def group_topology_delete(request, group, **kwargs):
"""Delete any topologies owned by users in this group.
@param request An HttpRequest
@param group The group to delete
@return HttpResponse"""
if request.method != 'POST':
return direct_to_template(request, 'vns/confirm.html',
{'title':'Delete topologies for group %s from %s'
% (group.name, group.org.name),
'button':'Delete topologies',
'url':'/org/%s/%s/deletetopo/'
% (group.org.name, group.name)})
# Get the group, users and topologies
users = User.objects.filter(vns_groups=group)
topos = db.Topology.objects.filter(owner__in=users)
# Insert journal entries for the main VNS process to delete the topologies,
# subject to permissions checks
no_perms = False
has_deleted = False
for t in topos:
if permissions.allowed_topology_access_delete(request.user, t):
je = db.JournalTopologyDelete()
je.topology = t
je.save()
has_deleted = True
else:
no_perms = True
# Display either a success message or a helpful error message
if no_perms and not has_deleted:
messages.error(request, "You do not have permission to delete topologies from this group")
return HttpResponseRedirect('/')
elif no_perms and has_deleted:
messages.info(request, "You do not have permissions to delete some of the topologies "
"from this group, but some other topologies have been marked for deletion.")
return HttpResponseRedirect('/')
else:
messages.success(request, "Topologies for this group have been marked for deletion.")
return HttpResponseRedirect('/')
def topology_access_check(request, callee, action, **kwargs):
"""Checks that the user can access the functions they're trying to, and
if they can calls callee. There are two valid authentication methods -
django logihn, as normally used for the website, and a cryptographic token
supplied in the HTTP GET, as used for clack.
@param request An HTTP request
@param callee Gives the Callable to call
@param action One of "add", "change", "use", "delete", describing the
permissions needed
@param tid The ID of the topology in question; not used for
action = "add"
@exception ValueError If an action is unrecognised
@exception KeyError If an option is missing
@return HttpResponse"""
def denied():
"""Generate an error message and redirect if we try do something to a
topology we're not allowed to"""
messages.error(request, "Either this topology doesn't exist or you don't "
"have permission to %s it." % action)
return HttpResponseRedirect('/login/')
def denied_add():
"""Generate an error message and redirect if we try to create a topology
and are not allowed to"""
messages.error(request, "You don't have permission to create topologies.")
return HttpResponseRedirect('/login/')
# If we're trying to add a template, don't need to get the template itself
if action == "add":
if permissions.allowed_topology_access_create(request.user):
return callee(request)
else:
return denied_add()
else:
# Try getting the template - if it doesn't exist, show the same message
# as for permission denied. If we don't have a "tid" argument, django
# will show an internal error, which is what we want.
tid = int(kwargs["tid"])
kwargs["tid"] = tid
try :
topo = db.Topology.objects.get(pk=tid)
except db.Topology.DoesNotExist:
return denied()
if action == "use":
# See if there is an HTTP GET token - if there is, try to use the token
# method for authentication
try:
token = request.GET["token"]
except KeyError:
pass
else:
# See if the token is valid
user = crypto.validate_token(token)
if user != None and permissions.allowed_topology_access_use(user, topo):
request.user = user
return callee(request, topo=topo, **kwargs)
if permissions.allowed_topology_access_use(request.user, topo):
return callee(request, topo=topo, **kwargs)
else:
return denied()
elif action == "change":
if permissions.allowed_topology_access_change(request.user, topo):
return callee(request, topo=topo, **kwargs)
else:
return denied()
elif action == "delete":
if permissions.allowed_topology_access_delete(request.user, topo):
return callee(request, topo=topo, **kwargs)
else:
return denied()
else:
raise ValueError("Unknown action: %s" % options["action"])
