def handle_trunk_edit(request, agent, interface):
"""Edit a trunk"""
native_vlan = int(request.POST.get('native_vlan', 1))
trunked_vlans = [int(vlan) for vlan in request.POST.getlist('trunk_vlans')]
if should_check_access_rights(get_account(request)):
# A user can avoid the form restrictions by sending a forged post
# request Make sure only the allowed vlans are set
old_native, old_trunked = agent.get_native_and_trunked_vlans(interface)
allowed_vlans = [
v.vlan for v in find_allowed_vlans_for_user(get_account(request))
]
trunked_vlans = filter_vlans(trunked_vlans, old_trunked, allowed_vlans)
native_vlan = (native_vlan
if native_vlan in allowed_vlans else old_native)
_logger.info('Interface %s - native: %s, trunk: %s', interface,
native_vlan, trunked_vlans)
LogEntry.add_log_entry(
request.account,
u'set-vlan',
u'{actor}: {object} - native vlan: "%s", trunk vlans: "%s"' %
(native_vlan, trunked_vlans),
subsystem=u'portadmin',
object=interface,
)
if trunked_vlans:
agent.set_trunk(interface, native_vlan, trunked_vlans)
else:
agent.set_access(interface, native_vlan)
def handle_trunk_edit(request, agent, interface):
"""Edit a trunk"""
native_vlan = int(request.POST.get('native_vlan'))
trunked_vlans = [int(vlan) for vlan in request.POST.getlist('trunk_vlans')]
if should_check_access_rights(get_account(request)):
# A user can avoid the form restrictions by sending a forged post
# request Make sure only the allowed vlans are set
old_native, old_trunked = agent.get_native_and_trunked_vlans(interface)
allowed_vlans = [v.vlan for v in
find_allowed_vlans_for_user(get_account(request))]
trunked_vlans = filter_vlans(trunked_vlans, old_trunked, allowed_vlans)
native_vlan = (native_vlan if native_vlan in allowed_vlans
else old_native)
_logger.info('Interface %s - native: %s, trunk: %s', interface,
native_vlan, trunked_vlans)
if trunked_vlans:
agent.set_trunk(interface, native_vlan, trunked_vlans)
else:
agent.set_access(interface, native_vlan)
def handle_trunk_edit(request, agent, interface):
"""Edit a trunk"""
native_vlan = int(request.POST.get('native_vlan'))
trunked_vlans = [int(vlan) for vlan in request.POST.getlist('trunk_vlans')]
if should_check_access_rights(get_account(request)):
# A user can avoid the form restrictions by sending a forged post
# request Make sure only the allowed vlans are set
old_native, old_trunked = agent.get_native_and_trunked_vlans(interface)
allowed_vlans = [
v.vlan for v in find_allowed_vlans_for_user(get_account(request))
]
trunked_vlans = filter_vlans(trunked_vlans, old_trunked, allowed_vlans)
native_vlan = (native_vlan
if native_vlan in allowed_vlans else old_native)
_logger.info('Interface %s - native: %s, trunk: %s', interface,
native_vlan, trunked_vlans)
if trunked_vlans:
agent.set_trunk(interface, native_vlan, trunked_vlans)
else:
agent.set_access(interface, native_vlan)
def test_filter_vlans(self):
vlans_from_request = [1, 2, 3]
old_trunked_vlans = [3] # Vlans from querying the netbox
allowed_vlans = [1]
self.assertEqual(filter_vlans(vlans_from_request, old_trunked_vlans,
allowed_vlans), [1, 3])
def test_filter_vlans_add(self):
vlans_from_request = [1, 2, 3]
old_trunked_vlans = [3] # Vlans from querying the netbox
allowed_vlans = range(1, 10)
self.assertEqual(
filter_vlans(vlans_from_request, old_trunked_vlans, allowed_vlans),
[1, 2, 3])
def test_filter_vlans_remove_deny(self):
"""Only remove vlans that are in allowed vlans list"""
vlans_from_request = [2]
old_trunked_vlans = [1, 2, 3]
allowed_vlans = range(1, 3)
self.assertEqual(
filter_vlans(vlans_from_request, old_trunked_vlans, allowed_vlans),
[2, 3])
def test_filter_vlans_remove(self):
"""It should be possible to remove vlans by not including them"""
vlans_from_request = [1, 2]
old_trunked_vlans = [3]
allowed_vlans = range(1, 10)
self.assertEqual(
filter_vlans(vlans_from_request, old_trunked_vlans, allowed_vlans),
[1, 2])
def test_filter_vlans_add_deny(self):
"""Only add vlans that are in allowed vlans"""
vlans_from_request = [1, 2, 3]
old_trunked_vlans = [3] # Vlans from querying the netbox
allowed_vlans = [1]
self.assertEqual(
filter_vlans(vlans_from_request, old_trunked_vlans, allowed_vlans),
[1, 3])
