def save_user_permissions(org, user, perms):
"""
Save user permissions for the specified org and user
perms should be a dict of permissioning ids and permission levels
"""
# wipe all the user's perms for the targeted org
user.userpermission_set.filter(namespace__startswith=org.nsp_namespace).delete()
# collect permissioning namespaces from the provided permissioning ids
nsp_perms = {}
for id, permissions in list(perms.items()):
if not permissions & PERM_READ:
permissions = permissions | PERM_READ
if id == "org.%d" % org.id:
nsp_perms[org.nsp_namespace] = permissions
nsp_perms[
NetworkContact.nsp_namespace_from_id(org.id, "*", "private")
] = permissions
elif id == "net":
nsp_perms[
Network.nsp_namespace_from_id(org.id, "*").strip(".*")
] = permissions
nsp_perms[
NetworkContact.nsp_namespace_from_id(org.id, "*", "private")
] = permissions
elif id == "ix":
nsp_perms[
InternetExchange.nsp_namespace_from_id(org.id, "*").strip(".*")
] = permissions
elif id == "fac":
nsp_perms[
Facility.nsp_namespace_from_id(org.id, "*").strip(".*")
] = permissions
elif id.find(".") > -1:
id = id.split(".")
if id[0] == "net":
nsp_perms[Network.nsp_namespace_from_id(org.id, id[1])] = permissions
nsp_perms[
NetworkContact.nsp_namespace_from_id(org.id, id[1], "private")
] = permissions
elif id[0] == "ix":
nsp_perms[
InternetExchange.nsp_namespace_from_id(org.id, id[1])
] = permissions
elif id[0] == "fac":
nsp_perms[Facility.nsp_namespace_from_id(org.id, id[1])] = permissions
# save
for ns, p in list(nsp_perms.items()):
UserPermission.objects.create(namespace=ns, permissions=p, user=user)
return nsp_perms
def save_user_permissions(org, user, perms):
"""
Save user permissions for the specified org and user
perms should be a dict of permissioning ids and permission levels
"""
# wipe all the user's perms for the targeted org
user.userpermission_set.filter(
namespace__startswith=org.nsp_namespace).delete()
# collect permissioning namespaces from the provided permissioning ids
nsp_perms = {}
for id, permissions in perms.items():
if not permissions & PERM_READ:
permissions = permissions | PERM_READ
if id == "org.%d" % org.id:
nsp_perms[org.nsp_namespace] = permissions
nsp_perms[NetworkContact.nsp_namespace_from_id(
org.id, "*", "private")] = permissions
elif id == "net":
nsp_perms[Network.nsp_namespace_from_id(
org.id, "*").strip(".*")] = permissions
nsp_perms[NetworkContact.nsp_namespace_from_id(
org.id, "*", "private")] = permissions
elif id == "ix":
nsp_perms[InternetExchange.nsp_namespace_from_id(
org.id, "*").strip(".*")] = permissions
elif id == "fac":
nsp_perms[Facility.nsp_namespace_from_id(
org.id, "*").strip(".*")] = permissions
elif id.find(".") > -1:
id = id.split(".")
if id[0] == "net":
nsp_perms[Network.nsp_namespace_from_id(org.id,
id[1])] = permissions
nsp_perms[NetworkContact.nsp_namespace_from_id(
org.id, id[1], "private")] = permissions
elif id[0] == "ix":
nsp_perms[InternetExchange.nsp_namespace_from_id(
org.id, id[1])] = permissions
elif id[0] == "fac":
nsp_perms[Facility.nsp_namespace_from_id(org.id,
id[1])] = permissions
# save
for ns, p in nsp_perms.items():
UserPermission.objects.create(namespace=ns, permissions=p, user=user)
return nsp_perms
def reparent_ixlan(self, ixlan):
"""
Reparent an ixlan to a new exchange
"""
ix = ixlan.ix
reversion.set_comment("Reparented ixlan to new ix (script, #21)")
# try to set a reasonable name for the new exchange
# combining the original exchange name with the ixlan name
#
# if ixlan name is not set suffix ixlan{ixlan.id} instead
#
if ixlan.name:
suffix = ixlan.name
if InternetExchange.objects.filter(name=f"{ix.name} {suffix}").exists():
suffix = f"{ixlan.name} ixlan{ixlan.id}"
else:
suffix = f"ixlan{ixlan.id}"
# create new exchange
new_ix = InternetExchange(
name=f"{ix.name} {suffix}",
org=ix.org,
status=ixlan.status,
city=ix.city,
media=ix.media,
region_continent=ix.region_continent,
country=ix.country,
)
# we call save() with create_ixlan=False because we will
# be moving an ixlans to the exchange instead
if self.commit:
new_ix.full_clean()
new_ix.save(create_ixlan=False)
# update migration report
self.report_reparenting(ix, new_ix, ixlan)
# copy netfac connections to the new exchange
for ixfac in ix.ixfac_set_active:
ixfac_copy = InternetExchangeFacility(
ix=new_ix, facility=ixfac.facility, status=new_ix.status
)
if self.commit:
ixfac_copy.save()
# reparent the ixlan to the new ix
ixlan.ix = new_ix
if self.commit:
ixlan.save()
self.log(
"Reparented [{}] ixlan {} from ix {} ({}) to new ix {} ({})".format(
ixlan.status, ixlan.id, ix.name, ix.id, new_ix.name, new_ix.id
)
)
self.stats[f"reparented_{ixlan.status}"] += 1
def org_save(sender, **kwargs):
"""
we want to create a user group for an organization when that
organization is created
"""
inst = kwargs.get("instance")
ix_namespace = InternetExchange.nsp_namespace_from_id(inst.id, "*")
# make the general member group for the org
try:
group = Group.objects.get(name=inst.group_name)
except Group.DoesNotExist:
group = Group(name=inst.group_name)
group.save()
perm = GroupPermission(group=group,
namespace=inst.nsp_namespace,
permissions=PERM_READ)
perm.save()
GroupPermission(
group=group,
namespace=NetworkContact.nsp_namespace_from_id(
inst.id, "*", "private"),
permissions=PERM_READ,
).save()
GroupPermission(
group=group,
namespace=f"{ix_namespace}.ixf_ixp_member_list_url.private",
permissions=PERM_READ,
).save()
# make the admin group for the org
try:
group = Group.objects.get(name=inst.admin_group_name)
except Group.DoesNotExist:
group = Group(name=inst.admin_group_name)
group.save()
perm = GroupPermission(group=group,
namespace=inst.nsp_namespace,
permissions=PERM_CRUD)
perm.save()
GroupPermission(group=group,
namespace=inst.nsp_namespace_manage,
permissions=PERM_CRUD).save()
GroupPermission(
group=group,
namespace=NetworkContact.nsp_namespace_from_id(
inst.id, "*", "private"),
permissions=PERM_CRUD,
).save()
GroupPermission(
group=group,
namespace=f"{ix_namespace}.ixf_ixp_member_list_url.private",
permissions=PERM_CRUD,
).save()
if inst.status == "deleted":
for ar in inst.affiliation_requests.all():
ar.delete()
def handle(self, *args, **options):
self.commit = options.get("commit", False)
self.debug = options.get("debug", False)
self.preview = options.get("preview", False)
self.cache = options.get("cache", False)
self.skip_import = options.get("skip_import", False)
process_requested = options.get("process_requested", None)
ixlan_ids = options.get("ixlan")
asn = options.get("asn", 0)
# err and out should go to the same buffer (#967)
if not self.preview:
self.stderr = self.stdout
if process_requested is not None:
ixlan_ids = []
for ix in InternetExchange.ixf_import_request_queue():
if ix.id not in ixlan_ids:
ixlan_ids.append(ix.id)
if not ixlan_ids:
self.log("No manual import requests")
return
self.log(f"Processing manual requests for: {ixlan_ids}")
self.active_reset_flags = self.initiate_reset_flags(**options)
self.runtime_errors = []
if self.reset or self.reset_hints:
self.reset_all_hints()
if self.reset or self.reset_dismisses:
self.reset_all_dismisses()
if self.reset or self.reset_email:
self.reset_all_email()
if self.reset or self.reset_tickets:
self.reset_all_tickets()
if len(self.active_reset_flags) >= 1:
self.create_reset_ticket()
if self.preview and self.commit:
self.commit = False
if asn and not ixlan_ids:
# if asn is specified, retrieve queryset for ixlans from
# the network object
net = Network.objects.get(asn=asn)
qset = net.ixlan_set_ixf_enabled
else:
# otherwise build ixlan queryset
qset = IXLan.objects.filter(status="ok",
ixf_ixp_import_enabled=True)
qset = qset.exclude(ixf_ixp_member_list_url__isnull=True)
# filter by ids if ixlan ids were specified
if ixlan_ids:
qset = qset.filter(id__in=ixlan_ids)
total_log = {"data": [], "errors": []}
total_notifications = []
for ixlan in qset:
self.log("Fetching data for -ixlan{} from {}".format(
ixlan.id, ixlan.ixf_ixp_member_list_url))
try:
importer = ixf.Importer()
importer.skip_import = self.skip_import
importer.cache_only = self.cache
self.log(f"Processing {ixlan.ix.name} ({ixlan.id})")
with transaction.atomic():
success = importer.update(ixlan, save=self.commit, asn=asn)
self.log(json.dumps(importer.log), debug=True)
self.log(
"Success: {}, added: {}, updated: {}, deleted: {}".format(
success,
len(importer.actions_taken["add"]),
len(importer.actions_taken["modify"]),
len(importer.actions_taken["delete"]),
))
total_log["data"].extend(importer.log["data"])
total_log["errors"].extend([
f"{ixlan.ix.name}({ixlan.id}): {err}"
for err in importer.log["errors"]
])
total_notifications += importer.notifications
except Exception as inst:
self.store_runtime_error(inst, ixlan=ixlan)
finally:
if process_requested is not None:
ixlan.ix.ixf_import_request_status = "finished"
ixlan.ix.save_without_timestamp()
if self.preview:
self.stdout.write(json.dumps(total_log, indent=2))
# send cosolidated notifications to ix and net for
# new proposals (#771)
importer = ixf.Importer()
importer.reset(save=self.commit)
importer.notifications = total_notifications
importer.notify_proposals(error_handler=self.store_runtime_error)
self.stdout.write(f"New Emails: {importer.emails}")
num_errors = len(self.runtime_errors)
if num_errors > 0:
self.stdout.write(f"Errors: {num_errors}\n\n")
self.write_runtime_errors()
sys.exit(1)
if self.commit:
self.resend_emails(importer)