Exemple #1
0
 def delete(self, request, obj_id):
 
     try:
         
         roles_obj = client_factory(request).roles
         role_assign_obj = client_factory(request).role_assignments
         users_obj = client_factory(request).users
         
         arg_dict = {
             'project' : request.user.tenant_id,
             'user' : obj_id
         }
         for r_item in role_assign_obj.list(**arg_dict):
             roles_obj.revoke(r_item.role['id'], **arg_dict)
         
         member = users_obj.get(obj_id)
         noti_params = {
             'username' : member.name,
             'admin_address' : users_obj.get(request.user.id).email,
             'project' : request.user.tenant_name
         }
         noti_sbj, noti_body = notification_render(MEMBER_REMOVED, noti_params)
         notifyUsers(member.email, noti_sbj, noti_body)
         
         noti_sbj, noti_body = notification_render(MEMBER_REMOVED_ADM, noti_params)
         notifyManagers(noti_sbj, noti_body)
         
     except:
         LOG.error("Grant revoke error", exc_info=True)
         messages.error(request, _('Unable to delete member from tenant.'))
Exemple #2
0
    def handle(self, request, data):

        try:
        
            with transaction.atomic():

                curr_prjname = self.request.user.tenant_name
                q_args = {
                    'registration__regid' : int(data['regid']),
                    'project__projectname' : curr_prjname,
                    'flowstatus' : PSTATUS_RENEW_MEMB
                }                
                prj_reqs = PrjRequest.objects.filter(**q_args)
                
                if len(prj_reqs) == 0:
                    return True

                user_id = prj_reqs[0].registration.userid
                #
                # Remove member from project
                #
                roles_obj = client_factory(request).roles
                role_assign_obj = client_factory(request).role_assignments
        
                arg_dict = {
                    'project' : request.user.tenant_id,
                    'user' : user_id
                }
                for r_item in role_assign_obj.list(**arg_dict):
                    roles_obj.revoke(r_item.role['id'], **arg_dict)
        
                #
                # Clear requests
                #
                prj_reqs.delete()

            #
            # Send notification to the user
            #
            users_obj = client_factory(request).users
            member = users_obj.get(user_id)
            noti_params = {
                'username' : member.name,
                'admin_address' : users_obj.get(request.user.id).email,
                'project' : request.user.tenant_name,
                'notes' : data['reason']
            }
            noti_sbj, noti_body = notification_render(MEMBER_REMOVED, noti_params)
            notifyUsers(member.email, noti_sbj, noti_body)
                
        except:
            LOG.error("Cannot renew user", exc_info=True)
            exceptions.handle(request)
            return False
        
        return True
Exemple #3
0
    def delete(self, request, obj_id):

        try:

            with transaction.atomic():

                q_args = {
                    'registration__userid': obj_id,
                    'project__projectname': request.user.tenant_name
                }
                Expiration.objects.filter(**q_args).delete()
                PrjRequest.objects.filter(**q_args).delete()
                PrjRole.objects.filter(**q_args).delete()

                roles_obj = client_factory(request).roles
                role_assign_obj = client_factory(request).role_assignments

                arg_dict = {'project': request.user.tenant_id, 'user': obj_id}
                for r_item in role_assign_obj.list(**arg_dict):
                    roles_obj.revoke(r_item.role['id'], **arg_dict)

            tmpres = EMail.objects.filter(registration__userid=obj_id)
            member_email = tmpres[0].email if tmpres else None
            member_name = tmpres[0].registration.username if tmpres else None

            tmpres = EMail.objects.filter(registration__userid=request.user.id)
            admin_email = tmpres[0].email if tmpres else None

            noti_params = {
                'username': member_name,
                'admin_address': admin_email,
                'project': request.user.tenant_name
            }
            notifyUser(request=request,
                       rcpt=member_email,
                       action=MEMBER_REMOVED,
                       context=noti_params,
                       dst_user_id=obj_id)
            notifyAdmin(request=request,
                        action=MEMBER_REMOVED_ADM,
                        context=noti_params)

        except:
            LOG.error("Grant revoke error", exc_info=True)
            messages.error(request, _('Unable to delete member from tenant.'))
    def delete(self, request, obj_id):
    
        try:
            
            with transaction.atomic():

                q_args = {
                    'registration__userid' : obj_id,
                    'project__projectname' : request.user.tenant_name
                }
                Expiration.objects.filter(**q_args).delete()
                PrjRequest.objects.filter(**q_args).delete()
                PrjRole.objects.filter(**q_args).delete()

                roles_obj = client_factory(request).roles
                role_assign_obj = client_factory(request).role_assignments
                
                arg_dict = {
                    'project' : request.user.tenant_id,
                    'user' : obj_id
                }
                for r_item in role_assign_obj.list(**arg_dict):
                    roles_obj.revoke(r_item.role['id'], **arg_dict)

            tmpres = EMail.objects.filter(registration__userid=obj_id)
            member_email = tmpres[0].email if tmpres else None
            member_name = tmpres[0].registration.username if tmpres else None
            
            tmpres = EMail.objects.filter(registration__userid=request.user.id)
            admin_email = tmpres[0].email if tmpres else None

            noti_params = {
                'username' : member_name,
                'admin_address' : admin_email,
                'project' : request.user.tenant_name
            }
            notifyUser(request=request, rcpt=member_email, action=MEMBER_REMOVED, context=noti_params,
                       dst_user_id=obj_id)
            notifyAdmin(request=request, action=MEMBER_REMOVED_ADM, context=noti_params)

            
        except:
            LOG.error("Grant revoke error", exc_info=True)
            messages.error(request, _('Unable to delete member from tenant.'))
Exemple #5
0
    def get_data(self):

        try:
            t_role_id = ''
            for role in self.request.user.roles:
                if role['name'] == TENANTADMIN_ROLE:
                    t_role_id = get_admin_roleid(self.request)

            role_assign_obj = client_factory(self.request).role_assignments
            member_id_dict = dict()
            number_of_admins = 0
            for r_item in role_assign_obj.list(
                    project=self.request.user.tenant_id):
                if not r_item.user['id'] in member_id_dict:
                    member_id_dict[r_item.user['id']] = [False, 0, 0]

                if r_item.role['id'] == t_role_id:
                    member_id_dict[r_item.user['id']][0] = True
                    number_of_admins += 1

                member_id_dict[r_item.user['id']][1] += 1

            for rp_item in member_id_dict.itervalues():
                rp_item[2] = number_of_admins

            result = list()
            q_args = {
                'registration__userid__in': member_id_dict,
                'project__projectid': self.request.user.tenant_id
            }
            for expir in Expiration.objects.filter(**q_args):
                reg = expir.registration
                result.append(
                    MemberItem(reg, member_id_dict[reg.userid], expir.expdate))
            return result

        except Exception:
            LOG.error("Member view error", exc_info=True)
            messages.error(self.request, _('Unable to retrieve member list.'))

        return list()
Exemple #6
0
    def handle(self, request, data):
    
        try:
        
            role_names = [ role['name'] for role in self.request.user.roles ]
            if not TENANTADMIN_ROLE in role_names:
                raise Exception(_('Permissions denied: cannot approve subscriptions'))
        
            with transaction.atomic():
            
                curr_prjname = self.request.user.tenant_name
                q_args = {
                    'registration__regid' : int(data['regid']),
                    'project__projectname' : curr_prjname
                }                
                prj_req = PrjRequest.objects.filter(**q_args)[0]
                
                member = client_factory(request).users.get(prj_req.registration.userid)
                project_name = prj_req.project.projectname
                
                #
                # clear request
                #
                prj_req.delete()

            #
            # send notification to the user
            #
            noti_params = {
                'project' : project_name
            }

            noti_sbj, noti_body = notification_render(SUBSCR_NO_TYPE, noti_params)
            notifyUsers(member.email, noti_sbj, noti_body)
        
        except:
            exceptions.handle(request)
            return False
            
        return True
    def get_data(self):
    
        try:
            t_role_id = ''
            for role in self.request.user.roles:
                if role['name'] == TENANTADMIN_ROLE:
                    t_role_id = get_admin_roleid(self.request)
        
            role_assign_obj = client_factory(self.request).role_assignments
            member_id_dict = dict()
            number_of_admins = 0
            for r_item in role_assign_obj.list(project=self.request.user.tenant_id):
                if not r_item.user['id'] in member_id_dict:
                    member_id_dict[r_item.user['id']] = [False, 0, 0]
                    
                if r_item.role['id'] == t_role_id:
                    member_id_dict[r_item.user['id']][0] = True
                    number_of_admins +=1
                    
                member_id_dict[r_item.user['id']][1] += 1
            
            for rp_item in member_id_dict.itervalues():
                rp_item[2] = number_of_admins
        
            result = list()
            q_args = {
                'registration__userid__in' : member_id_dict,
                'project__projectid' : self.request.user.tenant_id
            }
            for expir in Expiration.objects.filter(**q_args):
                reg = expir.registration
                result.append(MemberItem(reg, member_id_dict[reg.userid], expir.expdate))
            return result
        
        except Exception:
            LOG.error("Member view error", exc_info=True)
            messages.error(self.request, _('Unable to retrieve member list.'))

        return list()
    def single(self, data_table, request, obj_id):
        
        try:
        
            t_role_id = ''
            for role in request.user.roles:
                if role['name'] == TENANTADMIN_ROLE:
                    t_role_id = get_admin_roleid(request)
            
            roles_obj = client_factory(request).roles
            arg_dict = {
                'project' : request.user.tenant_id,
                'user' : obj_id
            }
            
            tmpres = EMail.objects.filter(registration__userid=obj_id)
            member_email = tmpres[0].email if tmpres else None

            tmpres = EMail.objects.filter(registration__userid=request.user.id)
            admin_email = tmpres[0].email if tmpres else None

            datum = data_table.get_object_by_id(obj_id)
            if datum.is_t_admin:

                with transaction.atomic():

                    PrjRole.objects.filter(
                        registration__userid=obj_id,
                        project__projectname=request.user.tenant_name
                    ).delete()

                    if datum.num_of_roles == 1:
                        missing_default = True
                        for item in roles_obj.list():
                            if item.name == DEFAULT_ROLE:
                                roles_obj.grant(item.id, **arg_dict)
                                missing_default = False
                        if missing_default:
                            raise Exception('Cannot swith to member role')

                    roles_obj.revoke(t_role_id, **arg_dict)

                noti_params = {
                    'admin_address' : admin_email,
                    'project' : request.user.tenant_name,
                    's_role' : _('Project manager'),
                    'd_role' : _('Project user')
                }
                notifyUser(request=request, rcpt=member_email, action=CHANGED_MEMBER_ROLE, context=noti_params,
                           dst_project_id=request.user.project_id, dst_user_id=obj_id)
            
            else:

                with transaction.atomic():

                    prjRole = PrjRole()
                    prjRole.registration = Registration.objects.filter(userid=obj_id)[0]
                    prjRole.project = Project.objects.get(projectname=request.user.tenant_name)
                    prjRole.roleid = t_role_id
                    prjRole.save()

                    roles_obj.grant(t_role_id, **arg_dict)

                noti_params = {
                    'admin_address' : admin_email,
                    'project' : request.user.tenant_name,
                    's_role' : _('Project user'),
                    'd_role' : _('Project manager')
                }
                notifyUser(request=request, rcpt=member_email, action=CHANGED_MEMBER_ROLE, context=noti_params,
                           dst_project_id=request.user.project_id, dst_user_id=obj_id)

        except:
            LOG.error("Toggle role error", exc_info=True)
            messages.error(request, _('Unable to toggle the role.'))
           
        if obj_id == request.user.id:
            response = shortcuts.redirect(reverse_lazy('logout'))
            msg = _("Roles changed. Please log in again to continue.")
            utils.add_logout_reason(request, response, msg)
            return response
            
        return shortcuts.redirect(reverse_lazy('horizon:idmanager:member_manager:index'))
Exemple #9
0
    def handle(self, request, data):
    
        try:
        
            role_names = [ role['name'] for role in self.request.user.roles ]
            if not TENANTADMIN_ROLE in role_names:
                raise Exception(_('Permissions denied: cannot approve subscriptions'))
        
            with transaction.atomic():
            
                curr_prjname = self.request.user.tenant_name
                q_args = {
                    'registration__regid' : int(data['regid']),
                    'project__projectname' : curr_prjname
                }                
                prj_req = PrjRequest.objects.filter(**q_args)[0]
                
                member_id = prj_req.registration.userid
                tmpres = EMail.objects.filter(registration__userid=member_id)
                member_email = tmpres[0].email if tmpres else None
                project_name = prj_req.project.projectname
                user_name = prj_req.registration.username
                
                LOG.debug("Approving subscription for %s" % prj_req.registration.username)
            
                default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None)
                
                expiration = Expiration()
                expiration.registration = prj_req.registration
                expiration.project = prj_req.project
                expiration.expdate = data['expiration']
                expiration.save()
                
                #
                # Update the max expiration per user
                #
                user_reg = prj_req.registration
                if data['expiration'] > user_reg.expdate:
                    user_reg.expdate = data['expiration']
                    user_reg.save()

                roles_obj = client_factory(request).roles
                arg_dict = {
                    'project' : prj_req.project.projectid,
                    'user' : prj_req.registration.userid
                }
                
                missing_default = True
                for item in roles_obj.list():
                    if item.name == default_role:
                        roles_obj.grant(item.id, **arg_dict)
                        missing_default = False
                if missing_default:
                    raise Exception("Default role is undefined")
                #
                # Enable reminder for cloud admin
                #
                RegRequest.objects.filter(
                    registration = prj_req.registration,
                    flowstatus = RSTATUS_REMINDER
                ).update(flowstatus = RSTATUS_REMINDACK)
                #
                # clear request
                #
                prj_req.delete()

            #
            # send notification to the user
            #
            noti_params = {
                'username': user_name,
                'project' : project_name
            }

            notifyUser(request=self.request, rcpt=member_email, action=SUBSCR_OK_TYPE, context=noti_params,
                       dst_user_id=member_id)
            notifyAdmin(request=self.request, action=SUBSCR_OK_TYPE, context=noti_params)

        except:
            exceptions.handle(request)
            return False
            
        return True
Exemple #10
0
    def handle(self, request, data):

        try:
        
            with transaction.atomic():

                curr_prjname = self.request.user.tenant_name
                q_args = {
                    'registration__regid' : int(data['regid']),
                    'project__projectname' : curr_prjname,
                    'flowstatus' : PSTATUS_RENEW_MEMB
                }                
                prj_reqs = PrjRequest.objects.filter(**q_args)
                
                if len(prj_reqs) == 0:
                    return True

                user_id = prj_reqs[0].registration.userid

                #
                # Clear requests
                #
                prj_reqs.delete()
                q_args = {
                    'registration__regid' : int(data['regid']),
                    'project__projectname' : curr_prjname
                }                
                Expiration.objects.filter(**q_args).delete()
                PrjRole.objects.filter(**q_args).delete()

                #
                # Remove member from project
                #
                roles_obj = client_factory(request).roles
                role_assign_obj = client_factory(request).role_assignments
        
                arg_dict = {
                    'project' : request.user.tenant_id,
                    'user' : user_id
                }
                for r_item in role_assign_obj.list(**arg_dict):
                    roles_obj.revoke(r_item.role['id'], **arg_dict)
        

            #
            # Send notification to the user
            #
            tmpres = EMail.objects.filter(registration__regid=int(data['regid']))
            member_email = tmpres[0].email if tmpres else None
            member_name = tmpres[0].registration.username if member_email else 'unknown'

            tmpres = EMail.objects.filter(registration__userid=request.user.id)
            admin_email = tmpres[0].email if tmpres else None

            noti_params = {
                'username' : member_name,
                'admin_address' : admin_email,
                'project' : request.user.tenant_name,
                'notes' : data['reason']
            }
            notifyUser(request=self.request, rcpt=member_email, action=MEMBER_REMOVED, context=noti_params,
                       dst_user_id=user_id)
                
        except:
            LOG.error("Cannot renew user", exc_info=True)
            exceptions.handle(request)
            return False
        
        return True
Exemple #11
0
    def single(self, data_table, request, obj_id):

        try:

            t_role_id = ''
            for role in request.user.roles:
                if role['name'] == TENANTADMIN_ROLE:
                    t_role_id = get_admin_roleid(request)

            roles_obj = client_factory(request).roles
            arg_dict = {'project': request.user.tenant_id, 'user': obj_id}

            tmpres = EMail.objects.filter(registration__userid=obj_id)
            member_email = tmpres[0].email if tmpres else None

            tmpres = EMail.objects.filter(registration__userid=request.user.id)
            admin_email = tmpres[0].email if tmpres else None

            datum = data_table.get_object_by_id(obj_id)
            if datum.is_t_admin:

                with transaction.atomic():

                    PrjRole.objects.filter(registration__userid=obj_id,
                                           project__projectname=request.user.
                                           tenant_name).delete()

                    if datum.num_of_roles == 1:
                        missing_default = True
                        for item in roles_obj.list():
                            if item.name == DEFAULT_ROLE:
                                roles_obj.grant(item.id, **arg_dict)
                                missing_default = False
                        if missing_default:
                            raise Exception('Cannot swith to member role')

                    roles_obj.revoke(t_role_id, **arg_dict)

                noti_params = {
                    'admin_address': admin_email,
                    'project': request.user.tenant_name,
                    's_role': _('Project manager'),
                    'd_role': _('Project user')
                }
                notifyUser(request=request,
                           rcpt=member_email,
                           action=CHANGED_MEMBER_ROLE,
                           context=noti_params,
                           dst_project_id=request.user.project_id,
                           dst_user_id=obj_id)

            else:

                with transaction.atomic():

                    prjRole = PrjRole()
                    prjRole.registration = Registration.objects.filter(
                        userid=obj_id)[0]
                    prjRole.project = Project.objects.get(
                        projectname=request.user.tenant_name)
                    prjRole.roleid = t_role_id
                    prjRole.save()

                    roles_obj.grant(t_role_id, **arg_dict)

                noti_params = {
                    'admin_address': admin_email,
                    'project': request.user.tenant_name,
                    's_role': _('Project user'),
                    'd_role': _('Project manager')
                }
                notifyUser(request=request,
                           rcpt=member_email,
                           action=CHANGED_MEMBER_ROLE,
                           context=noti_params,
                           dst_project_id=request.user.project_id,
                           dst_user_id=obj_id)

        except:
            LOG.error("Toggle role error", exc_info=True)
            messages.error(request, _('Unable to toggle the role.'))

        if obj_id == request.user.id:
            response = shortcuts.redirect(reverse_lazy('logout'))
            msg = _("Roles changed. Please log in again to continue.")
            utils.add_logout_reason(request, response, msg)
            return response

        return shortcuts.redirect(
            reverse_lazy('horizon:idmanager:member_manager:index'))
Exemple #12
0
    def handle(self, request, data):
    
        try:
        
            role_names = [ role['name'] for role in self.request.user.roles ]
            if not TENANTADMIN_ROLE in role_names:
                raise Exception(_('Permissions denied: cannot approve subscriptions'))
        
            with transaction.atomic():
            
                curr_prjname = self.request.user.tenant_name
                q_args = {
                    'registration__regid' : int(data['regid']),
                    'project__projectname' : curr_prjname
                }                
                prj_req = PrjRequest.objects.filter(**q_args)[0]
                
                member = client_factory(request).users.get(prj_req.registration.userid)
                project_name = prj_req.project.projectname
                
                LOG.debug("Approving subscription for %s" % prj_req.registration.username)
            
                default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None)
                
                expiration = Expiration()
                expiration.registration = prj_req.registration
                expiration.project = prj_req.project
                expiration.expdate = data['expiration']
                expiration.save()
                
                #
                # Update the max expiration per user
                #
                user_reg = prj_req.registration
                if data['expiration'] > user_reg.expdate:
                    user_reg.expdate = data['expiration']
                    user_reg.save()

                roles_obj = client_factory(request).roles
                arg_dict = {
                    'project' : prj_req.project.projectid,
                    'user' : prj_req.registration.userid
                }
                
                missing_default = True
                for item in roles_obj.list():
                    if item.name == default_role:
                        roles_obj.grant(item.id, **arg_dict)
                        missing_default = False
                if missing_default:
                    raise Exception("Default role is undefined")
                    
                #
                # clear request
                #
                prj_req.delete()

            #
            # send notification to the user
            #
            noti_params = {
                'project' : project_name
            }

            noti_sbj, noti_body = notification_render(SUBSCR_OK_TYPE, noti_params)
            notifyUsers(member.email, noti_sbj, noti_body)
        
        except:
            exceptions.handle(request)
            return False
            
        return True
    def handle(self, request, data):

        try:
        
            with transaction.atomic():

                curr_prjname = self.request.user.tenant_name
                q_args = {
                    'registration__regid' : int(data['regid']),
                    'project__projectname' : curr_prjname,
                    'flowstatus' : PSTATUS_RENEW_MEMB
                }                
                prj_reqs = PrjRequest.objects.filter(**q_args)
                
                if len(prj_reqs) == 0:
                    return True

                user_id = prj_reqs[0].registration.userid

                #
                # Clear requests
                #
                prj_reqs.delete()
                q_args = {
                    'registration__regid' : int(data['regid']),
                    'project__projectname' : curr_prjname
                }                
                Expiration.objects.filter(**q_args).delete()
                PrjRole.objects.filter(**q_args).delete()

                #
                # Remove member from project
                #
                roles_obj = client_factory(request).roles
                role_assign_obj = client_factory(request).role_assignments
        
                arg_dict = {
                    'project' : request.user.tenant_id,
                    'user' : user_id
                }
                for r_item in role_assign_obj.list(**arg_dict):
                    roles_obj.revoke(r_item.role['id'], **arg_dict)
        

            #
            # Send notification to the user
            #
            tmpres = EMail.objects.filter(registration__regid=int(data['regid']))
            member_email = tmpres[0].email if tmpres else None
            member_name = tmpres[0].registration.username if member_email else 'unknown'

            tmpres = EMail.objects.filter(registration__userid=request.user.id)
            admin_email = tmpres[0].email if tmpres else None

            noti_params = {
                'username' : member_name,
                'admin_address' : admin_email,
                'project' : request.user.tenant_name,
                'notes' : data['reason']
            }
            notifyUser(request=self.request, rcpt=member_email, action=MEMBER_REMOVED, context=noti_params,
                       dst_user_id=user_id)
                
        except:
            LOG.error("Cannot renew user", exc_info=True)
            exceptions.handle(request)
            return False
        
        return True
Exemple #14
0
    def single(self, data_table, request, obj_id):
        
        try:
        
            t_role_id = ''
            for role in request.user.roles:
                if role['name'] == TENANTADMIN_ROLE:
                    t_role_id = get_admin_roleid(request)
            
            roles_obj = client_factory(request).roles
            arg_dict = {
                'project' : request.user.tenant_id,
                'user' : obj_id
            }
            
            users_obj = client_factory(request).users
            member = users_obj.get(obj_id)
                        
            datum = data_table.get_object_by_id(obj_id)
            if datum.is_t_admin:
            
                if datum.num_of_roles == 1:
                    missing_default = True
                    for item in roles_obj.list():
                        if item.name == DEFAULT_ROLE:
                            roles_obj.grant(item.id, **arg_dict)
                            missing_default = False
                    if missing_default:
                        raise Exception('Cannot swith to member role')
                        
                roles_obj.revoke(t_role_id, **arg_dict)
                
                noti_params = {
                    'admin_address' : users_obj.get(request.user.id).email,
                    'project' : request.user.tenant_name,
                    's_role' : _('Project manager'),
                    'd_role' : _('Project user')
                }
                noti_sbj, noti_body = notification_render(CHANGED_MEMBER_ROLE, noti_params)
                notifyUsers(member.email, noti_sbj, noti_body)
            
            else:
                roles_obj.grant(t_role_id, **arg_dict)

                noti_params = {
                    'admin_address' : users_obj.get(request.user.id).email,
                    'project' : request.user.tenant_name,
                    's_role' : _('Project user'),
                    'd_role' : _('Project manager')
                }
                noti_sbj, noti_body = notification_render(CHANGED_MEMBER_ROLE, noti_params)
                notifyUsers(member.email, noti_sbj, noti_body)

        except:
            LOG.error("Toggle role error", exc_info=True)
            messages.error(request, _('Unable to toggle the role.'))
           
        if obj_id == request.user.id:
            response = shortcuts.redirect(reverse_lazy('logout'))
            msg = _("Roles changed. Please log in again to continue.")
            utils.add_logout_reason(request, response, msg)
            return response
            
        return shortcuts.redirect(reverse_lazy('horizon:idmanager:member_manager:index'))