git://git.onelab.eu / plstackapi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'master' of ssh://git.planet-lab.org/git/plstackapi
[plstackapi.git] / planetstack / core / models / site.py
diff --git a/planetstack/core/models/site.py b/planetstack/core/models/site.py
index e675afb..bc4c5ca 100644 (file)
--- a/planetstack/core/models/site.py
+++ b/planetstack/core/models/site.py
@@ -1,10 +1,10 @@
 import os
 from django.db import models
 from core.models import PlCoreBase
-#from core.models import Deployment
 from core.models import Tag
 from django.contrib.contenttypes import generic
 from geoposition.fields import GeopositionField
+from core.acl import AccessControlList
 
 class Site(PlCoreBase):
     """
@@ -21,7 +21,7 @@ class Site(PlCoreBase):
     abbreviated_name = models.CharField(max_length=80)
 
     #deployments = models.ManyToManyField('Deployment', blank=True, related_name='sites')
-    deployments = models.ManyToManyField('Deployment', through='SiteDeployments', blank=True)
+    deployments = models.ManyToManyField('Deployment', through='SiteDeployments', blank=True, help_text="Select which sites are allowed to host nodes in this deployment", related_name='sites')
     tags = generic.GenericRelation(Tag)
 
     def __unicode__(self):  return u'%s' % (self.name)
@@ -83,7 +83,49 @@ class SitePrivilege(PlCoreBase):
 
 class Deployment(PlCoreBase):
     name = models.CharField(max_length=200, unique=True, help_text="Name of the Deployment")
-    #sites = models.ManyToManyField('Site', through='SiteDeployments', blank=True)
+    admin_user = models.CharField(max_length=200, null=True, blank=True, help_text="Username of an admin user at this deployment")
+    admin_password = models.CharField(max_length=200, null=True, blank=True, help_text="Password of theadmin user at this deployment")\r
+    admin_tenant = models.CharField(max_length=200, null=True, blank=True, help_text="Name of the tenant the admin user belongs to")\r
+    auth_url = models.CharField(max_length=200, null=True, blank=True, help_text="Auth url for the deployment")
+    backend_type = models.CharField(max_length=200, null=True, blank=True, help_text="Type of deployment, e.g. EC2, OpenStack, or OpenStack version")
+
+    # smbaker: the default of 'allow all' is intended for evolutions of existing
+    #    deployments. When new deployments are created via the GUI, they are
+    #    given a default of 'allow site <site_of_creator>'
+    accessControl = models.TextField(max_length=200, blank=False, null=False, default="allow all",
+                                     help_text="Access control list that specifies which sites/users may use nodes in this deployment")
+
+    def get_acl(self):
+        return AccessControlList(self.accessControl)
+
+    def test_acl(self, slice=None, user=None):
+        potential_users=[]
+
+        if user:
+            potential_users.append(user)
+
+        if slice:
+            potential_users.append(slice.creator)
+            for priv in slice.slice_privileges.all():
+                if priv.user not in potential_users:
+                    potential_users.append(priv.user)
+
+        acl = self.get_acl()
+        for user in potential_users:
+            if acl.test(user) == "allow":
+                return True
+
+        return False
+
+    @staticmethod
+    def select_by_acl(user):
+        ids = []
+        for deployment in Deployment.objects.all():
+            acl = deployment.get_acl()
+            if acl.test(user) == "allow":
+                ids.append(deployment.id)
+
+        return Deployment.objects.filter(id__in=ids)
 
     def __unicode__(self):  return u'%s' % (self.name)
 
plstackapi