def set_policy(request, account_id, policy_name):
""" Respond to the "/admin/account/set_policy/XXX/YYY" URL.
We let the administrator set the account-level override for the given
account and policy.
"""
if not request.user.is_authenticated():
return HttpResponseRedirect(reverse("tahua.admin_interface.views." +
"main.main"))
try:
account = Account.objects.get(id=account_id)
except Account.DoesNotExist:
return HttpResponseRedirect(reverse("tahua.admin_interface.views." +
"main.main"))
try:
policy = Policy.objects.get(name=policy_name)
except Policy.DoesNotExist:
return HttpResponseRedirect(reverse("tahua.admin_interface.views." +
"main.main"))
try:
override = \
PolicyAccountOverride.objects.get(policy=policy,
account=account).get_override()
except PolicyAccountOverride.DoesNotExist:
override = ""
if request.method == "GET":
err_msg = None
elif request.method == "POST":
# See if the user clicked on one of our buttons.
if request.POST.get("cancel") != None:
return HttpResponseRedirect(reverse("tahua.admin_interface." +
"views.account.policies",
args=[account.id]))
if request.POST.get("ok") != None:
err_msg = None # initially.
override = request.POST.get("override")
if override in [None, ""]:
err_msg = "You must enter a value for this policy override."
if err_msg == None:
try:
override_value = eval(override)
except ValueError:
err_msg = "Invalid override value."
if err_msg == None:
# Save the policy override, creating a new record if necessary.
try:
override = \
PolicyAccountOverride.objects.get(policy=policy,
account=account)
except PolicyAccountOverride.DoesNotExist:
override = PolicyAccountOverride()
override.policy = policy
override.account = account
override.set_override(override_value)
override.save()
return HttpResponseRedirect(reverse("tahua.admin_interface." +
"views.account.policies",
args=[account.id]))
# If we get here, display the page.
return render_to_response("admin_interface/account_wrapper.html",
{'tab' : "policies",
'template_name' : "admin_interface/" +
"account_set_policy.html",
'account' : account,
'err_msg' : err_msg,
'policy_label' : policy.label,
'default' : policy.get_default(),
'override' : override,
},
context_instance=RequestContext(request))
def set(request):
""" Respond to the "/policy/set" API call.
"""
try:
# Extract our payload from the request parameters.
request_payload = api_helper.process_request(request)
if "error" in request_payload: return request_payload['error']
# Check that the required fields are present.
error = api_helper.check_fields(request_payload,
required_fields=["session_key",
"pin_number",
"policy",
"value"],
optional_fields=["account_id"])
if error != None: return error
user = request_payload['session'].user
pin_number = request_payload['fields']['pin_number']
account_id = request_payload['fields'].get("account_id")
policy_name = request_payload['fields']['policy']
policy_value = request_payload['fields']['value']
# Check that the supplied PIN number is correct.
if pin_number != user.pin_number:
return api_helper.error(request_payload, api_errors.UNAUTHORIZED)
# If an account ID was specified, make sure the user is allowed to
# access that account.
if account_id != None:
if user.user_id != account_id.get("user_id"):
return api_helper.error(request_payload,
api_errors.UNAUTHORIZED)
# Get the Policy the user wants to set the override for.
try:
policy = Policy.objects.get(name=policy_name)
except Policy.DoesNotExist:
return api_helper.error(request_payload,
api_errors.NO_SUCH_POLICY)
# Check that the user is allowed to make this policy override for the
# given policy.
if not account_helper.is_acceptable_policy_override(policy,
policy_value):
return api_helper.error(request_payload,
api_errors.UNACCEPTABLE_POLICY_OVERRIDE)
# Create an appropriate policy override record.
if account_id != None:
# We need to create an account-level override for this policy and
# account, deleting the old override if there is one.
account = account_helper.get_or_create_account(account_id)
PolicyAccountOverride.objects.filter(policy=policy,
account=account).delete()
override = PolicyAccountOverride()
override.policy = policy
override.account = account
override.set_override(policy_value)
override.save()
else:
# We need to create a user-level override for this policy and user,
# deleing the old override if there is one.
PolicyUserOverride.objects.filter(policy=policy,
user=user).delete()
override = PolicyUserOverride()
override.policy = policy
override.user = user
override.set_override(policy_value)
override.save()
# Finally, return an empty payload back to the caller.
return api_helper.response(request_payload, {})
except:
traceback.print_exc()
return HttpResponseServerError()
