def user_profile(request, up): tn = 'vns/user_profile.html' topos_allowed = permissions.get_allowed_topologies(request.user) topos_owned = topos_allowed.filter(owner=up.user) topos_assigned = topos_allowed.filter(allowed_users=up.user) can_change = permissions.allowed_user_access_change(request.user, up.user) return direct_to_template(request, tn, {'up':up, 'can_change':can_change, 'topos_owned':topos_owned, 'topos_assigned':topos_assigned})
def group_topology_create(request, group, **kwargs): """Create topologies for a group, with each user in the group becoming the owner of one topology. @param request An HttpRequest @param group The group to add the topologies for""" tn = "vns/group_topology_create.html" # Check we're allowed to create topologies if not permissions.allowed_topology_access_create(request.user): messages.info("Please login as a user who is permitted to create topologies.") return HttpResponseRedirect('/login/?next=/topology/create/') # Import a function to create the form CreateTopologyForm = make_ctform(request.user) if request.method == "POST": form = CreateTopologyForm(request.POST) if form.is_valid(): template_id = form.cleaned_data['template'] ipblock_id = form.cleaned_data['ipblock'] num_to_create = form.cleaned_data['num_to_create'] ip = form.cleaned_data['ip_subnet'] mask = form.cleaned_data['ip_subnet_mask'] # Do lots of permissions and existence checks - need a topology # template and IP block try: template = db.TopologyTemplate.objects.get(pk=template_id) except db.TopologyTemplate.DoesNotExist: messages.error(request, "No such template") return direct_to_template(request, tn, { 'form': form, 'group': group}) try: ipblock = db.IPBlock.objects.get(pk=ipblock_id) except db.IPBlock.DoesNotExist: messages.error(request, "No such IP block") return direct_to_template(request, tn, { 'form': form, 'group': group}) if not permissions.allowed_topologytemplate_access_use(request.user, template): messages.error(request, "You cannot create topologies from this template") return direct_to_template(request, tn, { 'form': form, 'group': group}) if not permissions.allowed_ipblock_access_use(request.user, ipblock): messages.error(request, "You cannot create topologies in this IP block") return direct_to_template(request, tn, { 'form': form, 'group': group}) if num_to_create > 5: messages.error(request, "You cannot create >5 topologies / user at once") return direct_to_template(request, tn, { 'form': form, 'group': group}) # Get a list of users try: users = User.objects.filter(vns_groups=group) except User.DoesNotExist: messages.error("No users in this group to create topologies for") return HttpResponseRedirect("/") # Tell the DBService module to use this thread for accessing the DB DBService.thread = threading.current_thread() # Otherwise, we're good to actually create the topologies, subject # to permissions checks on each user. # These variables track the number with permissions errors, the # number successfully created and the number rwith other errors # to report to the user. num_perms = 0 num_created = 0 num_errs = 0 for u in users: # Check we have permission to change this user if not permissions.allowed_user_access_change(request.user, u): num_perms += 1 continue # Make a list of source IP filters if ip != None and mask != None: src_filters = [(ip, mask)] else: src_filters = [] # Create the topology for _ in xrange(0,num_to_create): err,_,_,_ = instantiate_template(org=u.get_profile().org, owner=u, template=template, ip_block_from=ipblock, src_filters=src_filters, temporary=False, use_recent_alloc_logic=False, public=False, use_first_available=True) # Update the numbers with/without errors if err is not None: num_errs += 1 else: num_created += 1 # Report to the user topology_create_message(request, num_errs, num_perms, num_created) return HttpResponseRedirect('/org/%s/%s/' % (group.org.name, group.name)) else: # The form is not valid messages.error(request, "Invalid form") return direct_to_template(request, tn, {'form':form, 'group':group}) else: # request.method != 'POST' # Need to give them a form but do nothing else return direct_to_template(request, tn, {'form':CreateTopologyForm(), 'group':group})
def user_access_check(request, callee, action, **kwargs): """Checks that the user can access the functions they're trying to, and if they can calls callee""" """Check that the user is allowed access, and if they are call the given Callable. @param request An HTTP request @param callee Gives the Callable to call @param action One of "add", "change", "use", "delete", describing the permissions needed @param user_id The ID of the user in question; not used for action = "add" @exception ValueError If an action is unrecognised @exception KeyError If an option is missing""" def denied(): """Generate an error message and redirect if we try do something to a template we're not allowed to""" messages.error(request, "Either this user doesn't exist or you don't " "have permission to %s it." % action) return HttpResponseRedirect('/') def denied_add(): """Generate an error message and redirect if we try to create a template and are not allowed to""" messages.error(request, "You don't have permission to create users.") return HttpResponseRedirect('/') # If we're trying to add a template, don't need to get the template itself if action == "add": if permissions.allowed_user_access_create(request.user): return callee(request) else: return denied_add() else: # Try getting the template - if it doesn't exist, show the same message # as for permission denied user_name = kwargs["un"] try : user = User.objects.get(username=user_name) except User.DoesNotExist: return denied() if action == "use": if permissions.allowed_user_access_use(request.user, user): return callee(request, user.get_profile()) else: return denied() elif action == "change": if permissions.allowed_user_access_change(request.user, user): return callee(request, user.get_profile()) else: return denied() elif action == "delete": if permissions.allowed_user_access_delete(request.user, user): return callee(request, user.get_profile()) else: return denied() else: raise ValueError("Unknown action: %s" % options["action"])
def can_change_user(self, up): return permissions.allowed_user_access_change(self.user, up.user)