from django.contrib.auth.forms import ReadOnlyPasswordHashField
from django.contrib.auth.signals import user_logged_in
from django.utils import timezone
-import django_evolution
+from django.contrib.contenttypes import generic
+import django_evolution
class ReadonlyTabularInline(admin.TabularInline):
can_delete = False
def has_add_permission(self, request):
return False
+class TagInline(generic.GenericTabularInline):
+ model = Tag
+ exclude = ['enacted']
+ extra = 1
+
class SliverInline(admin.TabularInline):
model = Sliver
- fields = ['ip', 'instance_name', 'slice', 'numberCores', 'image', 'key', 'node', 'deploymentNetwork']
+ fields = ['ip', 'instance_name', 'slice', 'numberCores', 'image', 'node', 'deploymentNetwork']
extra = 0
#readonly_fields = ['ip', 'instance_name', 'image']
readonly_fields = ['ip', 'instance_name']
+
class SiteInline(admin.TabularInline):
model = Site
model = SitePrivilege
extra = 0
+ def formfield_for_foreignkey(self, db_field, request, **kwargs):
+ if db_field.name == 'site':
+ if not request.user.is_admin:
+ # only show sites where user is an admin or pi
+ roles = Role.objects.filter(role_type__in=['admin', 'pi'])
+ site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
+ login_bases = [site_privilege.site.login_base for site_privilege in site_privileges]
+ sites = Site.objects.filter(login_base__in=login_bases)
+ kwargs['queryset'] = sites
+
+ if db_field.name == 'user':
+ if not request.user.is_admin:
+ # only show users from sites where caller has admin or pi role
+ roles = Role.objects.filter(role_type__in=['admin', 'pi'])
+ site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
+ sites = [site_privilege.site for site_privilege in site_privileges]
+ site_privileges = SitePrivilege.objects.filter(site__in=sites)
+ emails = [site_privilege.user.email for site_privilege in site_privileges]
+ users = User.objects.filter(email__in=emails)
+ kwargs['queryset'] = users
+ return super(SitePrivilegeInline, self).formfield_for_foreignkey(db_field, request, **kwargs)
+
class SliceMembershipInline(admin.TabularInline):
model = SliceMembership
extra = 0
+ fields = ('user', 'role')
+
+ def formfield_for_foreignkey(self, db_field, request, **kwargs):
+ if db_field.name == 'slice':
+ if not request.user.is_admin:
+ # only show slices at sites where caller has admin or pi role
+ roles = Role.objects.filter(role_type__in=['admin', 'pi'])
+ site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
+ sites = [site_privilege.site for site_privilege in site_privileges]
+ slices = Slice.objects.filter(site__in=sites)
+ kwargs['queryset'] = slices
+ if db_field.name == 'user':
+ if not request.user.is_admin:
+ # only show users from sites where caller has admin or pi role
+ roles = Role.objects.filter(role_type__in=['admin', 'pi'])
+ site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
+ sites = [site_privilege.site for site_privilege in site_privileges]
+ site_privileges = SitePrivilege.objects.filter(site__in=sites)
+ emails = [site_privilege.user.email for site_privilege in site_privileges]
+ users = User.objects.filter(email__in=emails)
+ kwargs['queryset'] = list(users)
+
+ return super(SliceMembershipInline, self).formfield_for_foreignkey(db_field, request, **kwargs)
class SliceTagInline(admin.TabularInline):
model = SliceTag
class PlanetStackBaseAdmin(admin.ModelAdmin):
save_on_top = False
-class OSModelAdmin(PlanetStackBaseAdmin):
- """Attach client connection to openstack on delete() and save()"""
-
- def save_model(self, request, obj, form, change):
- if request.user.site:
- auth = request.session.get('auth', {})
- auth['tenant'] = request.user.site.login_base
- obj.os_manager = OpenStackManager(auth=auth, caller=request.user)
- obj.save()
-
- def delete_model(self, request, obj):
- if request.user.site:
- auth = request.session.get('auth', {})
- auth['tenant'] = request.user.site.login_base
- obj.os_manager = OpenStackManager(auth=auth, caller=request.user)
- obj.delete()
-
-class RoleAdmin(OSModelAdmin):
+class RoleAdmin(PlanetStackBaseAdmin):
fieldsets = [
('Role', {'fields': ['role_type']})
]
inline.model.os_manager = OpenStackManager(auth=auth, caller=request.user)
yield inline.get_formset(request, obj)
-class SiteAdmin(OSModelAdmin):
+class SiteAdmin(PlanetStackBaseAdmin):
fieldsets = [
(None, {'fields': ['name', 'site_url', 'enabled', 'is_public', 'login_base']}),
('Location', {'fields': ['latitude', 'longitude']}),
]
list_display = ('name', 'login_base','site_url', 'enabled')
filter_horizontal = ('deployments',)
- inlines = [NodeInline, UserInline, SitePrivilegeInline]
+ inlines = [TagInline, NodeInline, UserInline, SitePrivilegeInline]
search_fields = ['name']
def queryset(self, request):
# hide MyInline in the add view
if obj is None:
continue
- # give inline object access to driver and caller
- auth = request.session.get('auth', {})
- #auth['tenant'] = request.user.site.login_base
- inline.model.os_manager = OpenStackManager(auth=auth, caller=request.user)
+ if isinstance(inline, SliceInline):
+ inline.model.caller = request.user
+ yield inline.get_formset(request, obj)
+
+ def get_formsets(self, request, obj=None):
+ for inline in self.get_inline_instances(request, obj):
+ # hide MyInline in the add view
+ if obj is None:
+ continue
+ if isinstance(inline, SliverInline):
+ inline.model.caller = request.user
yield inline.get_formset(request, obj)
class SitePrivilegeAdmin(PlanetStackBaseAdmin):
]
list_display = ('user', 'site', 'role')
+ def formfield_for_foreignkey(self, db_field, request, **kwargs):
+ if db_field.name == 'site':
+ if not request.user.is_admin:
+ # only show sites where user is an admin or pi
+ sites = set()
+ for site_privilege in SitePrivilege.objects.filer(user=request.user):
+ if site_privilege.role.role_type in ['admin', 'pi']:
+ sites.add(site_privilege.site)
+ kwargs['queryset'] = Site.objects.filter(site__in=list(sites))
+
+ if db_field.name == 'user':
+ if not request.user.is_admin:
+ # only show users from sites where caller has admin or pi role
+ roles = Role.objects.filter(role_type__in=['admin', 'pi'])
+ site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
+ sites = [site_privilege.site for site_privilege in site_privileges]
+ site_privileges = SitePrivilege.objects.filter(site__in=sites)
+ emails = [site_privilege.user.email for site_privilege in site_privileges]
+ users = User.objects.filter(email__in=emails)
+ kwargs['queryset'] = users
+
+ return super(SitePrivilegeAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs)
+
def queryset(self, request):
# admins can see all privileges. Users can only see privileges at sites
- # where they have the admin role.
+ # where they have the admin role or pi role.
qs = super(SitePrivilegeAdmin, self).queryset(request)
if not request.user.is_admin:
- roles = request.user.get_roles()
- tenants = []
- for (role, tenant_list) in roles:
- if role == 'admin':
- tenants.extend(tenant_list)
- valid_sites = Sites.objects.filter(login_base__in=tenants)
- qs = qs.filter(site__in=valid_sites)
+ roles = Role.objects.filter(role_type__in=['admin', 'pi'])
+ site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
+ login_bases = [site_privilege.site.login_base for site_privilege in site_privileges]
+ sites = Site.objects.filter(login_base__in=login_bases)
+ qs = qs.filter(site__in=sites)
return qs
- def save_model(self, request, obj, form, change):
- # update openstack connection to use this site/tenant
- auth = request.session.get('auth', {})
- #auth['tenant'] = obj.site.login_base
- obj.os_manager = OpenStackManager(auth=auth, caller=request.user)
- obj.save()
-
- def delete_model(self, request, obj):
- # update openstack connection to use this site/tenant
- auth = request.session.get('auth', {})
- #auth['tenant'] = obj.site.login_base
- obj.os_manager = OpenStackManager(auth=auth, caller=request.user)
- obj.delete()
-
-class KeyAdmin(OSModelAdmin):
- fieldsets = [
- ('Key', {'fields': ['key', 'type', 'blacklisted']})
- ]
- list_display = ['key', 'type', 'blacklisted']
-
- #def queryset(self, request):
- # admins can see all keys. Users can only see their own key.
- #if request.user.is_admin:
- # qs = super(KeyAdmin, self).queryset(request)
- #else:
- # qs = Key.objects.filter(user=request.user)
- #return qs
-
-class SliceAdmin(OSModelAdmin):
+class SliceAdmin(PlanetStackBaseAdmin):
fields = ['name', 'site', 'serviceClass', 'description', 'slice_url']
list_display = ('name', 'site','serviceClass', 'slice_url')
- inlines = [SliverInline, SliceMembershipInline, SliceTagInline]
+ inlines = [SliverInline, SliceMembershipInline, TagInline, SliceTagInline]
+
+ def formfield_for_foreignkey(self, db_field, request, **kwargs):
+ if db_field.name == 'site':
+ if not request.user.is_admin:
+ # only show sites where user is a pi or admin
+ roles = Role.objects.filter(role_type__in=['admin', 'pi'])
+ site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
+ login_bases = [site_privilege.site.login_base for site_privilege in site_privileges]
+ sites = Site.objects.filter(login_base__in=login_bases)
+ kwargs['queryset'] = sites
+
+ return super(SliceAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs)
def queryset(self, request):
# admins can see all keys. Users can only see slices they belong to.
# hide MyInline in the add view
if obj is None:
continue
- # give inline object access to driver and caller
- auth = request.session.get('auth', {})
- auth['tenant'] = obj.name # meed to connect using slice's tenant
- inline.model.os_manager = OpenStackManager(auth=auth, caller=request.user)
+ if isinstance(inline, SliverInline):
+ inline.model.caller = request.user
yield inline.get_formset(request, obj)
def get_queryset(self, request):
if request.user.is_superuser:
return qs
# users can only see slices at their site
- return qs.filter(site=request.user.site)
+ return qs.filter(site=request.user.site)
+
+ def save_model(self, request, obj, form, change):
+ # update openstack connection to use this site/tenant
+ obj.caller = request.user
+ obj.save()
class SliceMembershipAdmin(PlanetStackBaseAdmin):
fieldsets = [
]
list_display = ('user', 'slice', 'role')
+ def formfield_for_foreignkey(self, db_field, request, **kwargs):
+ if db_field.name == 'slice':
+ if not request.user.is_admin:
+ # only show slices at sites where caller has admin or pi role
+ roles = Role.objects.filter(role_type__in=['admin', 'pi'])
+ site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
+ sites = [site_privilege.site for site_privilege in site_privileges]
+ slices = Slice.objects.filter(site__in=sites)
+ kwargs['queryset'] = slices
+
+ if db_field.name == 'user':
+ if not request.user.is_admin:
+ # only show users from sites where caller has admin or pi role
+ roles = Role.objects.filter(role_type__in=['admin', 'pi'])
+ site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
+ sites = [site_privilege.site for site_privilege in site_privileges]
+ site_privileges = SitePrivilege.objects.filter(site__in=sites)
+ emails = [site_privilege.user.email for site_privilege in site_privileges]
+ users = User.objects.filter(email__in=emails)
+ kwargs['queryset'] = users
+
+ return super(SliceMembershipAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs)
+
def queryset(self, request):
# admins can see all memberships. Users can only see memberships of
# slices where they have the admin role.
qs = super(SliceMembershipAdmin, self).queryset(request)
if not request.user.is_admin:
- roles = request.user.get_roles()
- tenants = []
- for (role, tenant_list) in roles:
- if role == 'admin':
- tenants.extend(tenant_list)
- valid_slices = Slice.objects.filter(name__in=tenants)
- qs = qs.filter(slice__in=valid_slices)
+ roles = Role.objects.filter(role_type__in=['admin', 'pi'])
+ site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles)
+ login_bases = [site_privilege.site.login_base for site_privilege in site_privileges]
+ sites = Site.objects.filter(login_base__in=login_bases)
+ slices = Slice.objects.filter(site__in=sites)
+ qs = qs.filter(slice__in=slices)
return qs
def save_model(self, request, obj, form, change):
class NodeAdmin(admin.ModelAdmin):
list_display = ('name', 'site', 'deployment')
list_filter = ('deployment',)
+ inlines = [TagInline]
class SliverForm(forms.ModelForm):
('Sliver', {'fields': ['ip', 'instance_name', 'slice', 'numberCores', 'image', 'key', 'node', 'deploymentNetwork']})
]
list_display = ['ip', 'instance_name', 'slice', 'numberCores', 'image', 'key', 'node', 'deploymentNetwork']
+ inlines = [TagInline]
+
+ def formfield_for_foreignkey(self, db_field, request, **kwargs):
+ if db_field.name == 'slice':
+ if not request.user.is_admin:
+ slices = set([sm.slice.name for sm in SliceMembership.objects.filter(user=request.user)])
+ kwargs['queryset'] = Slice.objects.filter(name__in=list(slices))
+
+ return super(SliverAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs)
def queryset(self, request):
# admins can see all slivers. Users can only see slivers of
auth = request.session.get('auth', {})
auth['tenant'] = obj.slice.name
obj.os_manager = OpenStackManager(auth=auth, caller=request.user)
+ obj.creator = request.user
obj.save()
def delete_model(self, request, obj):
class Meta:
model = User
- fields = ('email', 'firstname', 'lastname', 'phone', 'key', 'site')
+ fields = ('email', 'firstname', 'lastname', 'phone', 'public_key', 'site')
def clean_password2(self):
# Check that the two password entries match
return self.initial["password"]
-class UserAdmin(UserAdmin, OSModelAdmin):
+class UserAdmin(UserAdmin):
class Meta:
app_label = "core"
inlines = [SitePrivilegeInline, SliceMembershipInline]
fieldsets = (
(None, {'fields': ('email', 'password', 'site', 'is_admin', 'timezone')}),
- ('Personal info', {'fields': ('firstname','lastname','phone', 'key')}),
+ ('Personal info', {'fields': ('firstname','lastname','phone', 'public_key')}),
#('Important dates', {'fields': ('last_login',)}),
)
add_fieldsets = (
(None, {
'classes': ('wide',),
- 'fields': ('email', 'firstname', 'lastname', 'phone', 'site', 'key','password1', 'password2', 'is_admin')}
+ 'fields': ('email', 'firstname', 'lastname', 'phone', 'site', 'public_key','password1', 'password2', 'is_admin')}
),
)
search_fields = ('email',)
ordering = ('email',)
filter_horizontal = ()
+ def formfield_for_foreignkey(self, db_field, request, **kwargs):
+ if db_field.name == 'site':
+ if not request.user.is_admin:
+ # show sites where caller is an admin or pi
+ sites = []
+ for site_privilege in SitePrivilege.objects.filer(user=request.user):
+ if site_privilege.role.role_type in ['admin', 'pi']:
+ sites.append(site_privilege.site.login_base)
+ kwargs['queryset'] = Site.objects.filter(login_base__in(list(sites)))
+
+ return super(UserAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs)
+
class ServiceResourceInline(admin.TabularInline):
model = ServiceResource
extra = 0
admin.site.register(Deployment, DeploymentAdmin)
admin.site.register(Site, SiteAdmin)
admin.site.register(Slice, SliceAdmin)
-#admin.site.register(Subnet)
-admin.site.register(Key, KeyAdmin)
-
if showAll:
+ admin.site.register(Tag)
admin.site.register(Node, NodeAdmin)
admin.site.register(SliceMembership, SliceMembershipAdmin)
admin.site.register(SitePrivilege, SitePrivilegeAdmin)
git://git.onelab.eu / plstackapi.git / blobdiff