X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=planetstack%2Fcore%2Fadmin.py;h=a2c76e288222ee6a430e9104c109dfdd6fc8523c;hb=25f36240782d59077e97af0730748cdfb1be305a;hp=d4728519061b1bdfe343e58b9fc56685efb604fa;hpb=6bdf86d7b248c722134ab8fbb6e084cae4496fcd;p=plstackapi.git
diff --git a/planetstack/core/admin.py b/planetstack/core/admin.py
index d472851..a2c76e2 100644
--- a/planetstack/core/admin.py
+++ b/planetstack/core/admin.py
@@ -8,7 +8,7 @@ from django import forms
from django.utils.safestring import mark_safe
from django.contrib.auth.admin import UserAdmin
from django.contrib.admin.widgets import FilteredSelectMultiple
-from django.contrib.auth.forms import ReadOnlyPasswordHashField
+from django.contrib.auth.forms import ReadOnlyPasswordHashField, AdminPasswordChangeForm
from django.contrib.auth.signals import user_logged_in
from django.utils import timezone
from django.contrib.contenttypes import generic
@@ -17,16 +17,20 @@ from django.core.exceptions import PermissionDenied
from django.core.urlresolvers import reverse, NoReverseMatch
import django_evolution
+import threading
+
+# thread locals necessary to work around a django-suit issue
+_thread_locals = threading.local()
def backend_icon(obj): # backend_status, enacted, updated):
#return "%s %s %s" % (str(obj.updated), str(obj.enacted), str(obj.backend_status))
if (obj.enacted is not None) and obj.enacted >= obj.updated:
- return '
'
+ return ''
else:
if obj.backend_status == "Provisioning in progress" or obj.backend_status=="":
- return '
' % obj.backend_status
+ return '' % obj.backend_status
else:
- return '
' % obj.backend_status
+ return '' % obj.backend_status
def backend_text(obj):
icon = backend_icon(obj)
@@ -43,7 +47,8 @@ class PlainTextWidget(forms.HiddenInput):
value = ''
return mark_safe(str(value) + super(PlainTextWidget, self).render(name, value, attrs))
-class ReadOnlyAwareAdmin(admin.ModelAdmin):
+class PermissionCheckingAdminMixin(object):
+ # call save_by_user and delete_by_user instead of save and delete
def has_add_permission(self, request, obj=None):
return (not self.__user_is_readonly(request))
@@ -53,13 +58,42 @@ class ReadOnlyAwareAdmin(admin.ModelAdmin):
def save_model(self, request, obj, form, change):
if self.__user_is_readonly(request):
+ # this 'if' might be redundant if save_by_user is implemented right
raise PermissionDenied
- #pass
- else:
- return super(ReadOnlyAwareAdmin, self).save_model(request, obj, form, change)
+
+ obj.caller = request.user
+ # update openstack connection to use this site/tenant
+ obj.save_by_user(request.user)
+
+ def delete_model(self, request, obj):
+ obj.delete_by_user(request.user)
+
+ def save_formset(self, request, form, formset, change):
+ instances = formset.save(commit=False)
+ for instance in instances:
+ instance.save_by_user(request.user)
+
+ # BUG in django 1.7? Objects are not deleted by formset.save if
+ # commit is False. So let's delete them ourselves.
+ #
+ # code from forms/models.py save_existing_objects()
+ try:
+ forms_to_delete = formset.deleted_forms
+ except AttributeError:
+ forms_to_delete = []
+ if formset.initial_forms:
+ for form in formset.initial_forms:
+ obj = form.instance
+ if form in forms_to_delete:
+ if obj.pk is None:
+ continue
+ formset.deleted_objects.append(obj)
+ obj.delete()
+
+ formset.save_m2m()
def get_actions(self,request):
- actions = super(ReadOnlyAwareAdmin,self).get_actions(request)
+ actions = super(PermissionCheckingAdminMixin,self).get_actions(request)
if self.__user_is_readonly(request):
if 'delete_selected' in actions:
@@ -85,13 +119,13 @@ class ReadOnlyAwareAdmin(admin.ModelAdmin):
self.inlines = self.inlines_save
try:
- return super(ReadOnlyAwareAdmin, self).change_view(request, object_id, extra_context=extra_context)
+ return super(PermissionCheckingAdminMixin, self).change_view(request, object_id, extra_context=extra_context)
except PermissionDenied:
pass
if request.method == 'POST':
raise PermissionDenied
request.readonly = True
- return super(ReadOnlyAwareAdmin, self).change_view(request, object_id, extra_context=extra_context)
+ return super(PermissionCheckingAdminMixin, self).change_view(request, object_id, extra_context=extra_context)
def __user_is_readonly(self, request):
return request.user.isReadOnlyUser()
@@ -103,6 +137,14 @@ class ReadOnlyAwareAdmin(admin.ModelAdmin):
return mark_safe(backend_icon(obj))
backend_status_icon.short_description = ""
+class ReadOnlyAwareAdmin(PermissionCheckingAdminMixin, admin.ModelAdmin):
+ # Note: Make sure PermissionCheckingAdminMixin is listed before
+ # admin.ModelAdmin in the class declaration.
+
+ pass
+
+class PlanetStackBaseAdmin(ReadOnlyAwareAdmin):
+ save_on_top = False
class SingletonAdmin (ReadOnlyAwareAdmin):
def has_add_permission(self, request):
@@ -115,7 +157,6 @@ class SingletonAdmin (ReadOnlyAwareAdmin):
else:
return True
-
class PlStackTabularInline(admin.TabularInline):
def __init__(self, *args, **kwargs):
super(PlStackTabularInline, self).__init__(*args, **kwargs)
@@ -278,46 +319,13 @@ class SliverInline(PlStackTabularInline):
if db_field.name == 'deploymentNetwork':
kwargs['queryset'] = Deployment.select_by_acl(request.user)
kwargs['widget'] = forms.Select(attrs={'onChange': "sliver_deployment_changed(this);"})
+ elif db_field.name == 'flavor':
+ kwargs['widget'] = forms.Select(attrs={'onChange': "sliver_flavor_changed(this);"})
field = super(SliverInline, self).formfield_for_foreignkey(db_field, request, **kwargs)
return field
-"""
- SMBAKER: This is the old code that implemented each network type as a
- separate column in the sliver table.
-
- def _declared_fieldsets(self):
- # Return None so django will call get_fieldsets and we can insert our
- # dynamic fields
- return None
-
- def get_readonly_fields(self, request, obj=None):
- readonly_fields = list(super(SliverInline, self).get_readonly_fields(request, obj))
-
- # Lookup the networks that are bound to the slivers, and add those
- # network names to the list of readonly fields.
-
- for sliver in obj.slivers.all():
- for nbs in sliver.networksliver_set.all():
- if nbs.ip:
- network_name = nbs.network.name
- if network_name not in [str(x) for x in readonly_fields]:
- readonly_fields.append(NetworkLookerUpper.get(network_name))
-
- return readonly_fields
-
- def get_fieldsets(self, request, obj=None):
- form = self.get_formset(request, obj).form
- # fields = the read/write files + the read-only fields
- fields = list(self.fields)
- for fieldName in self.get_readonly_fields(request,obj):
- if not fieldName in fields:
- fields.append(fieldName)
-
- return [(None, {'fields': fields})]
-"""
-
class SiteInline(PlStackTabularInline):
model = Site
extra = 0
@@ -437,23 +445,6 @@ class ImageDeploymentsInline(PlStackTabularInline):
fields = ['backend_status_icon', 'image', 'deployment', 'glance_image_id']
readonly_fields = ['backend_status_icon', 'glance_image_id']
-class PlanetStackBaseAdmin(ReadOnlyAwareAdmin):
- save_on_top = False
-
- def save_model(self, request, obj, form, change):
- obj.caller = request.user
- # update openstack connection to use this site/tenant
- obj.save_by_user(request.user)
-
- def delete_model(self, request, obj):
- obj.delete_by_user(request.user)
-
- def save_formset(self, request, form, formset, change):
- instances = formset.save(commit=False)
- for instance in instances:
- instance.save_by_user(request.user)
- formset.save_m2m()
-
class SliceRoleAdmin(PlanetStackBaseAdmin):
model = SliceRole
pass
@@ -540,10 +531,10 @@ class DeploymentAdminForm(forms.ModelForm):
def save(self, commit=True):
deployment = super(DeploymentAdminForm, self).save(commit=False)
- deployment.flavors = self.cleaned_data['flavors']
-
if commit:
deployment.save()
+ # this has to be done after save() if/when a deployment is first created
+ deployment.flavors = self.cleaned_data['flavors']
if deployment.pk:
# save_m2m() doesn't seem to work with 'through' relations. So we
@@ -568,7 +559,7 @@ class SiteAssocInline(PlStackTabularInline):
class DeploymentAdmin(PlanetStackBaseAdmin):
model = Deployment
- fieldList = ['backend_status_text', 'name', 'sites', 'images', 'flavors', 'accessControl']
+ fieldList = ['backend_status_text', 'name', 'availability_zone', 'sites', 'images', 'flavors', 'accessControl']
fieldsets = [(None, {'fields': fieldList, 'classes':['suit-tab suit-tab-sites']})]
inlines = [DeploymentPrivilegeInline,NodeInline,TagInline] # ,ImageDeploymentsInline]
list_display = ['backend_status_icon', 'name']
@@ -733,6 +724,15 @@ class SliceForm(forms.ModelForm):
'service': LinkedSelect
}
+ def clean(self):
+ cleaned_data = super(SliceForm, self).clean()
+ name = cleaned_data.get('name')
+ site_id = cleaned_data.get('site')
+ site = Slice.objects.get(id=site_id)
+ if not name.startswith(site.login_base):
+ raise forms.ValidationError('slice name must begin with %s' % site.login_base)
+ return cleaned_data
+
class SliceAdmin(PlanetStackBaseAdmin):
form = SliceForm
fieldList = ['backend_status_text', 'site', 'name', 'serviceClass', 'enabled','description', 'service', 'slice_url', 'max_slivers']
@@ -762,12 +762,18 @@ class SliceAdmin(PlanetStackBaseAdmin):
for deployment in flavor.deployments.all():
deployment_flavors.append( (deployment.id, flavor.id, flavor.name) )
+ deployment_images = []
+ for image in Image.objects.all():
+ for imageDeployment in image.imagedeployments_set.all():
+ deployment_images.append( (imageDeployment.deployment.id, image.id, image.name) )
+
site_login_bases = []
for site in Site.objects.all():
- site_login_bases.append((site.id, site.login_base))
-
+ site_login_bases.append((site.id, site.login_base))
+
context["deployment_nodes"] = deployment_nodes
context["deployment_flavors"] = deployment_flavors
+ context["deployment_images"] = deployment_images
context["site_login_bases"] = site_login_bases
return super(SliceAdmin, self).render_change_form(request, context, add, change, form_url, obj)
@@ -1004,7 +1010,10 @@ class UserDashboardViewInline(PlStackTabularInline):
suit_classes = 'suit-tab suit-tab-dashboards'
fields = ['user', 'dashboardView', 'order']
-class UserAdmin(UserAdmin):
+class UserAdmin(PermissionCheckingAdminMixin, UserAdmin):
+ # Note: Make sure PermissionCheckingAdminMixin is listed before
+ # admin.ModelAdmin in the class declaration.
+
class Meta:
app_label = "core"
@@ -1019,7 +1028,7 @@ class UserAdmin(UserAdmin):
list_filter = ('site',)
inlines = [SlicePrivilegeInline,SitePrivilegeInline,DeploymentPrivilegeInline,UserDashboardViewInline]
- fieldListLoginDetails = ['email','site','password','is_active','is_readonly','is_admin','public_key']
+ fieldListLoginDetails = ['backend_status_text', 'email','site','password','is_active','is_readonly','is_admin','public_key']
fieldListContactInfo = ['firstname','lastname','phone','timezone']
fieldsets = (
@@ -1031,7 +1040,7 @@ class UserAdmin(UserAdmin):
add_fieldsets = (
(None, {
'classes': ('wide',),
- 'fields': ('email', 'firstname', 'lastname', 'is_readonly', 'phone', 'public_key','password1', 'password2')}
+ 'fields': ('email', 'firstname', 'lastname', 'is_readonly', 'phone', 'public_key','password1', 'password2')},
),
)
readonly_fields = ('backend_status_text', )
@@ -1041,12 +1050,24 @@ class UserAdmin(UserAdmin):
user_readonly_fields = fieldListLoginDetails + fieldListContactInfo
- suit_form_tabs =(('general','Login Details'),
- ('contact','Contact Information'),
- ('sliceprivileges','Slice Privileges'),
- ('siteprivileges','Site Privileges'),
- ('deploymentprivileges','Deployment Privileges'),
- ('dashboards','Dashboard Views'))
+ def get_form(self, request, obj=None):
+ # Save obj in thread-local storage, so suit_form_tabs can use it to
+ # determine whether we're in edit or add mode.
+ _thread_locals.request = request
+ _thread_locals.obj = obj
+ return super(UserAdmin, self).get_form(request, obj)
+
+ @property
+ def suit_form_tabs(self):
+ if getattr(_thread_locals, "obj", None) is None:
+ return []
+ else:
+ return (('general','Login Details'),
+ ('contact','Contact Information'),
+ ('sliceprivileges','Slice Privileges'),
+ ('siteprivileges','Site Privileges'),
+ ('deploymentprivileges','Deployment Privileges'),
+ ('dashboards','Dashboard Views'))
def formfield_for_foreignkey(self, db_field, request, **kwargs):
if db_field.name == 'site':
@@ -1054,62 +1075,9 @@ class UserAdmin(UserAdmin):
return super(UserAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs)
- def has_add_permission(self, request, obj=None):
- return (not self.__user_is_readonly(request))
-
- def has_delete_permission(self, request, obj=None):
- return (not self.__user_is_readonly(request))
-
- def get_actions(self,request):
- actions = super(UserAdmin,self).get_actions(request)
-
- if self.__user_is_readonly(request):
- if 'delete_selected' in actions:
- del actions['delete_selected']
-
- return actions
-
- def change_view(self,request,object_id, extra_context=None):
-
- if self.__user_is_readonly(request):
- if not hasattr(self, "readonly_save"):
- # save the original readonly fields
- self.readonly_save = self.readonly_fields
- self.inlines_save = self.inlines
- if hasattr(self, "user_readonly_fields"):
- self.readonly_fields=self.user_readonly_fields
- if hasattr(self, "user_readonly_inlines"):
- self.inlines = self.user_readonly_inlines
- else:
- if hasattr(self, "readonly_save"):
- # restore the original readonly fields
- self.readonly_fields = self.readonly_save
- self.inlines = self.inlines_save
-
- try:
- return super(UserAdmin, self).change_view(request, object_id, extra_context=extra_context)
- except PermissionDenied:
- pass
- if request.method == 'POST':
- raise PermissionDenied
- request.readonly = True
- return super(UserAdmin, self).change_view(request, object_id, extra_context=extra_context)
-
- def __user_is_readonly(self, request):
- #groups = [x.name for x in request.user.groups.all() ]
- #return "readonly" in groups
- return request.user.isReadOnlyUser()
-
def queryset(self, request):
return User.select_by_user(request.user)
- def backend_status_text(self, obj):
- return mark_safe(backend_text(obj))
-
- def backend_status_icon(self, obj):
- return mark_safe(backend_icon(obj))
- backend_status_icon.short_description = ""
-
class DashboardViewAdmin(PlanetStackBaseAdmin):
fieldsets = [('Dashboard View Details',
{'fields': ['backend_status_text', 'name', 'url'],