Esempio n. 1
0
 def __init__(self, *args, **kwargs):
     super(OrganizationForm, self).__init__(*args, **kwargs)
     self.helper = FormHelper(self)
     self.helper.layout = Layout(
         TabHolder(
             Tab('Info', 'name', 'description'),
             Tab('Import Configuration', 'organization_type',
                 'organization_identifier', 'api_endpoint', 'scm_login',
                 'import_enabled', 'refresh_minutes', 'force_rescan'),
             Tab('Import Rules', 'import_without_dotfile',
                 'default_worker_pool', 'overwrite_project_name',
                 'overwrite_project_script', 'overwrite_configurations',
                 'allow_worker_pool_assignment',
                 'allow_pipeline_definition', 'auto_attach_ssh_keys'),
             Tab('Environment', 'worker_pool')))
     request = Shared().request
     if not request.user.is_superuser:
         # currently you can only be superuser so this code is a little defensive and is taken from *ProjectForm*
         gids = [g.id for g in request.user.groups.all()]
         # this filtration is a little specific to the ownership plugin for authz and we might want to make this more pluggable later
         self.fields[
             'auto_attach_ssh_keys'].queryset = ServiceLogin.objects.filter(
                 Q(owner_groups__pk__in=gids) | Q(created_by=request.user))
         self.fields['ssh_keys'].queryset = SshKey.objects.filter(
             Q(owner_groups__pk__in=gids) | Q(created_by=request.user))
Esempio n. 2
0
 def __init__(self, *args, **kwargs):
     super(ProjectForm, self).__init__(*args, **kwargs)
     self.helper = FormHelper(self)
     self.helper.layout = Layout(
         TabHolder(
             Tab('Info', 'name', 'description'),
             Tab('Script', 'script', 'timeout', 'container_base_image'),
             Tab('Repository', 'scm_type', 'repo_url', 'repo_branch',
                 'recursive', 'scm_login', 'webhook_enabled',
                 'webhook_token'),
             Tab('Schedule', 'schedule_enabled', 'monday', 'tuesday',
                 'wednesday', 'thursday', 'friday', 'saturday', 'sunday',
                 'weekday_start_hours', 'weekday_start_minutes',
                 'weekend_start_hours', 'weekend_start_minutes',
                 'schedule_threshold'), Tab('SSH', 'ssh_keys'),
             Tab('Variables', 'variable_sets', 'variables',
                 'launch_questions'), Tab('Environment', 'worker_pool'),
             Tab('Pipeline', 'pipeline_enabled', 'pipeline', 'stage'),
             Tab('Ownership', 'launch_groups', 'owner_groups')))
     request = Shared().request
     if not request.user.is_superuser:
         gids = [g.id for g in request.user.groups.all()]
         # this filtration is a little specific to the ownership plugin for authz and we might want to make this more pluggable later
         self.fields['scm_login'].queryset = ServiceLogin.objects.filter(
             Q(owner_groups__pk__in=gids) | Q(created_by=request.user))
         self.fields['ssh_keys'].queryset = SshKey.objects.filter(
             Q(owner_groups__pk__in=gids) | Q(created_by=request.user))
Esempio n. 3
0
def generic_new(cfg, request, *args, **kwargs):
    """
    Support for rendering all object creation pages & processing submissions
    """
    Shared().request = request
    if not permissions.check_can_create(cfg.model, request, *args, **kwargs):
        return redirect('index')
    if request.method == 'POST':
        try:
            result = process_new(cfg, request)
            return result
        except Exception as e:
            LOG.error(traceback.format_exc())
            return HttpResponseServerError(e, content_type='text/plain')
    else:
        return template(
            request, 'generic_new.j2',
            get_context(request, cfg, flavor='New', form=cfg.form()))
Esempio n. 4
0
def generic_list(cfg, request, *args, **kwargs):
    """
    Generic support for rendering all object list pages.
    """
    Shared().request = request

    # most other anonymous handling works by get_object_or_404 / auth checks, but this one is important for friendly navigation
    if request.user.is_anonymous:
        return redirect('login')

    # what database queryset are we starting with?
    queryset = cfg.get_queryset(request)

    # get URL parameters as a dictionary
    querydict = querystring_dict(request)

    # trim down the DB queryset based on then View code and permissions, then sort it.
    queryset = permissions.filter_queryset_for_list(queryset, request, *args,
                                                    **kwargs)
    page = querydict.pop('page', None)
    queryset = cfg.filtering(request, queryset).filter(**querydict)
    queryset = cfg.ordering(queryset)

    # handle database pagination of long result sets.
    if page is None:
        page = 1
    # TODO: page size is hard coded for now. make that configurable in settings.
    paginator = Paginator(queryset, settings.DEFAULT_PAGE_SIZE)
    objects = paginator.get_page(page)

    # render the generic list page.
    context_params = dict(form=None,
                          objects=objects,
                          extra_columns=cfg.extra_columns,
                          page=page,
                          num_pages=paginator.num_pages,
                          page_range=paginator.page_range,
                          supports_new=permissions.check_can_create(
                              cfg.model, request),
                          object_count=paginator.count)
    return template(request, 'generic_list.j2',
                    get_context(request, cfg, **context_params))
Esempio n. 5
0
def generic_delete(cfg, request, *args, **kwargs):
    """
    Support for rendering all delete object pages & processing submissions.
    """
    Shared().request = request
    # FIXME: access control using ViewSet code
    # FIXME: as there is no delete page, merge in the process delete code directly into this function
    pk = kwargs.get('pk')
    obj = cfg.model.objects.get(pk=pk)
    if obj is not None and not permissions.check_can_delete(
            obj, request, *args, **kwargs):
        return HttpResponse(
            "You do not have permission to delete this object.", status=403)
    if request.method == 'POST':
        return process_delete(cfg, request, obj, **kwargs)
    else:
        # FIXME: I suspect the generic delete page is *NOT* used, so can't we delete this?
        form = cfg.form(instance=obj)
        return template(request, 'generic_delete.j2',
                        get_context(request, cfg, form=form, obj=obj))
Esempio n. 6
0
def generic_detail(cfg, request, *args, **kwargs):
    """
    Support for rendering all object list pages, which are like edit pages with no submit button.
    """
    Shared().request = request
    pk = kwargs.get('pk')
    # TODO: is it possible to streamline all of this for all object types WRT permission code?
    qs = permissions.filter_queryset_for_view(cfg.model.objects, request,
                                              *args, **kwargs)
    obj = get_object_or_404(qs, pk=pk)
    if not permissions.check_can_view(obj, request, *args, **kwargs):
        return redirect('index')
    form = cfg.form(instance=obj)
    return template(
        request, 'generic_edit.j2',
        get_context(request,
                    cfg,
                    flavor='Detail',
                    obj=obj,
                    form=form,
                    read_only=True))
Esempio n. 7
0
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.initial['password'] = ''
        self.helper = FormHelper(self)
        self.helper.layout = Layout(
            TabHolder(
                Tab('Info', 'username', 'first_name', 'last_name', 'email'),
                Tab('Access', 'password', 'groups', 'is_superuser'),
            ))
        self.fields['password'].required = False
        self.fields['password'].widget = forms.PasswordInput()

        obj = kwargs.get('instance', None)
        user = Shared().request.user
        if obj:
            # this applies only to the edit form
            if obj != user and not user.is_superuser:
                # only superusers can edit passwords of other users
                self.fields['password'].widget.attrs['disabled'] = True
            elif not user.is_superuser:
                # only superusers can toggle the superuser bit and groups on any account
                for field_name in ['is_superuser', 'groups']:
                    self.fields[field_name].widget.attrs['disabled'] = True
Esempio n. 8
0
def generic_edit(cfg, request, *args, **kwargs):
    """
    Support for rendering all object edit pages & processing submissions.
    """
    Shared().request = request
    pk = kwargs.get('pk')
    obj = get_object_or_404(cfg.model.objects, pk=pk)
    if not permissions.check_can_edit(obj, request, *args, **kwargs):
        return redirect("%s_detail" % cfg.view_prefix, pk=pk)
    qs = permissions.filter_queryset_for_edit(cfg.model.objects, request,
                                              *args, **kwargs)
    obj = get_object_or_404(qs, pk=pk)
    if request.method == 'POST':
        return process_edit(cfg, request, obj)
    else:
        form = cfg.form(instance=obj)
        return template(
            request, 'generic_edit.j2',
            get_context(request,
                        cfg,
                        flavor='Edit',
                        obj=obj,
                        form=form,
                        read_only=False))