from django.db import models
from core.models import PlCoreBase
from core.models import Site
+from core.models.site import SitePrivilege
from core.models import User
from core.models import Role
from core.models import Deployment
from django.contrib.contenttypes import generic
from core.models import Service
from core.models import Deployment
+from django.core.exceptions import ValidationError
# Create your models here.
def __unicode__(self): return u'%s' % (self.name)
+ @property
+ def slicename(self):
+ return "%s_%s" % (self.site.login_base, self.name)
+
def save(self, *args, **kwds):
+
+ site = Site.objects.get(id=self.site.id)
+ if not self.name.startswith(site.login_base):
+ raise ValidationError('slice name must begin with %s' % site.login_base)
+
if self.serviceClass is None:
# We allowed None=True for serviceClass because Django evolution
# will fail unless it is allowed. But, we we really don't want it to
return False
if user.is_admin:
return True
+ # slice admins can update
slice_privs = SlicePrivilege.objects.filter(user=user, slice=self)
for slice_priv in slice_privs:
if slice_priv.role.role == 'admin':
return True
+ # site pis can update
+ site_privs = SitePrivilege.objects.filter(user=user, site=self.site)
+ for site_priv in site_privs:
+ if site_priv.role.role == 'pi':
+ return True
+
return False
@staticmethod
if user.is_admin:
qs = Slice.objects.all()
else:
+ # users can see slices they belong to
slice_ids = [sp.slice.id for sp in SlicePrivilege.objects.filter(user=user)]
+ # pis can see slices at their sites
+ sites = [sp.site for sp in SitePrivilege.objects.filter(user=user)\
+ if sp.role.role == 'pi']
+ slice_ids.extend([s.id for s in Slice.objects.filter(site__in=sites)])
qs = Slice.objects.filter(id__in=slice_ids)
return qs
git://git.onelab.eu / plstackapi.git / blobdiff