git://git.onelab.eu / plstackapi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
checking in missing site/slice privilege steps
[plstackapi.git] / planetstack / core / models / controlleruser.py
diff --git a/planetstack/core/models/controlleruser.py b/planetstack/core/models/controlleruser.py
index 5a3568a..678ab77 100644 (file)
--- a/planetstack/core/models/controlleruser.py
+++ b/planetstack/core/models/controlleruser.py
@@ -6,7 +6,7 @@ from django.db.models import F, Q
 from core.models import PlCoreBase,User,Controller
 from core.models import Controller,ControllerLinkManager,ControllerLinkDeletionManager
 
-class ControllerUsers(PlCoreBase):
+class ControllerUser(PlCoreBase):
     objects = ControllerLinkManager()
     deleted_objects = ControllerLinkDeletionManager()
 
@@ -19,8 +19,71 @@ class ControllerUsers(PlCoreBase):
     @staticmethod
     def select_by_user(user):
         if user.is_admin:
-            qs = ControllerUsers.objects.all()
+            qs = ControllerUser.objects.all()
         else:
             users = Users.select_by_user(user)
-            qs = ControllerUsers.objects.filter(user__in=users)
+            qs = ControllerUser.objects.filter(user__in=users)
         return qs
+
+
+class ControllerSitePrivilege(PlCoreBase):
+    objects = ControllerLinkManager()
+    deleted_objects = ControllerLinkDeletionManager()
+
+    controller = models.ForeignKey('Controller', related_name='controllersiteprivileges')
+    site_privilege = models.ForeignKey('SitePrivilege', related_name='controllersiteprivileges')
+    role_id = models.CharField(null=True, blank=True, max_length=200, db_index=True, help_text="Keystone id")
+
+    def __unicode__(self):  return u'%s %s' % (self.controller, self.site_privilege)
+
+    def can_update(self, user):
+        if user.is_readonly:
+            return False
+        if user.is_admin:
+            return True
+        cprivs = ControllerSitePrivilege.objects.filter(site_privilege__user=user)
+        for cpriv in dprivs:
+            if cpriv.site_privilege.role.role == ['admin', 'Admin']:
+                return True
+        return False
+
+    @staticmethod
+    def select_by_user(user):
+        if user.is_admin:
+            qs = ControllerSitePrivilege.objects.all()
+        else:
+            cpriv_ids = [cp.id for cp in ControllerSitePrivilege.objects.filter(site_privilege__user=user)]
+            qs = ControllerSitePrivilege.objects.filter(id__in=cpriv_ids)
+        return qs
+
+
+class ControllerSlicePrivilege(PlCoreBase):
+    objects = ControllerLinkManager()
+    deleted_objects = ControllerLinkDeletionManager()
+
+    controller = models.ForeignKey('Controller', related_name='controllersliceprivileges')
+    slice_privilege = models.ForeignKey('SlicePrivilege', related_name='controllersliceprivileges')
+    role_id = models.CharField(null=True, blank=True, max_length=200, db_index=True, help_text="Keystone id")
+
+    def __unicode__(self):  return u'%s %s' % (self.controller, self.slice_privilege)
+
+    def can_update(self, user):
+        if user.is_readonly:
+            return False
+        if user.is_admin:
+            return True
+        cprivs = ControllerSlicePrivilege.objects.filter(slice_privilege__user=user)
+        for cpriv in dprivs:
+            if cpriv.role.role == ['admin', 'Admin']:
+                return True
+        return False
+
+    @staticmethod
+    def select_by_user(user):
+        if user.is_admin:
+            qs = ControllerSlicePrivilege.objects.all()
+        else:
+            cpriv_ids = [cp.id for cp in ControllerSlicePrivilege.objects.filter(slice_privilege__user=user)]
+            qs = ControllerSlicePrivilege.objects.filter(id__in=cpriv_ids)
+        return qs
+
plstackapi