def filter_alerts_by_aggregate(queryset, aggregate, user, uuid=None):
valid_model_choices = {
'project': models.Project,
'customer': models.Customer,
}
error = '"%s" parameter is not found. Valid choices are: %s.' % (aggregate, ', '.join(valid_model_choices.keys()))
assert (aggregate in valid_model_choices), error
aggregate_query = filter_queryset_for_user(valid_model_choices[aggregate].objects, user)
if uuid:
aggregate_query = aggregate_query.filter(uuid=uuid)
aggregates_ids = aggregate_query.values_list('id', flat=True)
query = {'%s__in' % aggregate: aggregates_ids}
all_models = models.ResourceMixin.get_all_models() + models.ServiceProjectLink.get_all_models()
if aggregate == 'customer':
all_models += models.Service.get_all_models()
all_models.append(models.Project)
querysets = [aggregate_query]
for model in all_models:
qs = model.objects.filter(**query).all()
querysets.append(filter_queryset_for_user(qs, user))
aggregate_query = Q()
for qs in querysets:
content_type = ContentType.objects.get_for_model(qs.model)
ids = qs.values_list('id', flat=True)
aggregate_query |= Q(content_type=content_type, object_id__in=ids)
return queryset.filter(aggregate_query)
def get_permitted_objects_uuids(cls, user):
"""
Return query dictionary to search objects available to user.
"""
uuids = filter_queryset_for_user(cls.objects.all(), user).values_list('uuid', flat=True)
key = core_utils.camel_case_to_underscore(cls.__name__) + '_uuid'
return {key: uuids}
def validate_management_tenant_uuid(self, tenant_uuid):
if not filter_queryset_for_user(
openstack_models.Tenant.objects.filter(uuid=tenant_uuid),
self.context['request'].user,
):
raise serializers.ValidationError(
_('User has not permissions for tenant %s') % tenant_uuid)
return tenant_uuid
def get_filtered_subquery(self, queryset):
ids = filter_queryset_for_user(
queryset=queryset, user=self.request.user,
).values_list('id', flat=True)
content_type = ContentType.objects.get_for_model(queryset.model)
return functools.reduce(
operator.or_,
[Q(content_type=content_type, object_id=object_id) for object_id in ids],
)
def get_permitted_objects_uuids(cls, user):
if user.is_staff:
customer_queryset = cls.objects.all()
else:
customer_queryset = cls.objects.filter(
permissions__user=user,
permissions__role=CustomerRole.OWNER,
permissions__is_active=True
)
return {'customer_uuid': filter_queryset_for_user(customer_queryset, user).values_list('uuid', flat=True)}
def to_representation(self, data):
try:
request = self.context['request']
user = request.user
except (KeyError, AttributeError):
pass
else:
if isinstance(data, (django_models.Manager, django_models.query.QuerySet)):
data = filter_queryset_for_user(data.all(), user)
return super(PermissionListSerializer, self).to_representation(data)
def get_file_from_token(token):
user_uuid, content_type, object_uuid, field = decode_attachment_token(token)
user = get_object_or_404(User, uuid=user_uuid)
if not user.is_active:
raise ValidationError('User is not active.')
queryset = apps.get_model(content_type).objects.all()
if hasattr(queryset, 'filter_for_user'):
queryset = queryset.filter_for_user(user)
else:
queryset = filter_queryset_for_user(queryset, user)
obj = get_object_or_404(queryset, uuid=object_uuid)
return getattr(obj, field, None)
def instance_from_url(url, user=None):
""" Restore instance from URL """
# XXX: This circular dependency will be removed then filter_queryset_for_user
# will be moved to model manager method
from waldur_core.structure.managers import filter_queryset_for_user
url = clear_url(url)
match = resolve(url)
model = get_model_from_resolve_match(match)
queryset = model.objects.all()
if user is not None:
queryset = filter_queryset_for_user(model.objects.all(), user)
return queryset.get(**match.kwargs)
def get_rancher_cluster_for_openstack_instance(serializer, scope):
request = serializer.context['request']
queryset = filter_queryset_for_user(models.Cluster.objects.all(),
request.user)
try:
cluster = queryset.filter(tenant_settings=scope.service_settings).get()
except models.Cluster.DoesNotExist:
return None
except MultipleObjectsReturned:
return None
return {
'name': cluster.name,
'uuid': cluster.uuid,
}
def filter_catalogs_for_cluster(self, cluster_uuid):
qs = filter_queryset_for_user(
queryset=models.Cluster.objects.all(), user=self.request.user,
)
cluster = get_object_or_404(qs, uuid=cluster_uuid)
return self.queryset.filter(
Q(
content_type=ContentType.objects.get_for_model(models.Cluster),
object_id=cluster.id,
)
| Q(
content_type=ContentType.objects.get_for_model(ServiceSettings),
object_id=cluster.service_project_link.service.settings.id,
)
)
def get_private_settings(self):
service_settings_uuid = self.request.query_params.get('service_settings_uuid')
if not service_settings_uuid or not core_utils.is_uuid_like(
service_settings_uuid
):
return structure_models.ServiceSettings.objects.none()
queryset = structure_models.ServiceSettings.objects.filter(
type=OpenStackConfig.service_name
)
queryset = filter_queryset_for_user(queryset, self.request.user)
try:
shared_settings = queryset.get(uuid=service_settings_uuid)
except structure_models.ServiceSettings.DoesNotExist:
return structure_models.ServiceSettings.objects.none()
tenants = openstack_models.Tenant.objects.filter(
service_settings=shared_settings
)
tenants = filter_queryset_for_user(tenants, self.request.user)
if tenants:
return structure_models.ServiceSettings.objects.filter(scope__in=tenants)
else:
return structure_models.ServiceSettings.objects.none()
def filtered_for_user(self, user, queryset=None):
if queryset is None:
queryset = self.get_queryset()
if user.is_staff or user.is_support:
return queryset
query = Q()
for model in self.get_available_models():
user_object_ids = filter_queryset_for_user(
model.objects.all(), user).values_list('id', flat=True)
content_type_id = ContentType.objects.get_for_model(model).id
query |= Q(object_id__in=list(user_object_ids),
content_type_id=content_type_id)
return queryset.filter(query)
def filter_queryset(self, request, queryset, view):
user_uuid = request.query_params.get('user_uuid')
if not user_uuid:
return queryset
try:
uuid.UUID(user_uuid)
except ValueError:
return queryset.none()
try:
user = User.objects.get(uuid=user_uuid)
except User.DoesNotExist:
return queryset.none()
return filter_queryset_for_user(queryset, user)
def get(self, request, template_uuid, version):
queryset = models.Template.objects.all()
queryset = filter_queryset_for_user(queryset, request.user)
template = get_object_or_404(queryset, uuid=template_uuid)
client = template.settings.get_backend().client
details = client.get_template_version_details(template.backend_id,
version)
readme = client.get_template_version_readme(template.backend_id,
version)
app_readme = client.get_template_version_app_readme(
template.backend_id, version)
return response.Response({
'questions': details.get('questions'),
'readme': readme,
'app_readme': app_readme,
})
def get_fields(self):
fields = super(PermissionFieldFilteringMixin, self).get_fields()
try:
request = self.context['request']
user = request.user
except (KeyError, AttributeError):
return fields
for field_name in self.get_filtered_field_names():
if field_name not in fields: # field could be not required by user
continue
field = fields[field_name]
field.queryset = filter_queryset_for_user(field.queryset, user)
return fields
def filtered_for_user(self, user, queryset=None):
from waldur_core.logging import utils
if queryset is None:
queryset = self.get_queryset()
# XXX: This circular dependency will be removed then filter_queryset_for_user
# will be moved to model manager method
from waldur_core.structure.managers import filter_queryset_for_user
query = Q()
for model in utils.get_loggable_models():
user_object_ids = filter_queryset_for_user(
model.objects.all(), user).values_list('id', flat=True)
content_type_id = ct_models.ContentType.objects.get_for_model(
model).id
query |= Q(object_id__in=user_object_ids,
content_type_id=content_type_id)
return queryset.filter(query)
def get_queryset(self):
return filter_queryset_for_user(
models.Project.objects.all().only('pk', 'uuid'), self.request.user)
def filter_queryset(self, request, queryset, view):
return filter_queryset_for_user(queryset, request.user)
def get_permitted_objects(cls, user):
return filter_queryset_for_user(cls.objects.all(), user)
def get_fields(self):
fields = super(CartSubmitSerializer, self).get_fields()
project_field = fields['project']
project_field.queryset = filter_queryset_for_user(
project_field.queryset, self.context['request'].user)
return fields
def _count_model(self, model):
qs = model.objects.filter(project=self.object).only('pk')
qs = filter_queryset_for_user(qs, self.request.user)
return qs.count()
def get_object(self, request, model_class, object_uuid):
return get_object_or_404(
filter_queryset_for_user(model_class.objects.all(), request.user),
uuid=object_uuid,
)
