def admin_qs_for_cluster(cluster): """ Get all users and groups which have admin permissions on a cluster. This includes users who have admin permissions on a cluster via their group. Note: This does not serve many purposes anymore owner_qs has mostly replaced its functionality. """ # get_users_any() can't deal with None, and at any rate, nobody can # possibly own a null cluster. if not cluster: return ClusterUser.objects.none() # Get all superusers. superusers_qs = ClusterUser.objects.filter( profile__user__is_superuser=True) # Get all users who have the given permissions on the given cluster. # This will include users who's groups have admin privs. users = get_users_any(cluster, ["admin"], groups=True) # Get the actual groups themselves. groups = get_groups_any(cluster, ["admin"]) qs = ClusterUser.objects.filter( Q(profile__user__in=users) | Q(organization__group__in=groups)) qs |= superusers_qs return qs.distinct()
def admin_qs_for_cluster(cluster): """ Get all users and groups which have admin permissions on a cluster. This includes users who have admin permissions on a cluster via their group. Note: This does not serve many purposes anymore owner_qs has mostly replaced its functionality. """ # get_users_any() can't deal with None, and at any rate, nobody can # possibly own a null cluster. if not cluster: return ClusterUser.objects.none() # Get all superusers. superusers_qs = ClusterUser.objects.filter( profile__user__is_superuser=True) # Get all users who have the given permissions on the given cluster. # This will include users who's groups have admin privs. users = get_users_any(cluster, ["admin"], groups=True) # Get the actual groups themselves. groups = get_groups_any(cluster, ["admin"]) qs = ClusterUser.objects.filter(Q(profile__user__in=users) | Q(organization__group__in=groups)) qs |= superusers_qs return qs.distinct()
def get(self, request, name, context=None): context = context or self.common(request, name) if not context['can_view']: raise PermissionDenied users = get_users_any(context['local_file']) context['permissions'] = [{'user': user} for user in users] return self.render(request, context, 'update/file-detail')
def ssh_keys(request, cluster_slug, api_key): """ Show all ssh keys which belong to users, who have any perms on the cluster """ if settings.WEB_MGR_API_KEY != api_key: return HttpResponseForbidden("You're not allowed to view keys.") cluster = get_object_or_404(Cluster, slug=cluster_slug) users = set(get_users_any(cluster).values_list("id", flat=True)) for vm in cluster.virtual_machines.all(): users = users.union(set(get_users_any(vm).values_list('id', flat=True))) keys = SSHKey.objects \ .filter(Q(user__in=users) | Q(user__is_superuser=True)) \ .values_list('key','user__username') \ .order_by('user__username') keys_list = list(keys) return HttpResponse(json.dumps(keys_list), mimetype="application/json")
def ssh_keys(request, cluster_slug, api_key): """ Show all ssh keys which belong to users, who have any perms on the cluster """ if settings.WEB_MGR_API_KEY != api_key: return HttpResponseForbidden(_("You're not allowed to view keys.")) cluster = get_object_or_404(Cluster, slug=cluster_slug) users = set(get_users_any(cluster).values_list("id", flat=True)) for vm in cluster.virtual_machines.all(): users = users.union(set( get_users_any(vm).values_list('id', flat=True))) keys = SSHKey.objects \ .filter(Q(user__in=users) | Q(user__is_superuser=True)) \ .values_list('key', 'user__username') \ .order_by('user__username') keys_list = list(keys) return HttpResponse(json.dumps(keys_list), mimetype="application/json")
def ssh_keys(request, api_key): """ Lists all keys for all clusters managed by GWM """ """ Show all ssh keys which belong to users, who have any perms on the cluster """ if settings.WEB_MGR_API_KEY != api_key: return HttpResponseForbidden(_("You're not allowed to view keys.")) users = set() for cluster in Cluster.objects.all(): users = users.union(set(get_users_any(cluster).values_list("id", flat=True))) for vm in VirtualMachine.objects.all(): users = users.union(set(get_users_any(vm).values_list("id", flat=True))) keys = ( SSHKey.objects.filter(Q(user__in=users) | Q(user__is_superuser=True)) .values_list("key", "user__username") .order_by("user__username") ) keys_list = list(keys) return HttpResponse(json.dumps(keys_list), mimetype="application/json")
def ssh_keys(request, cluster_slug, instance, api_key): """ Show all ssh keys which belong to users, who are specified vm's admin """ import settings if settings.WEB_MGR_API_KEY != api_key: return HttpResponseForbidden("You're not allowed to view keys.") vm = get_object_or_404(VirtualMachine, hostname=instance, \ cluster__slug=cluster_slug) users = get_users_any(vm, ["admin",]).values_list("id",flat=True) keys = SSHKey.objects.filter(user__in=users).values_list('key','user__username').order_by('user__username') keys_list = list(keys) return HttpResponse(json.dumps(keys_list), mimetype="application/json")
def ssh_keys(request, cluster_slug, instance, api_key): """ Show all ssh keys which belong to users, who are specified vm's admin """ if settings.WEB_MGR_API_KEY != api_key: return HttpResponseForbidden(_("You're not allowed to view keys.")) vm = get_object_or_404(VirtualMachine, hostname=instance, cluster__slug=cluster_slug) users = get_users_any(vm, ["admin",]).values_list("id",flat=True) keys = SSHKey.objects \ .filter(Q(user__in=users) | Q(user__is_superuser=True)) \ .values_list('key','user__username') \ .order_by('user__username') keys_list = list(keys) return HttpResponse(json.dumps(keys_list), mimetype="application/json")
def owner_qs_for_cluster(cluster): """ Get all owners for a cluster. """ # get_users_any() can't deal with None, and at any rate, nobody can # possibly own a null cluster. if not cluster: return ClusterUser.objects.none() # Get all superusers. qs = ClusterUser.objects.filter(profile__user__is_superuser=True) # Get all users who have the given permissions on the given cluster. users = get_users_any(cluster, ["admin"], True) qs |= ClusterUser.objects.filter(profile__user__in=users) return qs