def delete(image_id):
image = clients.admin_clients().glance.images.get(image_id)
owner = getattr(image, 'owner')
if owner == clients.get_systenant_id():
principal.Permission(('role', 'admin')).test()
else:
principal.Permission(('role', 'member', owner)).test()
form = forms.DeleteForm()
if form.validate_on_submit():
image.delete()
flask.flash('Image successfully deleted', 'success')
else:
flask.flash('Invalid form', 'error')
return flask.redirect(flask.url_for('.index'))
def setup_tenant():
if flask.request.endpoint not in BARE_ENDPOINTS:
visible_ids = [x.id for x in utils.get_visible_tenants()]
if flask.g.tenant_id not in visible_ids:
flask.abort(404)
principal.Permission(('role', 'member', flask.g.tenant_id)).test()
flask.g.tenant = clients.admin_clients().keystone.tenants.get(
flask.g.tenant_id)
def dashboard():
"""Present brief info and useful links.
Global admins see numbers summary and links to administrative section.
Members of projects see links to their respective projects.
"""
context = {}
if principal.Permission(('role', 'admin')).can():
projects = utils.get_visible_tenants()
project_ids = [x.id for x in projects]
users = clients.admin_clients().keystone.users.list()
servers = filter(
lambda x: x.tenant_id in project_ids,
clients.admin_clients().nova.servers.list(
search_opts={'all_tenants': 1}))
context.update(
dict(title='Altai private cloud',
subtitle='%s users in %s projects use %s VMs' %
(len(users), len(projects), len(servers))))
return context
def authorize():
"""Check user is authorized.
Only admins are allowed here.
"""
principal.Permission(('role', 'admin')).test()
def allowed(*needs):
return principal.Permission(*needs).can()
def prepare():
principal.Permission(('role', 'admin')).test()
flask.g.store = orm.get_store('INVITATIONS')
def authorize():
principal.Permission(('role', 'admin')).test()