def topology_info(request, tid, topo):
# Create an authentication token valid for 3 minutes for the user to access
# Clack stuff with, or use the current token if there is one
try:
token = request.GET['token']
except KeyError:
token = crypto.create_token(request.user, 180)
# See what permissions the user has on this topology
can_change = permissions.allowed_topology_access_change(request.user, topo)
can_delete = permissions.allowed_topology_access_change(request.user, topo)
return direct_to_template(request, 'vns/topology.html', {'t':topo,
'tid':tid,
'token':token,
'change':can_change,
'delete':can_delete})
def topology_access_check(request, callee, action, **kwargs):
"""Checks that the user can access the functions they're trying to, and
if they can calls callee. There are two valid authentication methods -
django logihn, as normally used for the website, and a cryptographic token
supplied in the HTTP GET, as used for clack.
@param request An HTTP request
@param callee Gives the Callable to call
@param action One of "add", "change", "use", "delete", describing the
permissions needed
@param tid The ID of the topology in question; not used for
action = "add"
@exception ValueError If an action is unrecognised
@exception KeyError If an option is missing
@return HttpResponse"""
def denied():
"""Generate an error message and redirect if we try do something to a
topology we're not allowed to"""
messages.error(request, "Either this topology doesn't exist or you don't "
"have permission to %s it." % action)
return HttpResponseRedirect('/login/')
def denied_add():
"""Generate an error message and redirect if we try to create a topology
and are not allowed to"""
messages.error(request, "You don't have permission to create topologies.")
return HttpResponseRedirect('/login/')
# If we're trying to add a template, don't need to get the template itself
if action == "add":
if permissions.allowed_topology_access_create(request.user):
return callee(request)
else:
return denied_add()
else:
# Try getting the template - if it doesn't exist, show the same message
# as for permission denied. If we don't have a "tid" argument, django
# will show an internal error, which is what we want.
tid = int(kwargs["tid"])
kwargs["tid"] = tid
try :
topo = db.Topology.objects.get(pk=tid)
except db.Topology.DoesNotExist:
return denied()
if action == "use":
# See if there is an HTTP GET token - if there is, try to use the token
# method for authentication
try:
token = request.GET["token"]
except KeyError:
pass
else:
# See if the token is valid
user = crypto.validate_token(token)
if user != None and permissions.allowed_topology_access_use(user, topo):
request.user = user
return callee(request, topo=topo, **kwargs)
if permissions.allowed_topology_access_use(request.user, topo):
return callee(request, topo=topo, **kwargs)
else:
return denied()
elif action == "change":
if permissions.allowed_topology_access_change(request.user, topo):
return callee(request, topo=topo, **kwargs)
else:
return denied()
elif action == "delete":
if permissions.allowed_topology_access_delete(request.user, topo):
return callee(request, topo=topo, **kwargs)
else:
return denied()
else:
raise ValueError("Unknown action: %s" % options["action"])
