_params,
dst_project_id=project_id)
notifyUser(request=self.request,
rcpt=user_email,
action=SUBSCR_NO_TYPE,
context=noti_params,
dst_project_id=project_id,
dst_user_id=user_id)
except:
LOG.error("Error forced-checking request", exc_info=True)
messages.error(request, _("Cannot forced check request"))
return False
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = REQID_REGEX.search(data['requestid'])
with transaction.atomic():
q_args = {
'registration__regid' : int(usr_and_prj.group(1)),
'project__projectname' : usr_and_prj.group(2)
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
project_name = prj_req.project.projectname
project_id = prj_req.project.projectid
user_name = prj_req.registration.username
user_id = prj_req.registration.userid
#
# clear request
#
prj_req.delete()
#
# send notification to project managers and users
#
tmpres = EMail.objects.filter(registration__userid=user_id)
user_email = tmpres[0].email if tmpres else None
m_userids = get_prjman_ids(request, project_id)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [ x.email for x in tmpres ]
noti_params = {
'username' : user_name,
'project' : project_name,
'notes' : data['reason']
}
notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_NO_TYPE, context=noti_params,
dst_project_id=project_id)
notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_NO_TYPE, context=noti_params,
dst_project_id=project_id, dst_user_id=user_id)
except:
LOG.error("Error forced-checking request", exc_info=True)
messages.error(request, _("Cannot forced check request"))
return False
return True
def handle(self, request, data):
if not data['username']:
messages.error(request, _("Cannot process request: missing username"))
return False
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
with transaction.atomic():
registration = Registration.objects.get(regid=int(data['regid']))
reg_request = RegRequest.objects.filter(
registration=registration,
flowstatus=RSTATUS_PENDING
)[0]
prjReqList = PrjRequest.objects.filter(registration=registration)
password = reg_request.password
if not password:
password = generate_pwd()
user_email = reg_request.email
#
# Mapping of external accounts
#
is_local = True
if reg_request.externalid:
mapping = UserMapping(globaluser=reg_request.externalid,
registration=reg_request.registration)
mapping.save()
is_local = False
LOG.info("Registered external account %s" % reg_request.externalid)
#
# Forward request to project administrators
#
q_args = {
'project__projectid__isnull' : False,
'flowstatus' : PSTATUS_REG
}
prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING)
#
# Creation of new tenants
#
self.preprocess_prj(registration, data)
new_prj_list = list()
p_reqs = prjReqList.filter(
project__projectid__isnull = True,
flowstatus = PSTATUS_REG
)
if len(p_reqs):
newreq_prj = p_reqs[0].project
kprj = keystone_api.tenant_create(request, newreq_prj.projectname,
newreq_prj.description, True)
newreq_prj.projectid = kprj.id
newreq_prj.save()
new_prj_list.append(newreq_prj)
setup_new_project(request, kprj.id, newreq_prj.projectname, data)
LOG.info("Created tenant %s" % newreq_prj.projectname)
#
# User creation
#
if not registration.userid:
kuser = keystone_api.user_create(request,
name=registration.username,
password=password,
email=user_email,
enabled=True)
if is_local:
registration.username = data['username']
registration.expdate = self.expiration
registration.userid = kuser.id
registration.save()
LOG.info("Created user %s" % registration.username)
mail_obj = EMail()
mail_obj.registration = registration
mail_obj.email = user_email
mail_obj.save()
#
# The new user is the project manager of its tenant
# register the expiration date per tenant
#
for prj_item in new_prj_list:
expiration = Expiration()
expiration.registration = registration
expiration.project = prj_item
expiration.expdate = self.expiration
expiration.save()
prjRole = PrjRole()
prjRole.registration = registration
prjRole.project = prj_item
prjRole.roleid = tenantadmin_roleid
prjRole.save()
keystone_api.add_tenant_user_role(request, prj_item.projectid,
registration.userid, tenantadmin_roleid)
#
# Send notifications to project administrators and users
#
for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING):
m_userids = get_prjman_ids(request, p_item.project.projectid)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [ x.email for x in tmpres ]
noti_params = {
'username' : data['username'],
'project' : p_item.project.projectname
}
notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_WAIT_TYPE, context=noti_params,
dst_project_id=p_item.project.projectid)
n2_params = {
'username' : p_item.registration.username,
'project' : p_item.project.projectname,
'prjadmins' : m_emails
}
notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_ONGOING, context=n2_params,
dst_project_id=p_item.project.projectid, dst_user_id=registration.userid)
newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG)
for p_item in newprj_reqs:
noti_params = {
'username' : p_item.registration.username,
'project' : p_item.project.projectname
}
notifyUser(request=self.request, rcpt=user_email, action=FIRST_REG_OK_TYPE, context=noti_params,
dst_project_id=p_item.project.projectid, dst_user_id=p_item.registration.userid)
#
# cache cleanup
#
newprj_reqs.delete()
reg_request.delete()
self.post_reminder(registration, user_email)
except:
LOG.error("Error pre-checking request", exc_info=True)
messages.error(request, _("Cannot pre-check request"))
return False
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = REQID_REGEX.search(data['requestid'])
with transaction.atomic():
q_args = {
'registration__regid': int(usr_and_prj.group(1)),
'project__projectname': usr_and_prj.group(2)
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
project_name = prj_req.project.projectname
project_id = prj_req.project.projectid
user_name = prj_req.registration.username
user_id = prj_req.registration.userid
keystone_api.add_tenant_user_role(request, project_id, user_id,
default_roleid)
#
# Enable reminder for cloud admin
#
RegRequest.objects.filter(registration=prj_req.registration,
flowstatus=RSTATUS_REMINDER).update(
flowstatus=RSTATUS_REMINDACK)
#
# clear request
#
prj_req.delete()
#
# send notification to project managers and users
#
tmpres = EMail.objects.filter(registration__userid=user_id)
user_email = tmpres[0].email if tmpres else None
m_userids = get_prjman_ids(request, project_id)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [x.email for x in tmpres]
noti_params = {'username': user_name, 'project': project_name}
notifyProject(request=self.request,
rcpt=m_emails,
action=SUBSCR_FORCED_OK_TYPE,
context=noti_params,
dst_project_id=project_id)
notifyUser(request=self.request,
rcpt=user_email,
action=SUBSCR_OK_TYPE,
context=noti_params,
dst_project_id=project_id,
dst_user_id=user_id)
except:
LOG.error("Error forced-checking request", exc_info=True)
messages.error(request, _("Cannot forced check request"))
return False
return True
def handle(self, request, data):
if not data['username']:
messages.error(request,
_("Cannot process request: missing username"))
return False
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
with transaction.atomic():
registration = Registration.objects.get(
regid=int(data['regid']))
reg_request = RegRequest.objects.filter(
registration=registration, flowstatus=RSTATUS_PENDING)[0]
prjReqList = PrjRequest.objects.filter(
registration=registration)
password = reg_request.password
if not password:
password = generate_pwd()
user_email = reg_request.email
#
# Mapping of external accounts
#
is_local = True
if reg_request.externalid:
mapping = UserMapping(
globaluser=reg_request.externalid,
registration=reg_request.registration)
mapping.save()
is_local = False
LOG.info("Registered external account %s" %
reg_request.externalid)
#
# Forward request to project administrators
#
q_args = {
'project__projectid__isnull': False,
'flowstatus': PSTATUS_REG
}
prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING)
#
# Creation of new tenants
#
self.preprocess_prj(registration, data)
new_prj_list = list()
p_reqs = prjReqList.filter(project__projectid__isnull=True,
flowstatus=PSTATUS_REG)
if len(p_reqs):
newreq_prj = p_reqs[0].project
kprj = keystone_api.tenant_create(request,
newreq_prj.projectname,
newreq_prj.description,
True)
newreq_prj.projectid = kprj.id
newreq_prj.save()
new_prj_list.append(newreq_prj)
setup_new_project(request, kprj.id, newreq_prj.projectname,
data)
LOG.info("Created tenant %s" % newreq_prj.projectname)
#
# User creation
#
if not registration.userid:
if is_local:
registration.username = data['username']
kuser = keystone_api.user_create(
request,
name=registration.username,
password=password,
email=user_email,
enabled=True)
registration.expdate = self.expiration
registration.userid = kuser.id
registration.save()
LOG.info("Created user %s" % registration.username)
mail_obj = EMail()
mail_obj.registration = registration
mail_obj.email = user_email
mail_obj.save()
#
# The new user is the project manager of its tenant
# register the expiration date per tenant
#
for prj_item in new_prj_list:
expiration = Expiration()
expiration.registration = registration
expiration.project = prj_item
expiration.expdate = self.expiration
expiration.save()
prjRole = PrjRole()
prjRole.registration = registration
prjRole.project = prj_item
prjRole.roleid = tenantadmin_roleid
prjRole.save()
keystone_api.add_tenant_user_role(request,
prj_item.projectid,
registration.userid,
tenantadmin_roleid)
#
# Send notifications to project administrators and users
#
for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING):
m_userids = get_prjman_ids(request,
p_item.project.projectid)
tmpres = EMail.objects.filter(
registration__userid__in=m_userids)
m_emails = [x.email for x in tmpres]
noti_params = {
'username': data['username'],
'project': p_item.project.projectname
}
notifyProject(request=self.request,
rcpt=m_emails,
action=SUBSCR_WAIT_TYPE,
context=noti_params,
dst_project_id=p_item.project.projectid)
n2_params = {
'username': p_item.registration.username,
'project': p_item.project.projectname,
'prjadmins': m_emails
}
notifyUser(request=self.request,
rcpt=user_email,
action=SUBSCR_ONGOING,
context=n2_params,
dst_project_id=p_item.project.projectid,
dst_user_id=registration.userid)
newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG)
for p_item in newprj_reqs:
noti_params = {
'username': p_item.registration.username,
'project': p_item.project.projectname
}
notifyUser(request=self.request,
rcpt=user_email,
action=FIRST_REG_OK_TYPE,
context=noti_params,
dst_project_id=p_item.project.projectid,
dst_user_id=p_item.registration.userid)
#
# cache cleanup
#
newprj_reqs.delete()
reg_request.delete()
self.post_reminder(registration, user_email)
except:
LOG.error("Error pre-checking request", exc_info=True)
messages.error(request, _("Cannot pre-check request"))
return False
return True
def handle(self, request, data):
if not request.user.is_superuser:
messages.error(_("Operation not authorized"))
return False
try:
with transaction.atomic():
reg_user = Registration.objects.filter(userid=data['userid'])[0]
prj_list = Project.objects.filter(projectname__in=data['projects'])
reg_user.expdate = data['expdate']
reg_user.save()
#
# Enable reminder for cloud admin if present
#
RegRequest.objects.filter(
registration = reg_user,
flowstatus = RSTATUS_REMINDER
).update(flowstatus = RSTATUS_REMINDACK)
k_user = keystone_api.user_get(request, data['userid'])
if not k_user.enabled:
keystone_api.user_update(request, data['userid'], enabled=True)
except:
LOG.error("Generic failure", exc_info=True)
return False
for prj_item in prj_list:
try:
with transaction.atomic():
Expiration(
registration=reg_user,
project=prj_item,
expdate=data['expdate']
).save()
keystone_api.add_tenant_user_role(
request, prj_item.projectid,
data['userid'], get_default_role(request))
#
# send notification to project managers and users
#
tmpres = EMail.objects.filter(registration__userid=data['userid'])
user_email = tmpres[0].email if tmpres else None
m_userids = get_prjman_ids(request, prj_item.projectid)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [ x.email for x in tmpres ]
noti_params = {
'username' : reg_user.username,
'project' : prj_item.projectname
}
notifyProject(request=self.request, rcpt=m_emails,
action=SUBSCR_FORCED_OK_TYPE, context=noti_params,
dst_project_id=prj_item.projectid)
notifyUser(request=self.request, rcpt=user_email,
action=SUBSCR_OK_TYPE, context=noti_params,
dst_project_id=prj_item.projectid,
dst_user_id=reg_user.userid)
except:
LOG.error("Generic failure", exc_info=True)
return True
def handle(self, request, data):
if not request.user.is_superuser:
messages.error(_("Operation not authorized"))
return False
try:
with transaction.atomic():
reg_user = Registration.objects.filter(userid=data['userid'])[0]
prj_list = Project.objects.filter(projectname__in=data['projects'])
reg_user.expdate = data['expdate']
reg_user.save()
k_user = keystone_api.user_get(request, data['userid'])
if not k_user.enabled:
keystone_api.user_update(request, data['userid'], enabled=True)
except:
LOG.error("Generic failure", exc_info=True)
return False
for prj_item in prj_list:
try:
with transaction.atomic():
Expiration(
registration=reg_user,
project=prj_item,
expdate=data['expdate']
).save()
keystone_api.add_tenant_user_role(
request, prj_item.projectid,
data['userid'], get_default_role(request))
#
# send notification to project managers and users
#
tmpres = EMail.objects.filter(registration__userid=data['userid'])
user_email = tmpres[0].email if tmpres else None
m_userids = get_prjman_ids(request, prj_item.projectid)
tmpres = EMail.objects.filter(registration__userid__in=m_userids)
m_emails = [ x.email for x in tmpres ]
noti_params = {
'username' : reg_user.username,
'project' : prj_item.projectname
}
notifyProject(request=self.request, rcpt=m_emails,
action=SUBSCR_FORCED_OK_TYPE, context=noti_params,
dst_project_id=prj_item.projectid)
notifyUser(request=self.request, rcpt=user_email,
action=SUBSCR_OK_TYPE, context=noti_params,
dst_project_id=prj_item.projectid,
dst_user_id=reg_user.userid)
except:
LOG.error("Generic failure", exc_info=True)
return True