Esempio n. 1
0
def save_user_permissions(org, user, perms):
    """
    Save user permissions for the specified org and user

    perms should be a dict of permissioning ids and permission levels
    """

    # wipe all the user's perms for the targeted org

    user.userpermission_set.filter(namespace__startswith=org.nsp_namespace).delete()

    # collect permissioning namespaces from the provided permissioning ids

    nsp_perms = {}

    for id, permissions in list(perms.items()):

        if not permissions & PERM_READ:
            permissions = permissions | PERM_READ

        if id == "org.%d" % org.id:
            nsp_perms[org.nsp_namespace] = permissions
            nsp_perms[
                NetworkContact.nsp_namespace_from_id(org.id, "*", "private")
            ] = permissions
        elif id == "net":
            nsp_perms[
                Network.nsp_namespace_from_id(org.id, "*").strip(".*")
            ] = permissions
            nsp_perms[
                NetworkContact.nsp_namespace_from_id(org.id, "*", "private")
            ] = permissions
        elif id == "ix":
            nsp_perms[
                InternetExchange.nsp_namespace_from_id(org.id, "*").strip(".*")
            ] = permissions
        elif id == "fac":
            nsp_perms[
                Facility.nsp_namespace_from_id(org.id, "*").strip(".*")
            ] = permissions
        elif id.find(".") > -1:
            id = id.split(".")
            if id[0] == "net":
                nsp_perms[Network.nsp_namespace_from_id(org.id, id[1])] = permissions
                nsp_perms[
                    NetworkContact.nsp_namespace_from_id(org.id, id[1], "private")
                ] = permissions
            elif id[0] == "ix":
                nsp_perms[
                    InternetExchange.nsp_namespace_from_id(org.id, id[1])
                ] = permissions
            elif id[0] == "fac":
                nsp_perms[Facility.nsp_namespace_from_id(org.id, id[1])] = permissions

    # save
    for ns, p in list(nsp_perms.items()):
        UserPermission.objects.create(namespace=ns, permissions=p, user=user)

    return nsp_perms
Esempio n. 2
0
def save_user_permissions(org, user, perms):
    """
    Save user permissions for the specified org and user

    perms should be a dict of permissioning ids and permission levels
    """

    # wipe all the user's perms for the targeted org

    user.userpermission_set.filter(
        namespace__startswith=org.nsp_namespace).delete()

    # collect permissioning namespaces from the provided permissioning ids

    nsp_perms = {}

    for id, permissions in perms.items():

        if not permissions & PERM_READ:
            permissions = permissions | PERM_READ

        if id == "org.%d" % org.id:
            nsp_perms[org.nsp_namespace] = permissions
            nsp_perms[NetworkContact.nsp_namespace_from_id(
                org.id, "*", "private")] = permissions
        elif id == "net":
            nsp_perms[Network.nsp_namespace_from_id(
                org.id, "*").strip(".*")] = permissions
            nsp_perms[NetworkContact.nsp_namespace_from_id(
                org.id, "*", "private")] = permissions
        elif id == "ix":
            nsp_perms[InternetExchange.nsp_namespace_from_id(
                org.id, "*").strip(".*")] = permissions
        elif id == "fac":
            nsp_perms[Facility.nsp_namespace_from_id(
                org.id, "*").strip(".*")] = permissions
        elif id.find(".") > -1:
            id = id.split(".")
            if id[0] == "net":
                nsp_perms[Network.nsp_namespace_from_id(org.id,
                                                        id[1])] = permissions
                nsp_perms[NetworkContact.nsp_namespace_from_id(
                    org.id, id[1], "private")] = permissions
            elif id[0] == "ix":
                nsp_perms[InternetExchange.nsp_namespace_from_id(
                    org.id, id[1])] = permissions
            elif id[0] == "fac":
                nsp_perms[Facility.nsp_namespace_from_id(org.id,
                                                         id[1])] = permissions

    # save
    for ns, p in nsp_perms.items():
        UserPermission.objects.create(namespace=ns, permissions=p, user=user)

    return nsp_perms
Esempio n. 3
0
 def list(self, request):
     return Response(Network.as_set_map(self.get_queryset()))
Esempio n. 4
0
def uoar_creation(sender, instance, created=False, **kwargs):
    """
    When a user to organization affiliation request is created
    we want to notify the approporiate management entity

    We also want to attempt to derive the targeted organization
    from the ASN the user provided
    """

    if created:

        if instance.asn and not instance.org_id:
            network = Network.objects.filter(asn=instance.asn).first()
            if network:
                # network with targeted asn found, set org
                instance.org = network.org

        instance.status = "pending"
        instance.save()

        if instance.org_id and instance.org.admin_usergroup.user_set.count() > 0:

            # check that user is not already a member of that org
            if instance.user.groups.filter(name=instance.org.usergroup.name).exists():
                instance.approve()
                return

            # organization exists already and has admins, notify organization
            # admins
            for user in instance.org.admin_usergroup.user_set.all():
                with override(user.locale):
                    user.email_user(
                        _(
                            "User %(u_name)s wishes to be affiliated to your Organization"
                        )
                        % {"u_name": instance.user.full_name},
                        loader.get_template(
                            "email/notify-org-admin-user-affil.txt"
                        ).render(
                            {
                                "user": instance.user,
                                "org": instance.org,
                                "org_management_url": "%s/org/%d#users"
                                % (settings.BASE_URL, instance.org.id),
                            }
                        ),
                    )
        else:
            request_type = "be affiliated to"
            rdap_data = {"emails": []}
            org_created = False
            net_created = False
            rdap_lookup = None
            if instance.asn and not instance.org_id:
                # ASN specified in request, but no network found
                # Lookup RDAP information
                try:
                    rdap_lookup = rdap = RdapLookup().get_asn(instance.asn)
                    ok = rdap_lookup.emails
                except RdapException as inst:
                    instance.deny()
                    raise

                # create organization
                instance.org, org_created = Organization.create_from_rdap(
                    rdap, instance.asn, instance.org_name
                )
                instance.save()

                # create network
                net, net_created = Network.create_from_rdap(
                    rdap, instance.asn, instance.org
                )

                # if affiliate auto appove is on, auto approve at this point
                if pdb_settings.AUTO_APPROVE_AFFILIATION:
                    instance.approve()
                    return

                ticket_queue_asnauto_create(
                    instance.user,
                    instance.org,
                    net,
                    rdap,
                    net.asn,
                    org_created=org_created,
                    net_created=net_created,
                )

                # if user's relationship to network can be validated now
                # we can approve the ownership request right away
                if instance.user.validate_rdap_relationship(rdap):
                    instance.approve()
                    ticket_queue_asnauto_affil(instance.user, instance.org, net, rdap)
                    return

            if instance.org:
                # organization has been set on affiliation request
                entity_name = instance.org.name
                if not instance.org.owned:
                    # organization is currently not owned
                    request_type = "request ownership of"

                    # if affiliate auto appove is on, auto approve at this point
                    if pdb_settings.AUTO_APPROVE_AFFILIATION:
                        instance.approve()
                        return

                    # if user's relationship to the org can be validated by
                    # checking the rdap information of the org's networks
                    # we can approve the affiliation (ownership) request right away
                    for asn, rdap in list(instance.org.rdap_collect.items()):
                        rdap_data["emails"].extend(rdap.emails)
                        if instance.user.validate_rdap_relationship(rdap):
                            ticket_queue_asnauto_affil(
                                instance.user,
                                instance.org,
                                Network.objects.get(asn=asn),
                                rdap,
                            )
                            instance.approve()
                            return
            else:
                entity_name = instance.org_name

                if pdb_settings.AUTO_APPROVE_AFFILIATION:
                    org = Organization.objects.create(
                        name=instance.org_name, status="ok"
                    )
                    instance.org = org
                    instance.approve()
                    return

            # organization has no owners and RDAP information could not verify the user's relationship to the organization, notify pdb staff for review
            ticket_queue(
                "User %s wishes to %s %s"
                % (instance.user.username, request_type, entity_name),
                loader.get_template("email/notify-pdb-admin-user-affil.txt").render(
                    {
                        "user": instance.user,
                        "instance": instance,
                        "base_url": settings.BASE_URL,
                        "org_add_url": "%s%s"
                        % (
                            settings.BASE_URL,
                            django.urls.reverse(
                                "admin:peeringdb_server_organization_add"
                            ),
                        ),
                        "net_add_url": "%s%s"
                        % (
                            settings.BASE_URL,
                            django.urls.reverse("admin:peeringdb_server_network_add"),
                        ),
                        "review_url": "%s%s"
                        % (
                            settings.BASE_URL,
                            django.urls.reverse(
                                "admin:peeringdb_server_user_change",
                                args=(instance.user.id,),
                            ),
                        ),
                        "approve_url": "%s%s"
                        % (
                            settings.BASE_URL,
                            django.urls.reverse(
                                "admin:peeringdb_server_userorgaffiliationrequest_actions",
                                args=(instance.id, "approve_and_notify"),
                            ),
                        ),
                        "emails": list(set(rdap_data["emails"])),
                        "rdap_lookup": rdap_lookup,
                    }
                ),
                instance.user,
            )

    elif instance.status == "approved" and instance.org_id:

        # uoar was not created, and status is now approved, call approve
        # to finalize

        instance.approve()
Esempio n. 5
0
def uoar_creation(sender, instance, created=False, **kwargs):
    """
    When a user to organization affiliation request is created
    we want to notify the approporiate management entity

    We also want to attempt to derive the targeted organization
    from the ASN the user provided
    """

    if created:

        if instance.asn and not instance.org_id:
            network = Network.objects.filter(asn=instance.asn).first()
            if network:
                # network with targeted asn found, set org
                instance.org = network.org

        instance.status = "pending"
        instance.save()

        if instance.org_id and instance.org.admin_usergroup.user_set.count(
        ) > 0:

            # check that user is not already a member of that org
            if instance.user.groups.filter(
                    name=instance.org.usergroup.name).exists():
                instance.approve()
                return

            # organization exists already and has admins, notify organization
            # admins
            for user in instance.org.admin_usergroup.user_set.all():
                with override(user.locale):
                    user.email_user(
                        _(u"User %(u_name)s wishes to be affiliated to your Organization"
                          ) % {'u_name': instance.user.full_name},
                        loader.get_template(
                            'email/notify-org-admin-user-affil.txt').render({
                                "user": instance.user,
                                "org": instance.org,
                                "org_management_url": '%s/org/%d#users' %
                                                      (settings.BASE_URL,
                                                       instance.org.id)
                            }))
        else:
            request_type = "be affiliated to"
            rdap_data = {"emails": []}
            org_created = False
            net_created = False
            rdap_lookup = None
            if instance.asn and not instance.org_id:
                # ASN specified in request, but no network found
                # Lookup RDAP information
                try:
                    rdap_lookup = rdap = RdapLookup().get_asn(instance.asn)
                    ok = rdap_lookup.emails
                except RdapException, inst:
                    instance.deny()
                    raise

                # create organization
                instance.org, org_created = Organization.create_from_rdap(
                    rdap, instance.asn, instance.org_name)
                instance.save()

                # create network
                net, net_created = Network.create_from_rdap(
                    rdap, instance.asn, instance.org)

                # if affiliate auto appove is on, auto approve at this point
                if pdb_settings.AUTO_APPROVE_AFFILIATION:
                    instance.approve()
                    return

                ticket_queue_asnauto_create(
                    instance.user, instance.org, net, rdap, net.asn,
                    org_created=org_created, net_created=net_created)

                # if user's relationship to network can be validated now
                # we can approve the ownership request right away
                if instance.user.validate_rdap_relationship(rdap):
                    instance.approve()
                    ticket_queue_asnauto_affil(instance.user, instance.org,
                                               net, rdap)
                    return

            if instance.org:
                # organization has been set on affiliation request
                entity_name = instance.org.name
                if not instance.org.owned:
                    # organization is currently not owned
                    request_type = "request ownership of"

                    # if affiliate auto appove is on, auto approve at this point
                    if pdb_settings.AUTO_APPROVE_AFFILIATION:
                        instance.approve()
                        return

                    # if user's relationship to the org can be validated by
                    # checking the rdap information of the org's networks
                    # we can approve the affiliation (ownership) request right away
                    for asn, rdap in instance.org.rdap_collect.items():
                        rdap_data["emails"].extend(rdap.emails)
                        if instance.user.validate_rdap_relationship(rdap):
                            ticket_queue_asnauto_affil(
                                instance.user, instance.org,
                                Network.objects.get(asn=asn), rdap)
                            instance.approve()
                            return
            else:
                entity_name = instance.org_name

                if pdb_settings.AUTO_APPROVE_AFFILIATION:
                    org = Organization.objects.create(name=instance.org_name, status="ok")
                    instance.org = org
                    instance.approve()
                    return



            # organization has no owners and RDAP information could not verify the user's relationship to the organization, notify pdb staff for review
            ticket_queue(
                u'User %s wishes to %s %s' % (instance.user.username,
                                              request_type, entity_name),
                loader.get_template('email/notify-pdb-admin-user-affil.txt')
                .render({
                    "user": instance.user,
                    "instance": instance,
                    "base_url": settings.BASE_URL,
                    "org_add_url": "%s%s" % (
                        settings.BASE_URL,
                        urlresolvers.reverse(
                            "admin:peeringdb_server_organization_add")),
                    "net_add_url": "%s%s" %
                                   (settings.BASE_URL,
                                    urlresolvers.reverse(
                                        "admin:peeringdb_server_network_add")),
                    "review_url": "%s%s" %
                                  (settings.BASE_URL,
                                   urlresolvers.reverse(
                                       "admin:peeringdb_server_user_change",
                                       args=(instance.user.id, ))),
                    "approve_url": "%s%s" % (
                        settings.BASE_URL,
                        urlresolvers.reverse(
                            "admin:peeringdb_server_userorgaffiliationrequest_actions",
                            args=(instance.id, "approve_and_notify"))),
                    "emails": list(set(rdap_data["emails"])),
                    "rdap_lookup": rdap_lookup
                }), instance.user)