git://git.onelab.eu / plstackapi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
added rbac for viewing objects
[plstackapi.git] / planetstack / core / models / slice.py
diff --git a/planetstack/core/models/slice.py b/planetstack/core/models/slice.py
index da64b28..533165f 100644 (file)
--- a/planetstack/core/models/slice.py
+++ b/planetstack/core/models/slice.py
@@ -8,6 +8,7 @@ from core.models import Deployment
 from core.models import ServiceClass
 from core.models import Tag
 from django.contrib.contenttypes import generic
+from core.models import Service
 
 # Create your models here.
 
@@ -18,10 +19,11 @@ class Slice(PlCoreBase):
     omf_friendly = models.BooleanField()
     description=models.TextField(blank=True,help_text="High level description of the slice and expected activities", max_length=1024)
     slice_url = models.URLField(blank=True, max_length=512)
-    site = models.ForeignKey(Site, related_name='slices', help_text="The Site this Node belongs too")
+    site = models.ForeignKey(Site, related_name='slices', help_text="The Site this Slice belongs to")
     network_id = models.CharField(null=True, blank=True, max_length=256, help_text="Quantum network")
     router_id = models.CharField(null=True, blank=True, max_length=256, help_text="Quantum router id")
     subnet_id = models.CharField(null=True, blank=True, max_length=256, help_text="Quantum subnet id")
+    service = models.ForeignKey(Service, related_name='service', null=True, blank=True)
 
     tags = generic.GenericRelation(Tag)
 
@@ -40,8 +42,33 @@ class Slice(PlCoreBase):
             self.creator = self.caller
         super(Slice, self).save(*args, **kwds)
 
+    def can_update(self, user):
+        if user.is_readonly:
+            return False
+        if user.is_admin:
+            return True
+        slice_privs = SlicePrivilege.objects.filter(user=user, slice=self)
+        for slice_priv in slice_privs:
+            if slice_priv.role.role_type == 'admin':
+                return True
+        return False
+
+    def save_by_user(self, user, *args, **kwds):
+        if self.can_update(user):
+            super(Slice, self).save(*args, **kwds)
+
+    
+    @staticmethod
+    def select_by_user(user):
+        if user.is_admin:
+            qs = Slice.objects.all()
+        else:
+            slice_ids = [sp.slice.id for sp in SlicePrivilege.objects.filter(user=user)]
+            qs = Slice.objects.filter(id__in=slice_ids)
+        return qs
+
 class SliceRole(PlCoreBase):
-    ROLE_CHOICES = (('admin','Admin'),('default','Default'), ('user', 'User'), ('pi', 'PI'))
+    ROLE_CHOICES = (('admin','Admin'),('default','Default'))
 
     role = models.CharField(choices=ROLE_CHOICES, unique=True, max_length=30)
 
@@ -53,3 +80,25 @@ class SlicePrivilege(PlCoreBase):
     role = models.ForeignKey('SliceRole')
 
     def __unicode__(self):  return u'%s %s %s' % (self.slice, self.user, self.role)
+
+    def can_update(self, user):
+        if user.is_admin:
+            return True
+        slice_privs = SlicePrivilege.objects.filter(user=user, slice=self)
+        for slice_priv in slice_privs:
+            if slice_priv.role.role_type == 'admin':
+                return True
+        return False
+
+    def save_by_user(self, user, *args, **kwds):
+        if self.can_update(user):
+            super(SlicePrivilege, self).save(*args, **kwds)
+
+    @staticmethod
+    def select_by_user(user):
+        if user.is_admin:
+            qs = SlicePrivilege.objects.all()
+        else:
+            sp_ids = [sp.id for sp in SlicePrivilege.objects.filter(user=user)]
+            qs = SlicePrivilege.objects.filter(id__in=sp_ids)
+        return qs
plstackapi