def add_record_link(self):
authorised = get_current_user().has_perm(
'powerdns.change_domain', self
)
return '<a href="{}">{}</a>'.format(
self.add_record_url(authorised),
('Add record' if authorised else 'Request record')
)
def handle_pre_delete(sender, instance, **kwargs):
if instance.__module__ in ['customauth.models', 'area.models', 'doc.models']:
evt = SystemEvent();
evt.entity = instance.__class__.__name__
evt.operation = 'DELETE'
evt.snapshot = serializers.serialize("json", [instance, ])
evt.error = False
evt.user = get_current_user()
evt.save()
def send_notification_for_model(instance):
ServiceEnvironment = instance._meta.get_field('service_env').related_model
old_service_env_id = instance._previous_state['service_env_id']
new_service_env_id = instance.service_env_id
if old_service_env_id and old_service_env_id != new_service_env_id:
logger.info('Sending mail notification for {}'.format(instance),
extra={
'type': 'SEND_MAIL_NOTIFICATION_FOR_MODEL',
'instance_id': instance.id,
'content_type': instance.content_type.name,
'notification_type': 'service_change',
})
old_service_env = ServiceEnvironment.objects.get(pk=old_service_env_id)
new_service_env = ServiceEnvironment.objects.get(pk=new_service_env_id)
owners = []
for field in ['business_owners', 'technical_owners']:
owners.extend(list(getattr(old_service_env.service, field).all()))
owners.extend(list(getattr(new_service_env.service, field).all()))
emails = set([owner.email for owner in owners if owner.email])
if emails:
context = {
'old_service_env':
old_service_env,
'new_service_env':
new_service_env,
'object':
instance,
'user':
get_current_user(),
'settings':
settings,
'object_url':
urljoin(settings.RALPH_HOST_URL, instance.get_absolute_url())
}
html_content = render_to_string('notifications/html/message.html',
context)
text_content = render_to_string('notifications/txt/message.txt',
context)
subject = 'Device has been assigned to Service: {} ({})'.format(
new_service_env.service, instance)
msg = EmailMultiAlternatives(subject, text_content,
settings.EMAIL_FROM, list(emails))
msg.attach_alternative(html_content, "text/html")
msg.send()
def result(self):
def fmt(str_, **kwargs):
return str_.format(obj=type(self)._meta.object_name.lower(),
opr=operation,
**kwargs)
if get_current_user().has_perm(fmt('powerdns.{opr}_{obj}'), self):
return '<a href={}>{}</a>'.format(
reverse(fmt('admin:powerdns_{obj}_{opr}'),
args=(self.pk, )), operation.capitalize())
if operation == 'delete':
return '<a href="{}">Request deletion</a>'.format(
reverse(fmt('admin:powerdns_deleterequest_add')) +
'?target_id={}&content_type={}'.format(
self.pk,
ContentType.objects.get_for_model(type(self)).pk,
))
return '<a href="{}">Request change</a>'.format(
reverse(fmt('admin:powerdns_{obj}request_add')) +
'?{}={}'.format(type(self)._meta.object_name.lower(), self.pk))
def __call__(self, domain_name):
"""Validates if a not authorised user tries to subdomain a domain she
can't edit"""
user = get_current_user()
if rules.is_superuser(user):
return domain_name
domain_bits = domain_name.split('.')
for i in range(-len(domain_bits), 0):
super_domain = '.'.join(domain_bits[i:])
try:
super_domain = Domain.objects.get(name=super_domain)
except Domain.DoesNotExist:
continue
if can_edit(user, super_domain):
# ALLOW - this user owns a superdomain
return domain_name
else:
# DENY - this user doesn't own a superdomain
raise ValidationError(
"You don't have a permission to create a subdomain in {}".
format(super_domain))
# Fallthrough - ALLOW - we don't manage any superdomain
return domain_name
def result(self):
def fmt(str_, **kwargs):
return str_.format(
obj=type(self)._meta.object_name.lower(),
opr=operation,
**kwargs
)
if get_current_user().has_perm(
fmt('powerdns.{opr}_{obj}'),
self
):
return '<a href={}>{}</a>'.format(
reverse(
fmt('admin:powerdns_{obj}_{opr}'),
args=(self.pk,)
),
operation.capitalize()
)
if operation == 'delete':
return '<a href="{}">Request deletion</a>'.format(
reverse(
fmt('admin:powerdns_deleterequest_add')
) + '?target_id={}&content_type={}'.format(
self.pk,
ContentType.objects.get_for_model(type(self)).pk,
)
)
return '<a href="{}">Request change</a>'.format(
reverse(
fmt('admin:powerdns_{obj}request_add')
) + '?{}={}'.format(
type(self)._meta.object_name.lower(),
self.pk
)
)
def __call__(self, domain_name):
"""Validates if a not authorised user tries to subdomain a domain she
can't edit"""
user = get_current_user()
if rules.is_superuser(user):
return domain_name
domain_bits = domain_name.split('.')
for i in range(-len(domain_bits), 0):
super_domain = '.'.join(domain_bits[i:])
try:
super_domain = Domain.objects.get(name=super_domain)
except Domain.DoesNotExist:
continue
if can_edit(user, super_domain):
# ALLOW - this user owns a superdomain
return domain_name
else:
# DENY - this user doesn't own a superdomain
raise ValidationError(
"You don't have a permission to create a subdomain in {}".
format(super_domain)
)
# Fallthrough - ALLOW - we don't manage any superdomain
return domain_name
def __call__(self, object_):
if not get_current_user().has_perm(self.permission, object_):
raise ValidationError("You don't have permission to use this")
return object_
def extra_buttons(self):
perm = 'change_' + self._meta.model_name.lower()
if get_current_user().has_perm(perm, self):
yield (reverse(self.view, kwargs={'pk': self.pk}), 'Accept')
def clean_target(self):
target = self.cleaned_data['target']
user = get_current_user()
if not (user.is_superuser or is_owner(user, target)):
raise ValidationError(_("You cannot authorize for this"))
return target
def __call__(self, object_):
if not get_current_user().has_perm(self.permission, object_):
raise ValidationError("You don't have permission to use this")
return object_
def extra_buttons(self):
authorised = get_current_user().has_perm(
'powerdns.change_domain', self
)
yield (self.add_record_url(authorised), 'Add record')
def extra_buttons(self):
authorised = get_current_user().has_perm('powerdns.change_domain',
self)
yield (self.add_record_url(authorised), 'Add record')
def add_record_link(self):
authorised = get_current_user().has_perm('powerdns.change_domain',
self)
return '<a href="{}">{}</a>'.format(
self.add_record_url(authorised),
('Add record' if authorised else 'Request record'))
