def getarguments_for_admin(user):
'''
Get permissions to display in view for an admin user.
'''
servers = Server.objects.all()
users = User.objects.all()
demands = utils.get_all_demands_filtered_pending(user)
permissions = Permission.objects.all()
args = utils.give_arguments(user, 'Permissions admin')
availableUsers = []
for server in servers:
if (HostedUsers.objects.filter(server=server).exists()):
allowedUsers = HostedUsers.objects.filter(server=server)
usersAdd = []
for user in allowedUsers:
usersAdd.append(user.username)
userconnectionAvailable = AvailableUserConnection(
server.hostname, usersAdd)
availableUsers.append(userconnectionAvailable)
args.update({'allowedusers': availableUsers})
args.update({
'demands': demands,
'servers': servers,
'users': users,
'permissions': permissions
})
return args
def getarguments_for_admin(user):
'''
Get permissions to display in view for an admin user.
'''
servers = Server.objects.all()
users = User.objects.all()
demands = utils.get_all_demands_filtered_pending(user)
permissions = Permission.objects.all()
args = utils.give_arguments(user, 'Permissions admin')
availableUsers = []
for server in servers:
if (HostedUsers.objects.filter(server=server).exists()):
allowedUsers = HostedUsers.objects.filter(server=server)
usersAdd = []
for user in allowedUsers:
usersAdd.append(user.username)
userconnectionAvailable = AvailableUserConnection(server.hostname, usersAdd)
availableUsers.append(userconnectionAvailable)
args.update({'allowedusers': availableUsers})
args.update({'demands': demands, 'servers': servers, 'users': users, 'permissions': permissions})
return args
def user(request):
'''
Get the user information.
If 'me' parameter is in GET RequestContext, then return only my informations. Returns all users else. (if request.user is in admin group)
View Type: Form GET
'''
args = utils.give_arguments(request.user, 'Users admin')
only_me = True
if 'me' in request.GET:
if request.GET['me'] == 'n':
only_me = False
if request.user.groups.filter(name="heimdall-admin") and not only_me:
users = list(Group.objects.get(name="heimdall").user_set.all())
admin_users = Group.objects.get(name="heimdall-admin").user_set.all()
for user in admin_users:
if user not in users:
users.append(user)
args.update({'list_users': users, 'myaccount': only_me})
return render_to_response('admin/user.html',
args,
context_instance=RequestContext(request))
else:
users = [request.user]
args.update({'list_users': users, 'myaccount': only_me})
return render_to_response('admin/user.html',
args,
context_instance=RequestContext(request))
def manage_groups(request):
'''
Manage user accessible pool
View Type: Form GET
Accessible by /admin/groups
'''
servers = Server.objects.all()
users = None
if request.user.groups.filter(name="heimdall-admin"):
users = User.objects.all()
else:
ownRoles = HeimdallUserRole.objects.filter(user=request.user)
poolUsers = HeimdallUserRole.objects.filter(pool__in=ownRoles.values_list('pool'))
users = []
for managed_user in poolUsers:
if managed_user not in users:
users.append(managed_user.user)
userRoles = HeimdallUserRole.objects.all()
pool = HeimdallPool.objects.all()
groups = Group.objects.all
args = utils.give_arguments(request.user, 'Group management')
args.update({'groups': groups, 'servers': servers, 'users': users, 'roles': pool, 'userRoles': userRoles})
return render_to_response('admin/groups.html', args, context_instance=RequestContext(request))
def user(request):
'''
Get the user information.
If 'me' parameter is in GET RequestContext, then return only my informations. Returns all users else. (if request.user is in admin group)
View Type: Form GET
'''
args = utils.give_arguments(request.user, 'Users admin')
only_me = True
if 'me' in request.GET:
if request.GET['me'] == 'n':
only_me = False
if request.user.groups.filter(name="heimdall-admin") and not only_me:
users = list(Group.objects.get(name="heimdall").user_set.all())
admin_users = Group.objects.get(name="heimdall-admin").user_set.all()
for user in admin_users:
if user not in users:
users.append(user)
args.update({'list_users': users, 'myaccount': only_me})
return render_to_response('admin/user.html', args, context_instance=RequestContext(request))
else:
users = [request.user]
args.update({'list_users': users, 'myaccount': only_me})
return render_to_response('admin/user.html', args, context_instance=RequestContext(request))
def manage_user_role(request):
'''
Get the users in pool, simple user and managers.
View Type: Form GET
'''
pool = HeimdallPool.objects.filter(name=request.GET['poolname'])
userRoles = HeimdallUserRole.objects.filter(pool=pool)
usersToFilter = []
notUserSpecialInPool = []
userSpecialInPool = []
for userRole in HeimdallUserRole.objects.filter(pool=pool):
usersToFilter.append(userRole.user.username)
if not userRole.type == "USER":
userSpecialInPool.append(userRole.user.username)
for notSpecialUsers in User.objects.exclude(
username__in=userSpecialInPool):
notUserSpecialInPool.append(notSpecialUsers)
users = User.objects.exclude(username__in=usersToFilter)
args = utils.give_arguments(request.user, 'Role management')
args.update({
'userRoles': userRoles,
'users': users,
'not_special_users_in_pool': notUserSpecialInPool,
'userSpecialInPool': userSpecialInPool,
'poolname': request.GET['poolname']
})
return render_to_response('admin/manage_user_role.html',
args,
context_instance=RequestContext(request))
def index(request):
'''
View Home
'''
user_count = Group.objects.get(name="heimdall").user_set.all().count()
user_count += Group.objects.get(
name="heimdall-admin").user_set.all().count()
server_count = Server.objects.all().count()
keys_count = SshKeys.objects.all().count()
demands_count = Demands.objects.filter(
close_date__isnull=True).all().count()
permissions_count = Permission.objects.all().count()
stats = Statistics(user_count, server_count, permissions_count,
demands_count, keys_count)
args = utils.give_arguments(request.user, 'Acceuil')
args.update({
'stats': stats,
'demands': utils.get_demands_filtered_pending(request.user)
})
return render_to_response('index.html',
args,
context_instance=RequestContext(request))
def app_config(request):
'''
Application configurations view. Can save user configuration such as language and theme.
Accessible by /admin/app-config
'''
args = utils.give_arguments(request.user, 'Users admin')
if PendingThread.objects.filter(process='userhost-list-refresh').exists():
thread = PendingThread.objects.get(process='userhost-list-refresh')
messages.success(
request, 'Server user host currently refreshing ' +
str(thread.pending_request))
admin_configs = [
'theme', 'mail_server_hostname', 'mail_system_user_account',
'user_notification', 'admin_notification', 'forbidden_users'
]
for field in admin_configs:
args.update({field: utils.getConfiguration(request.user, field)})
args.update({'default_theme': utils.getConfigurationAdmin('theme')})
if request.user.is_authenticated():
return render_to_response('admin/app_config.html',
args,
context_instance=RequestContext(request))
else:
messages.success(request, 'You have not the rights to do this action')
return HttpResponseRedirect(reverse('index'))
def register(request):
'''
View register user
'''
args = utils.give_arguments(request.user, 'Register')
return render_to_response('user/register.html',
args,
context_instance=RequestContext(request))
def servers(request):
list_servers = Server.objects.all()
args = utils.give_arguments(request.user, 'Serveurs')
args.update({'list_servers': list_servers})
return render_to_response('servers.html',
args,
context_instance=RequestContext(request))
def inbox(request):
'''
View demands inbox
'''
logger.debug("See inbox")
demands = utils.get_demands_filtered(request.user)
args = utils.give_arguments(request.user, 'Messages')
demands_read = utils.get_demands_filtered_and_read(request.user)
args.update({'demands': demands, 'demands_read': demands_read})
return render_to_response('user/messages.html', args, context_instance=RequestContext(request))
def inbox(request):
'''
View demands inbox
'''
logger.debug("See inbox")
demands = utils.get_demands_filtered(request.user)
args = utils.give_arguments(request.user, 'Messages')
demands_read = utils.get_demands_filtered_and_read(request.user)
args.update({'demands': demands, 'demands_read': demands_read})
return render_to_response('user/messages.html',
args,
context_instance=RequestContext(request))
def users(request):
'''
View users
'''
if request.user.groups.filter(name="heimdall-admin"):
list_users = User.objects.all()
else:
list_users = [request.user]
args = utils.give_arguments(request.user, 'Utilisateurs')
args.update({'list_users': list_users})
return render_to_response('users.html', args, context_instance=RequestContext(request))
def manage_user_group(request):
'''
Manage the users groups' page
View Type: Form GET
Accessible by /admin/manage-user-group
'''
groups = Group.objects.filter(name=request.GET['groupname'])
groupUser = User.objects.filter(groups=groups)
users = User.objects.exclude(username__in=groupUser.values_list('username'))
args = utils.give_arguments(request.user, 'Group management')
args.update({'group': groupUser, 'users': users, 'groupname': request.GET['groupname']})
return render_to_response('admin/user_groups.html', args, context_instance=RequestContext(request))
def permissions(request):
all_permissions = Permission.objects.all()
userConnected = request.user
args = utils.give_arguments(request.user, 'Permissions')
if userConnected.is_authenticated:
if userConnected.groups.filter(name="heimdall-admin"):
args.update({'permissions': convertToIterable(all_permissions)})
elif userConnected.groups.filter(name="heimdall"):
if Permission.objects.filter(user=userConnected).exists():
permissions_visible = Permission.objects.filter(user=userConnected)
args.update({'permissions': convertToIterable(permissions_visible)})
return render_to_response('user/permissions.html', args, context_instance=RequestContext(request))
def create_server(request):
'''
Create a server in models data. If POST Type: save a server, else get the server infos.
View Type: Form POST / GET
'''
if request.user.groups.filter(name="heimdall-admin"):
if request.method == 'POST':
if request.POST['hostname']:
if Server.objects.filter(
hostname=request.POST['hostname']).exists():
server = Server.objects.get(
hostname=request.POST['hostname'])
server.description = request.POST['description']
server.port = request.POST['port']
messages.success(request, 'Server updated')
else:
server = Server(hostname=request.POST['hostname'],
description=request.POST['description'],
port=request.POST['port'])
messages.success(request, 'Server created')
server.save()
return HttpResponseRedirect(reverse('servers'))
messages.success(request,
'Form datas in errors. Check your parameters.')
return HttpResponseRedirect(reverse('create-server'))
else:
if 'hostname' in request.GET:
host = Server.objects.get(hostname=request.GET['hostname'])
args = utils.give_arguments(request.user, 'Create server')
args.update({
'hostname': host.hostname,
'description': host.description,
'port': host.port
})
return render_to_response(
'admin/create_server.html',
args,
context_instance=RequestContext(request))
return render_to_response('admin/create_server.html',
context_instance=RequestContext(request))
else:
messages.success(request, 'You have not the rights to do this action')
return HttpResponseRedirect(reverse('servers'))
def users(request):
'''
View users
'''
if request.user.groups.filter(name="heimdall-admin"):
list_users = User.objects.all()
else:
list_users = [request.user]
args = utils.give_arguments(request.user, 'Utilisateurs')
args.update({'list_users': list_users})
return render_to_response('users.html',
args,
context_instance=RequestContext(request))
def getarguments_for_manager(request, user):
'''
Get permissions to display in view for a manager user.
'''
pools = HeimdallUserRole.objects.filter(
user__exact=user, type__exact='MANAGER').values_list('pool')
perimeters = PoolPerimeter.objects.filter(pool__exact=pools)
servers = []
for one_perimeter in perimeters:
servers.append(one_perimeter.server)
users = []
user_role = HeimdallUserRole.objects.filter(pool__in=pools)
for users_roles in user_role:
users.append(users_roles.user)
demands = Demands.objects.filter(close_date__isnull=True,
server__in=servers)
permissions = Permission.objects.all()
args = utils.give_arguments(user, 'Permissions admin')
availableUsers = []
for server in servers:
if (HostedUsers.objects.filter(server=server).exists()):
allowedUsers = HostedUsers.objects.filter(
server=server).values_list('username')
usersAdd = []
for user in allowedUsers:
usersAdd.append(user)
userconnectionAvailable = AvailableUserConnection(
server.hostname, usersAdd)
availableUsers.append(userconnectionAvailable)
args.update({'allowedusers': availableUsers})
args.update({
'demands': demands,
'servers': servers,
'users': users,
'permissions': permissions
})
return args
def index(request):
'''
View Home
'''
user_count = Group.objects.get(name="heimdall").user_set.all().count()
user_count += Group.objects.get(name="heimdall-admin").user_set.all().count()
server_count = Server.objects.all().count()
keys_count = SshKeys.objects.all().count()
demands_count = Demands.objects.filter(close_date__isnull=True).all().count()
permissions_count = Permission.objects.all().count()
stats = Statistics(user_count, server_count, permissions_count, demands_count, keys_count)
args = utils.give_arguments(request.user, 'Acceuil')
args.update({'stats': stats, 'demands': utils.get_demands_filtered_pending(request.user)})
return render_to_response('index.html', args, context_instance=RequestContext(request))
def permissions(request):
all_permissions = Permission.objects.all()
userConnected = request.user
args = utils.give_arguments(request.user, 'Permissions')
if userConnected.is_authenticated:
if userConnected.groups.filter(name="heimdall-admin"):
args.update({'permissions': convertToIterable(all_permissions)})
elif userConnected.groups.filter(name="heimdall"):
if Permission.objects.filter(user=userConnected).exists():
permissions_visible = Permission.objects.filter(
user=userConnected)
args.update(
{'permissions': convertToIterable(permissions_visible)})
return render_to_response('user/permissions.html',
args,
context_instance=RequestContext(request))
def manage_user_group(request):
'''
Manage the users groups' page
View Type: Form GET
Accessible by /admin/manage-user-group
'''
groups = Group.objects.filter(name=request.GET['groupname'])
groupUser = User.objects.filter(groups=groups)
users = User.objects.exclude(
username__in=groupUser.values_list('username'))
args = utils.give_arguments(request.user, 'Group management')
args.update({
'group': groupUser,
'users': users,
'groupname': request.GET['groupname']
})
return render_to_response('admin/user_groups.html',
args,
context_instance=RequestContext(request))
def app_config(request):
'''
Application configurations view. Can save user configuration such as language and theme.
Accessible by /admin/app-config
'''
args = utils.give_arguments(request.user, 'Users admin')
if PendingThread.objects.filter(process='userhost-list-refresh').exists():
thread = PendingThread.objects.get(process='userhost-list-refresh')
messages.success(request, 'Server user host currently refreshing ' + str(thread.pending_request))
admin_configs = ['theme', 'mail_server_hostname', 'mail_system_user_account', 'user_notification', 'admin_notification', 'forbidden_users']
for field in admin_configs:
args.update({field: utils.getConfiguration(request.user, field)})
args.update({'default_theme': utils.getConfigurationAdmin('theme')})
if request.user.is_authenticated():
return render_to_response('admin/app_config.html', args, context_instance=RequestContext(request))
else:
messages.success(request, 'You have not the rights to do this action')
return HttpResponseRedirect(reverse('index'))
def getarguments_for_manager(request, user):
'''
Get permissions to display in view for a manager user.
'''
pools = HeimdallUserRole.objects.filter(user__exact=user, type__exact='MANAGER').values_list('pool')
perimeters = PoolPerimeter.objects.filter(pool__exact=pools)
servers = []
for one_perimeter in perimeters:
servers.append(one_perimeter.server)
users = []
user_role = HeimdallUserRole.objects.filter(pool__in=pools)
for users_roles in user_role:
users.append(users_roles.user)
demands = Demands.objects.filter(close_date__isnull=True, server__in=servers)
permissions = Permission.objects.all()
args = utils.give_arguments(user, 'Permissions admin')
availableUsers = []
for server in servers:
if (HostedUsers.objects.filter(server=server).exists()):
allowedUsers = HostedUsers.objects.filter(server=server).values_list('username')
usersAdd = []
for user in allowedUsers:
usersAdd.append(user)
userconnectionAvailable = AvailableUserConnection(server.hostname, usersAdd)
availableUsers.append(userconnectionAvailable)
args.update({'allowedusers': availableUsers})
args.update({'demands': demands, 'servers': servers, 'users': users, 'permissions': permissions})
return args
def manage_groups(request):
'''
Manage user accessible pool
View Type: Form GET
Accessible by /admin/groups
'''
servers = Server.objects.all()
users = None
if request.user.groups.filter(name="heimdall-admin"):
users = User.objects.all()
else:
ownRoles = HeimdallUserRole.objects.filter(user=request.user)
poolUsers = HeimdallUserRole.objects.filter(
pool__in=ownRoles.values_list('pool'))
users = []
for managed_user in poolUsers:
if managed_user not in users:
users.append(managed_user.user)
userRoles = HeimdallUserRole.objects.all()
pool = HeimdallPool.objects.all()
groups = Group.objects.all
args = utils.give_arguments(request.user, 'Group management')
args.update({
'groups': groups,
'servers': servers,
'users': users,
'roles': pool,
'userRoles': userRoles
})
return render_to_response('admin/groups.html',
args,
context_instance=RequestContext(request))
def create_server(request):
'''
Create a server in models data. If POST Type: save a server, else get the server infos.
View Type: Form POST / GET
'''
if request.user.groups.filter(name="heimdall-admin"):
if request.method == 'POST':
if request.POST['hostname']:
if Server.objects.filter(hostname=request.POST['hostname']).exists():
server = Server.objects.get(hostname=request.POST['hostname'])
server.description = request.POST['description']
server.port = request.POST['port']
messages.success(request, 'Server updated')
else:
server = Server(hostname=request.POST['hostname'], description=request.POST['description'], port=request.POST['port'])
messages.success(request, 'Server created')
server.save()
return HttpResponseRedirect(reverse('servers'))
messages.success(request, 'Form datas in errors. Check your parameters.')
return HttpResponseRedirect(reverse('create-server'))
else:
if 'hostname' in request.GET:
host = Server.objects.get(hostname=request.GET['hostname'])
args = utils.give_arguments(request.user, 'Create server')
args.update({'hostname': host.hostname, 'description': host.description, 'port': host.port})
return render_to_response('admin/create_server.html', args, context_instance=RequestContext(request))
return render_to_response('admin/create_server.html', context_instance=RequestContext(request))
else:
messages.success(request, 'You have not the rights to do this action')
return HttpResponseRedirect(reverse('servers'))
def manage_user_role(request):
'''
Get the users in pool, simple user and managers.
View Type: Form GET
'''
pool = HeimdallPool.objects.filter(name=request.GET['poolname'])
userRoles = HeimdallUserRole.objects.filter(pool=pool)
usersToFilter = []
notUserSpecialInPool = []
userSpecialInPool = []
for userRole in HeimdallUserRole.objects.filter(pool=pool):
usersToFilter.append(userRole.user.username)
if not userRole.type == "USER":
userSpecialInPool.append(userRole.user.username)
for notSpecialUsers in User.objects.exclude(username__in=userSpecialInPool):
notUserSpecialInPool.append(notSpecialUsers)
users = User.objects.exclude(username__in=usersToFilter)
args = utils.give_arguments(request.user, 'Role management')
args.update({'userRoles': userRoles, 'users': users, 'not_special_users_in_pool': notUserSpecialInPool, 'userSpecialInPool': userSpecialInPool, 'poolname': request.GET['poolname']})
return render_to_response('admin/manage_user_role.html', args, context_instance=RequestContext(request))
def deposite(request):
'''
Deposite a new rsa key.
'''
userConnected = request.user
# Handle file upload
docfile = []
if request.method == 'POST':
if request.POST['type'] == 'update':
keysend = request.POST['key']
if keysend and keysend != "":
sshkey = None
if SshKeys.objects.filter(user=userConnected).count() > 0:
sshkey = SshKeys.objects.get(user=userConnected)
sshkey.key = keysend
else:
sshkey = SshKeys(user=userConnected, key=keysend)
sshkey.save()
err = Controller.revokeAllKeys(Permission.objects.filter(user=request.user), userConnected, sshkey)
if err is None:
err = Controller.replicateAllKeys(Permission.objects.filter(user=request.user), userConnected, sshkey)
if err is None:
message = 'Please wait a minute to connect, during the replication on all server finished. Check your mails to know the access updates'
else:
message = err.message
else:
message = err.message
messages.success(request, message)
# Redirect to the document list after POST
return HttpResponseRedirect(reverse('deposite'))
messages.success(request, "SSH key is not valid")
return HttpResponseRedirect(reverse('deposite'))
else:
form = UploadSshKeyForm(request.POST, request.FILES)
if form.is_valid():
docfile = request.FILES['docfile']
if docfile:
for line in docfile:
if SshKeys.objects.filter(user=userConnected).count() > 0:
sshkey = SshKeys.objects.get(user=userConnected)
sshkey.key = line
sshkey.save()
err = Controller.revokeAllKeys(Permission.objects.filter(user=request.user), userConnected, sshkey)
if err is None:
err = Controller.replicateAllKeys(Permission.objects.filter(user=request.user), userConnected, sshkey)
if err is None:
message = 'Please wait a minute to connect, during the replication on all server finished. Check your mails to know the access updates'
else:
message = err.message
else:
message = err.message
messages.success(request, message)
else:
sshkey = SshKeys(user=userConnected, key=line)
sshkey.save()
err = Controller.revokeAllKeys(Permission.objects.filter(user=request.user), userConnected, sshkey)
if err is None:
err = Controller.replicateAllKeys(Permission.objects.filter(user=request.user), userConnected, sshkey)
if err is None:
message = 'Please wait a minute to connect, during the replication on all server finished. Check your mails to know the access updates'
else:
message = err.message
else:
message = err.message
messages.success(request, message)
# Redirect to the document list after POST
return HttpResponseRedirect(reverse('deposite'))
messages.success(request, "SSH key is not valid")
return HttpResponseRedirect(reverse('deposite'))
else:
if SshKeys.objects.filter(user=userConnected).count() > 0:
key = SshKeys.objects.get(user=userConnected).key
else:
key = ''
form = UploadSshKeyForm()
args = utils.give_arguments(request.user, 'Depot')
args.update({'documents': docfile, 'form': form, 'key': key})
return render_to_response('user/deposite.html', args, context_instance=RequestContext(request))
def register(request):
'''
View register user
'''
args = utils.give_arguments(request.user, 'Register')
return render_to_response('user/register.html', args, context_instance=RequestContext(request))
def perimeter_pool(request):
'''
View or Update a perimeter pool. Users / servers (add servers / users to pool / add manager to pool)
View Type: Form POST / GET
Accessible by /admin/perimeter-pool
'''
if request.user.groups.filter(name="heimdall-admin"):
servers = Server.objects.all()
if request.method == 'POST':
pool = HeimdallPool.objects.get(name=request.POST['poolname'])
if 'hostname' in request.POST:
server = Server.objects.get(hostname=request.POST['hostname'])
role_perimeter = PoolPerimeter.objects.filter(pool=pool)
if request.POST['action'] == 'add':
is_allow_to_add = PoolPerimeter.objects.filter(
pool=pool, server=server).count() == 0
if is_allow_to_add:
new_perimeter = PoolPerimeter(pool=pool, server=server)
new_perimeter.save()
role_perimeter = PoolPerimeter.objects.filter(pool=pool)
messages.success(request, "Group perimeter modified")
return HttpResponseRedirect(
reverse('admin-group-management'))
else:
args = utils.give_arguments(request.user,
'Group management')
messages.success(
request, "Server already present in the perimeter")
return HttpResponseRedirect(
reverse('admin-group-management'))
elif request.POST['action'] == 'remove':
is_allow_to_remove = PoolPerimeter.objects.filter(
pool=pool, server=server).count() == 1
if is_allow_to_remove:
perimeter_to_delete = PoolPerimeter.objects.get(
pool=pool, server=server)
perimeter_to_delete.delete()
args = utils.give_arguments(request.user,
'Group management')
messages.success(request, "Group perimeter modified")
return HttpResponseRedirect(
reverse('admin-group-management'))
else:
args = utils.give_arguments(request.user,
'Group management')
messages.success(request,
"Server not present in the perimeter")
return HttpResponseRedirect(
reverse('admin-group-management'))
elif request.POST['action'] == 'setmanager':
user_pool = User.objects.get(username=request.POST['username'])
if HeimdallUserRole.objects.filter(pool=pool,
user=user_pool).exists():
user_pool_role = HeimdallUserRole.objects.get(
pool=pool, user=user_pool)
else:
user_pool_role = HeimdallUserRole.objects.create(
pool=pool, user=user_pool)
user_pool_role.type = 'MANAGER'
user_pool_role.save()
messages.success(request, "Manager added")
return HttpResponseRedirect(reverse('admin-group-management'))
elif request.POST['action'] == 'removemanager':
user_pool = User.objects.get(username=request.POST['username'])
if HeimdallUserRole.objects.filter(pool=pool,
user=user_pool).exists():
user_pool_role = HeimdallUserRole.objects.get(
pool=pool, user=user_pool)
else:
user_pool_role = HeimdallUserRole.objects.create(
pool=pool, user=user_pool)
user_pool_role.type = 'USER'
user_pool_role.save()
messages.success(request, "Manager removed")
return HttpResponseRedirect(reverse('admin-group-management'))
else:
messages.success(request, "Action not enabled")
return HttpResponseRedirect(reverse('admin-group-management'))
else:
pool = HeimdallPool.objects.get(name=request.GET['poolname'])
role_perimeter = PoolPerimeter.objects.filter(pool=pool)
server_perimeter = []
for role in role_perimeter:
server_perimeter.append(role.server)
managers_in_pool = HeimdallUserRole.objects.filter(pool=pool,
type="MANAGER")
users_not_manager_in_pool = HeimdallUserRole.objects.filter(
pool=pool, type="USER")
args = utils.give_arguments(request.user, 'Group management')
args.update({
'perimeter': role_perimeter,
'servers': servers,
'poolname': request.GET['poolname'],
'server_perimeter': server_perimeter,
"managers_in_pool": managers_in_pool,
'users_not_manager_in_pool': users_not_manager_in_pool
})
return render_to_response("admin/pool_perimeter.html",
args,
context_instance=RequestContext(request))
def deposite(request):
'''
Deposite a new rsa key.
'''
userConnected = request.user
# Handle file upload
docfile = []
if request.method == 'POST':
if request.POST['type'] == 'update':
keysend = request.POST['key']
if keysend and keysend != "":
sshkey = None
if SshKeys.objects.filter(user=userConnected).count() > 0:
sshkey = SshKeys.objects.get(user=userConnected)
sshkey.key = keysend
else:
sshkey = SshKeys(user=userConnected, key=keysend)
sshkey.save()
err = Controller.revokeAllKeys(
Permission.objects.filter(user=request.user),
userConnected, sshkey)
if err is None:
err = Controller.replicateAllKeys(
Permission.objects.filter(user=request.user),
userConnected, sshkey)
if err is None:
message = 'Please wait a minute to connect, during the replication on all server finished. Check your mails to know the access updates'
else:
message = err.message
else:
message = err.message
messages.success(request, message)
# Redirect to the document list after POST
return HttpResponseRedirect(reverse('deposite'))
messages.success(request, "SSH key is not valid")
return HttpResponseRedirect(reverse('deposite'))
else:
form = UploadSshKeyForm(request.POST, request.FILES)
if form.is_valid():
docfile = request.FILES['docfile']
if docfile:
for line in docfile:
if SshKeys.objects.filter(
user=userConnected).count() > 0:
sshkey = SshKeys.objects.get(user=userConnected)
sshkey.key = line
sshkey.save()
err = Controller.revokeAllKeys(
Permission.objects.filter(user=request.user),
userConnected, sshkey)
if err is None:
err = Controller.replicateAllKeys(
Permission.objects.filter(
user=request.user), userConnected,
sshkey)
if err is None:
message = 'Please wait a minute to connect, during the replication on all server finished. Check your mails to know the access updates'
else:
message = err.message
else:
message = err.message
messages.success(request, message)
else:
sshkey = SshKeys(user=userConnected, key=line)
sshkey.save()
err = Controller.revokeAllKeys(
Permission.objects.filter(user=request.user),
userConnected, sshkey)
if err is None:
err = Controller.replicateAllKeys(
Permission.objects.filter(
user=request.user), userConnected,
sshkey)
if err is None:
message = 'Please wait a minute to connect, during the replication on all server finished. Check your mails to know the access updates'
else:
message = err.message
else:
message = err.message
messages.success(request, message)
# Redirect to the document list after POST
return HttpResponseRedirect(reverse('deposite'))
messages.success(request, "SSH key is not valid")
return HttpResponseRedirect(reverse('deposite'))
else:
if SshKeys.objects.filter(user=userConnected).count() > 0:
key = SshKeys.objects.get(user=userConnected).key
else:
key = ''
form = UploadSshKeyForm()
args = utils.give_arguments(request.user, 'Depot')
args.update({'documents': docfile, 'form': form, 'key': key})
return render_to_response('user/deposite.html',
args,
context_instance=RequestContext(request))
def servers(request):
list_servers = Server.objects.all()
args = utils.give_arguments(request.user, 'Serveurs')
args.update({'list_servers': list_servers})
return render_to_response('servers.html', args, context_instance=RequestContext(request))
def perimeter_pool(request):
'''
View or Update a perimeter pool. Users / servers (add servers / users to pool / add manager to pool)
View Type: Form POST / GET
Accessible by /admin/perimeter-pool
'''
if request.user.groups.filter(name="heimdall-admin"):
servers = Server.objects.all()
if request.method == 'POST':
pool = HeimdallPool.objects.get(name=request.POST['poolname'])
if 'hostname' in request.POST:
server = Server.objects.get(hostname=request.POST['hostname'])
role_perimeter = PoolPerimeter.objects.filter(pool=pool)
if request.POST['action'] == 'add':
is_allow_to_add = PoolPerimeter.objects.filter(pool=pool, server=server).count() == 0
if is_allow_to_add:
new_perimeter = PoolPerimeter(pool=pool, server=server)
new_perimeter.save()
role_perimeter = PoolPerimeter.objects.filter(pool=pool)
messages.success(request, "Group perimeter modified")
return HttpResponseRedirect(reverse('admin-group-management'))
else:
args = utils.give_arguments(request.user, 'Group management')
messages.success(request, "Server already present in the perimeter")
return HttpResponseRedirect(reverse('admin-group-management'))
elif request.POST['action'] == 'remove':
is_allow_to_remove = PoolPerimeter.objects.filter(pool=pool, server=server).count() == 1
if is_allow_to_remove:
perimeter_to_delete = PoolPerimeter.objects.get(pool=pool, server=server)
perimeter_to_delete.delete()
args = utils.give_arguments(request.user, 'Group management')
messages.success(request, "Group perimeter modified")
return HttpResponseRedirect(reverse('admin-group-management'))
else:
args = utils.give_arguments(request.user, 'Group management')
messages.success(request, "Server not present in the perimeter")
return HttpResponseRedirect(reverse('admin-group-management'))
elif request.POST['action'] == 'setmanager':
user_pool = User.objects.get(username=request.POST['username'])
if HeimdallUserRole.objects.filter(pool=pool, user=user_pool).exists():
user_pool_role = HeimdallUserRole.objects.get(pool=pool, user=user_pool)
else:
user_pool_role = HeimdallUserRole.objects.create(pool=pool, user=user_pool)
user_pool_role.type = 'MANAGER'
user_pool_role.save()
messages.success(request, "Manager added")
return HttpResponseRedirect(reverse('admin-group-management'))
elif request.POST['action'] == 'removemanager':
user_pool = User.objects.get(username=request.POST['username'])
if HeimdallUserRole.objects.filter(pool=pool, user=user_pool).exists():
user_pool_role = HeimdallUserRole.objects.get(pool=pool, user=user_pool)
else:
user_pool_role = HeimdallUserRole.objects.create(pool=pool, user=user_pool)
user_pool_role.type = 'USER'
user_pool_role.save()
messages.success(request, "Manager removed")
return HttpResponseRedirect(reverse('admin-group-management'))
else:
messages.success(request, "Action not enabled")
return HttpResponseRedirect(reverse('admin-group-management'))
else:
pool = HeimdallPool.objects.get(name=request.GET['poolname'])
role_perimeter = PoolPerimeter.objects.filter(pool=pool)
server_perimeter = []
for role in role_perimeter:
server_perimeter.append(role.server)
managers_in_pool = HeimdallUserRole.objects.filter(pool=pool, type="MANAGER")
users_not_manager_in_pool = HeimdallUserRole.objects.filter(pool=pool, type="USER")
args = utils.give_arguments(request.user, 'Group management')
args.update({'perimeter': role_perimeter, 'servers': servers, 'poolname': request.GET['poolname'], 'server_perimeter': server_perimeter, "managers_in_pool": managers_in_pool, 'users_not_manager_in_pool': users_not_manager_in_pool})
return render_to_response("admin/pool_perimeter.html", args, context_instance=RequestContext(request))