X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=planetstack%2Fcore%2Fadmin.py;h=1dbe0d709bb173fffc39f705d082bf0891db3c08;hb=b0d9742e1a7746ea0d8cbf78d85cab38883a8edc;hp=656ca42eb4381435c06f63225ad3940839c3e1af;hpb=133c9210c6fbc1e7802cac06b181a872d08d2b90;p=plstackapi.git diff --git a/planetstack/core/admin.py b/planetstack/core/admin.py index 656ca42..1dbe0d7 100644 --- a/planetstack/core/admin.py +++ b/planetstack/core/admin.py @@ -9,7 +9,9 @@ from django.utils.safestring import mark_safe from django.contrib.auth.admin import UserAdmin from django.contrib.admin.widgets import FilteredSelectMultiple from django.contrib.auth.forms import ReadOnlyPasswordHashField -from django.contrib.auth.signals import user_logged_in +from django.contrib.auth.signals import user_logged_in +from django.utils import timezone +import django_evolution class ReadonlyTabularInline(admin.TabularInline): @@ -30,10 +32,11 @@ class ReadonlyTabularInline(admin.TabularInline): class SliverInline(admin.TabularInline): model = Sliver - fields = ['ip', 'instance_name', 'slice', 'numberCores', 'image', 'key', 'node', 'deploymentNetwork'] + fields = ['ip', 'instance_name', 'slice', 'numberCores', 'image', 'node', 'deploymentNetwork'] extra = 0 #readonly_fields = ['ip', 'instance_name', 'image'] readonly_fields = ['ip', 'instance_name'] + class SiteInline(admin.TabularInline): model = Site @@ -60,10 +63,58 @@ class SitePrivilegeInline(admin.TabularInline): model = SitePrivilege extra = 0 + def formfield_for_foreignkey(self, db_field, request, **kwargs): + if db_field.name == 'site': + if not request.user.is_admin: + # only show sites where user is an admin or pi + roles = Role.objects.filter(role_type__in=['admin', 'pi']) + site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles) + login_bases = [site_privilege.site.login_base for site_privilege in site_privileges] + sites = Site.objects.filter(login_base__in=login_bases) + kwargs['queryset'] = sites + + if db_field.name == 'user': + if not request.user.is_admin: + # only show users from sites where caller has admin or pi role + roles = Role.objects.filter(role_type__in=['admin', 'pi']) + site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles) + sites = [site_privilege.site for site_privilege in site_privileges] + site_privileges = SitePrivilege.objects.filter(site__in=sites) + emails = [site_privilege.user.email for site_privilege in site_privileges] + users = User.objects.filter(email__in=emails) + kwargs['queryset'] = users + return super(SitePrivilegeInline, self).formfield_for_foreignkey(db_field, request, **kwargs) + class SliceMembershipInline(admin.TabularInline): model = SliceMembership extra = 0 + def formfield_for_foreignkey(self, db_field, request, **kwargs): + if db_field.name == 'slice': + if not request.user.is_admin: + # only show slices at sites where caller has admin or pi role + roles = Role.objects.filter(role_type__in=['admin', 'pi']) + site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles) + sites = [site_privilege.site for site_privilege in site_privileges] + slices = Slice.objects.filter(site__in=sites) + kwargs['queryset'] = slices + if db_field.name == 'user': + if not request.user.is_admin: + # only show users from sites where caller has admin or pi role + roles = Role.objects.filter(role_type__in=['admin', 'pi']) + site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles) + sites = [site_privilege.site for site_privilege in site_privileges] + site_privileges = SitePrivilege.objects.filter(site__in=sites) + emails = [site_privilege.user.email for site_privilege in site_privileges] + users = User.objects.filter(email__in=emails) + kwargs['queryset'] = list(users) + + return super(SliceMembershipInline, self).formfield_for_foreignkey(db_field, request, **kwargs) + +class SliceTagInline(admin.TabularInline): + model = SliceTag + extra = 0 + class PlainTextWidget(forms.HiddenInput): input_type = 'hidden' @@ -99,7 +150,7 @@ class RoleAdmin(OSModelAdmin): list_display = ('role_type',) -class DeploymentNetworkAdminForm(forms.ModelForm): +class DeploymentAdminForm(forms.ModelForm): sites = forms.ModelMultipleChoiceField( queryset=Site.objects.all(), required=False, @@ -108,16 +159,16 @@ class DeploymentNetworkAdminForm(forms.ModelForm): ) ) class Meta: - model = DeploymentNetwork + model = Deployment def __init__(self, *args, **kwargs): - super(DeploymentNetworkAdminForm, self).__init__(*args, **kwargs) + super(DeploymentAdminForm, self).__init__(*args, **kwargs) if self.instance and self.instance.pk: self.fields['sites'].initial = self.instance.sites.all() def save(self, commit=True): - deploymentNetwork = super(DeploymentNetworkAdminForm, self).save(commit=False) + deploymentNetwork = super(DeploymentAdminForm, self).save(commit=False) if commit: deploymentNetwork.save() @@ -127,8 +178,8 @@ class DeploymentNetworkAdminForm(forms.ModelForm): return deploymentNetwork -class DeploymentNetworkAdmin(PlanetStackBaseAdmin): - form = DeploymentNetworkAdminForm +class DeploymentAdmin(PlanetStackBaseAdmin): + form = DeploymentAdminForm inlines = [NodeInline,SliverInline] def get_formsets(self, request, obj=None): @@ -182,18 +233,39 @@ class SitePrivilegeAdmin(PlanetStackBaseAdmin): ] list_display = ('user', 'site', 'role') + def formfield_for_foreignkey(self, db_field, request, **kwargs): + if db_field.name == 'site': + if not request.user.is_admin: + # only show sites where user is an admin or pi + sites = set() + for site_privilege in SitePrivilege.objects.filer(user=request.user): + if site_privilege.role.role_type in ['admin', 'pi']: + sites.add(site_privilege.site) + kwargs['queryset'] = Site.objects.filter(site__in=list(sites)) + + if db_field.name == 'user': + if not request.user.is_admin: + # only show users from sites where caller has admin or pi role + roles = Role.objects.filter(role_type__in=['admin', 'pi']) + site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles) + sites = [site_privilege.site for site_privilege in site_privileges] + site_privileges = SitePrivilege.objects.filter(site__in=sites) + emails = [site_privilege.user.email for site_privilege in site_privileges] + users = User.objects.filter(email__in=emails) + kwargs['queryset'] = users + + return super(SitePrivilegeAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs) + def queryset(self, request): # admins can see all privileges. Users can only see privileges at sites - # where they have the admin role. + # where they have the admin role or pi role. qs = super(SitePrivilegeAdmin, self).queryset(request) if not request.user.is_admin: - roles = request.user.get_roles() - tenants = [] - for (role, tenant_list) in roles: - if role == 'admin': - tenants.extend(tenant_list) - valid_sites = Sites.objects.filter(login_base__in=tenants) - qs = qs.filter(site__in=valid_sites) + roles = Role.objects.filter(role_type__in=['admin', 'pi']) + site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles) + login_bases = [site_privilege.site.login_base for site_privilege in site_privileges] + sites = Site.objects.filter(login_base__in=login_bases) + qs = qs.filter(site__in=sites) return qs def save_model(self, request, obj, form, change): @@ -227,7 +299,19 @@ class KeyAdmin(OSModelAdmin): class SliceAdmin(OSModelAdmin): fields = ['name', 'site', 'serviceClass', 'description', 'slice_url'] list_display = ('name', 'site','serviceClass', 'slice_url') - inlines = [SliverInline, SliceMembershipInline] + inlines = [SliverInline, SliceMembershipInline, SliceTagInline] + + def formfield_for_foreignkey(self, db_field, request, **kwargs): + if db_field.name == 'site': + if not request.user.is_admin: + # only show sites where user is a pi or admin + roles = Role.objects.filter(role_type__in=['admin', 'pi']) + site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles) + login_bases = [site_privilege.site.login_base for site_privilege in site_privileges] + sites = Site.objects.filter(login_base__in=login_bases) + kwargs['queryset'] = sites + + return super(SliceAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs) def queryset(self, request): # admins can see all keys. Users can only see slices they belong to. @@ -249,6 +333,7 @@ class SliceAdmin(OSModelAdmin): auth = request.session.get('auth', {}) auth['tenant'] = obj.name # meed to connect using slice's tenant inline.model.os_manager = OpenStackManager(auth=auth, caller=request.user) + inline.model.creator = request.user yield inline.get_formset(request, obj) def get_queryset(self, request): @@ -264,18 +349,40 @@ class SliceMembershipAdmin(PlanetStackBaseAdmin): ] list_display = ('user', 'slice', 'role') + def formfield_for_foreignkey(self, db_field, request, **kwargs): + if db_field.name == 'slice': + if not request.user.is_admin: + # only show slices at sites where caller has admin or pi role + roles = Role.objects.filter(role_type__in=['admin', 'pi']) + site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles) + sites = [site_privilege.site for site_privilege in site_privileges] + slices = Slice.objects.filter(site__in=sites) + kwargs['queryset'] = slices + + if db_field.name == 'user': + if not request.user.is_admin: + # only show users from sites where caller has admin or pi role + roles = Role.objects.filter(role_type__in=['admin', 'pi']) + site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles) + sites = [site_privilege.site for site_privilege in site_privileges] + site_privileges = SitePrivilege.objects.filter(site__in=sites) + emails = [site_privilege.user.email for site_privilege in site_privileges] + users = User.objects.filter(email__in=emails) + kwargs['queryset'] = users + + return super(SliceMembershipAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs) + def queryset(self, request): # admins can see all memberships. Users can only see memberships of # slices where they have the admin role. qs = super(SliceMembershipAdmin, self).queryset(request) if not request.user.is_admin: - roles = request.user.get_roles() - tenants = [] - for (role, tenant_list) in roles: - if role == 'admin': - tenants.extend(tenant_list) - valid_slices = Slice.objects.filter(name__in=tenants) - qs = qs.filter(slice__in=valid_slices) + roles = Role.objects.filter(role_type__in=['admin', 'pi']) + site_privileges = SitePrivilege.objects.filter(user=request.user).filter(role__in=roles) + login_bases = [site_privilege.site.login_base for site_privilege in site_privileges] + sites = Site.objects.filter(login_base__in=login_bases) + slices = Slice.objects.filter(site__in=sites) + qs = qs.filter(slice__in=slices) return qs def save_model(self, request, obj, form, change): @@ -297,8 +404,8 @@ class ImageAdmin(admin.ModelAdmin): fields = ['image_id', 'name', 'disk_format', 'container_format'] class NodeAdmin(admin.ModelAdmin): - list_display = ('name', 'site', 'deploymentNetwork') - list_filter = ('deploymentNetwork',) + list_display = ('name', 'site', 'deployment') + list_filter = ('deployment',) class SliverForm(forms.ModelForm): @@ -318,6 +425,14 @@ class SliverAdmin(PlanetStackBaseAdmin): ] list_display = ['ip', 'instance_name', 'slice', 'numberCores', 'image', 'key', 'node', 'deploymentNetwork'] + def formfield_for_foreignkey(self, db_field, request, **kwargs): + if db_field.name == 'slice': + if not request.user.is_admin: + slices = set([sm.slice.name for sm in SliceMembership.objects.filter(user=request.user)]) + kwargs['queryset'] = Slice.objects.filter(name__in=list(slices)) + + return super(SliverAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs) + def queryset(self, request): # admins can see all slivers. Users can only see slivers of # the slices they belong to. @@ -355,6 +470,7 @@ class SliverAdmin(PlanetStackBaseAdmin): auth = request.session.get('auth', {}) auth['tenant'] = obj.slice.name obj.os_manager = OpenStackManager(auth=auth, caller=request.user) + obj.creator = request.user obj.save() def delete_model(self, request, obj): @@ -372,7 +488,7 @@ class UserCreationForm(forms.ModelForm): class Meta: model = User - fields = ('email', 'firstname', 'lastname', 'phone', 'key', 'site') + fields = ('email', 'firstname', 'lastname', 'phone', 'public_key', 'site') def clean_password2(self): # Check that the two password entries match @@ -424,20 +540,32 @@ class UserAdmin(UserAdmin, OSModelAdmin): list_filter = ('site',) inlines = [SitePrivilegeInline, SliceMembershipInline] fieldsets = ( - (None, {'fields': ('email', 'password', 'site', 'is_admin')}), - ('Personal info', {'fields': ('firstname','lastname','phone', 'key')}), + (None, {'fields': ('email', 'password', 'site', 'is_admin', 'timezone')}), + ('Personal info', {'fields': ('firstname','lastname','phone', 'public_key')}), #('Important dates', {'fields': ('last_login',)}), ) add_fieldsets = ( (None, { 'classes': ('wide',), - 'fields': ('email', 'firstname', 'lastname', 'phone', 'site', 'key','password1', 'password2', 'is_admin')} + 'fields': ('email', 'firstname', 'lastname', 'phone', 'site', 'public_key','password1', 'password2', 'is_admin')} ), ) search_fields = ('email',) ordering = ('email',) filter_horizontal = () + def formfield_for_foreignkey(self, db_field, request, **kwargs): + if db_field.name == 'site': + if not request.user.is_admin: + # show sites where caller is an admin or pi + sites = [] + for site_privilege in SitePrivilege.objects.filer(user=request.user): + if site_privilege.role.role_type in ['admin', 'pi']: + sites.append(site_privilege.site.login_base) + kwargs['queryset'] = Site.objects.filter(login_base__in(list(sites))) + + return super(UserAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs) + class ServiceResourceInline(admin.TabularInline): model = ServiceResource extra = 0 @@ -498,10 +626,16 @@ class ReservationAddRefreshForm(ReservationAddForm): redrawn. """ - """ don't validate anything """ + """ don't validate anything other than slice """ + dont_validate_fields = ("startTime", "duration") + def full_clean(self): result = super(ReservationAddForm, self).full_clean() - self._errors = forms.util.ErrorDict() + + for fieldname in self.dont_validate_fields: + if fieldname in self._errors: + del self._errors[fieldname] + return result """ don't save anything """ @@ -514,12 +648,18 @@ class ReservationAdmin(admin.ModelAdmin): form = ReservationAddForm def add_view(self, request, form_url='', extra_context=None): + timezone.activate(request.user.timezone) request._refresh = False request._slice = None if request.method == 'POST': + # "refresh" will be set to "1" if the form was submitted due to + # a change in the Slice dropdown. if request.POST.get("refresh","1") == "1": request._refresh = True request.POST["refresh"] = "0" + + # Keep track of the slice that was selected, so the + # reservedResource inline can filter items for the slice. request._slice = request.POST.get("slice",None) if (request._slice is not None): request._slice = Slice.objects.get(id=request._slice) @@ -527,9 +667,15 @@ class ReservationAdmin(admin.ModelAdmin): result = super(ReservationAdmin, self).add_view(request, form_url, extra_context) return result + def changelist_view(self, request, extra_context = None): + timezone.activate(request.user.timezone) + return super(ReservationAdmin, self).changelist_view(request, extra_context) + def get_form(self, request, obj=None, **kwargs): request._obj_ = obj if obj is not None: + # For changes, set request._slice to the slice already set in the + # object. request._slice = obj.slice self.form = ReservationChangeForm else: @@ -560,17 +706,30 @@ admin.site.register(User, UserAdmin) # unregister the Group model from admin. admin.site.unregister(Group) +#Do not show django evolution in the admin interface +from django_evolution.models import Version, Evolution +admin.site.unregister(Version) +admin.site.unregister(Evolution) + + +# When debugging it is often easier to see all the classes, but for regular use +# only the top-levels should be displayed +showAll = False + +admin.site.register(Deployment, DeploymentAdmin) admin.site.register(Site, SiteAdmin) -admin.site.register(SitePrivilege, SitePrivilegeAdmin) admin.site.register(Slice, SliceAdmin) -admin.site.register(SliceMembership, SliceMembershipAdmin) #admin.site.register(Subnet) -admin.site.register(Image, ImageAdmin) -admin.site.register(Node, NodeAdmin) -admin.site.register(Sliver, SliverAdmin) admin.site.register(Key, KeyAdmin) -admin.site.register(Role, RoleAdmin) -admin.site.register(DeploymentNetwork, DeploymentNetworkAdmin) -admin.site.register(ServiceClass, ServiceClassAdmin) -admin.site.register(Reservation, ReservationAdmin) + + +if showAll: + admin.site.register(Node, NodeAdmin) + admin.site.register(SliceMembership, SliceMembershipAdmin) + admin.site.register(SitePrivilege, SitePrivilegeAdmin) + admin.site.register(Role, RoleAdmin) + admin.site.register(Sliver, SliverAdmin) + admin.site.register(ServiceClass, ServiceClassAdmin) + admin.site.register(Reservation, ReservationAdmin) + admin.site.register(Image, ImageAdmin)