def delete(self, request, obj_id):
try:
roles_obj = client_factory(request).roles
role_assign_obj = client_factory(request).role_assignments
users_obj = client_factory(request).users
arg_dict = {
'project' : request.user.tenant_id,
'user' : obj_id
}
for r_item in role_assign_obj.list(**arg_dict):
roles_obj.revoke(r_item.role['id'], **arg_dict)
member = users_obj.get(obj_id)
noti_params = {
'username' : member.name,
'admin_address' : users_obj.get(request.user.id).email,
'project' : request.user.tenant_name
}
noti_sbj, noti_body = notification_render(MEMBER_REMOVED, noti_params)
notifyUsers(member.email, noti_sbj, noti_body)
noti_sbj, noti_body = notification_render(MEMBER_REMOVED_ADM, noti_params)
notifyManagers(noti_sbj, noti_body)
except:
LOG.error("Grant revoke error", exc_info=True)
messages.error(request, _('Unable to delete member from tenant.'))
def handle(self, request, data):
try:
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname,
'flowstatus' : PSTATUS_RENEW_MEMB
}
prj_reqs = PrjRequest.objects.filter(**q_args)
if len(prj_reqs) == 0:
return True
user_id = prj_reqs[0].registration.userid
#
# Remove member from project
#
roles_obj = client_factory(request).roles
role_assign_obj = client_factory(request).role_assignments
arg_dict = {
'project' : request.user.tenant_id,
'user' : user_id
}
for r_item in role_assign_obj.list(**arg_dict):
roles_obj.revoke(r_item.role['id'], **arg_dict)
#
# Clear requests
#
prj_reqs.delete()
#
# Send notification to the user
#
users_obj = client_factory(request).users
member = users_obj.get(user_id)
noti_params = {
'username' : member.name,
'admin_address' : users_obj.get(request.user.id).email,
'project' : request.user.tenant_name,
'notes' : data['reason']
}
noti_sbj, noti_body = notification_render(MEMBER_REMOVED, noti_params)
notifyUsers(member.email, noti_sbj, noti_body)
except:
LOG.error("Cannot renew user", exc_info=True)
exceptions.handle(request)
return False
return True
def delete(self, request, obj_id):
try:
with transaction.atomic():
q_args = {
'registration__userid': obj_id,
'project__projectname': request.user.tenant_name
}
Expiration.objects.filter(**q_args).delete()
PrjRequest.objects.filter(**q_args).delete()
PrjRole.objects.filter(**q_args).delete()
roles_obj = client_factory(request).roles
role_assign_obj = client_factory(request).role_assignments
arg_dict = {'project': request.user.tenant_id, 'user': obj_id}
for r_item in role_assign_obj.list(**arg_dict):
roles_obj.revoke(r_item.role['id'], **arg_dict)
tmpres = EMail.objects.filter(registration__userid=obj_id)
member_email = tmpres[0].email if tmpres else None
member_name = tmpres[0].registration.username if tmpres else None
tmpres = EMail.objects.filter(registration__userid=request.user.id)
admin_email = tmpres[0].email if tmpres else None
noti_params = {
'username': member_name,
'admin_address': admin_email,
'project': request.user.tenant_name
}
notifyUser(request=request,
rcpt=member_email,
action=MEMBER_REMOVED,
context=noti_params,
dst_user_id=obj_id)
notifyAdmin(request=request,
action=MEMBER_REMOVED_ADM,
context=noti_params)
except:
LOG.error("Grant revoke error", exc_info=True)
messages.error(request, _('Unable to delete member from tenant.'))
def delete(self, request, obj_id):
try:
with transaction.atomic():
q_args = {
'registration__userid' : obj_id,
'project__projectname' : request.user.tenant_name
}
Expiration.objects.filter(**q_args).delete()
PrjRequest.objects.filter(**q_args).delete()
PrjRole.objects.filter(**q_args).delete()
roles_obj = client_factory(request).roles
role_assign_obj = client_factory(request).role_assignments
arg_dict = {
'project' : request.user.tenant_id,
'user' : obj_id
}
for r_item in role_assign_obj.list(**arg_dict):
roles_obj.revoke(r_item.role['id'], **arg_dict)
tmpres = EMail.objects.filter(registration__userid=obj_id)
member_email = tmpres[0].email if tmpres else None
member_name = tmpres[0].registration.username if tmpres else None
tmpres = EMail.objects.filter(registration__userid=request.user.id)
admin_email = tmpres[0].email if tmpres else None
noti_params = {
'username' : member_name,
'admin_address' : admin_email,
'project' : request.user.tenant_name
}
notifyUser(request=request, rcpt=member_email, action=MEMBER_REMOVED, context=noti_params,
dst_user_id=obj_id)
notifyAdmin(request=request, action=MEMBER_REMOVED_ADM, context=noti_params)
except:
LOG.error("Grant revoke error", exc_info=True)
messages.error(request, _('Unable to delete member from tenant.'))
def get_data(self):
try:
t_role_id = ''
for role in self.request.user.roles:
if role['name'] == TENANTADMIN_ROLE:
t_role_id = get_admin_roleid(self.request)
role_assign_obj = client_factory(self.request).role_assignments
member_id_dict = dict()
number_of_admins = 0
for r_item in role_assign_obj.list(
project=self.request.user.tenant_id):
if not r_item.user['id'] in member_id_dict:
member_id_dict[r_item.user['id']] = [False, 0, 0]
if r_item.role['id'] == t_role_id:
member_id_dict[r_item.user['id']][0] = True
number_of_admins += 1
member_id_dict[r_item.user['id']][1] += 1
for rp_item in member_id_dict.itervalues():
rp_item[2] = number_of_admins
result = list()
q_args = {
'registration__userid__in': member_id_dict,
'project__projectid': self.request.user.tenant_id
}
for expir in Expiration.objects.filter(**q_args):
reg = expir.registration
result.append(
MemberItem(reg, member_id_dict[reg.userid], expir.expdate))
return result
except Exception:
LOG.error("Member view error", exc_info=True)
messages.error(self.request, _('Unable to retrieve member list.'))
return list()
def handle(self, request, data):
try:
role_names = [ role['name'] for role in self.request.user.roles ]
if not TENANTADMIN_ROLE in role_names:
raise Exception(_('Permissions denied: cannot approve subscriptions'))
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
member = client_factory(request).users.get(prj_req.registration.userid)
project_name = prj_req.project.projectname
#
# clear request
#
prj_req.delete()
#
# send notification to the user
#
noti_params = {
'project' : project_name
}
noti_sbj, noti_body = notification_render(SUBSCR_NO_TYPE, noti_params)
notifyUsers(member.email, noti_sbj, noti_body)
except:
exceptions.handle(request)
return False
return True
def get_data(self):
try:
t_role_id = ''
for role in self.request.user.roles:
if role['name'] == TENANTADMIN_ROLE:
t_role_id = get_admin_roleid(self.request)
role_assign_obj = client_factory(self.request).role_assignments
member_id_dict = dict()
number_of_admins = 0
for r_item in role_assign_obj.list(project=self.request.user.tenant_id):
if not r_item.user['id'] in member_id_dict:
member_id_dict[r_item.user['id']] = [False, 0, 0]
if r_item.role['id'] == t_role_id:
member_id_dict[r_item.user['id']][0] = True
number_of_admins +=1
member_id_dict[r_item.user['id']][1] += 1
for rp_item in member_id_dict.itervalues():
rp_item[2] = number_of_admins
result = list()
q_args = {
'registration__userid__in' : member_id_dict,
'project__projectid' : self.request.user.tenant_id
}
for expir in Expiration.objects.filter(**q_args):
reg = expir.registration
result.append(MemberItem(reg, member_id_dict[reg.userid], expir.expdate))
return result
except Exception:
LOG.error("Member view error", exc_info=True)
messages.error(self.request, _('Unable to retrieve member list.'))
return list()
def single(self, data_table, request, obj_id):
try:
t_role_id = ''
for role in request.user.roles:
if role['name'] == TENANTADMIN_ROLE:
t_role_id = get_admin_roleid(request)
roles_obj = client_factory(request).roles
arg_dict = {
'project' : request.user.tenant_id,
'user' : obj_id
}
tmpres = EMail.objects.filter(registration__userid=obj_id)
member_email = tmpres[0].email if tmpres else None
tmpres = EMail.objects.filter(registration__userid=request.user.id)
admin_email = tmpres[0].email if tmpres else None
datum = data_table.get_object_by_id(obj_id)
if datum.is_t_admin:
with transaction.atomic():
PrjRole.objects.filter(
registration__userid=obj_id,
project__projectname=request.user.tenant_name
).delete()
if datum.num_of_roles == 1:
missing_default = True
for item in roles_obj.list():
if item.name == DEFAULT_ROLE:
roles_obj.grant(item.id, **arg_dict)
missing_default = False
if missing_default:
raise Exception('Cannot swith to member role')
roles_obj.revoke(t_role_id, **arg_dict)
noti_params = {
'admin_address' : admin_email,
'project' : request.user.tenant_name,
's_role' : _('Project manager'),
'd_role' : _('Project user')
}
notifyUser(request=request, rcpt=member_email, action=CHANGED_MEMBER_ROLE, context=noti_params,
dst_project_id=request.user.project_id, dst_user_id=obj_id)
else:
with transaction.atomic():
prjRole = PrjRole()
prjRole.registration = Registration.objects.filter(userid=obj_id)[0]
prjRole.project = Project.objects.get(projectname=request.user.tenant_name)
prjRole.roleid = t_role_id
prjRole.save()
roles_obj.grant(t_role_id, **arg_dict)
noti_params = {
'admin_address' : admin_email,
'project' : request.user.tenant_name,
's_role' : _('Project user'),
'd_role' : _('Project manager')
}
notifyUser(request=request, rcpt=member_email, action=CHANGED_MEMBER_ROLE, context=noti_params,
dst_project_id=request.user.project_id, dst_user_id=obj_id)
except:
LOG.error("Toggle role error", exc_info=True)
messages.error(request, _('Unable to toggle the role.'))
if obj_id == request.user.id:
response = shortcuts.redirect(reverse_lazy('logout'))
msg = _("Roles changed. Please log in again to continue.")
utils.add_logout_reason(request, response, msg)
return response
return shortcuts.redirect(reverse_lazy('horizon:idmanager:member_manager:index'))
def handle(self, request, data):
try:
role_names = [ role['name'] for role in self.request.user.roles ]
if not TENANTADMIN_ROLE in role_names:
raise Exception(_('Permissions denied: cannot approve subscriptions'))
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
member_id = prj_req.registration.userid
tmpres = EMail.objects.filter(registration__userid=member_id)
member_email = tmpres[0].email if tmpres else None
project_name = prj_req.project.projectname
user_name = prj_req.registration.username
LOG.debug("Approving subscription for %s" % prj_req.registration.username)
default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None)
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
roles_obj = client_factory(request).roles
arg_dict = {
'project' : prj_req.project.projectid,
'user' : prj_req.registration.userid
}
missing_default = True
for item in roles_obj.list():
if item.name == default_role:
roles_obj.grant(item.id, **arg_dict)
missing_default = False
if missing_default:
raise Exception("Default role is undefined")
#
# Enable reminder for cloud admin
#
RegRequest.objects.filter(
registration = prj_req.registration,
flowstatus = RSTATUS_REMINDER
).update(flowstatus = RSTATUS_REMINDACK)
#
# clear request
#
prj_req.delete()
#
# send notification to the user
#
noti_params = {
'username': user_name,
'project' : project_name
}
notifyUser(request=self.request, rcpt=member_email, action=SUBSCR_OK_TYPE, context=noti_params,
dst_user_id=member_id)
notifyAdmin(request=self.request, action=SUBSCR_OK_TYPE, context=noti_params)
except:
exceptions.handle(request)
return False
return True
def handle(self, request, data):
try:
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname,
'flowstatus' : PSTATUS_RENEW_MEMB
}
prj_reqs = PrjRequest.objects.filter(**q_args)
if len(prj_reqs) == 0:
return True
user_id = prj_reqs[0].registration.userid
#
# Clear requests
#
prj_reqs.delete()
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname
}
Expiration.objects.filter(**q_args).delete()
PrjRole.objects.filter(**q_args).delete()
#
# Remove member from project
#
roles_obj = client_factory(request).roles
role_assign_obj = client_factory(request).role_assignments
arg_dict = {
'project' : request.user.tenant_id,
'user' : user_id
}
for r_item in role_assign_obj.list(**arg_dict):
roles_obj.revoke(r_item.role['id'], **arg_dict)
#
# Send notification to the user
#
tmpres = EMail.objects.filter(registration__regid=int(data['regid']))
member_email = tmpres[0].email if tmpres else None
member_name = tmpres[0].registration.username if member_email else 'unknown'
tmpres = EMail.objects.filter(registration__userid=request.user.id)
admin_email = tmpres[0].email if tmpres else None
noti_params = {
'username' : member_name,
'admin_address' : admin_email,
'project' : request.user.tenant_name,
'notes' : data['reason']
}
notifyUser(request=self.request, rcpt=member_email, action=MEMBER_REMOVED, context=noti_params,
dst_user_id=user_id)
except:
LOG.error("Cannot renew user", exc_info=True)
exceptions.handle(request)
return False
return True
def single(self, data_table, request, obj_id):
try:
t_role_id = ''
for role in request.user.roles:
if role['name'] == TENANTADMIN_ROLE:
t_role_id = get_admin_roleid(request)
roles_obj = client_factory(request).roles
arg_dict = {'project': request.user.tenant_id, 'user': obj_id}
tmpres = EMail.objects.filter(registration__userid=obj_id)
member_email = tmpres[0].email if tmpres else None
tmpres = EMail.objects.filter(registration__userid=request.user.id)
admin_email = tmpres[0].email if tmpres else None
datum = data_table.get_object_by_id(obj_id)
if datum.is_t_admin:
with transaction.atomic():
PrjRole.objects.filter(registration__userid=obj_id,
project__projectname=request.user.
tenant_name).delete()
if datum.num_of_roles == 1:
missing_default = True
for item in roles_obj.list():
if item.name == DEFAULT_ROLE:
roles_obj.grant(item.id, **arg_dict)
missing_default = False
if missing_default:
raise Exception('Cannot swith to member role')
roles_obj.revoke(t_role_id, **arg_dict)
noti_params = {
'admin_address': admin_email,
'project': request.user.tenant_name,
's_role': _('Project manager'),
'd_role': _('Project user')
}
notifyUser(request=request,
rcpt=member_email,
action=CHANGED_MEMBER_ROLE,
context=noti_params,
dst_project_id=request.user.project_id,
dst_user_id=obj_id)
else:
with transaction.atomic():
prjRole = PrjRole()
prjRole.registration = Registration.objects.filter(
userid=obj_id)[0]
prjRole.project = Project.objects.get(
projectname=request.user.tenant_name)
prjRole.roleid = t_role_id
prjRole.save()
roles_obj.grant(t_role_id, **arg_dict)
noti_params = {
'admin_address': admin_email,
'project': request.user.tenant_name,
's_role': _('Project user'),
'd_role': _('Project manager')
}
notifyUser(request=request,
rcpt=member_email,
action=CHANGED_MEMBER_ROLE,
context=noti_params,
dst_project_id=request.user.project_id,
dst_user_id=obj_id)
except:
LOG.error("Toggle role error", exc_info=True)
messages.error(request, _('Unable to toggle the role.'))
if obj_id == request.user.id:
response = shortcuts.redirect(reverse_lazy('logout'))
msg = _("Roles changed. Please log in again to continue.")
utils.add_logout_reason(request, response, msg)
return response
return shortcuts.redirect(
reverse_lazy('horizon:idmanager:member_manager:index'))
def handle(self, request, data):
try:
role_names = [ role['name'] for role in self.request.user.roles ]
if not TENANTADMIN_ROLE in role_names:
raise Exception(_('Permissions denied: cannot approve subscriptions'))
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
member = client_factory(request).users.get(prj_req.registration.userid)
project_name = prj_req.project.projectname
LOG.debug("Approving subscription for %s" % prj_req.registration.username)
default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None)
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
roles_obj = client_factory(request).roles
arg_dict = {
'project' : prj_req.project.projectid,
'user' : prj_req.registration.userid
}
missing_default = True
for item in roles_obj.list():
if item.name == default_role:
roles_obj.grant(item.id, **arg_dict)
missing_default = False
if missing_default:
raise Exception("Default role is undefined")
#
# clear request
#
prj_req.delete()
#
# send notification to the user
#
noti_params = {
'project' : project_name
}
noti_sbj, noti_body = notification_render(SUBSCR_OK_TYPE, noti_params)
notifyUsers(member.email, noti_sbj, noti_body)
except:
exceptions.handle(request)
return False
return True
def handle(self, request, data):
try:
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname,
'flowstatus' : PSTATUS_RENEW_MEMB
}
prj_reqs = PrjRequest.objects.filter(**q_args)
if len(prj_reqs) == 0:
return True
user_id = prj_reqs[0].registration.userid
#
# Clear requests
#
prj_reqs.delete()
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname
}
Expiration.objects.filter(**q_args).delete()
PrjRole.objects.filter(**q_args).delete()
#
# Remove member from project
#
roles_obj = client_factory(request).roles
role_assign_obj = client_factory(request).role_assignments
arg_dict = {
'project' : request.user.tenant_id,
'user' : user_id
}
for r_item in role_assign_obj.list(**arg_dict):
roles_obj.revoke(r_item.role['id'], **arg_dict)
#
# Send notification to the user
#
tmpres = EMail.objects.filter(registration__regid=int(data['regid']))
member_email = tmpres[0].email if tmpres else None
member_name = tmpres[0].registration.username if member_email else 'unknown'
tmpres = EMail.objects.filter(registration__userid=request.user.id)
admin_email = tmpres[0].email if tmpres else None
noti_params = {
'username' : member_name,
'admin_address' : admin_email,
'project' : request.user.tenant_name,
'notes' : data['reason']
}
notifyUser(request=self.request, rcpt=member_email, action=MEMBER_REMOVED, context=noti_params,
dst_user_id=user_id)
except:
LOG.error("Cannot renew user", exc_info=True)
exceptions.handle(request)
return False
return True
def single(self, data_table, request, obj_id):
try:
t_role_id = ''
for role in request.user.roles:
if role['name'] == TENANTADMIN_ROLE:
t_role_id = get_admin_roleid(request)
roles_obj = client_factory(request).roles
arg_dict = {
'project' : request.user.tenant_id,
'user' : obj_id
}
users_obj = client_factory(request).users
member = users_obj.get(obj_id)
datum = data_table.get_object_by_id(obj_id)
if datum.is_t_admin:
if datum.num_of_roles == 1:
missing_default = True
for item in roles_obj.list():
if item.name == DEFAULT_ROLE:
roles_obj.grant(item.id, **arg_dict)
missing_default = False
if missing_default:
raise Exception('Cannot swith to member role')
roles_obj.revoke(t_role_id, **arg_dict)
noti_params = {
'admin_address' : users_obj.get(request.user.id).email,
'project' : request.user.tenant_name,
's_role' : _('Project manager'),
'd_role' : _('Project user')
}
noti_sbj, noti_body = notification_render(CHANGED_MEMBER_ROLE, noti_params)
notifyUsers(member.email, noti_sbj, noti_body)
else:
roles_obj.grant(t_role_id, **arg_dict)
noti_params = {
'admin_address' : users_obj.get(request.user.id).email,
'project' : request.user.tenant_name,
's_role' : _('Project user'),
'd_role' : _('Project manager')
}
noti_sbj, noti_body = notification_render(CHANGED_MEMBER_ROLE, noti_params)
notifyUsers(member.email, noti_sbj, noti_body)
except:
LOG.error("Toggle role error", exc_info=True)
messages.error(request, _('Unable to toggle the role.'))
if obj_id == request.user.id:
response = shortcuts.redirect(reverse_lazy('logout'))
msg = _("Roles changed. Please log in again to continue.")
utils.add_logout_reason(request, response, msg)
return response
return shortcuts.redirect(reverse_lazy('horizon:idmanager:member_manager:index'))