def admin_qs_for_cluster(cluster): """ Get all users and groups which have admin permissions on a cluster. This includes users who have admin permissions on a cluster via their group. Note: This does not serve many purposes anymore owner_qs has mostly replaced its functionality. """ # get_users_any() can't deal with None, and at any rate, nobody can # possibly own a null cluster. if not cluster: return ClusterUser.objects.none() # Get all superusers. superusers_qs = ClusterUser.objects.filter( profile__user__is_superuser=True) # Get all users who have the given permissions on the given cluster. # This will include users who's groups have admin privs. users = get_users_any(cluster, ["admin"], groups=True) # Get the actual groups themselves. groups = get_groups_any(cluster, ["admin"]) qs = ClusterUser.objects.filter(Q(profile__user__in=users) | Q(organization__group__in=groups)) qs |= superusers_qs return qs.distinct()
def admin_qs_for_cluster(cluster): """ Get all users and groups which have admin permissions on a cluster. This includes users who have admin permissions on a cluster via their group. Note: This does not serve many purposes anymore owner_qs has mostly replaced its functionality. """ # get_users_any() can't deal with None, and at any rate, nobody can # possibly own a null cluster. if not cluster: return ClusterUser.objects.none() # Get all superusers. superusers_qs = ClusterUser.objects.filter( profile__user__is_superuser=True) # Get all users who have the given permissions on the given cluster. # This will include users who's groups have admin privs. users = get_users_any(cluster, ["admin"], groups=True) # Get the actual groups themselves. groups = get_groups_any(cluster, ["admin"]) qs = ClusterUser.objects.filter( Q(profile__user__in=users) | Q(organization__group__in=groups)) qs |= superusers_qs return qs.distinct()
def admin_group_qs(cluster, user): """ Given a cluster and a user, return the groups the user is in which have admin permissions on the cluster. """ # Get the list of groups the user is in users_groups = user.profile.user.groups.all().distinct() # Get a list of groups which has admin on this cluster admin_groups = get_groups_any(cluster, ["admin", 'create_vm']) # Intersection: Which groups are both the users group and admin groups groups = users_groups & admin_groups return groups