+ def can_update(self, user):
+ if user.is_readonly:
+ return False
+ if user.is_admin:
+ return True
+ # slice admins can update
+ slice_privs = SlicePrivilege.objects.filter(user=user, slice=self)
+ for slice_priv in slice_privs:
+ if slice_priv.role.role == 'admin':
+ return True
+ # site pis can update
+ site_privs = SitePrivilege.objects.filter(user=user, site=self.site)
+ for site_priv in site_privs:
+ if site_priv.role.role == 'pi':
+ return True
+
+ return False
+
+ @staticmethod
+ def select_by_user(user):
+ if user.is_admin:
+ qs = Slice.objects.all()
+ else:
+ # users can see slices they belong to
+ slice_ids = [sp.slice.id for sp in SlicePrivilege.objects.filter(user=user)]
+ # pis can see slices at their sites
+ sites = [sp.site for sp in SitePrivilege.objects.filter(user=user)\
+ if sp.role.role == 'pi']
+ slice_ids.extend([s.id for s in Slice.objects.filter(site__in=sites)])
+ qs = Slice.objects.filter(id__in=slice_ids)
+ return qs
+
+ def delete(self, *args, **kwds):
+ # delete networks associated with this slice
+ from core.models.network import Network
+ nets = Network.objects.filter(slices=self)
+ nets.delete()
+ # delete slice deployments
+ slice_deployments = SliceDeployments.objects.filter(slice=self)
+ slice_deployments.delete()
+ # delete slice privilege
+ slice_privileges = SlicePrivilege.objects.filter(slice=self)
+ slice_privileges.delete()
+ # continue with normal delete
+ super(SliceAdmin, self).delete(*args, **kwds)
+
+
+class SliceRole(PlCoreBase):
+ ROLE_CHOICES = (('admin','Admin'),('default','Default'))
+
+ role = models.CharField(choices=ROLE_CHOICES, unique=True, max_length=30)
+
+ def __unicode__(self): return u'%s' % (self.role)
+
+class SlicePrivilege(PlCoreBase):
+ user = models.ForeignKey('User', related_name='sliceprivileges')
+ slice = models.ForeignKey('Slice', related_name='sliceprivileges')
+ role = models.ForeignKey('SliceRole',related_name='sliceprivileges')