def delete(self, request, obj_id): try: roles_obj = client_factory(request).roles role_assign_obj = client_factory(request).role_assignments users_obj = client_factory(request).users arg_dict = { 'project' : request.user.tenant_id, 'user' : obj_id } for r_item in role_assign_obj.list(**arg_dict): roles_obj.revoke(r_item.role['id'], **arg_dict) member = users_obj.get(obj_id) noti_params = { 'username' : member.name, 'admin_address' : users_obj.get(request.user.id).email, 'project' : request.user.tenant_name } noti_sbj, noti_body = notification_render(MEMBER_REMOVED, noti_params) notifyUsers(member.email, noti_sbj, noti_body) noti_sbj, noti_body = notification_render(MEMBER_REMOVED_ADM, noti_params) notifyManagers(noti_sbj, noti_body) except: LOG.error("Grant revoke error", exc_info=True) messages.error(request, _('Unable to delete member from tenant.'))
def handle(self, request, data): try: with transaction.atomic(): curr_prjname = self.request.user.tenant_name q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname, 'flowstatus' : PSTATUS_RENEW_MEMB } prj_reqs = PrjRequest.objects.filter(**q_args) if len(prj_reqs) == 0: return True user_id = prj_reqs[0].registration.userid # # Remove member from project # roles_obj = client_factory(request).roles role_assign_obj = client_factory(request).role_assignments arg_dict = { 'project' : request.user.tenant_id, 'user' : user_id } for r_item in role_assign_obj.list(**arg_dict): roles_obj.revoke(r_item.role['id'], **arg_dict) # # Clear requests # prj_reqs.delete() # # Send notification to the user # users_obj = client_factory(request).users member = users_obj.get(user_id) noti_params = { 'username' : member.name, 'admin_address' : users_obj.get(request.user.id).email, 'project' : request.user.tenant_name, 'notes' : data['reason'] } noti_sbj, noti_body = notification_render(MEMBER_REMOVED, noti_params) notifyUsers(member.email, noti_sbj, noti_body) except: LOG.error("Cannot renew user", exc_info=True) exceptions.handle(request) return False return True
def delete(self, request, obj_id): try: with transaction.atomic(): q_args = { 'registration__userid': obj_id, 'project__projectname': request.user.tenant_name } Expiration.objects.filter(**q_args).delete() PrjRequest.objects.filter(**q_args).delete() PrjRole.objects.filter(**q_args).delete() roles_obj = client_factory(request).roles role_assign_obj = client_factory(request).role_assignments arg_dict = {'project': request.user.tenant_id, 'user': obj_id} for r_item in role_assign_obj.list(**arg_dict): roles_obj.revoke(r_item.role['id'], **arg_dict) tmpres = EMail.objects.filter(registration__userid=obj_id) member_email = tmpres[0].email if tmpres else None member_name = tmpres[0].registration.username if tmpres else None tmpres = EMail.objects.filter(registration__userid=request.user.id) admin_email = tmpres[0].email if tmpres else None noti_params = { 'username': member_name, 'admin_address': admin_email, 'project': request.user.tenant_name } notifyUser(request=request, rcpt=member_email, action=MEMBER_REMOVED, context=noti_params, dst_user_id=obj_id) notifyAdmin(request=request, action=MEMBER_REMOVED_ADM, context=noti_params) except: LOG.error("Grant revoke error", exc_info=True) messages.error(request, _('Unable to delete member from tenant.'))
def delete(self, request, obj_id): try: with transaction.atomic(): q_args = { 'registration__userid' : obj_id, 'project__projectname' : request.user.tenant_name } Expiration.objects.filter(**q_args).delete() PrjRequest.objects.filter(**q_args).delete() PrjRole.objects.filter(**q_args).delete() roles_obj = client_factory(request).roles role_assign_obj = client_factory(request).role_assignments arg_dict = { 'project' : request.user.tenant_id, 'user' : obj_id } for r_item in role_assign_obj.list(**arg_dict): roles_obj.revoke(r_item.role['id'], **arg_dict) tmpres = EMail.objects.filter(registration__userid=obj_id) member_email = tmpres[0].email if tmpres else None member_name = tmpres[0].registration.username if tmpres else None tmpres = EMail.objects.filter(registration__userid=request.user.id) admin_email = tmpres[0].email if tmpres else None noti_params = { 'username' : member_name, 'admin_address' : admin_email, 'project' : request.user.tenant_name } notifyUser(request=request, rcpt=member_email, action=MEMBER_REMOVED, context=noti_params, dst_user_id=obj_id) notifyAdmin(request=request, action=MEMBER_REMOVED_ADM, context=noti_params) except: LOG.error("Grant revoke error", exc_info=True) messages.error(request, _('Unable to delete member from tenant.'))
def get_data(self): try: t_role_id = '' for role in self.request.user.roles: if role['name'] == TENANTADMIN_ROLE: t_role_id = get_admin_roleid(self.request) role_assign_obj = client_factory(self.request).role_assignments member_id_dict = dict() number_of_admins = 0 for r_item in role_assign_obj.list( project=self.request.user.tenant_id): if not r_item.user['id'] in member_id_dict: member_id_dict[r_item.user['id']] = [False, 0, 0] if r_item.role['id'] == t_role_id: member_id_dict[r_item.user['id']][0] = True number_of_admins += 1 member_id_dict[r_item.user['id']][1] += 1 for rp_item in member_id_dict.itervalues(): rp_item[2] = number_of_admins result = list() q_args = { 'registration__userid__in': member_id_dict, 'project__projectid': self.request.user.tenant_id } for expir in Expiration.objects.filter(**q_args): reg = expir.registration result.append( MemberItem(reg, member_id_dict[reg.userid], expir.expdate)) return result except Exception: LOG.error("Member view error", exc_info=True) messages.error(self.request, _('Unable to retrieve member list.')) return list()
def handle(self, request, data): try: role_names = [ role['name'] for role in self.request.user.roles ] if not TENANTADMIN_ROLE in role_names: raise Exception(_('Permissions denied: cannot approve subscriptions')) with transaction.atomic(): curr_prjname = self.request.user.tenant_name q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname } prj_req = PrjRequest.objects.filter(**q_args)[0] member = client_factory(request).users.get(prj_req.registration.userid) project_name = prj_req.project.projectname # # clear request # prj_req.delete() # # send notification to the user # noti_params = { 'project' : project_name } noti_sbj, noti_body = notification_render(SUBSCR_NO_TYPE, noti_params) notifyUsers(member.email, noti_sbj, noti_body) except: exceptions.handle(request) return False return True
def get_data(self): try: t_role_id = '' for role in self.request.user.roles: if role['name'] == TENANTADMIN_ROLE: t_role_id = get_admin_roleid(self.request) role_assign_obj = client_factory(self.request).role_assignments member_id_dict = dict() number_of_admins = 0 for r_item in role_assign_obj.list(project=self.request.user.tenant_id): if not r_item.user['id'] in member_id_dict: member_id_dict[r_item.user['id']] = [False, 0, 0] if r_item.role['id'] == t_role_id: member_id_dict[r_item.user['id']][0] = True number_of_admins +=1 member_id_dict[r_item.user['id']][1] += 1 for rp_item in member_id_dict.itervalues(): rp_item[2] = number_of_admins result = list() q_args = { 'registration__userid__in' : member_id_dict, 'project__projectid' : self.request.user.tenant_id } for expir in Expiration.objects.filter(**q_args): reg = expir.registration result.append(MemberItem(reg, member_id_dict[reg.userid], expir.expdate)) return result except Exception: LOG.error("Member view error", exc_info=True) messages.error(self.request, _('Unable to retrieve member list.')) return list()
def single(self, data_table, request, obj_id): try: t_role_id = '' for role in request.user.roles: if role['name'] == TENANTADMIN_ROLE: t_role_id = get_admin_roleid(request) roles_obj = client_factory(request).roles arg_dict = { 'project' : request.user.tenant_id, 'user' : obj_id } tmpres = EMail.objects.filter(registration__userid=obj_id) member_email = tmpres[0].email if tmpres else None tmpres = EMail.objects.filter(registration__userid=request.user.id) admin_email = tmpres[0].email if tmpres else None datum = data_table.get_object_by_id(obj_id) if datum.is_t_admin: with transaction.atomic(): PrjRole.objects.filter( registration__userid=obj_id, project__projectname=request.user.tenant_name ).delete() if datum.num_of_roles == 1: missing_default = True for item in roles_obj.list(): if item.name == DEFAULT_ROLE: roles_obj.grant(item.id, **arg_dict) missing_default = False if missing_default: raise Exception('Cannot swith to member role') roles_obj.revoke(t_role_id, **arg_dict) noti_params = { 'admin_address' : admin_email, 'project' : request.user.tenant_name, 's_role' : _('Project manager'), 'd_role' : _('Project user') } notifyUser(request=request, rcpt=member_email, action=CHANGED_MEMBER_ROLE, context=noti_params, dst_project_id=request.user.project_id, dst_user_id=obj_id) else: with transaction.atomic(): prjRole = PrjRole() prjRole.registration = Registration.objects.filter(userid=obj_id)[0] prjRole.project = Project.objects.get(projectname=request.user.tenant_name) prjRole.roleid = t_role_id prjRole.save() roles_obj.grant(t_role_id, **arg_dict) noti_params = { 'admin_address' : admin_email, 'project' : request.user.tenant_name, 's_role' : _('Project user'), 'd_role' : _('Project manager') } notifyUser(request=request, rcpt=member_email, action=CHANGED_MEMBER_ROLE, context=noti_params, dst_project_id=request.user.project_id, dst_user_id=obj_id) except: LOG.error("Toggle role error", exc_info=True) messages.error(request, _('Unable to toggle the role.')) if obj_id == request.user.id: response = shortcuts.redirect(reverse_lazy('logout')) msg = _("Roles changed. Please log in again to continue.") utils.add_logout_reason(request, response, msg) return response return shortcuts.redirect(reverse_lazy('horizon:idmanager:member_manager:index'))
def handle(self, request, data): try: role_names = [ role['name'] for role in self.request.user.roles ] if not TENANTADMIN_ROLE in role_names: raise Exception(_('Permissions denied: cannot approve subscriptions')) with transaction.atomic(): curr_prjname = self.request.user.tenant_name q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname } prj_req = PrjRequest.objects.filter(**q_args)[0] member_id = prj_req.registration.userid tmpres = EMail.objects.filter(registration__userid=member_id) member_email = tmpres[0].email if tmpres else None project_name = prj_req.project.projectname user_name = prj_req.registration.username LOG.debug("Approving subscription for %s" % prj_req.registration.username) default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None) expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() roles_obj = client_factory(request).roles arg_dict = { 'project' : prj_req.project.projectid, 'user' : prj_req.registration.userid } missing_default = True for item in roles_obj.list(): if item.name == default_role: roles_obj.grant(item.id, **arg_dict) missing_default = False if missing_default: raise Exception("Default role is undefined") # # Enable reminder for cloud admin # RegRequest.objects.filter( registration = prj_req.registration, flowstatus = RSTATUS_REMINDER ).update(flowstatus = RSTATUS_REMINDACK) # # clear request # prj_req.delete() # # send notification to the user # noti_params = { 'username': user_name, 'project' : project_name } notifyUser(request=self.request, rcpt=member_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_user_id=member_id) notifyAdmin(request=self.request, action=SUBSCR_OK_TYPE, context=noti_params) except: exceptions.handle(request) return False return True
def handle(self, request, data): try: with transaction.atomic(): curr_prjname = self.request.user.tenant_name q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname, 'flowstatus' : PSTATUS_RENEW_MEMB } prj_reqs = PrjRequest.objects.filter(**q_args) if len(prj_reqs) == 0: return True user_id = prj_reqs[0].registration.userid # # Clear requests # prj_reqs.delete() q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname } Expiration.objects.filter(**q_args).delete() PrjRole.objects.filter(**q_args).delete() # # Remove member from project # roles_obj = client_factory(request).roles role_assign_obj = client_factory(request).role_assignments arg_dict = { 'project' : request.user.tenant_id, 'user' : user_id } for r_item in role_assign_obj.list(**arg_dict): roles_obj.revoke(r_item.role['id'], **arg_dict) # # Send notification to the user # tmpres = EMail.objects.filter(registration__regid=int(data['regid'])) member_email = tmpres[0].email if tmpres else None member_name = tmpres[0].registration.username if member_email else 'unknown' tmpres = EMail.objects.filter(registration__userid=request.user.id) admin_email = tmpres[0].email if tmpres else None noti_params = { 'username' : member_name, 'admin_address' : admin_email, 'project' : request.user.tenant_name, 'notes' : data['reason'] } notifyUser(request=self.request, rcpt=member_email, action=MEMBER_REMOVED, context=noti_params, dst_user_id=user_id) except: LOG.error("Cannot renew user", exc_info=True) exceptions.handle(request) return False return True
def single(self, data_table, request, obj_id): try: t_role_id = '' for role in request.user.roles: if role['name'] == TENANTADMIN_ROLE: t_role_id = get_admin_roleid(request) roles_obj = client_factory(request).roles arg_dict = {'project': request.user.tenant_id, 'user': obj_id} tmpres = EMail.objects.filter(registration__userid=obj_id) member_email = tmpres[0].email if tmpres else None tmpres = EMail.objects.filter(registration__userid=request.user.id) admin_email = tmpres[0].email if tmpres else None datum = data_table.get_object_by_id(obj_id) if datum.is_t_admin: with transaction.atomic(): PrjRole.objects.filter(registration__userid=obj_id, project__projectname=request.user. tenant_name).delete() if datum.num_of_roles == 1: missing_default = True for item in roles_obj.list(): if item.name == DEFAULT_ROLE: roles_obj.grant(item.id, **arg_dict) missing_default = False if missing_default: raise Exception('Cannot swith to member role') roles_obj.revoke(t_role_id, **arg_dict) noti_params = { 'admin_address': admin_email, 'project': request.user.tenant_name, 's_role': _('Project manager'), 'd_role': _('Project user') } notifyUser(request=request, rcpt=member_email, action=CHANGED_MEMBER_ROLE, context=noti_params, dst_project_id=request.user.project_id, dst_user_id=obj_id) else: with transaction.atomic(): prjRole = PrjRole() prjRole.registration = Registration.objects.filter( userid=obj_id)[0] prjRole.project = Project.objects.get( projectname=request.user.tenant_name) prjRole.roleid = t_role_id prjRole.save() roles_obj.grant(t_role_id, **arg_dict) noti_params = { 'admin_address': admin_email, 'project': request.user.tenant_name, 's_role': _('Project user'), 'd_role': _('Project manager') } notifyUser(request=request, rcpt=member_email, action=CHANGED_MEMBER_ROLE, context=noti_params, dst_project_id=request.user.project_id, dst_user_id=obj_id) except: LOG.error("Toggle role error", exc_info=True) messages.error(request, _('Unable to toggle the role.')) if obj_id == request.user.id: response = shortcuts.redirect(reverse_lazy('logout')) msg = _("Roles changed. Please log in again to continue.") utils.add_logout_reason(request, response, msg) return response return shortcuts.redirect( reverse_lazy('horizon:idmanager:member_manager:index'))
def handle(self, request, data): try: role_names = [ role['name'] for role in self.request.user.roles ] if not TENANTADMIN_ROLE in role_names: raise Exception(_('Permissions denied: cannot approve subscriptions')) with transaction.atomic(): curr_prjname = self.request.user.tenant_name q_args = { 'registration__regid' : int(data['regid']), 'project__projectname' : curr_prjname } prj_req = PrjRequest.objects.filter(**q_args)[0] member = client_factory(request).users.get(prj_req.registration.userid) project_name = prj_req.project.projectname LOG.debug("Approving subscription for %s" % prj_req.registration.username) default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None) expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() roles_obj = client_factory(request).roles arg_dict = { 'project' : prj_req.project.projectid, 'user' : prj_req.registration.userid } missing_default = True for item in roles_obj.list(): if item.name == default_role: roles_obj.grant(item.id, **arg_dict) missing_default = False if missing_default: raise Exception("Default role is undefined") # # clear request # prj_req.delete() # # send notification to the user # noti_params = { 'project' : project_name } noti_sbj, noti_body = notification_render(SUBSCR_OK_TYPE, noti_params) notifyUsers(member.email, noti_sbj, noti_body) except: exceptions.handle(request) return False return True
def single(self, data_table, request, obj_id): try: t_role_id = '' for role in request.user.roles: if role['name'] == TENANTADMIN_ROLE: t_role_id = get_admin_roleid(request) roles_obj = client_factory(request).roles arg_dict = { 'project' : request.user.tenant_id, 'user' : obj_id } users_obj = client_factory(request).users member = users_obj.get(obj_id) datum = data_table.get_object_by_id(obj_id) if datum.is_t_admin: if datum.num_of_roles == 1: missing_default = True for item in roles_obj.list(): if item.name == DEFAULT_ROLE: roles_obj.grant(item.id, **arg_dict) missing_default = False if missing_default: raise Exception('Cannot swith to member role') roles_obj.revoke(t_role_id, **arg_dict) noti_params = { 'admin_address' : users_obj.get(request.user.id).email, 'project' : request.user.tenant_name, 's_role' : _('Project manager'), 'd_role' : _('Project user') } noti_sbj, noti_body = notification_render(CHANGED_MEMBER_ROLE, noti_params) notifyUsers(member.email, noti_sbj, noti_body) else: roles_obj.grant(t_role_id, **arg_dict) noti_params = { 'admin_address' : users_obj.get(request.user.id).email, 'project' : request.user.tenant_name, 's_role' : _('Project user'), 'd_role' : _('Project manager') } noti_sbj, noti_body = notification_render(CHANGED_MEMBER_ROLE, noti_params) notifyUsers(member.email, noti_sbj, noti_body) except: LOG.error("Toggle role error", exc_info=True) messages.error(request, _('Unable to toggle the role.')) if obj_id == request.user.id: response = shortcuts.redirect(reverse_lazy('logout')) msg = _("Roles changed. Please log in again to continue.") utils.add_logout_reason(request, response, msg) return response return shortcuts.redirect(reverse_lazy('horizon:idmanager:member_manager:index'))