def handle_trunk_edit(request, agent, interface): """Edit a trunk""" native_vlan = int(request.POST.get('native_vlan', 1)) trunked_vlans = [int(vlan) for vlan in request.POST.getlist('trunk_vlans')] if should_check_access_rights(get_account(request)): # A user can avoid the form restrictions by sending a forged post # request Make sure only the allowed vlans are set old_native, old_trunked = agent.get_native_and_trunked_vlans(interface) allowed_vlans = [ v.vlan for v in find_allowed_vlans_for_user(get_account(request)) ] trunked_vlans = filter_vlans(trunked_vlans, old_trunked, allowed_vlans) native_vlan = (native_vlan if native_vlan in allowed_vlans else old_native) _logger.info('Interface %s - native: %s, trunk: %s', interface, native_vlan, trunked_vlans) LogEntry.add_log_entry( request.account, u'set-vlan', u'{actor}: {object} - native vlan: "%s", trunk vlans: "%s"' % (native_vlan, trunked_vlans), subsystem=u'portadmin', object=interface, ) if trunked_vlans: agent.set_trunk(interface, native_vlan, trunked_vlans) else: agent.set_access(interface, native_vlan)
def handle_trunk_edit(request, agent, interface): """Edit a trunk""" native_vlan = int(request.POST.get('native_vlan')) trunked_vlans = [int(vlan) for vlan in request.POST.getlist('trunk_vlans')] if should_check_access_rights(get_account(request)): # A user can avoid the form restrictions by sending a forged post # request Make sure only the allowed vlans are set old_native, old_trunked = agent.get_native_and_trunked_vlans(interface) allowed_vlans = [v.vlan for v in find_allowed_vlans_for_user(get_account(request))] trunked_vlans = filter_vlans(trunked_vlans, old_trunked, allowed_vlans) native_vlan = (native_vlan if native_vlan in allowed_vlans else old_native) _logger.info('Interface %s - native: %s, trunk: %s', interface, native_vlan, trunked_vlans) if trunked_vlans: agent.set_trunk(interface, native_vlan, trunked_vlans) else: agent.set_access(interface, native_vlan)
def handle_trunk_edit(request, agent, interface): """Edit a trunk""" native_vlan = int(request.POST.get('native_vlan')) trunked_vlans = [int(vlan) for vlan in request.POST.getlist('trunk_vlans')] if should_check_access_rights(get_account(request)): # A user can avoid the form restrictions by sending a forged post # request Make sure only the allowed vlans are set old_native, old_trunked = agent.get_native_and_trunked_vlans(interface) allowed_vlans = [ v.vlan for v in find_allowed_vlans_for_user(get_account(request)) ] trunked_vlans = filter_vlans(trunked_vlans, old_trunked, allowed_vlans) native_vlan = (native_vlan if native_vlan in allowed_vlans else old_native) _logger.info('Interface %s - native: %s, trunk: %s', interface, native_vlan, trunked_vlans) if trunked_vlans: agent.set_trunk(interface, native_vlan, trunked_vlans) else: agent.set_access(interface, native_vlan)
def test_filter_vlans(self): vlans_from_request = [1, 2, 3] old_trunked_vlans = [3] # Vlans from querying the netbox allowed_vlans = [1] self.assertEqual(filter_vlans(vlans_from_request, old_trunked_vlans, allowed_vlans), [1, 3])
def test_filter_vlans_add(self): vlans_from_request = [1, 2, 3] old_trunked_vlans = [3] # Vlans from querying the netbox allowed_vlans = range(1, 10) self.assertEqual( filter_vlans(vlans_from_request, old_trunked_vlans, allowed_vlans), [1, 2, 3])
def test_filter_vlans_remove_deny(self): """Only remove vlans that are in allowed vlans list""" vlans_from_request = [2] old_trunked_vlans = [1, 2, 3] allowed_vlans = range(1, 3) self.assertEqual( filter_vlans(vlans_from_request, old_trunked_vlans, allowed_vlans), [2, 3])
def test_filter_vlans_remove(self): """It should be possible to remove vlans by not including them""" vlans_from_request = [1, 2] old_trunked_vlans = [3] allowed_vlans = range(1, 10) self.assertEqual( filter_vlans(vlans_from_request, old_trunked_vlans, allowed_vlans), [1, 2])
def test_filter_vlans_add_deny(self): """Only add vlans that are in allowed vlans""" vlans_from_request = [1, 2, 3] old_trunked_vlans = [3] # Vlans from querying the netbox allowed_vlans = [1] self.assertEqual( filter_vlans(vlans_from_request, old_trunked_vlans, allowed_vlans), [1, 3])