def delete(self, request, obj_id): with transaction.atomic(): critic_prjs = list() for e_item in Expiration.objects.filter(registration__userid=obj_id): prj_man_ids = get_prjman_ids(request, e_item.project.projectid) if len(prj_man_ids) == 1 and prj_man_ids[0] == obj_id: critic_prjs.append(e_item.project.projectname) if len(critic_prjs) > 0: msg = _("User is the unique admin for %s") % ", ".join(critic_prjs) messages.error(request, msg) raise Exception(msg) tmpres = EMail.objects.filter(registration__userid=obj_id) user_email = tmpres[0].email if tmpres else None user_name = tmpres[0].registration.username if tmpres else None Registration.objects.filter(userid=obj_id).delete() super(DeleteUsersAction, self).delete(request, obj_id) noti_params = { 'username' : user_name } notifyUser(request=request, rcpt=user_email, action=USER_PURGED_TYPE, context=noti_params, dst_user_id=obj_id)
def handle(self, request, data): try: with transaction.atomic(): curr_prjname = self.request.user.tenant_name q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname, 'flowstatus' : PSTATUS_RENEW_MEMB } prj_reqs = PrjRequest.objects.filter(**q_args) if len(prj_reqs) == 0: return True q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname } prj_exp = Expiration.objects.filter(**q_args) prj_exp.update(expdate=data['expiration']) # # Update the max expiration per user # user_reg = Registration.objects.get(regid=int(data['regid'])) if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() tmpres = EMail.objects.filter(registration=user_reg) user_mail = tmpres[0].email if len(tmpres) > 0 else None # # Clear requests # prj_reqs.delete() # # send notification to the user and cloud admin # noti_params = { 'username' : user_reg.username, 'project' : request.user.tenant_name, 'expiration' : data['expiration'].strftime("%d %B %Y") } notifyUser(request=request, rcpt=user_mail, action=USER_RENEWED_TYPE, context=noti_params, dst_user_id=user_reg.userid) notifyAdmin(request=request, action=USER_RENEWED_TYPE, context=noti_params) except: LOG.error("Cannot renew user", exc_info=True) exceptions.handle(request) return False return True
def handle(self, request, data): try: with transaction.atomic(): usr_and_prj = REQID_REGEX.search(data['requestid']) regid = int(usr_and_prj.group(1)) prj_reqs = PrjRequest.objects.filter( registration__regid=regid, project__projectname=usr_and_prj.group(2), flowstatus__in=[PSTATUS_RENEW_ADMIN, PSTATUS_RENEW_MEMB]) if len(prj_reqs) == 0: return True prj_exp = Expiration.objects.filter( registration__regid=regid, project__projectname=usr_and_prj.group(2)) prj_exp.update(expdate=data['expiration']) # # Update the max expiration per user # user_reg = Registration.objects.get(regid=regid) if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() tmpres = EMail.objects.filter(registration=user_reg) user_mail = tmpres[0].email if len(tmpres) > 0 else None # # Clear requests # prj_reqs.delete() # # send notification to the project admin # noti_params = { 'username': user_reg.username, 'project': usr_and_prj.group(2), 'expiration': data['expiration'].strftime("%d %B %Y") } notifyUser(request=request, rcpt=user_mail, action=USER_RENEWED_TYPE, context=noti_params, dst_user_id=user_reg.userid) except: LOG.error("Cannot renew project admin", exc_info=True) messages.error(request, _("Cannot renew project admin")) return False return True
def handle(self, request, data): mail_table = dict() exp_table = dict() for d_item in data: if d_item.startswith('prj_'): exp_table[d_item[4:]] = data[d_item] if not request.user.is_superuser: messages.error(_("Operation not authorized")) return False with transaction.atomic(): q_args = { 'registration__userid' : data['userid'], 'project__projectname__in' : exp_table.keys() } for exp_item in Expiration.objects.filter(**q_args): user_name = exp_item.registration.username prj_name = exp_item.project.projectname c_exp = exp_table.get(prj_name, None) if not c_exp or exp_item.expdate == c_exp: continue q_args = { 'registration__userid' : data['userid'], 'project__projectname' : prj_name } Expiration.objects.filter(**q_args).update(expdate=c_exp) q_args['flowstatus__in'] = [ PSTATUS_RENEW_ADMIN, PSTATUS_RENEW_MEMB ] PrjRequest.objects.filter(**q_args).delete() if not mail_table.has_key(user_name): tmpobj = EMail.objects.filter(registration__userid=data['userid']) mail_table[user_name] = tmpobj[0].email if len(tmpobj) else None try: noti_params = { 'username' : user_name, 'project' : prj_name, 'expiration' : c_exp.strftime("%d %B %Y") } notifyUser(request=request, rcpt=mail_table[user_name], action=USER_RENEWED_TYPE, context=noti_params, dst_user_id=data['userid']) except: LOG.error("Cannot notify %s" % user_name, exc_info=True) all_exp = Expiration.objects.filter(registration__userid=data['userid']) if len(all_exp): new_exp = max([ x.expdate for x in all_exp ]) all_exp[0].registration.expdate = new_exp all_exp[0].registration.save() return True
def handle(self, request, data): try: with transaction.atomic(): usr_and_prj = REQID_REGEX.search(data['requestid']) regid = int(usr_and_prj.group(1)) prj_reqs = PrjRequest.objects.filter( registration__regid = regid, project__projectname = usr_and_prj.group(2), flowstatus__in = [ PSTATUS_RENEW_ADMIN, PSTATUS_RENEW_MEMB ] ) if len(prj_reqs) == 0: return True prj_exp = Expiration.objects.filter( registration__regid = regid, project__projectname = usr_and_prj.group(2) ) prj_exp.update(expdate=data['expiration']) # # Update the max expiration per user # user_reg = Registration.objects.get(regid=regid) if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() tmpres = EMail.objects.filter(registration=user_reg) user_mail = tmpres[0].email if len(tmpres) > 0 else None # # Clear requests # prj_reqs.delete() # # send notification to the project admin # noti_params = { 'username' : user_reg.username, 'project' : usr_and_prj.group(2), 'expiration' : data['expiration'].strftime("%d %B %Y") } notifyUser(request=request, rcpt=user_mail, action=USER_RENEWED_TYPE, context=noti_params, dst_user_id=user_reg.userid) except: LOG.error("Cannot renew project admin", exc_info=True) messages.error(request, _("Cannot renew project admin")) return False return True
def handle(self, *args, **options): super(Command, self).handle(options) admin_table = dict() mail_table = dict() req_table = dict() try: with transaction.atomic(): for prj_req in PrjRequest.objects.filter( flowstatus=PSTATUS_PENDING): prjname = prj_req.project.projectname if not req_table.has_key(prjname): req_table[prjname] = list() req_table[prjname].append(prj_req.registration.username) for prjname in req_table.keys(): for p_role in PrjRole.objects.filter( project__projectname=prjname): user_name = p_role.registration.username user_id = p_role.registration.userid user_tuple = (user_name, user_id) if not admin_table.has_key(user_tuple): admin_table[user_tuple] = list() admin_table[user_tuple].append( p_role.project.projectname) if not mail_table.has_key(user_name): tmpres = EMail.objects.filter( registration__username=user_name) if len(tmpres): mail_table[user_name] = tmpres[0].email for user_tuple in admin_table: for prj_name in admin_table[user_tuple]: try: noti_params = { 'pendingreqs': req_table[prj_name], 'project': prj_name } notifyUser(mail_table[user_tuple[0]], SUBSCR_REMINDER, noti_params, dst_user_id=user_tuple[1]) except: LOG.error("Cannot notify pending subscription: %s" % user_tuple[0], exc_info=True) except: LOG.error("Cannot notify pending subscritions: system error", exc_info=True) raise CommandError("Cannot notify pending subscritions")
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): q_args = { 'registration__regid': int(usr_and_prj.group(1)), 'project__projectname': usr_and_prj.group(2) } prj_req = PrjRequest.objects.filter(**q_args)[0] project_name = prj_req.project.projectname project_id = prj_req.project.projectid user_name = prj_req.registration.username user_id = prj_req.registration.userid # # clear request # prj_req.delete() # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, project_id) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [x.email for x in tmpres] noti_params = { 'username': user_name, 'project': project_name, 'notes': data['reason'] } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_NO_TYPE, context=noti_params, dst_project_id=project_id) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_NO_TYPE, context=noti_params, dst_project_id=project_id, dst_user_id=user_id) except: LOG.error("Error forced-checking request", exc_info=True) messages.error(request, _("Cannot forced check request")) return False return True
def handle(self, request, data): mail_table = dict() exp_table = dict() for d_item in data: if d_item.startswith('prj_'): exp_table[d_item[4:]] = data[d_item] if not request.user.is_superuser: messages.error(_("Operation not authorized")) return False with transaction.atomic(): q_args = { 'registration__userid' : data['userid'], 'project__projectname__in' : exp_table.keys() } for exp_item in Expiration.objects.filter(**q_args): user_name = exp_item.registration.username prj_name = exp_item.project.projectname c_exp = exp_table.get(prj_name, None) if not c_exp or exp_item.expdate == c_exp: continue q_args = { 'registration__userid' : data['userid'], 'project__projectname' : prj_name } Expiration.objects.filter(**q_args).update(expdate=c_exp) q_args['flowstatus__in'] = [ PSTATUS_RENEW_ADMIN, PSTATUS_RENEW_MEMB ] PrjRequest.objects.filter(**q_args).delete() if not mail_table.has_key(user_name): tmpobj = EMail.objects.filter(registration__userid=data['userid']) mail_table[user_name] = tmpobj[0].email if len(tmpobj) else None try: noti_params = { 'username' : user_name, 'project' : prj_name, 'expiration' : c_exp.strftime("%d %B %Y") } notifyUser(request=request, rcpt=mail_table[user_name], action=USER_RENEWED_TYPE, context=noti_params, dst_user_id=data['userid']) except: LOG.error("Cannot notify %s" % user_name, exc_info=True) set_last_exp(data['userid']) return True
def handle(self, request, data): try: with transaction.atomic(): registration = Registration.objects.get( regid=int(data['regid'])) prjReqList = PrjRequest.objects.filter( registration=registration) regReqList = RegRequest.objects.filter( registration=registration, flowstatus=RSTATUS_PENDING) # # Delete request for projects to be created # newprj_list = list() for prj_req in prjReqList: if not prj_req.project.projectid: newprj_list.append(prj_req.project.projectname) if len(newprj_list): Project.objects.filter( projectname__in=newprj_list).delete() # # First registration request, remove all (using cascaded foreign key) # user_email = regReqList[0].email user_name = registration.username registration.delete() noti_params = { 'username': user_name, 'projects': list(p.project.projectname for p in prjReqList), 'project_creation': (len(newprj_list) != 0), 'notes': data['reason'] } notifyUser(request=self.request, rcpt=user_email, action=FIRST_REG_NO_TYPE, context=noti_params) except: LOG.error("Error rejecting request", exc_info=True) messages.error(request, _("Cannot reject request")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): q_args = { 'registration__regid' : int(usr_and_prj.group(1)), 'project__projectname' : usr_and_prj.group(2) } prj_req = PrjRequest.objects.filter(**q_args)[0] project_name = prj_req.project.projectname project_id = prj_req.project.projectid user_name = prj_req.registration.username user_id = prj_req.registration.userid # # clear request # prj_req.delete() # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, project_id) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [ x.email for x in tmpres ] noti_params = { 'username' : user_name, 'project' : project_name, 'notes' : data['reason'] } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_NO_TYPE, context=noti_params, dst_project_id=project_id) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_NO_TYPE, context=noti_params, dst_project_id=project_id, dst_user_id=user_id) except: LOG.error("Error forced-checking request", exc_info=True) messages.error(request, _("Cannot forced check request")) return False return True
def handle(self, *args, **options): super(Command, self).handle(options) admin_table = dict() mail_table = dict() req_table = dict() try: with transaction.atomic(): for prj_req in PrjRequest.objects.filter(flowstatus=PSTATUS_PENDING): prjname = prj_req.project.projectname if not req_table.has_key(prjname): req_table[prjname] = list() req_table[prjname].append(prj_req.registration.username) for prjname in req_table.keys(): for p_role in PrjRole.objects.filter(project__projectname=prjname): user_name = p_role.registration.username user_id = p_role.registration.userid user_tuple = (user_name, user_id) if not admin_table.has_key(user_tuple): admin_table[user_tuple] = list() admin_table[user_tuple].append(p_role.project.projectname) if not mail_table.has_key(user_name): tmpres = EMail.objects.filter(registration__username=user_name) if len(tmpres): mail_table[user_name] = tmpres[0].email for user_tuple in admin_table: for prj_name in admin_table[user_tuple]: try: noti_params = { 'pendingreqs' : req_table[prj_name], 'project' : prj_name } notifyUser(mail_table[user_tuple[0]], SUBSCR_REMINDER, noti_params, dst_user_id=user_tuple[1]) except: LOG.error("Cannot notify pending subscription: %s" % user_tuple[0], exc_info=True) except: LOG.error("Cannot notify pending subscritions: system error", exc_info=True) raise CommandError("Cannot notify pending subscritions")
def handle(self, request, data): try: with transaction.atomic(): registration = Registration.objects.get(regid=int(data['regid'])) prjReqList = PrjRequest.objects.filter(registration=registration) regReqList = RegRequest.objects.filter( registration=registration, flowstatus=RSTATUS_PENDING ) # # Delete request for projects to be created # newprj_list = list() for prj_req in prjReqList: if not prj_req.project.projectid: newprj_list.append(prj_req.project.projectname) if len(newprj_list): Project.objects.filter(projectname__in=newprj_list).delete() # # First registration request, remove all (using cascaded foreign key) # user_email = regReqList[0].email user_name = registration.username registration.delete() noti_params = { 'username': user_name, 'projects': list(p.project.projectname for p in prjReqList), 'project_creation': (len(newprj_list) != 0), 'notes' : data['reason'] } notifyUser(request=self.request, rcpt=user_email, action=FIRST_REG_NO_TYPE, context=noti_params) except: LOG.error("Error rejecting request", exc_info=True) messages.error(request, _("Cannot reject request")) return False return True
def handle(self, request, data): try: role_names = [ role['name'] for role in self.request.user.roles ] if not TENANTADMIN_ROLE in role_names: raise Exception(_('Permissions denied: cannot approve subscriptions')) with transaction.atomic(): curr_prjname = self.request.user.tenant_name q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname } prj_req = PrjRequest.objects.filter(**q_args)[0] member_id = prj_req.registration.userid tmpres = EMail.objects.filter(registration__userid=member_id) member_email = tmpres[0].email if tmpres else None project_name = prj_req.project.projectname user_name = prj_req.registration.username # # clear request # prj_req.delete() # # send notification to the user # noti_params = { 'username': user_name, 'project' : project_name, 'notes' : data['reason'] } notifyUser(request=self.request, rcpt=member_email, action=SUBSCR_NO_TYPE, context=noti_params, dst_user_id=member_id) notifyAdmin(request=self.request, action=SUBSCR_NO_TYPE, context=noti_params) except: exceptions.handle(request) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): # # Creation of new tenant # q_args = { 'registration__regid' : int(usr_and_prj.group(1)), 'project__projectname' : usr_and_prj.group(2) } prj_req = PrjRequest.objects.filter(**q_args)[0] project_name = prj_req.project.projectname user_id = prj_req.registration.userid # # Clear request # prj_req.delete() # # Send notification to the user # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None noti_params = { 'project' : project_name, 'notes' : data['reason'] } notifyUser(request=self.request, rcpt=user_email, action=PRJ_REJ_TYPE, context=noti_params, dst_user_id=user_id) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): # # Creation of new tenant # q_args = { 'registration__regid': int(usr_and_prj.group(1)), 'project__projectname': usr_and_prj.group(2) } prj_req = PrjRequest.objects.filter(**q_args)[0] project_name = prj_req.project.projectname user_id = prj_req.registration.userid # # Clear request # prj_req.delete() # # Send notification to the user # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None noti_params = {'project': project_name, 'notes': data['reason']} notifyUser(request=self.request, rcpt=user_email, action=PRJ_REJ_TYPE, context=noti_params, dst_user_id=user_id) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def delete(self, request, obj_id): try: with transaction.atomic(): q_args = { 'registration__userid': obj_id, 'project__projectname': request.user.tenant_name } Expiration.objects.filter(**q_args).delete() PrjRequest.objects.filter(**q_args).delete() PrjRole.objects.filter(**q_args).delete() roles_obj = client_factory(request).roles role_assign_obj = client_factory(request).role_assignments arg_dict = {'project': request.user.tenant_id, 'user': obj_id} for r_item in role_assign_obj.list(**arg_dict): roles_obj.revoke(r_item.role['id'], **arg_dict) tmpres = EMail.objects.filter(registration__userid=obj_id) member_email = tmpres[0].email if tmpres else None member_name = tmpres[0].registration.username if tmpres else None tmpres = EMail.objects.filter(registration__userid=request.user.id) admin_email = tmpres[0].email if tmpres else None noti_params = { 'username': member_name, 'admin_address': admin_email, 'project': request.user.tenant_name } notifyUser(request=request, rcpt=member_email, action=MEMBER_REMOVED, context=noti_params, dst_user_id=obj_id) notifyAdmin(request=request, action=MEMBER_REMOVED_ADM, context=noti_params) except: LOG.error("Grant revoke error", exc_info=True) messages.error(request, _('Unable to delete member from tenant.'))
def delete(self, request, obj_id): try: with transaction.atomic(): q_args = { 'registration__userid' : obj_id, 'project__projectname' : request.user.tenant_name } Expiration.objects.filter(**q_args).delete() PrjRequest.objects.filter(**q_args).delete() PrjRole.objects.filter(**q_args).delete() roles_obj = client_factory(request).roles role_assign_obj = client_factory(request).role_assignments arg_dict = { 'project' : request.user.tenant_id, 'user' : obj_id } for r_item in role_assign_obj.list(**arg_dict): roles_obj.revoke(r_item.role['id'], **arg_dict) tmpres = EMail.objects.filter(registration__userid=obj_id) member_email = tmpres[0].email if tmpres else None member_name = tmpres[0].registration.username if tmpres else None tmpres = EMail.objects.filter(registration__userid=request.user.id) admin_email = tmpres[0].email if tmpres else None noti_params = { 'username' : member_name, 'admin_address' : admin_email, 'project' : request.user.tenant_name } notifyUser(request=request, rcpt=member_email, action=MEMBER_REMOVED, context=noti_params, dst_user_id=obj_id) notifyAdmin(request=request, action=MEMBER_REMOVED_ADM, context=noti_params) except: LOG.error("Grant revoke error", exc_info=True) messages.error(request, _('Unable to delete member from tenant.'))
def handle(self, request, data): try: with transaction.atomic(): q_args = { 'registration__userid' : data['userid'], 'project__projectid' : request.user.tenant_id } Expiration.objects.filter(**q_args).update(expdate=data['expiration']) all_exp = Expiration.objects.filter(registration__userid=data['userid']) if len(all_exp): new_exp = max([ x.expdate for x in all_exp ]) all_exp[0].registration.expdate = new_exp all_exp[0].registration.save() PrjRequest.objects.filter(**q_args).delete() tmpres = EMail.objects.filter(registration__userid=data['userid']) if len(tmpres) == 0: return True user_name = tmpres[0].registration.username user_mail = tmpres[0].email noti_params = { 'username' : user_name, 'project' : request.user.tenant_name, 'expiration' : data['expiration'].strftime("%d %B %Y") } try: notifyUser(request=request, rcpt=user_mail, action=USER_RENEWED_TYPE, context=noti_params, dst_user_id=data['userid']) notifyAdmin(request=request, action=USER_RENEWED_TYPE, context=noti_params) except: LOG.error("Cannot notify %s" % user_name, exc_info=True) except: exceptions.handle(request) return False return True
def handle(self, *args, **options): super(Command, self).handle(options) try: now = datetime.now() noti_table = dict() user_set = set() prj_set = set() for days_to_exp in self._get_days_to_exp(self.config.cron_plan): tframe = now + timedelta(days=days_to_exp) noti_table[days_to_exp] = list() q_args = { 'expdate__gte' : tframe.replace(hour=0, minute=0, second=0, microsecond=0), 'expdate__lte' : tframe.replace(hour=23, minute=59, second=59, microsecond=999999) } for exp_item in Expiration.objects.filter(**q_args): username = exp_item.registration.username userid = exp_item.registration.userid prjname = exp_item.project.projectname prjid = exp_item.project.projectid noti_table[days_to_exp].append((username, userid, prjname, prjid)) user_set.add(userid) prj_set.add(prjname) admin_table = dict() for p_role in PrjRole.objects.filter(project__projectname__in=prj_set): prjname = p_role.project.projectname if not admin_table.has_key(prjname): admin_table[prjname] = list() admin_table[prjname].append(p_role.registration.userid) user_set.add(p_role.registration.userid) mail_table = dict() for email_item in EMail.objects.filter(registration__userid__in=user_set): mail_table[email_item.registration.userid] = email_item.email contact_table = dict() for prjname, uid_list in admin_table.items(): contact_table[prjname] = list() for userid in uid_list: if mail_table.has_key(userid): contact_table[prjname].append(mail_table[userid]) for days_to_exp, noti_list in noti_table.items(): for username, userid, prjname, prjid in noti_list: try: noti_params = { 'username' : username, 'project' : prjname, 'days' : days_to_exp, 'contacts' : contact_table[prjname] } notifyUser(mail_table[userid], USER_EXP_TYPE, noti_params, user_id=userid, project_id=prjid, dst_user_id=userid) except: LOG.error("Cannot notify %s" % username, exc_info=True) except: LOG.error("Notification failed", exc_info=True) raise CommandError("Notification failed")
def handle(self, request, data): if not data['username']: messages.error(request, _("Cannot process request: missing username")) return False try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) with transaction.atomic(): registration = Registration.objects.get(regid=int(data['regid'])) reg_request = RegRequest.objects.filter( registration=registration, flowstatus=RSTATUS_PENDING )[0] prjReqList = PrjRequest.objects.filter(registration=registration) password = reg_request.password if not password: password = generate_pwd() user_email = reg_request.email # # Mapping of external accounts # is_local = True if reg_request.externalid: mapping = UserMapping(globaluser=reg_request.externalid, registration=reg_request.registration) mapping.save() is_local = False LOG.info("Registered external account %s" % reg_request.externalid) # # Forward request to project administrators # q_args = { 'project__projectid__isnull' : False, 'flowstatus' : PSTATUS_REG } prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING) # # Creation of new tenants # self.preprocess_prj(registration, data) new_prj_list = list() p_reqs = prjReqList.filter( project__projectid__isnull = True, flowstatus = PSTATUS_REG ) if len(p_reqs): newreq_prj = p_reqs[0].project kprj = keystone_api.tenant_create(request, newreq_prj.projectname, newreq_prj.description, True) newreq_prj.projectid = kprj.id newreq_prj.save() new_prj_list.append(newreq_prj) setup_new_project(request, kprj.id, newreq_prj.projectname, data) LOG.info("Created tenant %s" % newreq_prj.projectname) # # User creation # if not registration.userid: kuser = keystone_api.user_create(request, name=registration.username, password=password, email=user_email, enabled=True) if is_local: registration.username = data['username'] registration.expdate = self.expiration registration.userid = kuser.id registration.save() LOG.info("Created user %s" % registration.username) mail_obj = EMail() mail_obj.registration = registration mail_obj.email = user_email mail_obj.save() # # The new user is the project manager of its tenant # register the expiration date per tenant # for prj_item in new_prj_list: expiration = Expiration() expiration.registration = registration expiration.project = prj_item expiration.expdate = self.expiration expiration.save() prjRole = PrjRole() prjRole.registration = registration prjRole.project = prj_item prjRole.roleid = tenantadmin_roleid prjRole.save() keystone_api.add_tenant_user_role(request, prj_item.projectid, registration.userid, tenantadmin_roleid) # # Send notifications to project administrators and users # for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING): m_userids = get_prjman_ids(request, p_item.project.projectid) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [ x.email for x in tmpres ] noti_params = { 'username' : data['username'], 'project' : p_item.project.projectname } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_WAIT_TYPE, context=noti_params, dst_project_id=p_item.project.projectid) n2_params = { 'username' : p_item.registration.username, 'project' : p_item.project.projectname, 'prjadmins' : m_emails } notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_ONGOING, context=n2_params, dst_project_id=p_item.project.projectid, dst_user_id=registration.userid) newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG) for p_item in newprj_reqs: noti_params = { 'username' : p_item.registration.username, 'project' : p_item.project.projectname } notifyUser(request=self.request, rcpt=user_email, action=FIRST_REG_OK_TYPE, context=noti_params, dst_project_id=p_item.project.projectid, dst_user_id=p_item.registration.userid) # # cache cleanup # newprj_reqs.delete() reg_request.delete() self.post_reminder(registration, user_email) except: LOG.error("Error pre-checking request", exc_info=True) messages.error(request, _("Cannot pre-check request")) return False return True
def handle(self, request, data): try: with transaction.atomic(): curr_prjname = self.request.user.tenant_name q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname, 'flowstatus' : PSTATUS_RENEW_MEMB } prj_reqs = PrjRequest.objects.filter(**q_args) if len(prj_reqs) == 0: return True user_id = prj_reqs[0].registration.userid # # Clear requests # prj_reqs.delete() q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname } Expiration.objects.filter(**q_args).delete() PrjRole.objects.filter(**q_args).delete() # # Remove member from project # roles_obj = client_factory(request).roles role_assign_obj = client_factory(request).role_assignments arg_dict = { 'project' : request.user.tenant_id, 'user' : user_id } for r_item in role_assign_obj.list(**arg_dict): roles_obj.revoke(r_item.role['id'], **arg_dict) # # Send notification to the user # tmpres = EMail.objects.filter(registration__regid=int(data['regid'])) member_email = tmpres[0].email if tmpres else None member_name = tmpres[0].registration.username if member_email else 'unknown' tmpres = EMail.objects.filter(registration__userid=request.user.id) admin_email = tmpres[0].email if tmpres else None noti_params = { 'username' : member_name, 'admin_address' : admin_email, 'project' : request.user.tenant_name, 'notes' : data['reason'] } notifyUser(request=self.request, rcpt=member_email, action=MEMBER_REMOVED, context=noti_params, dst_user_id=user_id) except: LOG.error("Cannot renew user", exc_info=True) exceptions.handle(request) return False return True
def handle(self, request, data): try: role_names = [ role['name'] for role in self.request.user.roles ] if not TENANTADMIN_ROLE in role_names: raise Exception(_('Permissions denied: cannot approve subscriptions')) with transaction.atomic(): curr_prjname = self.request.user.tenant_name q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname } prj_req = PrjRequest.objects.filter(**q_args)[0] member_id = prj_req.registration.userid tmpres = EMail.objects.filter(registration__userid=member_id) member_email = tmpres[0].email if tmpres else None project_name = prj_req.project.projectname user_name = prj_req.registration.username LOG.debug("Approving subscription for %s" % prj_req.registration.username) default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None) expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() roles_obj = client_factory(request).roles arg_dict = { 'project' : prj_req.project.projectid, 'user' : prj_req.registration.userid } missing_default = True for item in roles_obj.list(): if item.name == default_role: roles_obj.grant(item.id, **arg_dict) missing_default = False if missing_default: raise Exception("Default role is undefined") # # clear request # prj_req.delete() # # send notification to the user # noti_params = { 'username': user_name, 'project' : project_name } notifyUser(request=self.request, rcpt=member_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_user_id=member_id) notifyAdmin(request=self.request, action=SUBSCR_OK_TYPE, context=noti_params) except: exceptions.handle(request) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): regid, prjname = chk_repl_project(int(usr_and_prj.group(1)), usr_and_prj.group(2), data['newname'], None, data['newdescr']) # # Creation of new tenant # prj_req = PrjRequest.objects.filter( registration__regid=regid, project__projectname=prjname)[0] project_name = prj_req.project.projectname user_id = prj_req.registration.userid kprj = keystone_api.tenant_create(request, project_name, prj_req.project.description, True) prj_req.project.projectid = kprj.id prj_req.project.save() LOG.info("Created tenant %s" % project_name) # # The new user is the project manager of its tenant # prjRole = PrjRole() prjRole.registration = prj_req.registration prjRole.project = prj_req.project prjRole.roleid = tenantadmin_roleid prjRole.save() keystone_api.add_tenant_user_role(request, prj_req.project.projectid, user_id, tenantadmin_roleid) # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() # # Clear request # prj_req.delete() setup_new_project(request, kprj.id, project_name, data) # # Send notification to the user # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None noti_params = {'project': project_name} notifyUser(request=self.request, rcpt=user_email, action=PRJ_CREATE_TYPE, context=noti_params, dst_project_id=kprj.id, dst_user_id=user_id) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def handle(self, request, data): if not request.user.is_superuser: messages.error(_("Operation not authorized")) return False try: with transaction.atomic(): reg_user = Registration.objects.filter(userid=data['userid'])[0] prj_list = Project.objects.filter(projectname__in=data['projects']) reg_user.expdate = data['expdate'] reg_user.save() k_user = keystone_api.user_get(request, data['userid']) if not k_user.enabled: keystone_api.user_update(request, data['userid'], enabled=True) except: LOG.error("Generic failure", exc_info=True) return False for prj_item in prj_list: try: with transaction.atomic(): Expiration( registration=reg_user, project=prj_item, expdate=data['expdate'] ).save() keystone_api.add_tenant_user_role( request, prj_item.projectid, data['userid'], get_default_role(request)) # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=data['userid']) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, prj_item.projectid) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [ x.email for x in tmpres ] noti_params = { 'username' : reg_user.username, 'project' : prj_item.projectname } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_OK_TYPE, context=noti_params, dst_project_id=prj_item.projectid) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_project_id=prj_item.projectid, dst_user_id=reg_user.userid) except: LOG.error("Generic failure", exc_info=True) return True
def single(self, data_table, request, obj_id): try: t_role_id = '' for role in request.user.roles: if role['name'] == TENANTADMIN_ROLE: t_role_id = get_admin_roleid(request) roles_obj = client_factory(request).roles arg_dict = { 'project' : request.user.tenant_id, 'user' : obj_id } tmpres = EMail.objects.filter(registration__userid=obj_id) member_email = tmpres[0].email if tmpres else None tmpres = EMail.objects.filter(registration__userid=request.user.id) admin_email = tmpres[0].email if tmpres else None datum = data_table.get_object_by_id(obj_id) if datum.is_t_admin: with transaction.atomic(): PrjRole.objects.filter( registration__userid=obj_id, project__projectname=request.user.tenant_name ).delete() if datum.num_of_roles == 1: missing_default = True for item in roles_obj.list(): if item.name == DEFAULT_ROLE: roles_obj.grant(item.id, **arg_dict) missing_default = False if missing_default: raise Exception('Cannot swith to member role') roles_obj.revoke(t_role_id, **arg_dict) noti_params = { 'admin_address' : admin_email, 'project' : request.user.tenant_name, 's_role' : _('Project manager'), 'd_role' : _('Project user') } notifyUser(request=request, rcpt=member_email, action=CHANGED_MEMBER_ROLE, context=noti_params, dst_project_id=request.user.project_id, dst_user_id=obj_id) else: with transaction.atomic(): prjRole = PrjRole() prjRole.registration = Registration.objects.filter(userid=obj_id)[0] prjRole.project = Project.objects.get(projectname=request.user.tenant_name) prjRole.roleid = t_role_id prjRole.save() roles_obj.grant(t_role_id, **arg_dict) noti_params = { 'admin_address' : admin_email, 'project' : request.user.tenant_name, 's_role' : _('Project user'), 'd_role' : _('Project manager') } notifyUser(request=request, rcpt=member_email, action=CHANGED_MEMBER_ROLE, context=noti_params, dst_project_id=request.user.project_id, dst_user_id=obj_id) except: LOG.error("Toggle role error", exc_info=True) messages.error(request, _('Unable to toggle the role.')) if obj_id == request.user.id: response = shortcuts.redirect(reverse_lazy('logout')) msg = _("Roles changed. Please log in again to continue.") utils.add_logout_reason(request, response, msg) return response return shortcuts.redirect(reverse_lazy('horizon:idmanager:member_manager:index'))
def single(self, data_table, request, obj_id): try: t_role_id = '' for role in request.user.roles: if role['name'] == TENANTADMIN_ROLE: t_role_id = get_admin_roleid(request) roles_obj = client_factory(request).roles arg_dict = {'project': request.user.tenant_id, 'user': obj_id} tmpres = EMail.objects.filter(registration__userid=obj_id) member_email = tmpres[0].email if tmpres else None tmpres = EMail.objects.filter(registration__userid=request.user.id) admin_email = tmpres[0].email if tmpres else None datum = data_table.get_object_by_id(obj_id) if datum.is_t_admin: with transaction.atomic(): PrjRole.objects.filter(registration__userid=obj_id, project__projectname=request.user. tenant_name).delete() if datum.num_of_roles == 1: missing_default = True for item in roles_obj.list(): if item.name == DEFAULT_ROLE: roles_obj.grant(item.id, **arg_dict) missing_default = False if missing_default: raise Exception('Cannot swith to member role') roles_obj.revoke(t_role_id, **arg_dict) noti_params = { 'admin_address': admin_email, 'project': request.user.tenant_name, 's_role': _('Project manager'), 'd_role': _('Project user') } notifyUser(request=request, rcpt=member_email, action=CHANGED_MEMBER_ROLE, context=noti_params, dst_project_id=request.user.project_id, dst_user_id=obj_id) else: with transaction.atomic(): prjRole = PrjRole() prjRole.registration = Registration.objects.filter( userid=obj_id)[0] prjRole.project = Project.objects.get( projectname=request.user.tenant_name) prjRole.roleid = t_role_id prjRole.save() roles_obj.grant(t_role_id, **arg_dict) noti_params = { 'admin_address': admin_email, 'project': request.user.tenant_name, 's_role': _('Project user'), 'd_role': _('Project manager') } notifyUser(request=request, rcpt=member_email, action=CHANGED_MEMBER_ROLE, context=noti_params, dst_project_id=request.user.project_id, dst_user_id=obj_id) except: LOG.error("Toggle role error", exc_info=True) messages.error(request, _('Unable to toggle the role.')) if obj_id == request.user.id: response = shortcuts.redirect(reverse_lazy('logout')) msg = _("Roles changed. Please log in again to continue.") utils.add_logout_reason(request, response, msg) return response return shortcuts.redirect( reverse_lazy('horizon:idmanager:member_manager:index'))
def handle(self, request, data): if not data['username']: messages.error(request, _("Cannot process request: missing username")) return False try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) with transaction.atomic(): registration = Registration.objects.get( regid=int(data['regid'])) reg_request = RegRequest.objects.filter( registration=registration, flowstatus=RSTATUS_PENDING)[0] prjReqList = PrjRequest.objects.filter( registration=registration) password = reg_request.password if not password: password = generate_pwd() user_email = reg_request.email # # Mapping of external accounts # is_local = True if reg_request.externalid: mapping = UserMapping( globaluser=reg_request.externalid, registration=reg_request.registration) mapping.save() is_local = False LOG.info("Registered external account %s" % reg_request.externalid) # # Forward request to project administrators # q_args = { 'project__projectid__isnull': False, 'flowstatus': PSTATUS_REG } prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING) # # Creation of new tenants # self.preprocess_prj(registration, data) new_prj_list = list() p_reqs = prjReqList.filter(project__projectid__isnull=True, flowstatus=PSTATUS_REG) if len(p_reqs): newreq_prj = p_reqs[0].project kprj = keystone_api.tenant_create(request, newreq_prj.projectname, newreq_prj.description, True) newreq_prj.projectid = kprj.id newreq_prj.save() new_prj_list.append(newreq_prj) setup_new_project(request, kprj.id, newreq_prj.projectname, data) LOG.info("Created tenant %s" % newreq_prj.projectname) # # User creation # if not registration.userid: if is_local: registration.username = data['username'] kuser = keystone_api.user_create( request, name=registration.username, password=password, email=user_email, enabled=True) registration.expdate = self.expiration registration.userid = kuser.id registration.save() LOG.info("Created user %s" % registration.username) mail_obj = EMail() mail_obj.registration = registration mail_obj.email = user_email mail_obj.save() # # The new user is the project manager of its tenant # register the expiration date per tenant # for prj_item in new_prj_list: expiration = Expiration() expiration.registration = registration expiration.project = prj_item expiration.expdate = self.expiration expiration.save() prjRole = PrjRole() prjRole.registration = registration prjRole.project = prj_item prjRole.roleid = tenantadmin_roleid prjRole.save() keystone_api.add_tenant_user_role(request, prj_item.projectid, registration.userid, tenantadmin_roleid) # # Send notifications to project administrators and users # for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING): m_userids = get_prjman_ids(request, p_item.project.projectid) tmpres = EMail.objects.filter( registration__userid__in=m_userids) m_emails = [x.email for x in tmpres] noti_params = { 'username': data['username'], 'project': p_item.project.projectname } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_WAIT_TYPE, context=noti_params, dst_project_id=p_item.project.projectid) n2_params = { 'username': p_item.registration.username, 'project': p_item.project.projectname, 'prjadmins': m_emails } notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_ONGOING, context=n2_params, dst_project_id=p_item.project.projectid, dst_user_id=registration.userid) newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG) for p_item in newprj_reqs: noti_params = { 'username': p_item.registration.username, 'project': p_item.project.projectname } notifyUser(request=self.request, rcpt=user_email, action=FIRST_REG_OK_TYPE, context=noti_params, dst_project_id=p_item.project.projectid, dst_user_id=p_item.registration.userid) # # cache cleanup # newprj_reqs.delete() reg_request.delete() self.post_reminder(registration, user_email) except: LOG.error("Error pre-checking request", exc_info=True) messages.error(request, _("Cannot pre-check request")) return False return True
def _update_project_members(self, request, data, project_id): member_ids = set() prjadm_ids = set() prjrole_id = None result = None for role in self._get_available_roles(request): tmp_step = self.get_step(baseWorkflows.PROJECT_USER_MEMBER_SLUG) field_name = tmp_step.get_member_field_name(role.id) for tmpid in data[field_name]: member_ids.add(tmpid) if role.name == TENANTADMIN_ROLE: prjadm_ids.add(tmpid) if role.name == TENANTADMIN_ROLE: prjrole_id = role.id with transaction.atomic(): ep_qset = Expiration.objects.filter(project=self.this_project) disposable_exps = ep_qset.exclude(registration__userid__in=member_ids) changed_regs = [ x.registration for x in disposable_exps ] rm_email_list = EMail.objects.filter(registration__in=changed_regs) for item in ep_qset: if item.registration.userid in member_ids: member_ids.remove(item.registration.userid) added_regs = Registration.objects.filter(userid__in=member_ids) add_email_list = EMail.objects.filter(registration__in=added_regs) # # Use per-user expiration date as a fall back # for expiration date per tenant # for item in added_regs: def_expdate = item.expdate if item.expdate else datetime.now() + timedelta(365) c_args = { 'registration' : item, 'project' : self.this_project, 'expdate' : item.expdate } Expiration(**c_args).save() changed_regs.append(item) # # Delete expiration for manually removed users # disposable_exps.delete() # # Remove subscription request for manually added or removed members # PrjRequest.objects.filter( registration__in = changed_regs, project = self.this_project ).delete() # # Delete and re-create the project admin cache # PrjRole.objects.filter(project=self.this_project).delete() for item in Registration.objects.filter(userid__in=prjadm_ids): new_prjrole = PrjRole() new_prjrole.registration = item new_prjrole.project = self.this_project new_prjrole.roleid = prjrole_id new_prjrole.save() LOG.debug("Re-created prj admin: %s" % item.username) result = super(ExtUpdateProject, self)._update_project_members(request, data, project_id) # # Notify users, both new and removed # for e_item in rm_email_list: noti_params = { 'username' : e_item.registration.username, 'project' : self.this_project.projectname } notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_RM, context=noti_params, dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid) for e_item in add_email_list: noti_params = { 'username' : e_item.registration.username, 'project' : self.this_project.projectname, 'isadmin' : e_item.registration.userid in prjadm_ids } notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_ADD, context=noti_params, dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid) if len(prjadm_ids) == 0: messages.warning(request, _("Missing project admin for this project")) return result
def _update_project_members(self, request, data, project_id): admin_role_id = None available_roles = baseWorkflows.api.keystone.role_list(request) member_ids = set() prjadm_ids = set() result = None with transaction.atomic(): # # Create project in the database # newprj_id = self.object.id qargs = { 'projectname' : data['name'], 'projectid' : newprj_id, 'description' : data['description'], 'status' : PRJ_PUBLIC } newprj = Project(**qargs) newprj.save() self.this_project = newprj # # Setup members # for role in available_roles: tmp_step = self.get_step(baseWorkflows.PROJECT_USER_MEMBER_SLUG) field_name = tmp_step.get_member_field_name(role.id) if role.name == TENANTADMIN_ROLE: admin_role_id = role.id for tmpid in data[field_name]: prjadm_ids.add(tmpid) for user_id in data[field_name]: member_ids.add(user_id) # # Import expiration per tenant, use per-user expiration date as a fall back # Create the project admin cache # for u_item in Registration.objects.filter(userid__in=member_ids): new_p_exp = Expiration() new_p_exp.registration = u_item new_p_exp.project = self.this_project new_p_exp.expdate = u_item.expdate new_p_exp.save() if u_item.userid in prjadm_ids: new_prjrole = PrjRole() new_prjrole.registration = u_item new_prjrole.project = self.this_project new_prjrole.roleid = admin_role_id new_prjrole.save() LOG.debug("Created prj admin: %s" % u_item.username) # # Insert cloud admin as project_manager if missing # if len(prjadm_ids) == 0: baseWorkflows.api.keystone.add_tenant_user_role(request, project_id, request.user.id, admin_role_id) result = super(ExtCreateProject, self)._update_project_members(request, data, project_id) # # Notify users # for e_item in EMail.objects.filter(registration__userid__in=member_ids): noti_params = { 'username' : e_item.registration.username, 'project' : self.this_project.projectname, 'isadmin' : e_item.registration.userid in prjadm_ids } notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_ADD, context=noti_params, dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid) # # Notify all cloud admins # notifyAdmin(request=request, action=NEWPRJ_BY_ADM, context={'project' : self.this_project.projectname}) return result
def handle(self, request, data): try: role_names = [ role['name'] for role in self.request.user.roles ] if not TENANTADMIN_ROLE in role_names: raise Exception(_('Permissions denied: cannot approve subscriptions')) with transaction.atomic(): curr_prjname = self.request.user.tenant_name q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname } prj_req = PrjRequest.objects.filter(**q_args)[0] member_id = prj_req.registration.userid tmpres = EMail.objects.filter(registration__userid=member_id) member_email = tmpres[0].email if tmpres else None project_name = prj_req.project.projectname user_name = prj_req.registration.username LOG.debug("Approving subscription for %s" % prj_req.registration.username) default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None) expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() roles_obj = client_factory(request).roles arg_dict = { 'project' : prj_req.project.projectid, 'user' : prj_req.registration.userid } missing_default = True for item in roles_obj.list(): if item.name == default_role: roles_obj.grant(item.id, **arg_dict) missing_default = False if missing_default: raise Exception("Default role is undefined") # # Enable reminder for cloud admin # RegRequest.objects.filter( registration = prj_req.registration, flowstatus = RSTATUS_REMINDER ).update(flowstatus = RSTATUS_REMINDACK) # # clear request # prj_req.delete() # # send notification to the user # noti_params = { 'username': user_name, 'project' : project_name } notifyUser(request=self.request, rcpt=member_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_user_id=member_id) notifyAdmin(request=self.request, action=SUBSCR_OK_TYPE, context=noti_params) except: exceptions.handle(request) return False return True
def handle(self, request, data): if not request.user.is_superuser: messages.error(_("Operation not authorized")) return False try: with transaction.atomic(): reg_user = Registration.objects.filter(userid=data['userid'])[0] prj_list = Project.objects.filter(projectname__in=data['projects']) reg_user.expdate = data['expdate'] reg_user.save() # # Enable reminder for cloud admin if present # RegRequest.objects.filter( registration = reg_user, flowstatus = RSTATUS_REMINDER ).update(flowstatus = RSTATUS_REMINDACK) k_user = keystone_api.user_get(request, data['userid']) if not k_user.enabled: keystone_api.user_update(request, data['userid'], enabled=True) except: LOG.error("Generic failure", exc_info=True) return False for prj_item in prj_list: try: with transaction.atomic(): Expiration( registration=reg_user, project=prj_item, expdate=data['expdate'] ).save() keystone_api.add_tenant_user_role( request, prj_item.projectid, data['userid'], get_default_role(request)) # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=data['userid']) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, prj_item.projectid) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [ x.email for x in tmpres ] noti_params = { 'username' : reg_user.username, 'project' : prj_item.projectname } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_OK_TYPE, context=noti_params, dst_project_id=prj_item.projectid) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_project_id=prj_item.projectid, dst_user_id=reg_user.userid) except: LOG.error("Generic failure", exc_info=True) return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): q_args = { 'registration__regid': int(usr_and_prj.group(1)), 'project__projectname': usr_and_prj.group(2) } prj_req = PrjRequest.objects.filter(**q_args)[0] # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() project_name = prj_req.project.projectname project_id = prj_req.project.projectid user_name = prj_req.registration.username user_id = prj_req.registration.userid keystone_api.add_tenant_user_role(request, project_id, user_id, default_roleid) # # Enable reminder for cloud admin # RegRequest.objects.filter(registration=prj_req.registration, flowstatus=RSTATUS_REMINDER).update( flowstatus=RSTATUS_REMINDACK) # # clear request # prj_req.delete() # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, project_id) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [x.email for x in tmpres] noti_params = {'username': user_name, 'project': project_name} notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_OK_TYPE, context=noti_params, dst_project_id=project_id) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_project_id=project_id, dst_user_id=user_id) except: LOG.error("Error forced-checking request", exc_info=True) messages.error(request, _("Cannot forced check request")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): regid, prjname = chk_repl_project(int(usr_and_prj.group(1)), usr_and_prj.group(2), data['newname'], None, data['newdescr']) # # Creation of new tenant # prj_req = PrjRequest.objects.filter( registration__regid = regid, project__projectname = prjname )[0] project_name = prj_req.project.projectname user_id = prj_req.registration.userid kprj = keystone_api.tenant_create(request, project_name, prj_req.project.description, True) prj_req.project.projectid = kprj.id prj_req.project.save() LOG.info("Created tenant %s" % project_name) # # The new user is the project manager of its tenant # prjRole = PrjRole() prjRole.registration = prj_req.registration prjRole.project = prj_req.project prjRole.roleid = tenantadmin_roleid prjRole.save() keystone_api.add_tenant_user_role(request, prj_req.project.projectid, user_id, tenantadmin_roleid) # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() # # Clear request # prj_req.delete() setup_new_project(request, kprj.id, project_name, data) # # Send notification to the user # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None noti_params = { 'project' : project_name } notifyUser(request=self.request, rcpt=user_email, action=PRJ_CREATE_TYPE, context=noti_params, dst_project_id=kprj.id, dst_user_id=user_id) except: LOG.error("Error pre-checking project", exc_info=True) messages.error(request, _("Cannot pre-check project")) return False return True
def _update_project_members(self, request, data, project_id): member_ids = set() prjadm_ids = set() prjrole_id = None result = None for role in self._get_available_roles(request): tmp_step = self.get_step(baseWorkflows.PROJECT_USER_MEMBER_SLUG) field_name = tmp_step.get_member_field_name(role.id) for tmpid in data[field_name]: member_ids.add(tmpid) if role.name == TENANTADMIN_ROLE: prjadm_ids.add(tmpid) if role.name == TENANTADMIN_ROLE: prjrole_id = role.id with transaction.atomic(): ep_qset = Expiration.objects.filter(project=self.this_project) disposable_exps = ep_qset.exclude( registration__userid__in=member_ids) changed_regs = [x.registration for x in disposable_exps] rm_email_list = EMail.objects.filter(registration__in=changed_regs) for item in ep_qset: if item.registration.userid in member_ids: member_ids.remove(item.registration.userid) added_regs = Registration.objects.filter(userid__in=member_ids) add_email_list = EMail.objects.filter(registration__in=added_regs) # # Use per-user expiration date as a fall back # for expiration date per tenant # for item in added_regs: def_expdate = item.expdate if item.expdate else datetime.now( ) + timedelta(365) c_args = { 'registration': item, 'project': self.this_project, 'expdate': item.expdate } Expiration(**c_args).save() changed_regs.append(item) # # Enable reminders to cloud admin for manually added users # RegRequest.objects.filter(registration__in=added_regs, flowstatus=RSTATUS_REMINDER).update( flowstatus=RSTATUS_REMINDACK) # # Delete expiration for manually removed users # disposable_exps.delete() # # Remove subscription request for manually added or removed members # PrjRequest.objects.filter(registration__in=changed_regs, project=self.this_project).delete() # # Delete and re-create the project admin cache # PrjRole.objects.filter(project=self.this_project).delete() for item in Registration.objects.filter(userid__in=prjadm_ids): new_prjrole = PrjRole() new_prjrole.registration = item new_prjrole.project = self.this_project new_prjrole.roleid = prjrole_id new_prjrole.save() LOG.debug("Re-created prj admin: %s" % item.username) result = super(ExtUpdateProject, self)._update_project_members( request, data, project_id) # # Notify users, both new and removed # for e_item in rm_email_list: noti_params = { 'username': e_item.registration.username, 'project': self.this_project.projectname } notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_RM, context=noti_params, dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid) for e_item in add_email_list: noti_params = { 'username': e_item.registration.username, 'project': self.this_project.projectname, 'isadmin': e_item.registration.userid in prjadm_ids } notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_ADD, context=noti_params, dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid) if len(prjadm_ids) == 0: messages.warning(request, _("Missing project admin for this project")) return result
def handle(self, *args, **options): super(Command, self).handle(options) LOG.info("Checking expired users") try: keystone_client = client.Client( username=self.config.cron_user, password=self.config.cron_pwd, project_name=self.config.cron_prj, user_domain_name=self.config.cron_domain, project_domain_name=self.config.cron_domain, cacert=self.config.cron_ca, auth_url=self.config.cron_kurl) prjman_roleid = get_prjman_roleid(keystone_client) cloud_adminid = keystone_client.auth_ref.user_id except: LOG.error("Check expiration failed", exc_info=True) raise CommandError("Check expiration failed") updated_prjs = set() exp_date = datetime.now() - timedelta(self.config.cron_defer) for mem_item in Expiration.objects.filter(expdate__lt=exp_date): username = mem_item.registration.username userid = mem_item.registration.userid prjname = mem_item.project.projectname prjid = mem_item.project.projectid updated_prjs.add(prjid) try: with transaction.atomic(): tmpres = EMail.objects.filter( registration=mem_item.registration) user_mail = tmpres[0].email if len(tmpres) else None q_args = { 'registration': mem_item.registration, 'project': mem_item.project } Expiration.objects.filter(**q_args).delete() PrjRequest.objects.filter(**q_args).delete() PrjRole.objects.filter(**q_args).delete() arg_dict = {'project': prjid, 'user': userid} for r_item in keystone_client.role_assignments.list( **arg_dict): keystone_client.roles.revoke(r_item.role['id'], **arg_dict) LOG.info("Removed %s from %s" % (username, prjid)) noti_params = {'username': username, 'project': prjname} notifyUser(user_mail, USER_EXPIRED_TYPE, noti_params, project_id=prjid, dst_user_id=userid) # # TODO notify project admins # except: LOG.error("Check expiration failed for %s" % username, exc_info=True) # # Check for tenants without admin (use cloud admin if missing) # for prj_id in updated_prjs: if PrjRole.objects.filter(project__projectid=prj_id).count() == 0: try: keystone_client.roles.grant(prjman_roleid, user=cloud_adminid, project=prj_id) LOG.info("Cloud Administrator as admin for %s" % prj_id) noti_params = { 'project': prj_id, 's_role': 'None', 'd_role': 'project_manager' } notifyAdmin(CHANGED_MEMBER_ROLE, noti_params, dst_user_id=prj_id) except: LOG.error("Cannot set super admin for %s" % username, exc_info=True)
def _update_project_members(self, request, data, project_id): admin_role_id = None available_roles = baseWorkflows.api.keystone.role_list(request) member_ids = set() prjadm_ids = set() result = None with transaction.atomic(): # # Create project in the database # newprj_id = self.object.id qargs = { 'projectname': data['name'], 'projectid': newprj_id, 'description': data['description'], 'status': PRJ_PUBLIC } newprj = Project(**qargs) newprj.save() self.this_project = newprj # # Setup members # for role in available_roles: tmp_step = self.get_step( baseWorkflows.PROJECT_USER_MEMBER_SLUG) field_name = tmp_step.get_member_field_name(role.id) if role.name == TENANTADMIN_ROLE: admin_role_id = role.id for tmpid in data[field_name]: prjadm_ids.add(tmpid) for user_id in data[field_name]: member_ids.add(user_id) # # Import expiration per tenant, use per-user expiration date as a fall back # Create the project admin cache # for u_item in Registration.objects.filter(userid__in=member_ids): new_p_exp = Expiration() new_p_exp.registration = u_item new_p_exp.project = self.this_project new_p_exp.expdate = u_item.expdate new_p_exp.save() if u_item.userid in prjadm_ids: new_prjrole = PrjRole() new_prjrole.registration = u_item new_prjrole.project = self.this_project new_prjrole.roleid = admin_role_id new_prjrole.save() LOG.debug("Created prj admin: %s" % u_item.username) # # Insert cloud admin as project_manager if missing # if len(prjadm_ids) == 0: baseWorkflows.api.keystone.add_tenant_user_role( request, project_id, request.user.id, admin_role_id) result = super(ExtCreateProject, self)._update_project_members( request, data, project_id) # # Notify users # for e_item in EMail.objects.filter( registration__userid__in=member_ids): noti_params = { 'username': e_item.registration.username, 'project': self.this_project.projectname, 'isadmin': e_item.registration.userid in prjadm_ids } notifyUser(request=request, rcpt=e_item.email, action=MEMBER_FORCED_ADD, context=noti_params, dst_project_id=self.this_project.projectid, dst_user_id=e_item.registration.userid) # # Notify all cloud admins # notifyAdmin(request=request, action=NEWPRJ_BY_ADM, context={'project': self.this_project.projectname}) return result