def group_topology_delete(request, group, **kwargs): """Delete any topologies owned by users in this group. @param request An HttpRequest @param group The group to delete @return HttpResponse""" if request.method != 'POST': return direct_to_template(request, 'vns/confirm.html', {'title':'Delete topologies for group %s from %s' % (group.name, group.org.name), 'button':'Delete topologies', 'url':'/org/%s/%s/deletetopo/' % (group.org.name, group.name)}) # Get the group, users and topologies users = User.objects.filter(vns_groups=group) topos = db.Topology.objects.filter(owner__in=users) # Insert journal entries for the main VNS process to delete the topologies, # subject to permissions checks no_perms = False has_deleted = False for t in topos: if permissions.allowed_topology_access_delete(request.user, t): je = db.JournalTopologyDelete() je.topology = t je.save() has_deleted = True else: no_perms = True # Display either a success message or a helpful error message if no_perms and not has_deleted: messages.error(request, "You do not have permission to delete topologies from this group") return HttpResponseRedirect('/') elif no_perms and has_deleted: messages.info(request, "You do not have permissions to delete some of the topologies " "from this group, but some other topologies have been marked for deletion.") return HttpResponseRedirect('/') else: messages.success(request, "Topologies for this group have been marked for deletion.") return HttpResponseRedirect('/')
def topology_access_check(request, callee, action, **kwargs): """Checks that the user can access the functions they're trying to, and if they can calls callee. There are two valid authentication methods - django logihn, as normally used for the website, and a cryptographic token supplied in the HTTP GET, as used for clack. @param request An HTTP request @param callee Gives the Callable to call @param action One of "add", "change", "use", "delete", describing the permissions needed @param tid The ID of the topology in question; not used for action = "add" @exception ValueError If an action is unrecognised @exception KeyError If an option is missing @return HttpResponse""" def denied(): """Generate an error message and redirect if we try do something to a topology we're not allowed to""" messages.error(request, "Either this topology doesn't exist or you don't " "have permission to %s it." % action) return HttpResponseRedirect('/login/') def denied_add(): """Generate an error message and redirect if we try to create a topology and are not allowed to""" messages.error(request, "You don't have permission to create topologies.") return HttpResponseRedirect('/login/') # If we're trying to add a template, don't need to get the template itself if action == "add": if permissions.allowed_topology_access_create(request.user): return callee(request) else: return denied_add() else: # Try getting the template - if it doesn't exist, show the same message # as for permission denied. If we don't have a "tid" argument, django # will show an internal error, which is what we want. tid = int(kwargs["tid"]) kwargs["tid"] = tid try : topo = db.Topology.objects.get(pk=tid) except db.Topology.DoesNotExist: return denied() if action == "use": # See if there is an HTTP GET token - if there is, try to use the token # method for authentication try: token = request.GET["token"] except KeyError: pass else: # See if the token is valid user = crypto.validate_token(token) if user != None and permissions.allowed_topology_access_use(user, topo): request.user = user return callee(request, topo=topo, **kwargs) if permissions.allowed_topology_access_use(request.user, topo): return callee(request, topo=topo, **kwargs) else: return denied() elif action == "change": if permissions.allowed_topology_access_change(request.user, topo): return callee(request, topo=topo, **kwargs) else: return denied() elif action == "delete": if permissions.allowed_topology_access_delete(request.user, topo): return callee(request, topo=topo, **kwargs) else: return denied() else: raise ValueError("Unknown action: %s" % options["action"])