def topology_info(request, tid, topo): # Create an authentication token valid for 3 minutes for the user to access # Clack stuff with, or use the current token if there is one try: token = request.GET['token'] except KeyError: token = crypto.create_token(request.user, 180) # See what permissions the user has on this topology can_change = permissions.allowed_topology_access_change(request.user, topo) can_delete = permissions.allowed_topology_access_change(request.user, topo) return direct_to_template(request, 'vns/topology.html', {'t':topo, 'tid':tid, 'token':token, 'change':can_change, 'delete':can_delete})
def topology_access_check(request, callee, action, **kwargs): """Checks that the user can access the functions they're trying to, and if they can calls callee. There are two valid authentication methods - django logihn, as normally used for the website, and a cryptographic token supplied in the HTTP GET, as used for clack. @param request An HTTP request @param callee Gives the Callable to call @param action One of "add", "change", "use", "delete", describing the permissions needed @param tid The ID of the topology in question; not used for action = "add" @exception ValueError If an action is unrecognised @exception KeyError If an option is missing @return HttpResponse""" def denied(): """Generate an error message and redirect if we try do something to a topology we're not allowed to""" messages.error(request, "Either this topology doesn't exist or you don't " "have permission to %s it." % action) return HttpResponseRedirect('/login/') def denied_add(): """Generate an error message and redirect if we try to create a topology and are not allowed to""" messages.error(request, "You don't have permission to create topologies.") return HttpResponseRedirect('/login/') # If we're trying to add a template, don't need to get the template itself if action == "add": if permissions.allowed_topology_access_create(request.user): return callee(request) else: return denied_add() else: # Try getting the template - if it doesn't exist, show the same message # as for permission denied. If we don't have a "tid" argument, django # will show an internal error, which is what we want. tid = int(kwargs["tid"]) kwargs["tid"] = tid try : topo = db.Topology.objects.get(pk=tid) except db.Topology.DoesNotExist: return denied() if action == "use": # See if there is an HTTP GET token - if there is, try to use the token # method for authentication try: token = request.GET["token"] except KeyError: pass else: # See if the token is valid user = crypto.validate_token(token) if user != None and permissions.allowed_topology_access_use(user, topo): request.user = user return callee(request, topo=topo, **kwargs) if permissions.allowed_topology_access_use(request.user, topo): return callee(request, topo=topo, **kwargs) else: return denied() elif action == "change": if permissions.allowed_topology_access_change(request.user, topo): return callee(request, topo=topo, **kwargs) else: return denied() elif action == "delete": if permissions.allowed_topology_access_delete(request.user, topo): return callee(request, topo=topo, **kwargs) else: return denied() else: raise ValueError("Unknown action: %s" % options["action"])