def save_user_permissions(org, user, perms): """ Save user permissions for the specified org and user perms should be a dict of permissioning ids and permission levels """ # wipe all the user's perms for the targeted org user.userpermission_set.filter(namespace__startswith=org.nsp_namespace).delete() # collect permissioning namespaces from the provided permissioning ids nsp_perms = {} for id, permissions in list(perms.items()): if not permissions & PERM_READ: permissions = permissions | PERM_READ if id == "org.%d" % org.id: nsp_perms[org.nsp_namespace] = permissions nsp_perms[ NetworkContact.nsp_namespace_from_id(org.id, "*", "private") ] = permissions elif id == "net": nsp_perms[ Network.nsp_namespace_from_id(org.id, "*").strip(".*") ] = permissions nsp_perms[ NetworkContact.nsp_namespace_from_id(org.id, "*", "private") ] = permissions elif id == "ix": nsp_perms[ InternetExchange.nsp_namespace_from_id(org.id, "*").strip(".*") ] = permissions elif id == "fac": nsp_perms[ Facility.nsp_namespace_from_id(org.id, "*").strip(".*") ] = permissions elif id.find(".") > -1: id = id.split(".") if id[0] == "net": nsp_perms[Network.nsp_namespace_from_id(org.id, id[1])] = permissions nsp_perms[ NetworkContact.nsp_namespace_from_id(org.id, id[1], "private") ] = permissions elif id[0] == "ix": nsp_perms[ InternetExchange.nsp_namespace_from_id(org.id, id[1]) ] = permissions elif id[0] == "fac": nsp_perms[Facility.nsp_namespace_from_id(org.id, id[1])] = permissions # save for ns, p in list(nsp_perms.items()): UserPermission.objects.create(namespace=ns, permissions=p, user=user) return nsp_perms
def save_user_permissions(org, user, perms): """ Save user permissions for the specified org and user perms should be a dict of permissioning ids and permission levels """ # wipe all the user's perms for the targeted org user.userpermission_set.filter( namespace__startswith=org.nsp_namespace).delete() # collect permissioning namespaces from the provided permissioning ids nsp_perms = {} for id, permissions in perms.items(): if not permissions & PERM_READ: permissions = permissions | PERM_READ if id == "org.%d" % org.id: nsp_perms[org.nsp_namespace] = permissions nsp_perms[NetworkContact.nsp_namespace_from_id( org.id, "*", "private")] = permissions elif id == "net": nsp_perms[Network.nsp_namespace_from_id( org.id, "*").strip(".*")] = permissions nsp_perms[NetworkContact.nsp_namespace_from_id( org.id, "*", "private")] = permissions elif id == "ix": nsp_perms[InternetExchange.nsp_namespace_from_id( org.id, "*").strip(".*")] = permissions elif id == "fac": nsp_perms[Facility.nsp_namespace_from_id( org.id, "*").strip(".*")] = permissions elif id.find(".") > -1: id = id.split(".") if id[0] == "net": nsp_perms[Network.nsp_namespace_from_id(org.id, id[1])] = permissions nsp_perms[NetworkContact.nsp_namespace_from_id( org.id, id[1], "private")] = permissions elif id[0] == "ix": nsp_perms[InternetExchange.nsp_namespace_from_id( org.id, id[1])] = permissions elif id[0] == "fac": nsp_perms[Facility.nsp_namespace_from_id(org.id, id[1])] = permissions # save for ns, p in nsp_perms.items(): UserPermission.objects.create(namespace=ns, permissions=p, user=user) return nsp_perms
def list(self, request): return Response(Network.as_set_map(self.get_queryset()))
def uoar_creation(sender, instance, created=False, **kwargs): """ When a user to organization affiliation request is created we want to notify the approporiate management entity We also want to attempt to derive the targeted organization from the ASN the user provided """ if created: if instance.asn and not instance.org_id: network = Network.objects.filter(asn=instance.asn).first() if network: # network with targeted asn found, set org instance.org = network.org instance.status = "pending" instance.save() if instance.org_id and instance.org.admin_usergroup.user_set.count() > 0: # check that user is not already a member of that org if instance.user.groups.filter(name=instance.org.usergroup.name).exists(): instance.approve() return # organization exists already and has admins, notify organization # admins for user in instance.org.admin_usergroup.user_set.all(): with override(user.locale): user.email_user( _( "User %(u_name)s wishes to be affiliated to your Organization" ) % {"u_name": instance.user.full_name}, loader.get_template( "email/notify-org-admin-user-affil.txt" ).render( { "user": instance.user, "org": instance.org, "org_management_url": "%s/org/%d#users" % (settings.BASE_URL, instance.org.id), } ), ) else: request_type = "be affiliated to" rdap_data = {"emails": []} org_created = False net_created = False rdap_lookup = None if instance.asn and not instance.org_id: # ASN specified in request, but no network found # Lookup RDAP information try: rdap_lookup = rdap = RdapLookup().get_asn(instance.asn) ok = rdap_lookup.emails except RdapException as inst: instance.deny() raise # create organization instance.org, org_created = Organization.create_from_rdap( rdap, instance.asn, instance.org_name ) instance.save() # create network net, net_created = Network.create_from_rdap( rdap, instance.asn, instance.org ) # if affiliate auto appove is on, auto approve at this point if pdb_settings.AUTO_APPROVE_AFFILIATION: instance.approve() return ticket_queue_asnauto_create( instance.user, instance.org, net, rdap, net.asn, org_created=org_created, net_created=net_created, ) # if user's relationship to network can be validated now # we can approve the ownership request right away if instance.user.validate_rdap_relationship(rdap): instance.approve() ticket_queue_asnauto_affil(instance.user, instance.org, net, rdap) return if instance.org: # organization has been set on affiliation request entity_name = instance.org.name if not instance.org.owned: # organization is currently not owned request_type = "request ownership of" # if affiliate auto appove is on, auto approve at this point if pdb_settings.AUTO_APPROVE_AFFILIATION: instance.approve() return # if user's relationship to the org can be validated by # checking the rdap information of the org's networks # we can approve the affiliation (ownership) request right away for asn, rdap in list(instance.org.rdap_collect.items()): rdap_data["emails"].extend(rdap.emails) if instance.user.validate_rdap_relationship(rdap): ticket_queue_asnauto_affil( instance.user, instance.org, Network.objects.get(asn=asn), rdap, ) instance.approve() return else: entity_name = instance.org_name if pdb_settings.AUTO_APPROVE_AFFILIATION: org = Organization.objects.create( name=instance.org_name, status="ok" ) instance.org = org instance.approve() return # organization has no owners and RDAP information could not verify the user's relationship to the organization, notify pdb staff for review ticket_queue( "User %s wishes to %s %s" % (instance.user.username, request_type, entity_name), loader.get_template("email/notify-pdb-admin-user-affil.txt").render( { "user": instance.user, "instance": instance, "base_url": settings.BASE_URL, "org_add_url": "%s%s" % ( settings.BASE_URL, django.urls.reverse( "admin:peeringdb_server_organization_add" ), ), "net_add_url": "%s%s" % ( settings.BASE_URL, django.urls.reverse("admin:peeringdb_server_network_add"), ), "review_url": "%s%s" % ( settings.BASE_URL, django.urls.reverse( "admin:peeringdb_server_user_change", args=(instance.user.id,), ), ), "approve_url": "%s%s" % ( settings.BASE_URL, django.urls.reverse( "admin:peeringdb_server_userorgaffiliationrequest_actions", args=(instance.id, "approve_and_notify"), ), ), "emails": list(set(rdap_data["emails"])), "rdap_lookup": rdap_lookup, } ), instance.user, ) elif instance.status == "approved" and instance.org_id: # uoar was not created, and status is now approved, call approve # to finalize instance.approve()
def uoar_creation(sender, instance, created=False, **kwargs): """ When a user to organization affiliation request is created we want to notify the approporiate management entity We also want to attempt to derive the targeted organization from the ASN the user provided """ if created: if instance.asn and not instance.org_id: network = Network.objects.filter(asn=instance.asn).first() if network: # network with targeted asn found, set org instance.org = network.org instance.status = "pending" instance.save() if instance.org_id and instance.org.admin_usergroup.user_set.count( ) > 0: # check that user is not already a member of that org if instance.user.groups.filter( name=instance.org.usergroup.name).exists(): instance.approve() return # organization exists already and has admins, notify organization # admins for user in instance.org.admin_usergroup.user_set.all(): with override(user.locale): user.email_user( _(u"User %(u_name)s wishes to be affiliated to your Organization" ) % {'u_name': instance.user.full_name}, loader.get_template( 'email/notify-org-admin-user-affil.txt').render({ "user": instance.user, "org": instance.org, "org_management_url": '%s/org/%d#users' % (settings.BASE_URL, instance.org.id) })) else: request_type = "be affiliated to" rdap_data = {"emails": []} org_created = False net_created = False rdap_lookup = None if instance.asn and not instance.org_id: # ASN specified in request, but no network found # Lookup RDAP information try: rdap_lookup = rdap = RdapLookup().get_asn(instance.asn) ok = rdap_lookup.emails except RdapException, inst: instance.deny() raise # create organization instance.org, org_created = Organization.create_from_rdap( rdap, instance.asn, instance.org_name) instance.save() # create network net, net_created = Network.create_from_rdap( rdap, instance.asn, instance.org) # if affiliate auto appove is on, auto approve at this point if pdb_settings.AUTO_APPROVE_AFFILIATION: instance.approve() return ticket_queue_asnauto_create( instance.user, instance.org, net, rdap, net.asn, org_created=org_created, net_created=net_created) # if user's relationship to network can be validated now # we can approve the ownership request right away if instance.user.validate_rdap_relationship(rdap): instance.approve() ticket_queue_asnauto_affil(instance.user, instance.org, net, rdap) return if instance.org: # organization has been set on affiliation request entity_name = instance.org.name if not instance.org.owned: # organization is currently not owned request_type = "request ownership of" # if affiliate auto appove is on, auto approve at this point if pdb_settings.AUTO_APPROVE_AFFILIATION: instance.approve() return # if user's relationship to the org can be validated by # checking the rdap information of the org's networks # we can approve the affiliation (ownership) request right away for asn, rdap in instance.org.rdap_collect.items(): rdap_data["emails"].extend(rdap.emails) if instance.user.validate_rdap_relationship(rdap): ticket_queue_asnauto_affil( instance.user, instance.org, Network.objects.get(asn=asn), rdap) instance.approve() return else: entity_name = instance.org_name if pdb_settings.AUTO_APPROVE_AFFILIATION: org = Organization.objects.create(name=instance.org_name, status="ok") instance.org = org instance.approve() return # organization has no owners and RDAP information could not verify the user's relationship to the organization, notify pdb staff for review ticket_queue( u'User %s wishes to %s %s' % (instance.user.username, request_type, entity_name), loader.get_template('email/notify-pdb-admin-user-affil.txt') .render({ "user": instance.user, "instance": instance, "base_url": settings.BASE_URL, "org_add_url": "%s%s" % ( settings.BASE_URL, urlresolvers.reverse( "admin:peeringdb_server_organization_add")), "net_add_url": "%s%s" % (settings.BASE_URL, urlresolvers.reverse( "admin:peeringdb_server_network_add")), "review_url": "%s%s" % (settings.BASE_URL, urlresolvers.reverse( "admin:peeringdb_server_user_change", args=(instance.user.id, ))), "approve_url": "%s%s" % ( settings.BASE_URL, urlresolvers.reverse( "admin:peeringdb_server_userorgaffiliationrequest_actions", args=(instance.id, "approve_and_notify"))), "emails": list(set(rdap_data["emails"])), "rdap_lookup": rdap_lookup }), instance.user)