def user_profile(request, up):
tn = 'vns/user_profile.html'
topos_allowed = permissions.get_allowed_topologies(request.user)
topos_owned = topos_allowed.filter(owner=up.user)
topos_assigned = topos_allowed.filter(allowed_users=up.user)
can_change = permissions.allowed_user_access_change(request.user, up.user)
return direct_to_template(request, tn, {'up':up,
'can_change':can_change,
'topos_owned':topos_owned,
'topos_assigned':topos_assigned})
def group_topology_create(request, group, **kwargs):
"""Create topologies for a group, with each user in the group becoming the
owner of one topology.
@param request An HttpRequest
@param group The group to add the topologies for"""
tn = "vns/group_topology_create.html"
# Check we're allowed to create topologies
if not permissions.allowed_topology_access_create(request.user):
messages.info("Please login as a user who is permitted to create topologies.")
return HttpResponseRedirect('/login/?next=/topology/create/')
# Import a function to create the form
CreateTopologyForm = make_ctform(request.user)
if request.method == "POST":
form = CreateTopologyForm(request.POST)
if form.is_valid():
template_id = form.cleaned_data['template']
ipblock_id = form.cleaned_data['ipblock']
num_to_create = form.cleaned_data['num_to_create']
ip = form.cleaned_data['ip_subnet']
mask = form.cleaned_data['ip_subnet_mask']
# Do lots of permissions and existence checks - need a topology
# template and IP block
try:
template = db.TopologyTemplate.objects.get(pk=template_id)
except db.TopologyTemplate.DoesNotExist:
messages.error(request, "No such template")
return direct_to_template(request, tn, { 'form': form,
'group': group})
try:
ipblock = db.IPBlock.objects.get(pk=ipblock_id)
except db.IPBlock.DoesNotExist:
messages.error(request, "No such IP block")
return direct_to_template(request, tn, { 'form': form,
'group': group})
if not permissions.allowed_topologytemplate_access_use(request.user, template):
messages.error(request, "You cannot create topologies from this template")
return direct_to_template(request, tn, { 'form': form,
'group': group})
if not permissions.allowed_ipblock_access_use(request.user, ipblock):
messages.error(request, "You cannot create topologies in this IP block")
return direct_to_template(request, tn, { 'form': form,
'group': group})
if num_to_create > 5:
messages.error(request, "You cannot create >5 topologies / user at once")
return direct_to_template(request, tn, { 'form': form,
'group': group})
# Get a list of users
try:
users = User.objects.filter(vns_groups=group)
except User.DoesNotExist:
messages.error("No users in this group to create topologies for")
return HttpResponseRedirect("/")
# Tell the DBService module to use this thread for accessing the DB
DBService.thread = threading.current_thread()
# Otherwise, we're good to actually create the topologies, subject
# to permissions checks on each user.
# These variables track the number with permissions errors, the
# number successfully created and the number rwith other errors
# to report to the user.
num_perms = 0
num_created = 0
num_errs = 0
for u in users:
# Check we have permission to change this user
if not permissions.allowed_user_access_change(request.user, u):
num_perms += 1
continue
# Make a list of source IP filters
if ip != None and mask != None:
src_filters = [(ip, mask)]
else:
src_filters = []
# Create the topology
for _ in xrange(0,num_to_create):
err,_,_,_ = instantiate_template(org=u.get_profile().org,
owner=u,
template=template,
ip_block_from=ipblock,
src_filters=src_filters,
temporary=False,
use_recent_alloc_logic=False,
public=False,
use_first_available=True)
# Update the numbers with/without errors
if err is not None:
num_errs += 1
else:
num_created += 1
# Report to the user
topology_create_message(request, num_errs, num_perms, num_created)
return HttpResponseRedirect('/org/%s/%s/' % (group.org.name, group.name))
else:
# The form is not valid
messages.error(request, "Invalid form")
return direct_to_template(request, tn, {'form':form,
'group':group})
else:
# request.method != 'POST'
# Need to give them a form but do nothing else
return direct_to_template(request, tn, {'form':CreateTopologyForm(),
'group':group})
def user_access_check(request, callee, action, **kwargs):
"""Checks that the user can access the functions they're trying to, and
if they can calls callee"""
"""Check that the user is allowed access, and if they are call the given
Callable.
@param request An HTTP request
@param callee Gives the Callable to call
@param action One of "add", "change", "use", "delete", describing the
permissions needed
@param user_id The ID of the user in question; not used for
action = "add"
@exception ValueError If an action is unrecognised
@exception KeyError If an option is missing"""
def denied():
"""Generate an error message and redirect if we try do something to a
template we're not allowed to"""
messages.error(request, "Either this user doesn't exist or you don't "
"have permission to %s it." % action)
return HttpResponseRedirect('/')
def denied_add():
"""Generate an error message and redirect if we try to create a template
and are not allowed to"""
messages.error(request, "You don't have permission to create users.")
return HttpResponseRedirect('/')
# If we're trying to add a template, don't need to get the template itself
if action == "add":
if permissions.allowed_user_access_create(request.user):
return callee(request)
else:
return denied_add()
else:
# Try getting the template - if it doesn't exist, show the same message
# as for permission denied
user_name = kwargs["un"]
try :
user = User.objects.get(username=user_name)
except User.DoesNotExist:
return denied()
if action == "use":
if permissions.allowed_user_access_use(request.user, user):
return callee(request, user.get_profile())
else:
return denied()
elif action == "change":
if permissions.allowed_user_access_change(request.user, user):
return callee(request, user.get_profile())
else:
return denied()
elif action == "delete":
if permissions.allowed_user_access_delete(request.user, user):
return callee(request, user.get_profile())
else:
return denied()
else:
raise ValueError("Unknown action: %s" % options["action"])
def can_change_user(self, up):
return permissions.allowed_user_access_change(self.user, up.user)