def billing_month(request, year, month): # Check if the request.user is authorised to do so: member of the uis-finance or UIS Information Systems groups if not user_in_groups(request.user, [ get_or_create_group_by_groupid("101923"), get_or_create_group_by_groupid("101888") ]): return HttpResponseForbidden() month = int(month) year = int(year) if not (1 <= month <= 12): return HttpResponseForbidden() if month == 1: inidate = date(year - 1, 12, 1) else: inidate = date(year, month - 1, 1) return render( request, 'api/finance_month.html', { 'new_sites_billing': Billing.objects.filter(site__start_date__month=inidate.month, site__start_date__year=inidate.year, site__deleted=False), 'renewal_sites_billing': Billing.objects.filter(site__start_date__month=month, site__start_date__lt=date(year, 1, 1), site__deleted=False), 'year': year, 'month': month, })
def billing_total(request): # Check if the request.user is authorised to do so: member of the uis-finance or UIS Information Systems groups if not user_in_groups(request.user, [get_or_create_group_by_groupid("101923"), get_or_create_group_by_groupid("101888")]): return HttpResponseForbidden() return render(request, 'api/finance_total.html', { 'billings': Billing.objects.filter(site__deleted=False), })
def validate_groupids(groupids_text): """ Validates the list of authorsied users from input :param groupids_text: list of groupids from the form """ groups = () if groupids_text is None: return groups groupids = groupids_text.split(',') if len(groupids) == 1 and groupids[0] == '': return groups groupid_re = re.compile(r'^[0-9]{1,6}$') for groupid in groupids: if groupid_re.match(groupid): groups += (get_or_create_group_by_groupid(int(groupid)), ) else: raise ValidationError( "The list of groups contains an invalid group") return groups
def test_get_or_create_user_or_group(self): with self.assertRaises(User.DoesNotExist): User.objects.get(username="******") user1 = get_or_create_user_by_crsid("amc203") user2 = User.objects.get(username="******") self.assertEqual(user1.id, user2.id) with self.assertRaises(LookupGroup.DoesNotExist): LookupGroup.objects.get(lookup_id="101888") group1 = get_or_create_group_by_groupid(101888) group2 = LookupGroup.objects.get(lookup_id="101888") self.assertEqual(group1.lookup_id, group2.lookup_id)
def test_group_auth_change(self): do_test_login(self, user="******") amc203_user = User.objects.get(username="******") cluster = Cluster.objects.create(name="mws-test-1") Host.objects.create(hostname="mws-test-1.dev.mws3.cam.ac.uk", cluster=cluster) NetworkConfig.objects.create(IPv4='131.111.58.253', IPv6='2001:630:212:8::8c:253', type='ipvxpub', name="mws-66424.mws3.csx.cam.ac.uk") NetworkConfig.objects.create( IPv4='172.28.18.253', type='ipv4priv', name='mws-46250.mws3.csx.private.cam.ac.uk') NetworkConfig.objects.create(IPv6='2001:630:212:8::8c:ff4', name='mws-client1', type='ipv6') NetworkConfig.objects.create(IPv6='2001:630:212:8::8c:ff3', name='mws-client2', type='ipv6') site_with_auth_groups = Site.objects.create( name="test_site2", start_date=datetime.today(), type=ServerType.objects.get(id=1)) service_a = Service.objects.create( type='production', network_configuration=NetworkConfig.get_free_prod_service_config(), site=site_with_auth_groups, status='ready') VirtualMachine.objects.create( token=uuid.uuid4(), service=service_a, network_configuration=NetworkConfig.get_free_host_config(), cluster=which_cluster()) Vhost.objects.create(name="default", service=service_a) information_systems_group = get_or_create_group_by_groupid(101888) site_with_auth_groups.groups.add(information_systems_group) response = self.client.get( reverse(views.auth_change, kwargs={'site_id': site_with_auth_groups.id})) self.assertContains(response, "101888", status_code=200) # User is in an authorised group self.assertNotContains(response, 'crsid: "amc203"', status_code=200) self.assertEqual(len(site_with_auth_groups.users.all()), 0) self.assertEqual(len(site_with_auth_groups.groups.all()), 1) self.assertEqual(site_with_auth_groups.groups.first(), information_systems_group) with mock.patch("apimws.ansible_impl.subprocess") as mock_subprocess: mock_subprocess.check_output.return_value.returncode = 0 response = self.client.post( reverse(views.auth_change, kwargs={'site_id': site_with_auth_groups.id}), { 'users_crsids': "amc203", 'groupids': "101888" # we authorise amc203 user and 101888 group }) mock_subprocess.check_output.assert_called_with( [ "userv", "mws-admin", "mws_ansible_host", site_with_auth_groups.production_service.virtual_machines. first().network_configuration.name ], stderr=mock_subprocess.STDOUT) self.assertRedirects( response, expected_url=site_with_auth_groups.get_absolute_url()) self.assertEqual(len(site_with_auth_groups.users.all()), 1) self.assertEqual(site_with_auth_groups.users.first(), amc203_user) self.assertEqual(len(site_with_auth_groups.groups.all()), 1) self.assertEqual(site_with_auth_groups.groups.first(), information_systems_group) with mock.patch("apimws.ansible_impl.subprocess") as mock_subprocess: mock_subprocess.check_output.return_value.returncode = 0 # remove all users and groups authorised, we do not send any crsids or groupids response = self.client.post( reverse(views.auth_change, kwargs={'site_id': site_with_auth_groups.id}), {}) mock_subprocess.check_output.assert_called_with( [ "userv", "mws-admin", "mws_ansible_host", site_with_auth_groups.production_service.virtual_machines. first().network_configuration.name ], stderr=mock_subprocess.STDOUT) self.assertEqual(response.status_code, 302) self.assertTrue( response.url.endswith(site_with_auth_groups.get_absolute_url())) self.assertEqual(self.client.get(response.url).status_code, 403) # User is no longer authorised self.assertEqual(len(site_with_auth_groups.users.all()), 0) self.assertEqual(len(site_with_auth_groups.groups.all()), 0)
def test_user_in_groups(self): amc203 = get_or_create_user_by_crsid("amc203") information_systems_group = get_or_create_group_by_groupid(101888) self.assertTrue(user_in_groups(amc203, [information_systems_group])) finance_group = get_or_create_group_by_groupid(101923) self.assertFalse(user_in_groups(amc203, [finance_group]))