def delete(self, request, obj_id): with transaction.atomic(): critic_prjs = list() for e_item in Expiration.objects.filter(registration__userid=obj_id): prj_man_ids = get_prjman_ids(request, e_item.project.projectid) if len(prj_man_ids) == 1 and prj_man_ids[0] == obj_id: critic_prjs.append(e_item.project.projectname) if len(critic_prjs) > 0: msg = _("User is the unique admin for %s") % ", ".join(critic_prjs) messages.error(request, msg) raise Exception(msg) tmpres = EMail.objects.filter(registration__userid=obj_id) user_email = tmpres[0].email if tmpres else None user_name = tmpres[0].registration.username if tmpres else None Registration.objects.filter(userid=obj_id).delete() super(DeleteUsersAction, self).delete(request, obj_id) noti_params = { 'username' : user_name } notifyUser(request=request, rcpt=user_email, action=USER_PURGED_TYPE, context=noti_params, dst_user_id=obj_id)
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): q_args = { 'registration__regid': int(usr_and_prj.group(1)), 'project__projectname': usr_and_prj.group(2) } prj_req = PrjRequest.objects.filter(**q_args)[0] project_name = prj_req.project.projectname project_id = prj_req.project.projectid user_name = prj_req.registration.username user_id = prj_req.registration.userid # # clear request # prj_req.delete() # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, project_id) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [x.email for x in tmpres] noti_params = { 'username': user_name, 'project': project_name, 'notes': data['reason'] } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_NO_TYPE, context=noti_params, dst_project_id=project_id) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_NO_TYPE, context=noti_params, dst_project_id=project_id, dst_user_id=user_id) except: LOG.error("Error forced-checking request", exc_info=True) messages.error(request, _("Cannot forced check request")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): q_args = { 'registration__regid' : int(usr_and_prj.group(1)), 'project__projectname' : usr_and_prj.group(2) } prj_req = PrjRequest.objects.filter(**q_args)[0] project_name = prj_req.project.projectname project_id = prj_req.project.projectid user_name = prj_req.registration.username user_id = prj_req.registration.userid # # clear request # prj_req.delete() # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, project_id) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [ x.email for x in tmpres ] noti_params = { 'username' : user_name, 'project' : project_name, 'notes' : data['reason'] } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_NO_TYPE, context=noti_params, dst_project_id=project_id) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_NO_TYPE, context=noti_params, dst_project_id=project_id, dst_user_id=user_id) except: LOG.error("Error forced-checking request", exc_info=True) messages.error(request, _("Cannot forced check request")) return False return True
def handle(self, request, data): if not data['username']: messages.error(request, _("Cannot process request: missing username")) return False try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) with transaction.atomic(): registration = Registration.objects.get(regid=int(data['regid'])) reg_request = RegRequest.objects.filter( registration=registration, flowstatus=RSTATUS_PENDING )[0] prjReqList = PrjRequest.objects.filter(registration=registration) password = reg_request.password if not password: password = generate_pwd() user_email = reg_request.email # # Mapping of external accounts # is_local = True if reg_request.externalid: mapping = UserMapping(globaluser=reg_request.externalid, registration=reg_request.registration) mapping.save() is_local = False LOG.info("Registered external account %s" % reg_request.externalid) # # Forward request to project administrators # q_args = { 'project__projectid__isnull' : False, 'flowstatus' : PSTATUS_REG } prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING) # # Creation of new tenants # self.preprocess_prj(registration, data) new_prj_list = list() p_reqs = prjReqList.filter( project__projectid__isnull = True, flowstatus = PSTATUS_REG ) if len(p_reqs): newreq_prj = p_reqs[0].project kprj = keystone_api.tenant_create(request, newreq_prj.projectname, newreq_prj.description, True) newreq_prj.projectid = kprj.id newreq_prj.save() new_prj_list.append(newreq_prj) setup_new_project(request, kprj.id, newreq_prj.projectname, data) LOG.info("Created tenant %s" % newreq_prj.projectname) # # User creation # if not registration.userid: kuser = keystone_api.user_create(request, name=registration.username, password=password, email=user_email, enabled=True) if is_local: registration.username = data['username'] registration.expdate = self.expiration registration.userid = kuser.id registration.save() LOG.info("Created user %s" % registration.username) mail_obj = EMail() mail_obj.registration = registration mail_obj.email = user_email mail_obj.save() # # The new user is the project manager of its tenant # register the expiration date per tenant # for prj_item in new_prj_list: expiration = Expiration() expiration.registration = registration expiration.project = prj_item expiration.expdate = self.expiration expiration.save() prjRole = PrjRole() prjRole.registration = registration prjRole.project = prj_item prjRole.roleid = tenantadmin_roleid prjRole.save() keystone_api.add_tenant_user_role(request, prj_item.projectid, registration.userid, tenantadmin_roleid) # # Send notifications to project administrators and users # for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING): m_userids = get_prjman_ids(request, p_item.project.projectid) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [ x.email for x in tmpres ] noti_params = { 'username' : data['username'], 'project' : p_item.project.projectname } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_WAIT_TYPE, context=noti_params, dst_project_id=p_item.project.projectid) n2_params = { 'username' : p_item.registration.username, 'project' : p_item.project.projectname, 'prjadmins' : m_emails } notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_ONGOING, context=n2_params, dst_project_id=p_item.project.projectid, dst_user_id=registration.userid) newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG) for p_item in newprj_reqs: noti_params = { 'username' : p_item.registration.username, 'project' : p_item.project.projectname } notifyUser(request=self.request, rcpt=user_email, action=FIRST_REG_OK_TYPE, context=noti_params, dst_project_id=p_item.project.projectid, dst_user_id=p_item.registration.userid) # # cache cleanup # newprj_reqs.delete() reg_request.delete() self.post_reminder(registration, user_email) except: LOG.error("Error pre-checking request", exc_info=True) messages.error(request, _("Cannot pre-check request")) return False return True
def handle(self, request, data): try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) usr_and_prj = REQID_REGEX.search(data['requestid']) with transaction.atomic(): q_args = { 'registration__regid': int(usr_and_prj.group(1)), 'project__projectname': usr_and_prj.group(2) } prj_req = PrjRequest.objects.filter(**q_args)[0] # # Insert expiration date per tenant # expiration = Expiration() expiration.registration = prj_req.registration expiration.project = prj_req.project expiration.expdate = data['expiration'] expiration.save() # # Update the max expiration per user # user_reg = prj_req.registration if data['expiration'] > user_reg.expdate: user_reg.expdate = data['expiration'] user_reg.save() project_name = prj_req.project.projectname project_id = prj_req.project.projectid user_name = prj_req.registration.username user_id = prj_req.registration.userid keystone_api.add_tenant_user_role(request, project_id, user_id, default_roleid) # # Enable reminder for cloud admin # RegRequest.objects.filter(registration=prj_req.registration, flowstatus=RSTATUS_REMINDER).update( flowstatus=RSTATUS_REMINDACK) # # clear request # prj_req.delete() # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=user_id) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, project_id) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [x.email for x in tmpres] noti_params = {'username': user_name, 'project': project_name} notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_OK_TYPE, context=noti_params, dst_project_id=project_id) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_project_id=project_id, dst_user_id=user_id) except: LOG.error("Error forced-checking request", exc_info=True) messages.error(request, _("Cannot forced check request")) return False return True
def handle(self, request, data): if not data['username']: messages.error(request, _("Cannot process request: missing username")) return False try: tenantadmin_roleid, default_roleid = check_and_get_roleids(request) with transaction.atomic(): registration = Registration.objects.get( regid=int(data['regid'])) reg_request = RegRequest.objects.filter( registration=registration, flowstatus=RSTATUS_PENDING)[0] prjReqList = PrjRequest.objects.filter( registration=registration) password = reg_request.password if not password: password = generate_pwd() user_email = reg_request.email # # Mapping of external accounts # is_local = True if reg_request.externalid: mapping = UserMapping( globaluser=reg_request.externalid, registration=reg_request.registration) mapping.save() is_local = False LOG.info("Registered external account %s" % reg_request.externalid) # # Forward request to project administrators # q_args = { 'project__projectid__isnull': False, 'flowstatus': PSTATUS_REG } prjReqList.filter(**q_args).update(flowstatus=PSTATUS_PENDING) # # Creation of new tenants # self.preprocess_prj(registration, data) new_prj_list = list() p_reqs = prjReqList.filter(project__projectid__isnull=True, flowstatus=PSTATUS_REG) if len(p_reqs): newreq_prj = p_reqs[0].project kprj = keystone_api.tenant_create(request, newreq_prj.projectname, newreq_prj.description, True) newreq_prj.projectid = kprj.id newreq_prj.save() new_prj_list.append(newreq_prj) setup_new_project(request, kprj.id, newreq_prj.projectname, data) LOG.info("Created tenant %s" % newreq_prj.projectname) # # User creation # if not registration.userid: if is_local: registration.username = data['username'] kuser = keystone_api.user_create( request, name=registration.username, password=password, email=user_email, enabled=True) registration.expdate = self.expiration registration.userid = kuser.id registration.save() LOG.info("Created user %s" % registration.username) mail_obj = EMail() mail_obj.registration = registration mail_obj.email = user_email mail_obj.save() # # The new user is the project manager of its tenant # register the expiration date per tenant # for prj_item in new_prj_list: expiration = Expiration() expiration.registration = registration expiration.project = prj_item expiration.expdate = self.expiration expiration.save() prjRole = PrjRole() prjRole.registration = registration prjRole.project = prj_item prjRole.roleid = tenantadmin_roleid prjRole.save() keystone_api.add_tenant_user_role(request, prj_item.projectid, registration.userid, tenantadmin_roleid) # # Send notifications to project administrators and users # for p_item in prjReqList.filter(flowstatus=PSTATUS_PENDING): m_userids = get_prjman_ids(request, p_item.project.projectid) tmpres = EMail.objects.filter( registration__userid__in=m_userids) m_emails = [x.email for x in tmpres] noti_params = { 'username': data['username'], 'project': p_item.project.projectname } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_WAIT_TYPE, context=noti_params, dst_project_id=p_item.project.projectid) n2_params = { 'username': p_item.registration.username, 'project': p_item.project.projectname, 'prjadmins': m_emails } notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_ONGOING, context=n2_params, dst_project_id=p_item.project.projectid, dst_user_id=registration.userid) newprj_reqs = prjReqList.filter(flowstatus=PSTATUS_REG) for p_item in newprj_reqs: noti_params = { 'username': p_item.registration.username, 'project': p_item.project.projectname } notifyUser(request=self.request, rcpt=user_email, action=FIRST_REG_OK_TYPE, context=noti_params, dst_project_id=p_item.project.projectid, dst_user_id=p_item.registration.userid) # # cache cleanup # newprj_reqs.delete() reg_request.delete() self.post_reminder(registration, user_email) except: LOG.error("Error pre-checking request", exc_info=True) messages.error(request, _("Cannot pre-check request")) return False return True
def handle(self, request, data): if not request.user.is_superuser: messages.error(_("Operation not authorized")) return False try: with transaction.atomic(): reg_user = Registration.objects.filter(userid=data['userid'])[0] prj_list = Project.objects.filter(projectname__in=data['projects']) reg_user.expdate = data['expdate'] reg_user.save() # # Enable reminder for cloud admin if present # RegRequest.objects.filter( registration = reg_user, flowstatus = RSTATUS_REMINDER ).update(flowstatus = RSTATUS_REMINDACK) k_user = keystone_api.user_get(request, data['userid']) if not k_user.enabled: keystone_api.user_update(request, data['userid'], enabled=True) except: LOG.error("Generic failure", exc_info=True) return False for prj_item in prj_list: try: with transaction.atomic(): Expiration( registration=reg_user, project=prj_item, expdate=data['expdate'] ).save() keystone_api.add_tenant_user_role( request, prj_item.projectid, data['userid'], get_default_role(request)) # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=data['userid']) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, prj_item.projectid) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [ x.email for x in tmpres ] noti_params = { 'username' : reg_user.username, 'project' : prj_item.projectname } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_OK_TYPE, context=noti_params, dst_project_id=prj_item.projectid) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_project_id=prj_item.projectid, dst_user_id=reg_user.userid) except: LOG.error("Generic failure", exc_info=True) return True
def handle(self, request, data): if not request.user.is_superuser: messages.error(_("Operation not authorized")) return False try: with transaction.atomic(): reg_user = Registration.objects.filter(userid=data['userid'])[0] prj_list = Project.objects.filter(projectname__in=data['projects']) reg_user.expdate = data['expdate'] reg_user.save() k_user = keystone_api.user_get(request, data['userid']) if not k_user.enabled: keystone_api.user_update(request, data['userid'], enabled=True) except: LOG.error("Generic failure", exc_info=True) return False for prj_item in prj_list: try: with transaction.atomic(): Expiration( registration=reg_user, project=prj_item, expdate=data['expdate'] ).save() keystone_api.add_tenant_user_role( request, prj_item.projectid, data['userid'], get_default_role(request)) # # send notification to project managers and users # tmpres = EMail.objects.filter(registration__userid=data['userid']) user_email = tmpres[0].email if tmpres else None m_userids = get_prjman_ids(request, prj_item.projectid) tmpres = EMail.objects.filter(registration__userid__in=m_userids) m_emails = [ x.email for x in tmpres ] noti_params = { 'username' : reg_user.username, 'project' : prj_item.projectname } notifyProject(request=self.request, rcpt=m_emails, action=SUBSCR_FORCED_OK_TYPE, context=noti_params, dst_project_id=prj_item.projectid) notifyUser(request=self.request, rcpt=user_email, action=SUBSCR_OK_TYPE, context=noti_params, dst_project_id=prj_item.projectid, dst_user_id=reg_user.userid) except: LOG.error("Generic failure", exc_info=True) return True