def set_policy(request, account_id, policy_name): """ Respond to the "/admin/account/set_policy/XXX/YYY" URL. We let the administrator set the account-level override for the given account and policy. """ if not request.user.is_authenticated(): return HttpResponseRedirect(reverse("tahua.admin_interface.views." + "main.main")) try: account = Account.objects.get(id=account_id) except Account.DoesNotExist: return HttpResponseRedirect(reverse("tahua.admin_interface.views." + "main.main")) try: policy = Policy.objects.get(name=policy_name) except Policy.DoesNotExist: return HttpResponseRedirect(reverse("tahua.admin_interface.views." + "main.main")) try: override = \ PolicyAccountOverride.objects.get(policy=policy, account=account).get_override() except PolicyAccountOverride.DoesNotExist: override = "" if request.method == "GET": err_msg = None elif request.method == "POST": # See if the user clicked on one of our buttons. if request.POST.get("cancel") != None: return HttpResponseRedirect(reverse("tahua.admin_interface." + "views.account.policies", args=[account.id])) if request.POST.get("ok") != None: err_msg = None # initially. override = request.POST.get("override") if override in [None, ""]: err_msg = "You must enter a value for this policy override." if err_msg == None: try: override_value = eval(override) except ValueError: err_msg = "Invalid override value." if err_msg == None: # Save the policy override, creating a new record if necessary. try: override = \ PolicyAccountOverride.objects.get(policy=policy, account=account) except PolicyAccountOverride.DoesNotExist: override = PolicyAccountOverride() override.policy = policy override.account = account override.set_override(override_value) override.save() return HttpResponseRedirect(reverse("tahua.admin_interface." + "views.account.policies", args=[account.id])) # If we get here, display the page. return render_to_response("admin_interface/account_wrapper.html", {'tab' : "policies", 'template_name' : "admin_interface/" + "account_set_policy.html", 'account' : account, 'err_msg' : err_msg, 'policy_label' : policy.label, 'default' : policy.get_default(), 'override' : override, }, context_instance=RequestContext(request))
def set(request): """ Respond to the "/policy/set" API call. """ try: # Extract our payload from the request parameters. request_payload = api_helper.process_request(request) if "error" in request_payload: return request_payload['error'] # Check that the required fields are present. error = api_helper.check_fields(request_payload, required_fields=["session_key", "pin_number", "policy", "value"], optional_fields=["account_id"]) if error != None: return error user = request_payload['session'].user pin_number = request_payload['fields']['pin_number'] account_id = request_payload['fields'].get("account_id") policy_name = request_payload['fields']['policy'] policy_value = request_payload['fields']['value'] # Check that the supplied PIN number is correct. if pin_number != user.pin_number: return api_helper.error(request_payload, api_errors.UNAUTHORIZED) # If an account ID was specified, make sure the user is allowed to # access that account. if account_id != None: if user.user_id != account_id.get("user_id"): return api_helper.error(request_payload, api_errors.UNAUTHORIZED) # Get the Policy the user wants to set the override for. try: policy = Policy.objects.get(name=policy_name) except Policy.DoesNotExist: return api_helper.error(request_payload, api_errors.NO_SUCH_POLICY) # Check that the user is allowed to make this policy override for the # given policy. if not account_helper.is_acceptable_policy_override(policy, policy_value): return api_helper.error(request_payload, api_errors.UNACCEPTABLE_POLICY_OVERRIDE) # Create an appropriate policy override record. if account_id != None: # We need to create an account-level override for this policy and # account, deleting the old override if there is one. account = account_helper.get_or_create_account(account_id) PolicyAccountOverride.objects.filter(policy=policy, account=account).delete() override = PolicyAccountOverride() override.policy = policy override.account = account override.set_override(policy_value) override.save() else: # We need to create a user-level override for this policy and user, # deleing the old override if there is one. PolicyUserOverride.objects.filter(policy=policy, user=user).delete() override = PolicyUserOverride() override.policy = policy override.user = user override.set_override(policy_value) override.save() # Finally, return an empty payload back to the caller. return api_helper.response(request_payload, {}) except: traceback.print_exc() return HttpResponseServerError()