def admin_qs_for_cluster(cluster):
"""
Get all users and groups which have admin permissions on a cluster.
This includes users who have admin permissions on a cluster
via their group.
Note: This does not serve many purposes anymore
owner_qs has mostly replaced its functionality.
"""
# get_users_any() can't deal with None, and at any rate, nobody can
# possibly own a null cluster.
if not cluster:
return ClusterUser.objects.none()
# Get all superusers.
superusers_qs = ClusterUser.objects.filter(
profile__user__is_superuser=True)
# Get all users who have the given permissions on the given cluster.
# This will include users who's groups have admin privs.
users = get_users_any(cluster, ["admin"], groups=True)
# Get the actual groups themselves.
groups = get_groups_any(cluster, ["admin"])
qs = ClusterUser.objects.filter(
Q(profile__user__in=users) | Q(organization__group__in=groups))
qs |= superusers_qs
return qs.distinct()
def admin_qs_for_cluster(cluster):
"""
Get all users and groups which have admin permissions on a cluster.
This includes users who have admin permissions on a cluster
via their group.
Note: This does not serve many purposes anymore
owner_qs has mostly replaced its functionality.
"""
# get_users_any() can't deal with None, and at any rate, nobody can
# possibly own a null cluster.
if not cluster:
return ClusterUser.objects.none()
# Get all superusers.
superusers_qs = ClusterUser.objects.filter(
profile__user__is_superuser=True)
# Get all users who have the given permissions on the given cluster.
# This will include users who's groups have admin privs.
users = get_users_any(cluster, ["admin"], groups=True)
# Get the actual groups themselves.
groups = get_groups_any(cluster, ["admin"])
qs = ClusterUser.objects.filter(Q(profile__user__in=users) |
Q(organization__group__in=groups))
qs |= superusers_qs
return qs.distinct()
def get(self, request, name, context=None):
context = context or self.common(request, name)
if not context['can_view']:
raise PermissionDenied
users = get_users_any(context['local_file'])
context['permissions'] = [{'user': user} for user in users]
return self.render(request, context, 'update/file-detail')
def ssh_keys(request, cluster_slug, api_key):
"""
Show all ssh keys which belong to users, who have any perms on the cluster
"""
if settings.WEB_MGR_API_KEY != api_key:
return HttpResponseForbidden("You're not allowed to view keys.")
cluster = get_object_or_404(Cluster, slug=cluster_slug)
users = set(get_users_any(cluster).values_list("id", flat=True))
for vm in cluster.virtual_machines.all():
users = users.union(set(get_users_any(vm).values_list('id', flat=True)))
keys = SSHKey.objects \
.filter(Q(user__in=users) | Q(user__is_superuser=True)) \
.values_list('key','user__username') \
.order_by('user__username')
keys_list = list(keys)
return HttpResponse(json.dumps(keys_list), mimetype="application/json")
def ssh_keys(request, cluster_slug, api_key):
"""
Show all ssh keys which belong to users, who have any perms on the cluster
"""
if settings.WEB_MGR_API_KEY != api_key:
return HttpResponseForbidden(_("You're not allowed to view keys."))
cluster = get_object_or_404(Cluster, slug=cluster_slug)
users = set(get_users_any(cluster).values_list("id", flat=True))
for vm in cluster.virtual_machines.all():
users = users.union(set(
get_users_any(vm).values_list('id', flat=True)))
keys = SSHKey.objects \
.filter(Q(user__in=users) | Q(user__is_superuser=True)) \
.values_list('key', 'user__username') \
.order_by('user__username')
keys_list = list(keys)
return HttpResponse(json.dumps(keys_list), mimetype="application/json")
def ssh_keys(request, api_key):
""" Lists all keys for all clusters managed by GWM """
"""
Show all ssh keys which belong to users, who have any perms on the cluster
"""
if settings.WEB_MGR_API_KEY != api_key:
return HttpResponseForbidden(_("You're not allowed to view keys."))
users = set()
for cluster in Cluster.objects.all():
users = users.union(set(get_users_any(cluster).values_list("id", flat=True)))
for vm in VirtualMachine.objects.all():
users = users.union(set(get_users_any(vm).values_list("id", flat=True)))
keys = (
SSHKey.objects.filter(Q(user__in=users) | Q(user__is_superuser=True))
.values_list("key", "user__username")
.order_by("user__username")
)
keys_list = list(keys)
return HttpResponse(json.dumps(keys_list), mimetype="application/json")
def ssh_keys(request, cluster_slug, instance, api_key):
"""
Show all ssh keys which belong to users, who are specified vm's admin
"""
import settings
if settings.WEB_MGR_API_KEY != api_key:
return HttpResponseForbidden("You're not allowed to view keys.")
vm = get_object_or_404(VirtualMachine, hostname=instance, \
cluster__slug=cluster_slug)
users = get_users_any(vm, ["admin",]).values_list("id",flat=True)
keys = SSHKey.objects.filter(user__in=users).values_list('key','user__username').order_by('user__username')
keys_list = list(keys)
return HttpResponse(json.dumps(keys_list), mimetype="application/json")
def ssh_keys(request, cluster_slug, instance, api_key):
"""
Show all ssh keys which belong to users, who are specified vm's admin
"""
if settings.WEB_MGR_API_KEY != api_key:
return HttpResponseForbidden(_("You're not allowed to view keys."))
vm = get_object_or_404(VirtualMachine, hostname=instance,
cluster__slug=cluster_slug)
users = get_users_any(vm, ["admin",]).values_list("id",flat=True)
keys = SSHKey.objects \
.filter(Q(user__in=users) | Q(user__is_superuser=True)) \
.values_list('key','user__username') \
.order_by('user__username')
keys_list = list(keys)
return HttpResponse(json.dumps(keys_list), mimetype="application/json")
def owner_qs_for_cluster(cluster):
"""
Get all owners for a cluster.
"""
# get_users_any() can't deal with None, and at any rate, nobody can
# possibly own a null cluster.
if not cluster:
return ClusterUser.objects.none()
# Get all superusers.
qs = ClusterUser.objects.filter(profile__user__is_superuser=True)
# Get all users who have the given permissions on the given cluster.
users = get_users_any(cluster, ["admin"], True)
qs |= ClusterUser.objects.filter(profile__user__in=users)
return qs
