def allowed(self, request, datum):
try:
limits = api.nova.tenant_absolute_limits(request, reserved=True)
instances_available = limits['maxTotalInstances'] \
- limits['totalInstancesUsed']
cores_available = limits['maxTotalCores'] \
- limits['totalCoresUsed']
ram_available = limits['maxTotalRAMSize'] - limits['totalRAMUsed']
if instances_available <= 0 or cores_available <= 0 \
or ram_available <= 0:
if "disabled" not in self.classes:
self.classes = [c for c in self.classes] + ['disabled']
self.verbose_name = string_concat(self.verbose_name, ' ',
_("(Quota exceeded)"))
else:
self.verbose_name = _("Launch Instance")
classes = [c for c in self.classes if c != "disabled"]
self.classes = classes
except Exception:
LOG.exception("Failed to retrieve quota information")
# If we can't get the quota information, leave it to the
# API to check when launching
return policy_is(request.user.username, 'admin')
def allowed(self, request, instance=None):
"""Allow terminate action if instance not currently being deleted."""
if request.user.username in ['auditadmin','appradmin']:
return False
roles = request.user.roles
if len(roles)>=2:
role = roles[1]['name'] if roles[0]['name']=='_member_' else roles[0]['name']
else:
role = '_member_'
return policy_is(request.user.username, 'admin', 'sysadmin') or role!='admin'
def allowed(self, request):
# The ConsoleTab is available if settings.CONSOLE_TYPE is not set at
# all, or if it's set to any value other than None or False.
#return bool(getattr(settings, 'CONSOLE_TYPE', True))
roles = self.request.user.roles
if len(roles) >= 2:
role = roles[1]['name'] if roles[0][
'name'] == '_member_' else roles[0]['name']
else:
role = '_member_'
return policy_is(self.request.user.username, 'admin',
'sysadmin') or role != 'admin'
def get_rows(self):
"""Return the row data for this table broken out by columns."""
rows = []
policy = policy_is(self.request.user.username, 'sysadmin', 'admin')
for datum in self.filtered_data:
row = self._meta.row_class(self, datum)
if self.get_object_id(datum) == self.current_item_id:
self.selected = True
row.classes.append('current_selected')
if not policy:
del row.cells['actions']
rows.append(row)
return rows
def get_context_data(self, **kwargs):
context = super(DetailView, self).get_context_data(**kwargs)
instance = self.get_data()
context["instance"] = instance
table = project_tables.InstancesTable(self.request)
context["url"] = reverse(self.redirect_url)
roles = self.request.user.roles
if len(roles) >= 2:
role = roles[1]['name'] if roles[0][
'name'] == '_member_' else roles[0]['name']
else:
role = '_member_'
if policy_is(self.request.user.username, 'admin',
'sysadmin') or role != 'admin':
context["actions"] = table.render_row_actions(instance)
return context
def get_context_data(self, **kwargs):
context = super(DetailView, self).get_context_data(**kwargs)
network = self._get_data()
# Needs to exclude agents table if dhcp-agent-scheduler extension
# is not supported.
try:
dhcp_agent_support = api.neutron.is_extension_supported(
self.request, 'dhcp_agent_scheduler')
context['dhcp_agent_support'] = dhcp_agent_support
except Exception:
context['dhcp_agent_support'] = False
table = networks_tables.NetworksTable(self.request)
context["network"] = network
context["url"] = self.get_redirect_url()
if policy_is(self.request.user.username, 'user', 'sysadmin'):
context["actions"] = table.render_row_actions(network)
return context
def nav(self, context):
username = context['request'].user.username
return not (policy_is(username, 'sysadmin', 'appradmin', 'auditadmin',
'admin'))
def get_columns(self):
self.columns['multi_select'].attrs = {'class': 'hide'}
if not (policy_is(self.request.user.username, 'sysadmin', 'admin',
'syncadmin')):
self.columns['actions'].attrs = {'class': 'hide'}
return self.columns.values()
def nav(self, context):
username = context['request'].user.username
return policy_is(username, 'sysadmin', 'admin')
def allowed(self, request, volume=None):
if volume:
return volume.status in DELETABLE_STATES
return policy_is(request.user.username, 'admin', 'sysamdin')
def allowed(self, request, image=None):
if image and image.protected:
return False
if image:
return image.owner == request.user.tenant_id and policy_is(
request.user.username, 'admin', 'sysadmin')
def allowed(self, request, image=None):
if image and image.container_format not in NOT_LAUNCHABLE_FORMATS:
return image.status in ("active", ) and policy_is(
request.user.username, 'admin', 'sysadmin')
def allowed(self, request, image=None):
if (image and image.container_format not in NOT_LAUNCHABLE_FORMATS
and base.is_service_enabled(request, 'volume')):
return image.status == "active" and policy_is(
request.user.username, 'admin', 'sysadmin')
return False
def allowed(self, request, image=None):
if image:
return image.status in ("active",) and \
image.owner == request.user.tenant_id and policy_is(request.user.username, 'admin', 'sysadmin')
def allowed(self, request, snapshot=None):
return (snapshot.status == "available") and policy_is(request.user.username, 'admin', 'sysadmin')
def allowed(self, request, datum=None):
return policy_is(request.user.username, 'admin', 'sysadmin')
def allowed(self, request, image=None):
if image and image.protected:
return False
else:
return policy_is(request.user.username, 'admin', 'sysadmin')
