model = Reservation
extra = 0
suit_classes = 'suit-tab suit-tab-reservations'
+
+ def queryset(self, request):
+ return Reservation.select_by_user(request.user)
class TagROInline(generic.GenericTabularInline):
model = Tag
model = Tag
extra = 0
suit_classes = 'suit-tab suit-tab-tags'
+ fields = ['service', 'name', 'value']
+
+ def queryset(self, request):
+ return Tag.select_by_user(request.user)
class NetworkLookerUpper:
""" This is a callable that looks up a network name in a sliver and returns
readonly_fields = ['ip', 'instance_name']
suit_classes = 'suit-tab suit-tab-slivers'
+ def queryset(self, request):
+ return Sliver.select_by_user(request.user)
+
# Note this is breaking in the admin.py when trying to use an inline to add a node/image
# def _declared_fieldsets(self):
# # Return None so django will call get_fieldsets and we can insert our
extra = 0
suit_classes = 'suit-tab suit-tab-sites'
+ def queryset(self, request):
+ return Site.select_by_user(request.user)
+
class UserROInline(ReadOnlyTabularInline):
model = User
fields = ['email', 'firstname', 'lastname']
extra = 0
suit_classes = 'suit-tab suit-tab-users'
+ def queryset(self, request):
+ return User.select_by_user(request.user)
+
class SliceROInline(ReadOnlyTabularInline):
model = Slice
suit_classes = 'suit-tab suit-tab-slices'
extra = 0
suit_classes = 'suit-tab suit-tab-slices'
+ def queryset(self, request):
+ return Slice.select_by_user(request.user)
+
class NodeROInline(ReadOnlyTabularInline):
model = Node
extra = 0
model = Node
extra = 0
suit_classes = 'suit-tab suit-tab-nodes'
+ fields = ['name','deployment']
class DeploymentPrivilegeROInline(ReadOnlyTabularInline):
model = DeploymentPrivilege
model = DeploymentPrivilege
extra = 0
suit_classes = 'suit-tab suit-tab-deploymentprivileges'
+ fields = ['user','role']
+
+ def queryset(self, request):
+ return DeploymentPrivilege.select_by_user(request.user)
#CLEANUP DOUBLE SitePrivilegeInline
class SitePrivilegeROInline(ReadOnlyTabularInline):
model = SitePrivilege
extra = 0
suit_classes = 'suit-tab suit-tab-siteprivileges'
+ fields = ['user','site', 'role']
def formfield_for_foreignkey(self, db_field, request, **kwargs):
if db_field.name == 'site':
- if not request.user.is_admin:
- # only show sites where user is an admin or pi
- roles = Role.objects.filter(role_type__in=['admin', 'pi'])
- site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
- login_bases = [site_privilege.site.login_base for site_privilege in site_privileges]
- sites = Site.objects.filter(login_base__in=login_bases)
- kwargs['queryset'] = sites
+ kwargs['queryset'] = Site.select_by_user(request.user)
if db_field.name == 'user':
- if not request.user.is_admin:
- # only show users from sites where caller has admin or pi role
- roles = Role.objects.filter(role_type__in=['admin', 'pi'])
- site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
- sites = [site_privilege.site for site_privilege in site_privileges]
- site_privileges = SitePrivilege.objects.filter(site__in=sites)
- emails = [site_privilege.user.email for site_privilege in site_privileges]
- users = User.objects.filter(email__in=emails)
- kwargs['queryset'] = users
+ kwargs['queryset'] = User.select_by_user(request.user)
return super(SitePrivilegeInline, self).formfield_for_foreignkey(db_field, request, **kwargs)
-class SitePrivilegeInline(PlStackTabularInline):
- model = SitePrivilege
- suit_classes = 'suit-tab suit-tab-siteprivileges'
+ def queryset(self, request):
+ return SitePrivilege.select_by_user(request.user)
+
+class SiteDeploymentROInline(ReadOnlyTabularInline):
+ model = SiteDeployments
+ #model = Site.deployments.through
+ extra = 0
+ suit_classes = 'suit-tab suit-tab-sitedeployments'
+ fields = ['deployment','site']
+
+class SiteDeploymentInline(PlStackTabularInline):
+ model = SiteDeployments
+ #model = Site.deployments.through
extra = 0
- fields = ('user', 'site','role')
+ suit_classes = 'suit-tab suit-tab-deployments'
+ fields = ['deployment','site']
+
+ def formfield_for_foreignkey(self, db_field, request, **kwargs):
+ if db_field.name == 'site':
+ kwargs['queryset'] = Site.select_by_user(request.user)
+
+ if db_field.name == 'deployment':
+ kwargs['queryset'] = Deployment.select_by_user(request.user)
+ return super(SiteDeploymentInline, self).formfield_for_foreignkey(db_field, request, **kwargs)
+
+ def queryset(self, request):
+ return SiteDeployments.select_by_user(request.user)
+
class SlicePrivilegeROInline(ReadOnlyTabularInline):
model = SlicePrivilege
def formfield_for_foreignkey(self, db_field, request, **kwargs):
if db_field.name == 'slice':
- if not request.user.is_admin:
- # only show slices at sites where caller has admin or pi role
- roles = Role.objects.filter(role_type__in=['admin', 'pi'])
- site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
- sites = [site_privilege.site for site_privilege in site_privileges]
- slices = Slice.objects.filter(site__in=sites)
- kwargs['queryset'] = slices
+ kwargs['queryset'] = Slice.select_by_user(request.user)
if db_field.name == 'user':
- if not request.user.is_admin:
- # only show users from sites where caller has admin or pi role
- roles = Role.objects.filter(role_type__in=['admin', 'pi'])
- site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
- sites = [site_privilege.site for site_privilege in site_privileges]
- site_privileges = SitePrivilege.objects.filter(site__in=sites)
- emails = [site_privilege.user.email for site_privilege in site_privileges]
- users = User.objects.filter(email__in=emails)
- kwargs['queryset'] = list(users)
+ kwargs['queryset'] = User.select_by_user(request.user)
return super(SlicePrivilegeInline, self).formfield_for_foreignkey(db_field, request, **kwargs)
+ def queryset(self, request):
+ return SlicePrivilege.select_by_user(request.user)
+
class SliceNetworkROInline(ReadOnlyTabularInline):
model = Network.slices.through
extra = 0
class PlanetStackBaseAdmin(ReadOnlyAwareAdmin):
save_on_top = False
+
+ def save_model(self, request, obj, form, change):
+ # update openstack connection to use this site/tenant
+ obj.save_by_user(request.user)
+
+ def delete_model(self, request, obj):
+ obj.delete_by_user(request.user)
+
+ def save_formset(self, request, form, formset, change):
+ instances = formset.save(commit=False)
+ for instance in instances:
+ instance.save_by_user(request.user)
+ formset.save_m2m()
class SliceRoleAdmin(PlanetStackBaseAdmin):
model = SliceRole
class Meta:
model = Deployment
+ def __init__(self, *args, **kwargs):
+ super(DeploymentAdminForm, self).__init__(*args, **kwargs)
+
+ if self.instance and self.instance.pk:
+ self.fields['sites'].initial = self.instance.sites.all()
+
+ def save(self, commit=True):
+ deployment = super(DeploymentAdminForm, self).save(commit=False)
+
+ if commit:
+ deployment.save()
+
+ if deployment.pk:
+ deployment.sites = self.cleaned_data['sites']
+ self.save_m2m()
+
+ return deployment
+
class SiteAssocInline(PlStackTabularInline):
model = Site.deployments.through
extra = 0
fieldList = ['name', 'site_url', 'enabled', 'is_public', 'login_base', 'accountLink','location']
fieldsets = [
(None, {'fields': fieldList, 'classes':['suit-tab suit-tab-general']}),
- ('Deployment Networks', {'fields': ['deployments'], 'classes':['suit-tab suit-tab-deployments']}),
+ #('Deployment Networks', {'fields': ['deployments'], 'classes':['suit-tab suit-tab-deployments']}),
]
suit_form_tabs =(('general', 'Site Details'),
('users','Users'),
readonly_fields = ['accountLink']
user_readonly_fields = ['name', 'deployments','site_url', 'enabled', 'is_public', 'login_base', 'accountLink']
- user_readonly_inlines = [SliceROInline,UserROInline,TagROInline, NodeROInline, SitePrivilegeROInline]
+ user_readonly_inlines = [SliceROInline,UserROInline,TagROInline, NodeROInline, SitePrivilegeROInline,SiteDeploymentROInline]
list_display = ('name', 'login_base','site_url', 'enabled')
filter_horizontal = ('deployments',)
- inlines = [SliceInline,UserInline,TagInline, NodeInline, SitePrivilegeInline]
+ inlines = [SliceInline,UserInline,TagInline, NodeInline, SitePrivilegeInline, SiteDeploymentInline]
search_fields = ['name']
def queryset(self, request):
- # admins can see all keys. Users can only see sites they belong to.
- qs = super(SiteAdmin, self).queryset(request)
- if not request.user.is_admin:
- valid_sites = [request.user.site.login_base]
- roles = request.user.get_roles()
- for tenant_list in roles.values():
- valid_sites.extend(tenant_list)
- qs = qs.filter(login_base__in=valid_sites)
- return qs
+ #print dir(UserInline)
+ return Site.select_by_user(request.user)
def get_formsets(self, request, obj=None):
for inline in self.get_inline_instances(request, obj):
accountLink.allow_tags = True
accountLink.short_description = "Billing"
+ def save_model(self, request, obj, form, change):
+ # update openstack connection to use this site/tenant
+ obj.save_by_user(request.user)
+
+ def delete_model(self, request, obj):
+ obj.delete_by_user(request.user)
+
class SitePrivilegeAdmin(PlanetStackBaseAdmin):
fieldList = ['user', 'site', 'role']
# admins can see all privileges. Users can only see privileges at sites
# where they have the admin role or pi role.
qs = super(SitePrivilegeAdmin, self).queryset(request)
- if not request.user.is_admin:
- roles = Role.objects.filter(role_type__in=['admin', 'pi'])
- site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
- login_bases = [site_privilege.site.login_base for site_privilege in site_privileges]
- sites = Site.objects.filter(login_base__in=login_bases)
- qs = qs.filter(site__in=sites)
+ #if not request.user.is_admin:
+ # roles = Role.objects.filter(role_type__in=['admin', 'pi'])
+ # site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
+ # login_bases = [site_privilege.site.login_base for site_privilege in site_privileges]
+ # sites = Site.objects.filter(login_base__in=login_bases)
+ # qs = qs.filter(site__in=sites)
return qs
class SliceForm(forms.ModelForm):
def formfield_for_foreignkey(self, db_field, request, **kwargs):
if db_field.name == 'site':
- if not request.user.is_admin:
- # only show sites where user is a pi or admin
- roles = Role.objects.filter(role_type__in=['admin', 'pi'])
- site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
- login_bases = [site_privilege.site.login_base for site_privilege in site_privileges]
- sites = Site.objects.filter(login_base__in=login_bases)
- kwargs['queryset'] = sites
-
+ kwargs['queryset'] = Site.select_by_user(request.user)
+
return super(SliceAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs)
def queryset(self, request):
# admins can see all keys. Users can only see slices they belong to.
- qs = super(SliceAdmin, self).queryset(request)
- if not request.user.is_admin:
- valid_slices = []
- roles = request.user.get_roles()
- for tenant_list in roles.values():
- valid_slices.extend(tenant_list)
- qs = qs.filter(name__in=valid_slices)
- return qs
+ return Slice.select_by_user(request.user)
def get_formsets(self, request, obj=None):
for inline in self.get_inline_instances(request, obj):
inline.model.caller = request.user
yield inline.get_formset(request, obj)
- def get_queryset(self, request):
- qs = super(SliceAdmin, self).get_queryset(request)
- if request.user.is_superuser:
- return qs
- # users can only see slices at their site
- return qs.filter(site=request.user.site)
class SlicePrivilegeAdmin(PlanetStackBaseAdmin):
fieldsets = [
def formfield_for_foreignkey(self, db_field, request, **kwargs):
if db_field.name == 'slice':
- if not request.user.is_admin:
- # only show slices at sites where caller has admin or pi role
- roles = Role.objects.filter(role_type__in=['admin', 'pi'])
- site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
- sites = [site_privilege.site for site_privilege in site_privileges]
- slices = Slice.objects.filter(site__in=sites)
- kwargs['queryset'] = slices
+ kwargs['queryset'] = Slice.select_by_user(request.user)
if db_field.name == 'user':
- if not request.user.is_admin:
- # only show users from sites where caller has admin or pi role
- roles = Role.objects.filter(role_type__in=['admin', 'pi'])
- site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
- sites = [site_privilege.site for site_privilege in site_privileges]
- site_privileges = SitePrivilege.objects.filter(site__in=sites)
- emails = [site_privilege.user.email for site_privilege in site_privileges]
- users = User.objects.filter(email__in=emails)
- kwargs['queryset'] = users
+ kwargs['queryset'] = User.select_by_user(request.user)
return super(SlicePrivilegeAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs)
def queryset(self, request):
# admins can see all memberships. Users can only see memberships of
# slices where they have the admin role.
- qs = super(SlicePrivilegeAdmin, self).queryset(request)
- if not request.user.is_admin:
- roles = Role.objects.filter(role_type__in=['admin', 'pi'])
- site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
- login_bases = [site_privilege.site.login_base for site_privilege in site_privileges]
- sites = Site.objects.filter(login_base__in=login_bases)
- slices = Slice.objects.filter(site__in=sites)
- qs = qs.filter(slice__in=slices)
- return qs
+ return SlicePrivilege.select_by_user(request.user)
def save_model(self, request, obj, form, change):
# update openstack connection to use this site/tenant
def formfield_for_foreignkey(self, db_field, request, **kwargs):
if db_field.name == 'slice':
- if not request.user.is_admin:
- slices = set([sm.slice.name for sm in SlicePrivilege.objects.filter(user=request.user)])
- kwargs['queryset'] = Slice.objects.filter(name__in=list(slices))
+ kwargs['queryset'] = Slice.select_by_user(request.user)
return super(SliverAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs)
def queryset(self, request):
# admins can see all slivers. Users can only see slivers of
# the slices they belong to.
- qs = super(SliverAdmin, self).queryset(request)
- if not request.user.is_admin:
- tenants = []
- roles = request.user.get_roles()
- for tenant_list in roles.values():
- tenants.extend(tenant_list)
- valid_slices = Slice.objects.filter(name__in=tenants)
- qs = qs.filter(slice__in=valid_slices)
- return qs
+ return Sliver.select_by_user(request.user)
+
def get_formsets(self, request, obj=None):
# make some fields read only if we are updating an existing record
# hide MyInline in the add view
if obj is None:
continue
- # give inline object access to driver and caller
- auth = request.session.get('auth', {})
- auth['tenant'] = obj.name # meed to connect using slice's tenant
- inline.model.os_manager = OpenStackManager(auth=auth, caller=request.user)
- yield inline.get_formset(request, obj)
#def save_model(self, request, obj, form, change):
# # update openstack connection to use this site/tenant
def formfield_for_foreignkey(self, db_field, request, **kwargs):
if db_field.name == 'site':
- if not request.user.is_admin:
- # show sites where caller is an admin or pi
- sites = []
- for site_privilege in SitePrivilege.objects.filer(user=request.user):
- if site_privilege.role.role_type in ['admin', 'pi']:
- sites.append(site_privilege.site.login_base)
- kwargs['queryset'] = Site.objects.filter(login_base__in(list(sites)))
+ kwargs['queryset'] = Site.select_by_user(request.user)
return super(UserAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs)
#return "readonly" in groups
return request.user.isReadOnlyUser()
+ def queryset(self, request):
+ return User.select_by_user(request.user)
+
class ServiceResourceROInline(ReadOnlyTabularInline):
\r
return field
+ def queryset(self, request):
+ return ReservedResource.select_by_user(request.user)
+
class ReservationChangeForm(forms.ModelForm):
class Meta:
model = Reservation
else:
return []
+ def queryset(self, request):
+ return Reservation.select_by_user(request.user)
+
class NetworkParameterTypeAdmin(PlanetStackBaseAdmin):
list_display = ("name", )
user_readonly_fields = ['name']