from django.contrib.auth.signals import user_logged_in
from django.utils import timezone
from django.contrib.contenttypes import generic
-from django.core.urlresolvers import reverse
from suit.widgets import LinkedSelect
+from django.core.exceptions import PermissionDenied
+from django.core.urlresolvers import reverse, NoReverseMatch
import django_evolution
+class ReadOnlyAwareAdmin(admin.ModelAdmin):
+
+ def has_add_permission(self, request, obj=None):
+ return (not self.__user_is_readonly(request))
+
+ def has_delete_permission(self, request, obj=None):
+ return (not self.__user_is_readonly(request))
+
+ def save_model(self, request, obj, form, change):
+ if self.__user_is_readonly(request):
+ raise PermissionDenied
+ #pass
+ else:
+ return super(ReadOnlyAwareAdmin, self).save_model(request, obj, form, change)
+
+ def get_actions(self,request):
+ actions = super(ReadOnlyAwareAdmin,self).get_actions(request)
+
+ if self.__user_is_readonly(request):
+ if 'delete_selected' in actions:
+ del actions['delete_selected']
+
+ return actions
+
+ def change_view(self,request,object_id, extra_context=None):
+
+ if self.__user_is_readonly(request):
+ self.readonly_fields=self.user_readonly_fields
+ self.inlines = self.user_readonly_inlines
+
+ try:
+ return super(ReadOnlyAwareAdmin, self).change_view(request, object_id, extra_context=extra_context)
+ except PermissionDenied:
+ pass
+ if request.method == 'POST':
+ raise PermissionDenied
+ request.readonly = True
+ return super(ReadOnlyAwareAdmin, self).change_view(request, object_id, extra_context=extra_context)
+
+
+ def __user_is_readonly(self, request):
+ return request.user.isReadOnlyUser()
+
class SingletonAdmin (admin.ModelAdmin):
def has_add_permission(self, request):
num_objects = self.model.objects.count()
class PlStackTabularInline(admin.TabularInline):
- pass
+ def __init__(self, *args, **kwargs):
+ super(PlStackTabularInline, self).__init__(*args, **kwargs)
-class ReservationInline(PlStackTabularInline):
+ # InlineModelAdmin as no get_fields() method, so in order to add
+ # the selflink field, we override __init__ to modify self.fields and
+ # self.readonly_fields.
+
+ self.setup_selflink()
+
+ def get_change_url(self, model, id):
+ """ Get the URL to a change form in the admin for this model """
+ reverse_path = "admin:%s_change" % (model._meta.db_table)
+ try:
+ url = reverse(reverse_path, args=(id,))
+ except NoReverseMatch:
+ return None
+
+ return url
+
+ def setup_selflink(self):
+ if hasattr(self, "selflink_fieldname"):
+ """ self.selflink_model can be defined to punch through a relation
+ to its target object. For example, in SliceNetworkInline, set
+ selflink_model = "network", and the URL will lead to the Network
+ object instead of trying to bring up a change view of the
+ SliceNetwork object.
+ """
+ self.selflink_model = getattr(self.model,self.selflink_fieldname).field.rel.to
+ else:
+ self.selflink_model = self.model
+
+ url = self.get_change_url(self.selflink_model, 0)
+
+ # We don't have an admin for this object, so don't create the
+ # selflink.
+ if (url == None):
+ return
+
+ # Since we need to add "selflink" to the field list, we need to create
+ # self.fields if it is None.
+ if (self.fields is None):
+ self.fields = []
+ for f in self.model._meta.fields:
+ if f.editable and f.name != "id":
+ self.fields.append(f.name)
+
+ self.fields = tuple(self.fields) + ("selflink", )
+
+ if self.readonly_fields is None:
+ self.readonly_fields = ()
+
+ self.readonly_fields = tuple(self.readonly_fields) + ("selflink", )
+
+ def selflink(self, obj):
+ if hasattr(self, "selflink_fieldname"):
+ obj = getattr(obj, self.selflink_fieldname)
+
+ if obj.id:
+ url = self.get_change_url(self.selflink_model, obj.id)
+ return "<a href='%s'>Details</a>" % str(url)
+ else:\r
+ return "Not present"\r
+
+ selflink.allow_tags = True
+ selflink.short_description = "Details"
+
+class ReadOnlyTabularInline(PlStackTabularInline):
+ can_delete = False
+
+ def get_readonly_fields(self, request, obj=None):
+ return self.fields
+
+ def has_add_permission(self, request):
+ return False
+
+class ReservationROInline(ReadOnlyTabularInline):
model = Reservation
extra = 0
suit_classes = 'suit-tab suit-tab-reservations'
+ fields = ['startTime','slice','duration']
+class ReservationInline(PlStackTabularInline):
+ model = Reservation
+ extra = 0
+ suit_classes = 'suit-tab suit-tab-reservations'
+
+ def queryset(self, request):
+ return Reservation.select_by_user(request.user)
-class ReadonlyTabularInline(PlStackTabularInline):
- can_delete = False
+class TagROInline(generic.GenericTabularInline):
+ model = Tag
extra = 0
- editable_fields = []
+ suit_classes = 'suit-tab suit-tab-tags'
+ can_delete = False
+ fields = ['service', 'name', 'value']
def get_readonly_fields(self, request, obj=None):
- fields = []
- for field in self.model._meta.get_all_field_names():
- if (not field == 'id'):
- if (field not in self.editable_fields):
- fields.append(field)
- return fields
+ return self.fields
def has_add_permission(self, request):
return False
+
class TagInline(generic.GenericTabularInline):
model = Tag
extra = 0
suit_classes = 'suit-tab suit-tab-tags'
+ fields = ['service', 'name', 'value']
+
+ def queryset(self, request):
+ return Tag.select_by_user(request.user)
class NetworkLookerUpper:
""" This is a callable that looks up a network name in a sliver and returns
def __str__(self):
return self.network_name
+class SliverROInline(ReadOnlyTabularInline):
+ model = Sliver
+ fields = ['ip', 'instance_name', 'slice', 'numberCores', 'image', 'node', 'deploymentNetwork']
+ suit_classes = 'suit-tab suit-tab-slivers'
+
class SliverInline(PlStackTabularInline):
model = Sliver
fields = ['ip', 'instance_name', 'slice', 'numberCores', 'image', 'node', 'deploymentNetwork']
readonly_fields = ['ip', 'instance_name']
suit_classes = 'suit-tab suit-tab-slivers'
+ def queryset(self, request):
+ return Sliver.select_by_user(request.user)
+
# Note this is breaking in the admin.py when trying to use an inline to add a node/image
# def _declared_fieldsets(self):
# # Return None so django will call get_fieldsets and we can insert our
+class SiteROInline(ReadOnlyTabularInline):
+ model = Site
+ extra = 0
+ fields = ['name', 'login_base', 'site_url', 'enabled']
+ suit_classes = 'suit-tab suit-tab-sites'
+
class SiteInline(PlStackTabularInline):
model = Site
extra = 0
suit_classes = 'suit-tab suit-tab-sites'
+ def queryset(self, request):
+ return Site.select_by_user(request.user)
+
+class UserROInline(ReadOnlyTabularInline):
+ model = User
+ fields = ['email', 'firstname', 'lastname']
+ extra = 0
+ suit_classes = 'suit-tab suit-tab-users'
+
class UserInline(PlStackTabularInline):
model = User
fields = ['email', 'firstname', 'lastname']
extra = 0
suit_classes = 'suit-tab suit-tab-users'
+ def queryset(self, request):
+ return User.select_by_user(request.user)
+
+class SliceROInline(ReadOnlyTabularInline):
+ model = Slice
+ suit_classes = 'suit-tab suit-tab-slices'
+ fields = ['name','site', 'serviceClass', 'service']
+
class SliceInline(PlStackTabularInline):
model = Slice
fields = ['name','site', 'serviceClass', 'service']
extra = 0
suit_classes = 'suit-tab suit-tab-slices'
+ def queryset(self, request):
+ return Slice.select_by_user(request.user)
-class RoleInline(PlStackTabularInline):
- model = Role
- extra = 0
- suit_classes = 'suit-tab suit-tab-roles'
+class NodeROInline(ReadOnlyTabularInline):
+ model = Node
+ extra = 0
+ suit_classes = 'suit-tab suit-tab-nodes'
+ fields = ['name','deployment']
class NodeInline(PlStackTabularInline):
model = Node
extra = 0
suit_classes = 'suit-tab suit-tab-nodes'
+ fields = ['name','deployment']
-class SlicePrivilegeInline(PlStackTabularInline):
- model = SlicePrivilege
+class DeploymentPrivilegeROInline(ReadOnlyTabularInline):
+ model = DeploymentPrivilege
extra = 0
- suit_classes = 'suit-tab suit-tab-sliceprivileges'
+ suit_classes = 'suit-tab suit-tab-deploymentprivileges'
+ fields = ['user','role']
class DeploymentPrivilegeInline(PlStackTabularInline):
model = DeploymentPrivilege
extra = 0
suit_classes = 'suit-tab suit-tab-deploymentprivileges'
+ fields = ['user','role']
+
+ def queryset(self, request):
+ return DeploymentPrivilege.select_by_user(request.user)
+
+#CLEANUP DOUBLE SitePrivilegeInline
+class SitePrivilegeROInline(ReadOnlyTabularInline):
+ model = SitePrivilege
+ extra = 0
+ suit_classes = 'suit-tab suit-tab-siteprivileges'
+ fields = ['user','site', 'role']
class SitePrivilegeInline(PlStackTabularInline):
model = SitePrivilege
extra = 0
suit_classes = 'suit-tab suit-tab-siteprivileges'
+ fields = ['user','site', 'role']
def formfield_for_foreignkey(self, db_field, request, **kwargs):
if db_field.name == 'site':
- if not request.user.is_admin:
- # only show sites where user is an admin or pi
- roles = Role.objects.filter(role_type__in=['admin', 'pi'])
- site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
- login_bases = [site_privilege.site.login_base for site_privilege in site_privileges]
- sites = Site.objects.filter(login_base__in=login_bases)
- kwargs['queryset'] = sites
+ kwargs['queryset'] = Site.select_by_user(request.user)
if db_field.name == 'user':
- if not request.user.is_admin:
- # only show users from sites where caller has admin or pi role
- roles = Role.objects.filter(role_type__in=['admin', 'pi'])
- site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
- sites = [site_privilege.site for site_privilege in site_privileges]
- site_privileges = SitePrivilege.objects.filter(site__in=sites)
- emails = [site_privilege.user.email for site_privilege in site_privileges]
- users = User.objects.filter(email__in=emails)
- kwargs['queryset'] = users
+ kwargs['queryset'] = User.select_by_user(request.user)
return super(SitePrivilegeInline, self).formfield_for_foreignkey(db_field, request, **kwargs)
-class SitePrivilegeInline(PlStackTabularInline):
- model = SitePrivilege
- suit_classes = 'suit-tab suit-tab-siteprivileges'
+ def queryset(self, request):
+ return SitePrivilege.select_by_user(request.user)
+
+class SiteDeploymentROInline(ReadOnlyTabularInline):
+ model = SiteDeployments
+ #model = Site.deployments.through
+ extra = 0
+ suit_classes = 'suit-tab suit-tab-sitedeployments'
+ fields = ['deployment','site']
+
+class SiteDeploymentInline(PlStackTabularInline):
+ model = SiteDeployments
+ #model = Site.deployments.through
extra = 0
- fields = ('user', 'site','role')
+ suit_classes = 'suit-tab suit-tab-deployments'
+ fields = ['deployment','site']
+
+ def formfield_for_foreignkey(self, db_field, request, **kwargs):
+ if db_field.name == 'site':
+ kwargs['queryset'] = Site.select_by_user(request.user)
+
+ if db_field.name == 'deployment':
+ kwargs['queryset'] = Deployment.select_by_user(request.user)
+ return super(SiteDeploymentInline, self).formfield_for_foreignkey(db_field, request, **kwargs)
+
+ def queryset(self, request):
+ return SiteDeployments.select_by_user(request.user)
+
+
+class SlicePrivilegeROInline(ReadOnlyTabularInline):
+ model = SlicePrivilege
+ extra = 0
+ suit_classes = 'suit-tab suit-tab-sliceprivileges'
+ fields = ['user', 'slice', 'role']
class SlicePrivilegeInline(PlStackTabularInline):
model = SlicePrivilege
def formfield_for_foreignkey(self, db_field, request, **kwargs):
if db_field.name == 'slice':
- if not request.user.is_admin:
- # only show slices at sites where caller has admin or pi role
- roles = Role.objects.filter(role_type__in=['admin', 'pi'])
- site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
- sites = [site_privilege.site for site_privilege in site_privileges]
- slices = Slice.objects.filter(site__in=sites)
- kwargs['queryset'] = slices
+ kwargs['queryset'] = Slice.select_by_user(request.user)
if db_field.name == 'user':
- if not request.user.is_admin:
- # only show users from sites where caller has admin or pi role
- roles = Role.objects.filter(role_type__in=['admin', 'pi'])
- site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
- sites = [site_privilege.site for site_privilege in site_privileges]
- site_privileges = SitePrivilege.objects.filter(site__in=sites)
- emails = [site_privilege.user.email for site_privilege in site_privileges]
- users = User.objects.filter(email__in=emails)
- kwargs['queryset'] = list(users)
+ kwargs['queryset'] = User.select_by_user(request.user)
return super(SlicePrivilegeInline, self).formfield_for_foreignkey(db_field, request, **kwargs)
-class SliceNetworkInline(PlStackTabularInline):
+ def queryset(self, request):
+ return SlicePrivilege.select_by_user(request.user)
+
+class SliceNetworkROInline(ReadOnlyTabularInline):
model = Network.slices.through
extra = 0
verbose_name = "Network Connection"
verbose_name_plural = "Network Connections"
suit_classes = 'suit-tab suit-tab-slicenetworks'
+ fields = ['network']
-class SliceTagInline(PlStackTabularInline):
- model = SliceTag
+class SliceNetworkInline(PlStackTabularInline):
+ model = Network.slices.through
+ selflink_fieldname = "network"
extra = 0
+ verbose_name = "Network Connection"
+ verbose_name_plural = "Network Connections"
+ suit_classes = 'suit-tab suit-tab-slicenetworks'
class PlainTextWidget(forms.HiddenInput):
input_type = 'hidden'
value = ''
return mark_safe(str(value) + super(PlainTextWidget, self).render(name, value, attrs))
-class PlanetStackBaseAdmin(admin.ModelAdmin):
+class PlanetStackBaseAdmin(ReadOnlyAwareAdmin):
save_on_top = False
+
+ def save_model(self, request, obj, form, change):
+ # update openstack connection to use this site/tenant
+ obj.save_by_user(request.user)
+
+ def delete_model(self, request, obj):
+ obj.delete_by_user(request.user)
+
+ def save_formset(self, request, form, formset, change):
+ instances = formset.save(commit=False)
+ for instance in instances:
+ instance.save_by_user(request.user)
+ formset.save_m2m()
class SliceRoleAdmin(PlanetStackBaseAdmin):
model = SliceRole
class Meta:
model = Deployment
+ def __init__(self, *args, **kwargs):
+ super(DeploymentAdminForm, self).__init__(*args, **kwargs)
+
+ if self.instance and self.instance.pk:
+ self.fields['sites'].initial = self.instance.sites.all()
+
+ def save(self, commit=True):
+ deployment = super(DeploymentAdminForm, self).save(commit=False)
+
+ if commit:
+ deployment.save()
+
+ if deployment.pk:
+ deployment.sites = self.cleaned_data['sites']
+ self.save_m2m()
+
+ return deployment
+
+class SiteAssocInline(PlStackTabularInline):
+ model = Site.deployments.through
+ extra = 0
+ suit_classes = 'suit-tab suit-tab-sites'
class DeploymentAdmin(PlanetStackBaseAdmin):
form = DeploymentAdminForm
+ model = Deployment
+ fieldList = ['name','sites']
+ fieldsets = [(None, {'fields': fieldList, 'classes':['suit-tab suit-tab-sites']})]
inlines = [DeploymentPrivilegeInline,NodeInline,TagInline]
- fieldsets = [
- (None, {'fields': ['sites'], 'classes':['suit-tab suit-tab-sites']}),]
- suit_form_tabs =(('sites', 'Sites'),('nodes','Nodes'),('deploymentprivileges','Privileges'),('tags','Tags'))
-class ServiceAttrAsTabInline(PlStackTabularInline):
+ user_readonly_inlines = [DeploymentPrivilegeROInline,NodeROInline,TagROInline]
+ user_readonly_fields = ['name']
+
+ suit_form_tabs =(('sites','Deployment Details'),('nodes','Nodes'),('deploymentprivileges','Privileges'),('tags','Tags'))
+
+class ServiceAttrAsTabROInline(ReadOnlyTabularInline):
model = ServiceAttribute
fields = ['name','value']
extra = 0
suit_classes = 'suit-tab suit-tab-serviceattrs'
-class ServiceAttributeInline(PlStackTabularInline):
+class ServiceAttrAsTabInline(PlStackTabularInline):
model = ServiceAttribute
fields = ['name','value']
extra = 0
+ suit_classes = 'suit-tab suit-tab-serviceattrs'
class ServiceAdmin(PlanetStackBaseAdmin):
- list_display = ("name","enabled")
- fieldsets = [(None, {'fields': ['name','enabled','description']})]
- inlines = [ServiceAttributeInline,]
+ list_display = ("name","description","versionNumber","enabled","published")
+ fieldList = ["name","description","versionNumber","enabled","published"]
+ fieldsets = [(None, {'fields': fieldList, 'classes':['suit-tab suit-tab-general']})]
+ inlines = [ServiceAttrAsTabInline,SliceInline]
+
+ user_readonly_fields = fieldList
+ user_readonly_inlines = [ServiceAttrAsTabROInline,SliceROInline]
+
+ suit_form_tabs =(('general', 'Service Details'),
+ ('slices','Slices'),
+ ('serviceattrs','Additional Attributes'),
+ )
class SiteAdmin(PlanetStackBaseAdmin):
+ fieldList = ['name', 'site_url', 'enabled', 'is_public', 'login_base', 'accountLink','location']
fieldsets = [
- (None, {'fields': ['name', 'site_url', 'enabled', 'is_public', 'login_base', 'location', 'accountLink'], 'classes':['suit-tab suit-tab-general']}),
- ('Deployment Networks', {'fields': ['deployments'], 'classes':['suit-tab suit-tab-deployments']}),
+ (None, {'fields': fieldList, 'classes':['suit-tab suit-tab-general']}),
+ #('Deployment Networks', {'fields': ['deployments'], 'classes':['suit-tab suit-tab-deployments']}),
]
suit_form_tabs =(('general', 'Site Details'),
('users','Users'),
('siteprivileges','Privileges'),
('deployments','Deployments'),
('slices','Slices'),
- ('nodes','Nodes'),
+ ('nodes','Nodes'),
('tags','Tags'),
)
readonly_fields = ['accountLink']
+
+ user_readonly_fields = ['name', 'deployments','site_url', 'enabled', 'is_public', 'login_base', 'accountLink']
+ user_readonly_inlines = [SliceROInline,UserROInline,TagROInline, NodeROInline, SitePrivilegeROInline,SiteDeploymentROInline]
+
list_display = ('name', 'login_base','site_url', 'enabled')
filter_horizontal = ('deployments',)
- inlines = [SliceInline,UserInline,TagInline, NodeInline, SitePrivilegeInline]
+ inlines = [SliceInline,UserInline,TagInline, NodeInline, SitePrivilegeInline, SiteDeploymentInline]
search_fields = ['name']
def queryset(self, request):
- # admins can see all keys. Users can only see sites they belong to.
- qs = super(SiteAdmin, self).queryset(request)
- if not request.user.is_admin:
- valid_sites = [request.user.site.login_base]
- roles = request.user.get_roles()
- for tenant_list in roles.values():
- valid_sites.extend(tenant_list)
- qs = qs.filter(login_base__in=valid_sites)
- return qs
+ #print dir(UserInline)
+ return Site.select_by_user(request.user)
def get_formsets(self, request, obj=None):
for inline in self.get_inline_instances(request, obj):
accountLink.allow_tags = True
accountLink.short_description = "Billing"
+ def save_model(self, request, obj, form, change):
+ # update openstack connection to use this site/tenant
+ obj.save_by_user(request.user)
+
+ def delete_model(self, request, obj):
+ obj.delete_by_user(request.user)
+
+
class SitePrivilegeAdmin(PlanetStackBaseAdmin):
+ fieldList = ['user', 'site', 'role']
fieldsets = [
- (None, {'fields': ['user', 'site', 'role'], 'classes':['collapse']})
+ (None, {'fields': fieldList, 'classes':['collapse']})
]
list_display = ('user', 'site', 'role')
+ user_readonly_fields = fieldList
+ user_readonly_inlines = []
def formfield_for_foreignkey(self, db_field, request, **kwargs):
if db_field.name == 'site':
# admins can see all privileges. Users can only see privileges at sites
# where they have the admin role or pi role.
qs = super(SitePrivilegeAdmin, self).queryset(request)
- if not request.user.is_admin:
- roles = Role.objects.filter(role_type__in=['admin', 'pi'])
- site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
- login_bases = [site_privilege.site.login_base for site_privilege in site_privileges]
- sites = Site.objects.filter(login_base__in=login_bases)
- qs = qs.filter(site__in=sites)
+ #if not request.user.is_admin:
+ # roles = Role.objects.filter(role_type__in=['admin', 'pi'])
+ # site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
+ # login_bases = [site_privilege.site.login_base for site_privilege in site_privileges]
+ # sites = Site.objects.filter(login_base__in=login_bases)
+ # qs = qs.filter(site__in=sites)
return qs
class SliceForm(forms.ModelForm):
class SliceAdmin(PlanetStackBaseAdmin):
form = SliceForm
- fieldsets = [('Slice Details', {'fields': ['name', 'site', 'serviceClass', 'enabled','description', 'service', 'slice_url'], 'classes':['suit-tab suit-tab-general']}),]
+ fieldList = ['name', 'site', 'serviceClass', 'enabled','description', 'service', 'slice_url']
+ fieldsets = [('Slice Details', {'fields': fieldList, 'classes':['suit-tab suit-tab-general']}),]
list_display = ('name', 'site','serviceClass', 'slice_url')
inlines = [SlicePrivilegeInline,SliverInline, TagInline, ReservationInline,SliceNetworkInline]
+ user_readonly_fields = fieldList
+ user_readonly_inlines = [SlicePrivilegeROInline,SliverROInline,TagROInline, ReservationROInline, SliceNetworkROInline]
- #inlines = [SliverInline, SliceMembershipInline, TagInline, SliceTagInline, SliceNetworkInline]
suit_form_tabs =(('general', 'Slice Details'),
('slicenetworks','Networks'),
('sliceprivileges','Privileges'),
def formfield_for_foreignkey(self, db_field, request, **kwargs):
if db_field.name == 'site':
- if not request.user.is_admin:
- # only show sites where user is a pi or admin
- roles = Role.objects.filter(role_type__in=['admin', 'pi'])
- site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
- login_bases = [site_privilege.site.login_base for site_privilege in site_privileges]
- sites = Site.objects.filter(login_base__in=login_bases)
- kwargs['queryset'] = sites
-
+ kwargs['queryset'] = Site.select_by_user(request.user)
+
return super(SliceAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs)
def queryset(self, request):
# admins can see all keys. Users can only see slices they belong to.
- qs = super(SliceAdmin, self).queryset(request)
- if not request.user.is_admin:
- valid_slices = []
- roles = request.user.get_roles()
- for tenant_list in roles.values():
- valid_slices.extend(tenant_list)
- qs = qs.filter(name__in=valid_slices)
- return qs
+ return Slice.select_by_user(request.user)
def get_formsets(self, request, obj=None):
for inline in self.get_inline_instances(request, obj):
inline.model.caller = request.user
yield inline.get_formset(request, obj)
- def get_queryset(self, request):
- qs = super(SliceAdmin, self).get_queryset(request)
- if request.user.is_superuser:
- return qs
- # users can only see slices at their site
- return qs.filter(site=request.user.site)
-
- def save_model(self, request, obj, form, change):
- # update openstack connection to use this site/tenant
- obj.caller = request.user
- obj.save()
class SlicePrivilegeAdmin(PlanetStackBaseAdmin):
fieldsets = [
]
list_display = ('user', 'slice', 'role')
+ user_readonly_fields = ['user', 'slice', 'role']
+ user_readonly_inlines = []
+
def formfield_for_foreignkey(self, db_field, request, **kwargs):
if db_field.name == 'slice':
- if not request.user.is_admin:
- # only show slices at sites where caller has admin or pi role
- roles = Role.objects.filter(role_type__in=['admin', 'pi'])
- site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
- sites = [site_privilege.site for site_privilege in site_privileges]
- slices = Slice.objects.filter(site__in=sites)
- kwargs['queryset'] = slices
+ kwargs['queryset'] = Slice.select_by_user(request.user)
if db_field.name == 'user':
- if not request.user.is_admin:
- # only show users from sites where caller has admin or pi role
- roles = Role.objects.filter(role_type__in=['admin', 'pi'])
- site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
- sites = [site_privilege.site for site_privilege in site_privileges]
- site_privileges = SitePrivilege.objects.filter(site__in=sites)
- emails = [site_privilege.user.email for site_privilege in site_privileges]
- users = User.objects.filter(email__in=emails)
- kwargs['queryset'] = users
+ kwargs['queryset'] = User.select_by_user(request.user)
return super(SlicePrivilegeAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs)
def queryset(self, request):
# admins can see all memberships. Users can only see memberships of
# slices where they have the admin role.
- qs = super(SlicePrivilegeAdmin, self).queryset(request)
- if not request.user.is_admin:
- roles = Role.objects.filter(role_type__in=['admin', 'pi'])
- site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
- login_bases = [site_privilege.site.login_base for site_privilege in site_privileges]
- sites = Site.objects.filter(login_base__in=login_bases)
- slices = Slice.objects.filter(site__in=sites)
- qs = qs.filter(slice__in=slices)
- return qs
+ return SlicePrivilege.select_by_user(request.user)
def save_model(self, request, obj, form, change):
# update openstack connection to use this site/tenant
suit_form_tabs =(('general','Image Details'),('slivers','Slivers'))
inlines = [SliverInline]
-
+
+ user_readonly_fields = ['image_id', 'name', 'disk_format', 'container_format']
+ user_readonly_inlines = [SliverROInline]
+
class NodeForm(forms.ModelForm):
class Meta:
widgets = {
'deployment': LinkedSelect
}
-class NodeAdmin(admin.ModelAdmin):
+class NodeAdmin(PlanetStackBaseAdmin):
form = NodeForm
list_display = ('name', 'site', 'deployment')
list_filter = ('deployment',)
+
inlines = [TagInline,SliverInline]
fieldsets = [('Node Details', {'fields': ['name','site','deployment'], 'classes':['suit-tab suit-tab-details']})]
+ user_readonly_fields = ['name','site','deployment']
+ user_readonly_inlines = [TagInline,SliverInline]
+
suit_form_tabs =(('details','Node Details'),('slivers','Slivers'),('tags','Tags'))
'image': LinkedSelect
}
-class TagAdmin(admin.ModelAdmin):
+class TagAdmin(PlanetStackBaseAdmin):
list_display = ['service', 'name', 'value', 'content_type', 'content_object',]
+ user_readonly_fields = ['service', 'name', 'value', 'content_type', 'content_object',]
+ user_readonly_inlines = []
class SliverAdmin(PlanetStackBaseAdmin):
form = SliverForm
inlines = [TagInline]
+ user_readonly_fields = ['slice', 'deploymentNetwork', 'node', 'ip', 'instance_name', 'numberCores', 'image']
+ user_readonly_inlines = [TagROInline]
+
def formfield_for_foreignkey(self, db_field, request, **kwargs):
if db_field.name == 'slice':
- if not request.user.is_admin:
- slices = set([sm.slice.name for sm in SlicePrivilege.objects.filter(user=request.user)])
- kwargs['queryset'] = Slice.objects.filter(name__in=list(slices))
+ kwargs['queryset'] = Slice.select_by_user(request.user)
return super(SliverAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs)
def queryset(self, request):
# admins can see all slivers. Users can only see slivers of
# the slices they belong to.
- qs = super(SliverAdmin, self).queryset(request)
- if not request.user.is_admin:
- tenants = []
- roles = request.user.get_roles()
- for tenant_list in roles.values():
- tenants.extend(tenant_list)
- valid_slices = Slice.objects.filter(name__in=tenants)
- qs = qs.filter(slice__in=valid_slices)
- return qs
+ return Sliver.select_by_user(request.user)
+
def get_formsets(self, request, obj=None):
# make some fields read only if we are updating an existing record
# hide MyInline in the add view
if obj is None:
continue
- # give inline object access to driver and caller
- auth = request.session.get('auth', {})
- auth['tenant'] = obj.name # meed to connect using slice's tenant
- inline.model.os_manager = OpenStackManager(auth=auth, caller=request.user)
- yield inline.get_formset(request, obj)
-
- def save_model(self, request, obj, form, change):
- # update openstack connection to use this site/tenant
- auth = request.session.get('auth', {})
- auth['tenant'] = obj.slice.name
- obj.os_manager = OpenStackManager(auth=auth, caller=request.user)
- obj.creator = request.user
- obj.save()
- def delete_model(self, request, obj):
- # update openstack connection to use this site/tenant
- auth = request.session.get('auth', {})
- auth['tenant'] = obj.slice.name
- obj.os_manager = OpenStackManager(auth=auth, caller=request.user)
- obj.delete()
+ #def save_model(self, request, obj, form, change):
+ # # update openstack connection to use this site/tenant
+ # auth = request.session.get('auth', {})
+ # auth['tenant'] = obj.slice.name
+ # obj.os_manager = OpenStackManager(auth=auth, caller=request.user)
+ # obj.creator = request.user
+ # obj.save()
+
+ #def delete_model(self, request, obj):
+ # # update openstack connection to use this site/tenant
+ # auth = request.session.get('auth', {})
+ # auth['tenant'] = obj.slice.name
+ # obj.os_manager = OpenStackManager(auth=auth, caller=request.user)
+ # obj.delete()
class UserCreationForm(forms.ModelForm):
"""A form for creating new users. Includes all the required
the user, but replaces the password field with admin's
password hash display field.
"""
- password = ReadOnlyPasswordHashField()
+ password = ReadOnlyPasswordHashField(label='Password',
+ help_text= '<a href=\"password/\">Change Password</a>.')
class Meta:
model = User
# field does not have access to the initial value
return self.initial["password"]
-
class UserAdmin(UserAdmin):
class Meta:
app_label = "core"
# The fields to be used in displaying the User model.
# These override the definitions on the base UserAdmin
# that reference specific fields on auth.User.
- list_display = ('email', 'firstname', 'lastname', 'is_admin', 'last_login')
+ list_display = ('email', 'firstname', 'lastname', 'site', 'last_login')
#list_display = ('email', 'username','firstname', 'lastname', 'is_admin', 'last_login')
- list_filter = ()
+ list_filter = ('site',)
inlines = [SlicePrivilegeInline,SitePrivilegeInline,DeploymentPrivilegeInline]
+
+ fieldListLoginDetails = ['email','site','password','is_readonly','is_amin','public_key']
+ fieldListContactInfo = ['firstname','lastname','phone','timezone']
+
fieldsets = (
- ('Login Details', {'fields': ('email', 'site','password', 'is_admin', 'public_key'), 'classes':['suit-tab suit-tab-general']}),
+ ('Login Details', {'fields': ['email', 'site','password', 'is_readonly', 'is_admin', 'public_key'], 'classes':['suit-tab suit-tab-general']}),
('Contact Information', {'fields': ('firstname','lastname','phone', 'timezone'), 'classes':['suit-tab suit-tab-contact']}),
#('Important dates', {'fields': ('last_login',)}),
)
add_fieldsets = (
(None, {
'classes': ('wide',),
- 'fields': ('email', 'firstname', 'lastname', 'phone', 'public_key','password1', 'password2')}
+ 'fields': ('email', 'firstname', 'lastname', 'is_readonly', 'phone', 'public_key','password1', 'password2')}
),
)
search_fields = ('email',)
ordering = ('email',)
filter_horizontal = ()
+ user_readonly_fields = fieldListLoginDetails
+ user_readonly_inlines = [SlicePrivilegeROInline,SitePrivilegeROInline,DeploymentPrivilegeROInline]
+
suit_form_tabs =(('general','Login Details'),('contact','Contact Information'),('sliceprivileges','Slice Privileges'),('siteprivileges','Site Privileges'),('deploymentprivileges','Deployment Privileges'))
def formfield_for_foreignkey(self, db_field, request, **kwargs):
if db_field.name == 'site':
- if not request.user.is_admin:
- # show sites where caller is an admin or pi
- sites = []
- for site_privilege in SitePrivilege.objects.filer(user=request.user):
- if site_privilege.role.role_type in ['admin', 'pi']:
- sites.append(site_privilege.site.login_base)
- kwargs['queryset'] = Site.objects.filter(login_base__in(list(sites)))
+ kwargs['queryset'] = Site.select_by_user(request.user)
return super(UserAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs)
-class ServiceResourceInline(admin.TabularInline):
+ def has_add_permission(self, request, obj=None):
+ return (not self.__user_is_readonly(request))
+
+ def has_delete_permission(self, request, obj=None):
+ return (not self.__user_is_readonly(request))
+
+ def get_actions(self,request):
+ actions = super(UserAdmin,self).get_actions(request)
+
+ if self.__user_is_readonly(request):
+ if 'delete_selected' in actions:
+ del actions['delete_selected']
+
+ return actions
+
+ def change_view(self,request,object_id, extra_context=None):
+
+ if self.__user_is_readonly(request):
+ self.readonly_fields=self.user_readonly_fields
+ self.inlines = self.user_readonly_inlines
+ try:
+ return super(UserAdmin, self).change_view(request, object_id, extra_context=extra_context)
+ except PermissionDenied:
+ pass
+ if request.method == 'POST':
+ raise PermissionDenied
+ request.readonly = True
+ return super(UserAdmin, self).change_view(request, object_id, extra_context=extra_context)
+
+ def __user_is_readonly(self, request):
+ #groups = [x.name for x in request.user.groups.all() ]
+ #return "readonly" in groups
+ return request.user.isReadOnlyUser()
+
+ def queryset(self, request):
+ return User.select_by_user(request.user)
+
+
+
+class ServiceResourceROInline(ReadOnlyTabularInline):
model = ServiceResource
extra = 0
+ fields = ['serviceClass', 'name', 'maxUnitsDeployment', 'maxUnitsNode', 'maxDuration', 'bucketInRate', 'bucketMaxSize', 'cost', 'calendarReservable']
-class ServiceClassAdmin(admin.ModelAdmin):
+class ServiceResourceInline(PlStackTabularInline):
+ model = ServiceResource
+ extra = 0
+
+class ServiceClassAdmin(PlanetStackBaseAdmin):
list_display = ('name', 'commitment', 'membershipFee')
inlines = [ServiceResourceInline]
-class ReservedResourceInline(admin.TabularInline):
+ user_readonly_fields = ['name', 'commitment', 'membershipFee']
+ user_readonly_inlines = []
+
+class ReservedResourceROInline(ReadOnlyTabularInline):
+ model = ReservedResource
+ extra = 0
+ fields = ['sliver', 'resource','quantity','reservationSet']
+ suit_classes = 'suit-tab suit-tab-reservedresources'
+
+class ReservedResourceInline(PlStackTabularInline):
model = ReservedResource
extra = 0
suit_classes = 'suit-tab suit-tab-reservedresources'
\r
return field
+ def queryset(self, request):
+ return ReservedResource.select_by_user(request.user)
+
class ReservationChangeForm(forms.ModelForm):
class Meta:
model = Reservation
def is_valid(self):
return False
-class ReservationAdmin(admin.ModelAdmin):
- fieldsets = [('Reservation Details', {'fields': ['slice', 'startTime', 'duration'], 'classes': ['suit-tab suit-tab-general']})]
+class ReservationAdmin(PlanetStackBaseAdmin):
+ fieldList = ['slice', 'startTime', 'duration']
+ fieldsets = [('Reservation Details', {'fields': fieldList, 'classes': ['suit-tab suit-tab-general']})]
list_display = ('startTime', 'duration')
form = ReservationAddForm
suit_form_tabs = (('general','Reservation Details'), ('reservedresources','Reserved Resources'))
inlines = [ReservedResourceInline]
+ user_readonly_inlines = [ReservedResourceROInline]
+ user_readonly_fields = fieldList
def add_view(self, request, form_url='', extra_context=None):
timezone.activate(request.user.timezone)
else:
return []
-class NetworkParameterTypeAdmin(admin.ModelAdmin):
+ def queryset(self, request):
+ return Reservation.select_by_user(request.user)
+
+class NetworkParameterTypeAdmin(PlanetStackBaseAdmin):
list_display = ("name", )
+ user_readonly_fields = ['name']
+ user_readonly_inlines = []
-class RouterAdmin(admin.ModelAdmin):
+class RouterAdmin(PlanetStackBaseAdmin):
list_display = ("name", )
+ user_readonly_fields = ['name']
+ user_readonly_inlines = []
+
+class RouterROInline(ReadOnlyTabularInline):
+ model = Router.networks.through
+ extra = 0
+ verbose_name_plural = "Routers"
+ verbose_name = "Router"
+ suit_classes = 'suit-tab suit-tab-routers'
-class RouterInline(admin.TabularInline):
+ fields = ['name', 'owner', 'permittedNetworks', 'networks']
+
+class RouterInline(PlStackTabularInline):
model = Router.networks.through
extra = 0
verbose_name_plural = "Routers"
verbose_name = "Router"
suit_classes = 'suit-tab suit-tab-routers'
+class NetworkParameterROInline(ReadOnlyTabularInline):
+ model = NetworkParameter
+ extra = 1
+ verbose_name_plural = "Parameters"
+ verbose_name = "Parameter"
+ suit_classes = 'suit-tab suit-tab-netparams'
+ fields = ['parameter', 'value', 'content_type', 'object_id', 'content_object']
+
class NetworkParameterInline(generic.GenericTabularInline):
model = NetworkParameter
extra = 1
verbose_name = "Parameter"
suit_classes = 'suit-tab suit-tab-netparams'
-class NetworkSliversInline(admin.TabularInline):
+class NetworkSliversROInline(ReadOnlyTabularInline):
+ fields = ['network', 'sliver', 'ip', 'port_id']
+ model = NetworkSliver
+ extra = 0
+ verbose_name_plural = "Slivers"
+ verbose_name = "Sliver"
+ suit_classes = 'suit-tab suit-tab-networkslivers'
+
+class NetworkSliversInline(PlStackTabularInline):
readonly_fields = ("ip", )
model = NetworkSliver
+ selflink_fieldname = "sliver"
extra = 0
verbose_name_plural = "Slivers"
verbose_name = "Sliver"
suit_classes = 'suit-tab suit-tab-networkslivers'
-class NetworkSlicesInline(admin.TabularInline):
+class NetworkSlicesROInline(ReadOnlyTabularInline):
model = NetworkSlice
extra = 0
verbose_name_plural = "Slices"
verbose_name = "Slice"
suit_classes = 'suit-tab suit-tab-networkslices'
+ fields = ['network','slice']
-class NetworkForm(forms.ModelForm):
- class Meta:
- widgets = {
- 'deployment': LinkedSelect,
- 'site': LinkedSelect,
- }
+class NetworkSlicesInline(PlStackTabularInline):
+ model = NetworkSlice
+ selflink_fieldname = "slice"
+ extra = 0
+ verbose_name_plural = "Slices"
+ verbose_name = "Slice"
+ suit_classes = 'suit-tab suit-tab-networkslices'
-class NetworkAdmin(admin.ModelAdmin):
- form = NetworkForm
+class NetworkAdmin(PlanetStackBaseAdmin):
list_display = ("name", "subnet", "ports", "labels")
- list_filter = ('deployment', )
readonly_fields = ("subnet", )
inlines = [NetworkParameterInline, NetworkSliversInline, NetworkSlicesInline, RouterInline]
fieldsets = [
- (None, {'fields': ['name','template','ports','labels','owner','guaranteedBandwidth', 'permitAllSlices','permittedSlices','site','deployment','network_id','router_id','subnet_id','subnet'], 'classes':['suit-tab suit-tab-general']}),]
+ (None, {'fields': ['name','template','ports','labels','owner','guaranteedBandwidth', 'permitAllSlices','permittedSlices','network_id','router_id','subnet_id','subnet'], 'classes':['suit-tab suit-tab-general']}),]
+
+ user_readonly_fields = ['name','template','ports','labels','owner','guaranteedBandwidth', 'permitAllSlices','permittedSlices','network_id','router_id','subnet_id','subnet']
+ user_readonly_inlines = [NetworkParameterROInline, NetworkSliversROInline, NetworkSlicesROInline, RouterROInline]
suit_form_tabs =(
('general','Network Details'),
('networkslices','Slices'),
('routers','Routers'),
)
-class NetworkTemplateAdmin(admin.ModelAdmin):
+class NetworkTemplateAdmin(PlanetStackBaseAdmin):
list_display = ("name", "guaranteedBandwidth", "visibility")
+ user_readonly_fields = ["name", "guaranteedBandwidth", "visibility"]
+ user_readonly_inlines = []
# register a signal that caches the user's credentials when they log in
def cache_credentials(sender, user, request, **kwds):
newFunc.allow_tags = True
return newFunc
-class InvoiceChargeInline(admin.TabularInline):
+class InvoiceChargeInline(PlStackTabularInline):
model = Charge
extra = 0
verbose_name_plural = "Charges"
verbose_name = "Charge"
- exclude = ['enacted']
- readonly_fields = ["date", "kind", "state", "object", "coreHours", "amount", "slice"]
+ exclude = ['account']
+ fields = ["date", "kind", "state", "object", "coreHours", "dollar_amount", "slice"]
+ readonly_fields = ["date", "kind", "state", "object", "coreHours", "dollar_amount", "slice"]
+ can_delete = False
+ max_num = 0
+
+ dollar_amount = right_dollar_field("amount", "Amount")
class InvoiceAdmin(admin.ModelAdmin):
list_display = ("date", "account")
inlines = [InvoiceChargeInline]
- fields = ["date", "account", "amount"]
- readonly_fields = ["date", "account", "amount"]
+ fields = ["date", "account", "dollar_amount"]
+ readonly_fields = ["date", "account", "dollar_amount"]
+
+ dollar_amount = dollar_field("amount", "Amount")
-class InvoiceInline(admin.TabularInline):
+class InvoiceInline(PlStackTabularInline):
model = Invoice
extra = 0
verbose_name_plural = "Invoices"
verbose_name = "Invoice"
- exclude = ['enacted']
fields = ["date", "dollar_amount"]
readonly_fields = ["date", "dollar_amount"]
suit_classes = 'suit-tab suit-tab-accountinvoice'
dollar_amount = right_dollar_field("amount", "Amount")
-class PendingChargeInline(admin.TabularInline):
+class PendingChargeInline(PlStackTabularInline):
model = Charge
extra = 0
verbose_name_plural = "Charges"
verbose_name = "Charge"
- exclude = ['enacted', "invoice"]
+ exclude = ["invoice"]
fields = ["date", "kind", "state", "object", "coreHours", "dollar_amount", "slice"]
readonly_fields = ["date", "kind", "state", "object", "coreHours", "dollar_amount", "slice"]
suit_classes = 'suit-tab suit-tab-accountpendingcharges'
dollar_amount = right_dollar_field("amount", "Amount")
-class PaymentInline(admin.TabularInline):
+class PaymentInline(PlStackTabularInline):
model=Payment
extra = 1
verbose_name_plural = "Payments"
verbose_name = "Payment"
- exclude = ['enacted']
fields = ["date", "dollar_amount"]
readonly_fields = ["date", "dollar_amount"]
suit_classes = 'suit-tab suit-tab-accountpayments'
dollar_amount = right_dollar_field("amount", "Amount")
-
class AccountAdmin(admin.ModelAdmin):
list_display = ("site", "balance_due")
inlines = [InvoiceInline, PaymentInline, PendingChargeInline]
fieldsets = [
- (None, {'fields': ['site', 'dollar_balance_due', 'dollar_total_invoices', 'dollar_total_payments']})] # ,'classes':['suit-tab suit-tab-general']}),]
+ (None, {'fields': ['site', 'dollar_balance_due', 'dollar_total_invoices', 'dollar_total_payments'],'classes':['suit-tab suit-tab-general']}),]
readonly_fields = ['site', 'dollar_balance_due', 'dollar_total_invoices', 'dollar_total_payments']
#Do not show django evolution in the admin interface
from django_evolution.models import Version, Evolution
-admin.site.unregister(Version)
-admin.site.unregister(Evolution)
+#admin.site.unregister(Version)
+#admin.site.unregister(Evolution)
# When debugging it is often easier to see all the classes, but for regular use
# only the top-levels should be displayed
-showAll = True
-
-admin.site.register(Account, AccountAdmin)
-#admin.site.register(Invoice, InvoiceAdmin)
+showAll = False
admin.site.register(Deployment, DeploymentAdmin)
admin.site.register(Site, SiteAdmin)
admin.site.register(Slice, SliceAdmin)
-admin.site.register(ServiceClass, ServiceClassAdmin)
admin.site.register(Service, ServiceAdmin)
admin.site.register(Reservation, ReservationAdmin)
admin.site.register(Network, NetworkAdmin)
admin.site.register(Router, RouterAdmin)
-admin.site.register(NetworkParameterType, NetworkParameterTypeAdmin)
admin.site.register(NetworkTemplate, NetworkTemplateAdmin)
+admin.site.register(Account, AccountAdmin)
+admin.site.register(Invoice, InvoiceAdmin)
-if showAll:
+if True:
+ admin.site.register(NetworkParameterType, NetworkParameterTypeAdmin)
+ admin.site.register(ServiceClass, ServiceClassAdmin)
#admin.site.register(PlanetStack)
admin.site.register(Tag, TagAdmin)
admin.site.register(DeploymentRole)
git://git.onelab.eu / plstackapi.git / blobdiff