def delete(self, request, obj_id):
try:
roles_obj = client_factory(request).roles
role_assign_obj = client_factory(request).role_assignments
users_obj = client_factory(request).users
arg_dict = {
'project' : request.user.tenant_id,
'user' : obj_id
}
for r_item in role_assign_obj.list(**arg_dict):
roles_obj.revoke(r_item.role['id'], **arg_dict)
member = users_obj.get(obj_id)
noti_params = {
'username' : member.name,
'admin_address' : users_obj.get(request.user.id).email,
'project' : request.user.tenant_name
}
noti_sbj, noti_body = notification_render(MEMBER_REMOVED, noti_params)
notifyUsers(member.email, noti_sbj, noti_body)
noti_sbj, noti_body = notification_render(MEMBER_REMOVED_ADM, noti_params)
notifyManagers(noti_sbj, noti_body)
except:
LOG.error("Grant revoke error", exc_info=True)
messages.error(request, _('Unable to delete member from tenant.'))
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = data['requestid'].split(':')
with transaction.atomic():
q_args = {
'registration__regid' : int(usr_and_prj[0]),
'project__projectname' : usr_and_prj[1]
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
project_name = prj_req.project.projectname
project_id = prj_req.project.projectid
user_name = prj_req.registration.username
user_id = prj_req.registration.userid
#
# clear request
#
prj_req.delete()
#
# send notification to project managers and users
#
user_email = keystone_api.user_get(request, user_id).email
prjman_list = get_project_managers(request, project_id)
noti_params = {
'username' : user_name,
'project' : project_name,
'notes' : data['reason']
}
noti_sbj, noti_body = notification_render(SUBSCR_FORCED_NO_TYPE, noti_params)
notifyUsers([ pman.email for pman in prjman_list ], noti_sbj, noti_body)
noti_sbj, noti_body = notification_render(SUBSCR_NO_TYPE, noti_params)
notifyUsers(user_email, noti_sbj, noti_body)
except:
LOG.error("Error forced-checking request", exc_info=True)
messages.error(request, _("Cannot forced check request"))
return False
return True
def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
try:
now = datetime.now()
contact_list = build_contact_list()
for days_to_exp in self._get_days_to_exp(config.cron_plan):
tframe = now + timedelta(days=days_to_exp)
q_args = {
'expdate__gte':
tframe.replace(hour=0, minute=0, second=0, microsecond=0),
'expdate__lte':
tframe.replace(hour=23,
minute=59,
second=59,
microsecond=999999)
}
for exp_item in Expiration.objects.filter(**q_args):
try:
keystone = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
tmpuser = keystone.users.get(
exp_item.registration.userid)
noti_params = {
'username': exp_item.registration.username,
'days': days_to_exp,
'contacts': contact_list
}
noti_sbj, noti_body = notification_render(
USER_EXP_TYPE, noti_params)
notifyUsers(tmpuser.email, noti_sbj, noti_body)
#
# TODO send notification to project admins
#
except:
LOG.warning("Cannot notify %s" %
exp_item.registration.username,
exc_info=True)
except:
LOG.error("Notification failed", exc_info=True)
raise CommandError("Notification failed")
def handle(self, request, data):
try:
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname,
'flowstatus' : PSTATUS_RENEW_MEMB
}
prj_reqs = PrjRequest.objects.filter(**q_args)
if len(prj_reqs) == 0:
return True
user_id = prj_reqs[0].registration.userid
#
# Remove member from project
#
roles_obj = client_factory(request).roles
role_assign_obj = client_factory(request).role_assignments
arg_dict = {
'project' : request.user.tenant_id,
'user' : user_id
}
for r_item in role_assign_obj.list(**arg_dict):
roles_obj.revoke(r_item.role['id'], **arg_dict)
#
# Clear requests
#
prj_reqs.delete()
#
# Send notification to the user
#
users_obj = client_factory(request).users
member = users_obj.get(user_id)
noti_params = {
'username' : member.name,
'admin_address' : users_obj.get(request.user.id).email,
'project' : request.user.tenant_name,
'notes' : data['reason']
}
noti_sbj, noti_body = notification_render(MEMBER_REMOVED, noti_params)
notifyUsers(member.email, noti_sbj, noti_body)
except:
LOG.error("Cannot renew user", exc_info=True)
exceptions.handle(request)
return False
return True
def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
try:
keystone_client = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
req_table = dict()
prj_res_table = dict()
for p_req in PrjRequest.objects.filter(flowstatus=PSTATUS_PENDING):
if not p_req.project.projectid in req_table:
req_table[p_req.project.projectid] = list()
uname = p_req.registration.username
email = self.get_email(None, None, p_req.registration)
req_table[p_req.project.projectid].append((uname, email))
prj_res_table[
p_req.project.projectid] = p_req.project.projectname
admin_table = dict()
prjman_roleid = get_prjman_roleid(keystone_client)
for prj_id in req_table:
q_args = {'scope.project.id': prj_id, 'role.id': prjman_roleid}
for assign in super(
RoleAssignmentManager,
keystone_client.role_assignments).list(**q_args):
email = self.get_email(keystone_client, assign.user['id'],
None)
if not email in admin_table:
admin_table[email] = list()
admin_table[email].append(prj_id)
for email in admin_table:
for prj_id in admin_table[email]:
noti_params = {
'pendingreqs': req_table[prj_id],
'project': prj_res_table[prj_id]
}
noti_sbj, noti_body = notification_render(
SUBSCR_REMINDER, noti_params)
notifyUsers(email, noti_sbj, noti_body)
except:
LOG.error("Notification failed", exc_info=True)
raise CommandError("Notification failed")
def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
try:
keystone_client = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
req_table = dict()
prj_res_table = dict()
for p_req in PrjRequest.objects.filter(flowstatus=PSTATUS_PENDING):
if not p_req.project.projectid in req_table:
req_table[p_req.project.projectid] = list()
uname = p_req.registration.username
email = self.get_email(None, None, p_req.registration)
req_table[p_req.project.projectid].append((uname, email))
prj_res_table[p_req.project.projectid] = p_req.project.projectname
admin_table = dict()
prjman_roleid = get_prjman_roleid(keystone_client)
for prj_id in req_table:
q_args = {
'scope.project.id' : prj_id,
'role.id' : prjman_roleid
}
for assign in super(RoleAssignmentManager, keystone_client.role_assignments).list(**q_args):
email = self.get_email(keystone_client, assign.user['id'], None)
if not email in admin_table:
admin_table[email] = list()
admin_table[email].append(prj_id)
for email in admin_table:
for prj_id in admin_table[email]:
noti_params = {
'pendingreqs' : req_table[prj_id],
'project' : prj_res_table[prj_id]
}
noti_sbj, noti_body = notification_render(SUBSCR_REMINDER, noti_params)
notifyUsers(email, noti_sbj, noti_body)
except:
LOG.error("Notification failed", exc_info=True)
raise CommandError("Notification failed")
def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
try:
now = datetime.now()
contact_list = build_contact_list()
for days_to_exp in self._get_days_to_exp(config.cron_plan):
tframe = now + timedelta(days=days_to_exp)
q_args = {
'expdate__gte' : tframe.replace(hour=0, minute=0, second=0, microsecond=0),
'expdate__lte' : tframe.replace(hour=23, minute=59, second=59, microsecond=999999)
}
for exp_item in Expiration.objects.filter(**q_args):
try:
keystone = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
tmpuser = keystone.users.get(exp_item.registration.userid)
noti_params = {
'username' : exp_item.registration.username,
'days' : days_to_exp,
'contacts' : contact_list
}
noti_sbj, noti_body = notification_render(USER_EXP_TYPE, noti_params)
notifyUsers(tmpuser.email, noti_sbj, noti_body)
#
# TODO send notification to project admins
#
except:
LOG.warning("Cannot notify %s" % exp_item.registration.username, exc_info=True)
except:
LOG.error("Notification failed", exc_info=True)
raise CommandError("Notification failed")
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = data['requestid'].split(':')
with transaction.atomic():
#
# Creation of new tenant
#
q_args = {
'registration__regid' : int(usr_and_prj[0]),
'project__projectname' : usr_and_prj[1]
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
project_name = prj_req.project.projectname
user_id = prj_req.registration.userid
#
# Clear request
#
prj_req.delete()
#
# Send notification to the user
#
user_email = keystone_api.user_get(request, user_id).email
noti_params = {
'project' : project_name,
'notes' : data['reason']
}
noti_sbj, noti_body = notification_render(PRJ_REJ_TYPE, noti_params)
notifyUsers(user_email, noti_sbj, noti_body)
except:
LOG.error("Error pre-checking project", exc_info=True)
messages.error(request, _("Cannot pre-check project"))
return False
return True
def handle(self, request, data):
try:
with transaction.atomic():
registration = Registration.objects.get(regid=int(data['regid']))
prjReqList = PrjRequest.objects.filter(registration=registration)
regReqList = RegRequest.objects.filter(registration=registration)
#
# Delete request for projects to be created
#
newprj_list = list()
for prj_req in prjReqList:
if not prj_req.project.projectid:
newprj_list.append(prj_req.project.projectname)
if len(newprj_list):
Project.objects.filter(projectname__in=newprj_list).delete()
#
# First registration request, remove all (using cascaded foreign key)
#
user_email = regReqList[0].email
registration.delete()
noti_params = {
'notes' : data['reason']
}
noti_sbj, noti_body = notification_render(FIRST_REG_NO_TYPE, noti_params)
notifyUsers(user_email, noti_sbj, noti_body)
except:
LOG.error("Error rejecting request", exc_info=True)
messages.error(request, _("Cannot reject request"))
return False
return True
def handle(self, request, data):
try:
role_names = [ role['name'] for role in self.request.user.roles ]
if not TENANTADMIN_ROLE in role_names:
raise Exception(_('Permissions denied: cannot approve subscriptions'))
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
member = client_factory(request).users.get(prj_req.registration.userid)
project_name = prj_req.project.projectname
#
# clear request
#
prj_req.delete()
#
# send notification to the user
#
noti_params = {
'project' : project_name
}
noti_sbj, noti_body = notification_render(SUBSCR_NO_TYPE, noti_params)
notifyUsers(member.email, noti_sbj, noti_body)
except:
exceptions.handle(request)
return False
return True
def handle(self, request, data):
with transaction.atomic():
registration = Registration.objects.filter(userid=request.user.id)[0]
prj_action = data['prjaction']
prjlist = list()
if prj_action == 'selprj':
for project in data['selprj']:
prjlist.append((project, "", PRJ_PUBLIC, False))
elif prj_action == 'newprj':
prjlist.append((
data['newprj'],
data['prjdescr'],
PRJ_PRIVATE if data['prjpriv'] else PRJ_PUBLIC,
True
))
newprjlist = list()
for prjitem in prjlist:
if prjitem[3]:
try:
prjArgs = {
'projectname' : prjitem[0],
'description' : prjitem[1],
'status' : prjitem[2]
}
project = Project.objects.create(**prjArgs)
newprjlist.append(project.projectname)
except IntegrityError:
messages.error(request, _("Project %s already exists") % prjitem[0])
LOG.error("Cannot create project %s" % prjitem[0])
return False
elif prjitem[0] in self.pendingProjects:
continue
else:
project = Project.objects.get(projectname=prjitem[0])
reqArgs = {
'registration' : registration,
'project' : project,
'flowstatus' : PSTATUS_PENDING,
'notes' : data['notes']
}
reqPrj = PrjRequest(**reqArgs)
reqPrj.save()
#
# Send notification to cloud admins for project creation
#
for prj_name in newprjlist:
noti_params = {
'username' : request.user.username,
'project' : prj_name
}
noti_sbj, noti_body = notification_render(NEWPRJ_REQ_TYPE, noti_params)
notifyManagers(noti_sbj, noti_body)
#
# TODO implement notifications to project managers
#
return True
def handle(self, request, data):
try:
role_names = [ role['name'] for role in self.request.user.roles ]
if not TENANTADMIN_ROLE in role_names:
raise Exception(_('Permissions denied: cannot approve subscriptions'))
with transaction.atomic():
curr_prjname = self.request.user.tenant_name
q_args = {
'registration__regid' : int(data['regid']),
'project__projectname' : curr_prjname
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
member = client_factory(request).users.get(prj_req.registration.userid)
project_name = prj_req.project.projectname
LOG.debug("Approving subscription for %s" % prj_req.registration.username)
default_role = getattr(settings, 'OPENSTACK_KEYSTONE_DEFAULT_ROLE', None)
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
roles_obj = client_factory(request).roles
arg_dict = {
'project' : prj_req.project.projectid,
'user' : prj_req.registration.userid
}
missing_default = True
for item in roles_obj.list():
if item.name == default_role:
roles_obj.grant(item.id, **arg_dict)
missing_default = False
if missing_default:
raise Exception("Default role is undefined")
#
# clear request
#
prj_req.delete()
#
# send notification to the user
#
noti_params = {
'project' : project_name
}
noti_sbj, noti_body = notification_render(SUBSCR_OK_TYPE, noti_params)
notifyUsers(member.email, noti_sbj, noti_body)
except:
exceptions.handle(request)
return False
return True
def handle(self, *args, **options):
configure_log(options)
config = configure_app(options)
prj_id_list = list()
for item in os.listdir(CACHE_DIR):
if not item.endswith('.tmp'):
prj_id_list.append(item)
if len(prj_id_list) == 0:
return
LOG.info("Detected booked notifications")
try:
keystone_client = client.Client(username=config.cron_user,
password=config.cron_pwd,
project_name=config.cron_prj,
cacert=config.cron_ca,
auth_url=config.cron_kurl)
prjman_roleid = None
for role in keystone_client.roles.list():
if role.name == TENANTADMIN_ROLE:
prjman_roleid = role.id
except:
LOG.error("Notification failed", exc_info=True)
raise CommandError("Notification failed: cannot contact Keystone")
if not prjman_roleid:
raise CommandError(
"Notification failed: project administrator undefined")
for prj_id in prj_id_list:
prj_emails = list()
url = '/role_assignments?scope.project.id=%s&role.id=%s'
resp, body = keystone_client.get(url % (prj_id, prjman_roleid))
for item in body['role_assignments']:
tntadmin = keystone_client.users.get(item['user']['id'])
prj_emails.append(tntadmin.email)
tmpprj = keystone_client.projects.get(prj_id)
try:
f_name = os.path.join(CACHE_DIR, prj_id)
with open(f_name) as n_file:
for line in n_file.readlines():
rres = D_PATTERN.search(line)
if rres:
noti_params = {
'username': rres.group(1),
'project': tmpprj.name
}
noti_sbj, noti_body = notification_render(
rres.group(2), noti_params)
for prj_email in prj_emails:
notifyUsers(prj_email, noti_sbj, noti_body)
os.remove(f_name)
except:
LOG.error("Error reading %s" % f_name, exc_info=True)
def handle(self, request, data):
if not data['username']:
messages.error(request, _("Cannot process request: missing username"))
return False
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
with transaction.atomic():
registration = Registration.objects.get(regid=int(data['regid']))
reg_request = RegRequest.objects.filter(registration=registration)[0]
prjReqList = PrjRequest.objects.filter(registration=registration)
password = reg_request.password
if not password:
password = generate_pwd()
user_email = reg_request.email
#
# Mapping of external accounts
#
if reg_request.externalid:
mapping = UserMapping(globaluser=reg_request.externalid,
registration=reg_request.registration)
mapping.save()
LOG.info("Registered external account %s" % reg_request.externalid)
#
# Forward request to project administrators
#
q_args = {
'project__projectid__isnull' : False,
'flowstatus' : PSTATUS_REG
}
prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING)
#
# Creation of new tenants
#
new_prj_list = list()
q_args = {
'project__projectid__isnull' : True,
'flowstatus' : PSTATUS_REG
}
for p_reqs in prjReqList.filter(**q_args):
kprj = keystone_api.tenant_create(request, p_reqs.project.projectname,
p_reqs.project.description, True)
p_reqs.project.projectid = kprj.id
p_reqs.project.save()
new_prj_list.append(p_reqs.project)
LOG.info("Created tenant %s" % p_reqs.project.projectname)
#
# User creation
#
if not registration.userid:
kuser = keystone_api.user_create(request,
name=registration.username,
password=password,
email=user_email,
enabled=True)
registration.username = data['username']
registration.expdate = self.expiration
registration.userid = kuser.id
registration.save()
LOG.info("Created user %s" % registration.username)
#
# The new user is the project manager of its tenant
# register the expiration date per tenant
#
for prj_item in new_prj_list:
expiration = Expiration()
expiration.registration = registration
expiration.project = prj_item
expiration.expdate = self.expiration
expiration.save()
keystone_api.add_tenant_user_role(request, prj_item.projectid,
registration.userid, tenantadmin_roleid)
#
# Send notifications to project administrators and users
#
for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING):
m_users = get_project_managers(request, p_item.project.projectid)
m_emails = [ usr.email for usr in m_users ]
noti_params = {
'username' : data['username'],
'project' : p_item.project.projectname
}
noti_sbj, noti_body = notification_render(SUBSCR_WAIT_TYPE, noti_params)
notifyUsers(m_emails, noti_sbj, noti_body)
n2_params = {
'project' : p_item.project.projectname,
'prjadmins' : m_emails
}
noti_sbj, noti_body = notification_render(SUBSCR_ONGOING, n2_params)
notifyUsers(user_email, noti_sbj, noti_body)
newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG)
for p_item in newprj_reqs:
noti_params = {
'username' : p_item.registration.username,
'project' : p_item.project.projectname,
'guestmode' : False
}
noti_sbj, noti_body = notification_render(FIRST_REG_OK_TYPE, noti_params)
notifyUsers(user_email, noti_sbj, noti_body)
#
# cache cleanup
#
newprj_reqs.delete()
reg_request.delete()
except:
LOG.error("Error pre-checking request", exc_info=True)
messages.error(request, _("Cannot pre-check request"))
return False
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
with transaction.atomic():
registration = Registration.objects.get(regid=int(data['regid']))
reg_request = RegRequest.objects.filter(registration=registration)[0]
q_args = {
'registration' : registration,
'project__status' : PRJ_GUEST
}
prj_reqs = PrjRequest.objects.filter(**q_args)
project_id = prj_reqs[0].project.projectid
project_name = prj_reqs[0].project.projectname
password = reg_request.password
if not password:
password = generate_pwd()
user_email = reg_request.email
#
# Mapping of external accounts
#
if reg_request.externalid:
mapping = UserMapping(globaluser=reg_request.externalid,
registration=reg_request.registration)
mapping.save()
LOG.info("Registered external account %s" % reg_request.externalid)
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_reqs[0].registration
expiration.project = prj_reqs[0].project
expiration.expdate = data['expiration']
expiration.save()
#
# clear requests
#
prj_reqs.delete()
reg_request.delete()
#
# User creation
#
kuser = keystone_api.user_create(request,
name=registration.username,
password=password,
email=user_email,
enabled=True)
registration.username = data['username']
registration.expdate = data['expiration']
registration.userid = kuser.id
registration.save()
LOG.info("Created guest user %s" % registration.username)
keystone_api.add_tenant_user_role(request, project_id,
registration.userid, default_roleid)
#
# Send notification to the user
#
noti_params = {
'username' : registration.username,
'project' : project_name,
'guestmode' : True
}
noti_sbj, noti_body = notification_render(FIRST_REG_OK_TYPE, noti_params)
notifyUsers(user_email, noti_sbj, noti_body)
except:
LOG.error("Error pre-checking project", exc_info=True)
messages.error(request, _("Cannot pre-check project"))
return False
return True
def handle(self, request, data):
try:
tenantadmin_roleid, default_roleid = check_and_get_roleids(request)
usr_and_prj = data['requestid'].split(':')
with transaction.atomic():
#
# Creation of new tenant
#
q_args = {
'registration__regid' : int(usr_and_prj[0]),
'project__projectname' : usr_and_prj[1]
}
prj_req = PrjRequest.objects.filter(**q_args)[0]
project_name = prj_req.project.projectname
user_id = prj_req.registration.userid
kprj = keystone_api.tenant_create(request, project_name,
prj_req.project.description, True)
prj_req.project.projectid = kprj.id
prj_req.project.save()
LOG.info("Created tenant %s" % project_name)
#
# The new user is the project manager of its tenant
#
keystone_api.add_tenant_user_role(request, prj_req.project.projectid,
user_id, tenantadmin_roleid)
#
# Insert expiration date per tenant
#
expiration = Expiration()
expiration.registration = prj_req.registration
expiration.project = prj_req.project
expiration.expdate = data['expiration']
expiration.save()
#
# Update the max expiration per user
#
user_reg = prj_req.registration
if data['expiration'] > user_reg.expdate:
user_reg.expdate = data['expiration']
user_reg.save()
#
# Clear request
#
prj_req.delete()
#
# Send notification to the user
#
user_email = keystone_api.user_get(request, user_id).email
noti_params = {
'project' : project_name
}
noti_sbj, noti_body = notification_render(PRJ_CREATE_TYPE, noti_params)
notifyUsers(user_email, noti_sbj, noti_body)
except:
LOG.error("Error pre-checking project", exc_info=True)
messages.error(request, _("Cannot pre-check project"))
return False
return True
def handle(self, request, data):
with transaction.atomic():
registration = Registration.objects.filter(
userid=request.user.id)[0]
prj_action = data['prjaction']
prjlist = list()
if prj_action == 'selprj':
for project in data['selprj']:
prjlist.append((project, "", PRJ_PUBLIC, False))
elif prj_action == 'newprj':
prjlist.append(
(data['newprj'], data['prjdescr'],
PRJ_PRIVATE if data['prjpriv'] else PRJ_PUBLIC, True))
newprjlist = list()
exstprjlist = list()
for prjitem in prjlist:
if prjitem[3]:
try:
prjArgs = {
'projectname': prjitem[0],
'description': prjitem[1],
'status': prjitem[2]
}
project = Project.objects.create(**prjArgs)
newprjlist.append(project.projectname)
except IntegrityError:
messages.error(
request,
_("Project %s already exists") % prjitem[0])
LOG.error("Cannot create project %s" % prjitem[0])
return False
elif prjitem[0] in self.pendingProjects:
continue
else:
project = Project.objects.get(projectname=prjitem[0])
exstprjlist.append(project.projectid)
reqArgs = {
'registration': registration,
'project': project,
'flowstatus': PSTATUS_PENDING,
'notes': data['notes']
}
reqPrj = PrjRequest(**reqArgs)
reqPrj.save()
#
# Send notification to cloud admins for project creation
#
for prj_name in newprjlist:
noti_params = {
'username': request.user.username,
'project': prj_name
}
noti_sbj, noti_body = notification_render(
NEWPRJ_REQ_TYPE, noti_params)
notifyManagers(noti_sbj, noti_body)
#
# Schedule notifications for project managers
#
for prj_id in exstprjlist:
bookNotification(request.user.username, prj_id, MEMBER_REQUEST)
return True
def single(self, data_table, request, obj_id):
try:
t_role_id = ''
for role in request.user.roles:
if role['name'] == TENANTADMIN_ROLE:
t_role_id = get_admin_roleid(request)
roles_obj = client_factory(request).roles
arg_dict = {
'project' : request.user.tenant_id,
'user' : obj_id
}
users_obj = client_factory(request).users
member = users_obj.get(obj_id)
datum = data_table.get_object_by_id(obj_id)
if datum.is_t_admin:
if datum.num_of_roles == 1:
missing_default = True
for item in roles_obj.list():
if item.name == DEFAULT_ROLE:
roles_obj.grant(item.id, **arg_dict)
missing_default = False
if missing_default:
raise Exception('Cannot swith to member role')
roles_obj.revoke(t_role_id, **arg_dict)
noti_params = {
'admin_address' : users_obj.get(request.user.id).email,
'project' : request.user.tenant_name,
's_role' : _('Project manager'),
'd_role' : _('Project user')
}
noti_sbj, noti_body = notification_render(CHANGED_MEMBER_ROLE, noti_params)
notifyUsers(member.email, noti_sbj, noti_body)
else:
roles_obj.grant(t_role_id, **arg_dict)
noti_params = {
'admin_address' : users_obj.get(request.user.id).email,
'project' : request.user.tenant_name,
's_role' : _('Project user'),
'd_role' : _('Project manager')
}
noti_sbj, noti_body = notification_render(CHANGED_MEMBER_ROLE, noti_params)
notifyUsers(member.email, noti_sbj, noti_body)
except:
LOG.error("Toggle role error", exc_info=True)
messages.error(request, _('Unable to toggle the role.'))
if obj_id == request.user.id:
response = shortcuts.redirect(reverse_lazy('logout'))
msg = _("Roles changed. Please log in again to continue.")
utils.add_logout_reason(request, response, msg)
return response
return shortcuts.redirect(reverse_lazy('horizon:idmanager:member_manager:index'))
