X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=planetstack%2Fcore%2Fadmin.py;h=bc49b8a8deeebfdb2198c6c371041d86e36ae066;hb=acd45144b5e0fe049a61c4dcc826af934135e943;hp=6a8b71ea39e0a61e6e12f0f469afdeccea62d07f;hpb=30fd4291ad7fdb809bb8ebbf738c3195436c2455;p=plstackapi.git diff --git a/planetstack/core/admin.py b/planetstack/core/admin.py index 6a8b71e..bc49b8a 100644 --- a/planetstack/core/admin.py +++ b/planetstack/core/admin.py @@ -9,7 +9,8 @@ from django.utils.safestring import mark_safe from django.contrib.auth.admin import UserAdmin from django.contrib.admin.widgets import FilteredSelectMultiple from django.contrib.auth.forms import ReadOnlyPasswordHashField -from django.contrib.auth.signals import user_logged_in +from django.contrib.auth.signals import user_logged_in +from django.utils import timezone class ReadonlyTabularInline(admin.TabularInline): @@ -30,8 +31,10 @@ class ReadonlyTabularInline(admin.TabularInline): class SliverInline(admin.TabularInline): model = Sliver - fields = ['ip', 'name', 'slice', 'numberCores', 'image', 'key', 'node', 'deploymentNetwork'] + fields = ['ip', 'instance_name', 'slice', 'numberCores', 'image', 'key', 'node', 'deploymentNetwork'] extra = 0 + #readonly_fields = ['ip', 'instance_name', 'image'] + readonly_fields = ['ip', 'instance_name'] class SiteInline(admin.TabularInline): model = Site @@ -39,16 +42,13 @@ class SiteInline(admin.TabularInline): class UserInline(admin.TabularInline): model = User + fields = ['email', 'firstname', 'lastname'] extra = 0 class SliceInline(admin.TabularInline): model = Slice extra = 0 -class UserInline(admin.TabularInline): - model = User - extra = 0 - class RoleInline(admin.TabularInline): model = Role extra = 0 @@ -57,9 +57,21 @@ class NodeInline(admin.TabularInline): model = Node extra = 0 -class PlainTextWidget(forms.Widget): - def render(self, _name, value, attrs): - return mark_safe(value) if value is not None else '' +class SitePrivilegeInline(admin.TabularInline): + model = SitePrivilege + extra = 0 + +class SliceMembershipInline(admin.TabularInline): + model = SliceMembership + extra = 0 + +class PlainTextWidget(forms.HiddenInput): + input_type = 'hidden' + + def render(self, name, value, attrs=None): + if value is None: + value = '' + return mark_safe(str(value) + super(PlainTextWidget, self).render(name, value, attrs)) class PlanetStackBaseAdmin(admin.ModelAdmin): save_on_top = False @@ -68,15 +80,17 @@ class OSModelAdmin(PlanetStackBaseAdmin): """Attach client connection to openstack on delete() and save()""" def save_model(self, request, obj, form, change): - auth = request.session.get('auth', {}) - #auth['tenant'] = request.user.site.login_base - obj.os_manager = OpenStackManager(auth=auth, caller=request.user) + if request.user.site: + auth = request.session.get('auth', {}) + auth['tenant'] = request.user.site.login_base + obj.os_manager = OpenStackManager(auth=auth, caller=request.user) obj.save() def delete_model(self, request, obj): - auth = request.session.get('auth', {}) - #auth['tenant'] = request.user.site.login_base - obj.os_manager = OpenStackManager(auth=auth, caller=request.user) + if request.user.site: + auth = request.session.get('auth', {}) + auth['tenant'] = request.user.site.login_base + obj.os_manager = OpenStackManager(auth=auth, caller=request.user) obj.delete() class RoleAdmin(OSModelAdmin): @@ -116,7 +130,7 @@ class DeploymentNetworkAdminForm(forms.ModelForm): class DeploymentNetworkAdmin(PlanetStackBaseAdmin): form = DeploymentNetworkAdminForm - inlines = [NodeInline,] + inlines = [NodeInline,SliverInline] def get_formsets(self, request, obj=None): for inline in self.get_inline_instances(request, obj): @@ -125,7 +139,8 @@ class DeploymentNetworkAdmin(PlanetStackBaseAdmin): continue # give inline object access to driver and caller auth = request.session.get('auth', {}) - auth['tenant'] = request.user.site.login_base + if request.user.site: + auth['tenant'] = request.user.site.login_base inline.model.os_manager = OpenStackManager(auth=auth, caller=request.user) yield inline.get_formset(request, obj) @@ -137,9 +152,20 @@ class SiteAdmin(OSModelAdmin): ] list_display = ('name', 'login_base','site_url', 'enabled') filter_horizontal = ('deployments',) - inlines = [NodeInline, UserInline] + inlines = [NodeInline, UserInline, SitePrivilegeInline] search_fields = ['name'] + def queryset(self, request): + # admins can see all keys. Users can only see sites they belong to. + qs = super(SiteAdmin, self).queryset(request) + if not request.user.is_admin: + valid_sites = [request.user.site.login_base] + roles = request.user.get_roles() + for tenant_list in roles.values(): + valid_sites.extend(tenant_list) + qs = qs.filter(login_base__in=valid_sites) + return qs + def get_formsets(self, request, obj=None): for inline in self.get_inline_instances(request, obj): # hide MyInline in the add view @@ -157,6 +183,20 @@ class SitePrivilegeAdmin(PlanetStackBaseAdmin): ] list_display = ('user', 'site', 'role') + def queryset(self, request): + # admins can see all privileges. Users can only see privileges at sites + # where they have the admin role. + qs = super(SitePrivilegeAdmin, self).queryset(request) + if not request.user.is_admin: + roles = request.user.get_roles() + tenants = [] + for (role, tenant_list) in roles: + if role == 'admin': + tenants.extend(tenant_list) + valid_sites = Sites.objects.filter(login_base__in=tenants) + qs = qs.filter(site__in=valid_sites) + return qs + def save_model(self, request, obj, form, change): # update openstack connection to use this site/tenant auth = request.session.get('auth', {}) @@ -173,23 +213,33 @@ class SitePrivilegeAdmin(PlanetStackBaseAdmin): class KeyAdmin(OSModelAdmin): fieldsets = [ - ('Key', {'fields': ['name', 'key', 'type', 'blacklisted']}) + ('Key', {'fields': ['key', 'type', 'blacklisted']}) ] - list_display = ['name', 'key', 'type', 'blacklisted'] + list_display = ['key', 'type', 'blacklisted'] - def get_queryset(self, request): - # get keys user is allowed to see - qs = super(KeyAdmin, self).get_queryset(request) - if request.user.is_superuser: - return qs - # users can only see their own keys - return qs.filter(user=request.user) - + #def queryset(self, request): + # admins can see all keys. Users can only see their own key. + #if request.user.is_admin: + # qs = super(KeyAdmin, self).queryset(request) + #else: + # qs = Key.objects.filter(user=request.user) + #return qs class SliceAdmin(OSModelAdmin): fields = ['name', 'site', 'serviceClass', 'description', 'slice_url'] list_display = ('name', 'site','serviceClass', 'slice_url') - inlines = [SliverInline] + inlines = [SliverInline, SliceMembershipInline] + + def queryset(self, request): + # admins can see all keys. Users can only see slices they belong to. + qs = super(SliceAdmin, self).queryset(request) + if not request.user.is_admin: + valid_slices = [] + roles = request.user.get_roles() + for tenant_list in roles.values(): + valid_slices.extend(tenant_list) + qs = qs.filter(name__in=valid_slices) + return qs def get_formsets(self, request, obj=None): for inline in self.get_inline_instances(request, obj): @@ -215,24 +265,19 @@ class SliceMembershipAdmin(PlanetStackBaseAdmin): ] list_display = ('user', 'slice', 'role') - def save_model(self, request, obj, form, change): - # update openstack connection to use this site/tenant - auth = request.session.get('auth', {}) - auth['tenant'] = obj.slice.name - obj.os_manager = OpenStackManager(auth=auth, caller=request.user) - obj.save() - - def delete_model(self, request, obj): - # update openstack connection to use this site/tenant - auth = request.session.get('auth', {}) - auth['tenant'] = obj.slice.name - obj.os_manager = OpenStackManager(auth=auth, caller=request.user) - obj.delete() - - -class SubnetAdmin(PlanetStackBaseAdmin): - fields = ['cidr', 'ip_version', 'start', 'end', 'slice'] - list_display = ('slice','cidr', 'start', 'end', 'ip_version') + def queryset(self, request): + # admins can see all memberships. Users can only see memberships of + # slices where they have the admin role. + qs = super(SliceMembershipAdmin, self).queryset(request) + if not request.user.is_admin: + roles = request.user.get_roles() + tenants = [] + for (role, tenant_list) in roles: + if role == 'admin': + tenants.extend(tenant_list) + valid_slices = Slice.objects.filter(name__in=tenants) + qs = qs.filter(slice__in=valid_slices) + return qs def save_model(self, request, obj, form, change): # update openstack connection to use this site/tenant @@ -248,6 +293,7 @@ class SubnetAdmin(PlanetStackBaseAdmin): obj.os_manager = OpenStackManager(auth=auth, caller=request.user) obj.delete() + class ImageAdmin(admin.ModelAdmin): fields = ['image_id', 'name', 'disk_format', 'container_format'] @@ -258,9 +304,9 @@ class NodeAdmin(admin.ModelAdmin): class SliverForm(forms.ModelForm): class Meta: + model = Sliver ip = forms.CharField(widget=PlainTextWidget) instance_name = forms.CharField(widget=PlainTextWidget) - model = Sliver widgets = { 'ip': PlainTextWidget(), 'instance_name': PlainTextWidget(), @@ -269,9 +315,41 @@ class SliverForm(forms.ModelForm): class SliverAdmin(PlanetStackBaseAdmin): form = SliverForm fieldsets = [ - ('Sliver', {'fields': ['ip', 'instance_name', 'name', 'slice', 'numberCores', 'image', 'key', 'node', 'deploymentNetwork']}) + ('Sliver', {'fields': ['ip', 'instance_name', 'slice', 'numberCores', 'image', 'key', 'node', 'deploymentNetwork']}) ] - list_display = ['ip', 'instance_name', 'name', 'slice', 'numberCores', 'image', 'key', 'node', 'deploymentNetwork'] + list_display = ['ip', 'instance_name', 'slice', 'numberCores', 'image', 'key', 'node', 'deploymentNetwork'] + + def queryset(self, request): + # admins can see all slivers. Users can only see slivers of + # the slices they belong to. + qs = super(SliverAdmin, self).queryset(request) + if not request.user.is_admin: + tenants = [] + roles = request.user.get_roles() + for tenant_list in roles.values(): + tenants.extend(tenant_list) + valid_slices = Slice.objects.filter(name__in=tenants) + qs = qs.filter(slice__in=valid_slices) + return qs + + def get_formsets(self, request, obj=None): + # make some fields read only if we are updating an existing record + if obj == None: + #self.readonly_fields = ('ip', 'instance_name') + self.readonly_fields = () + else: + self.readonly_fields = () + #self.readonly_fields = ('ip', 'instance_name', 'slice', 'image', 'key') + + for inline in self.get_inline_instances(request, obj): + # hide MyInline in the add view + if obj is None: + continue + # give inline object access to driver and caller + auth = request.session.get('auth', {}) + auth['tenant'] = obj.name # meed to connect using slice's tenant + inline.model.os_manager = OpenStackManager(auth=auth, caller=request.user) + yield inline.get_formset(request, obj) def save_model(self, request, obj, form, change): # update openstack connection to use this site/tenant @@ -343,23 +421,151 @@ class UserAdmin(UserAdmin, OSModelAdmin): # The fields to be used in displaying the User model. # These override the definitions on the base UserAdmin # that reference specific fields on auth.User. - list_display = ('email', 'site', 'firstname', 'lastname', 'last_login') + list_display = ('email', 'site', 'firstname', 'lastname', 'is_admin', 'last_login') list_filter = ('site',) + inlines = [SitePrivilegeInline, SliceMembershipInline] fieldsets = ( - (None, {'fields': ('email', 'password')}), - ('Personal info', {'fields': ('firstname','lastname','phone','site', 'key')}), + (None, {'fields': ('email', 'password', 'site', 'is_admin', 'timezone')}), + ('Personal info', {'fields': ('firstname','lastname','phone', 'key')}), #('Important dates', {'fields': ('last_login',)}), ) add_fieldsets = ( (None, { 'classes': ('wide',), - 'fields': ('email', 'firstname', 'lastname', 'phone', 'site', 'password1', 'password2', 'key')} + 'fields': ('email', 'firstname', 'lastname', 'phone', 'site', 'key','password1', 'password2', 'is_admin')} ), ) search_fields = ('email',) ordering = ('email',) filter_horizontal = () +class ServiceResourceInline(admin.TabularInline): + model = ServiceResource + extra = 0 + +class ServiceClassAdmin(admin.ModelAdmin): + list_display = ('name', 'commitment', 'membershipFee') + inlines = [ServiceResourceInline] + +class ReservedResourceInline(admin.TabularInline): + model = ReservedResource + extra = 0 + + def formfield_for_foreignkey(self, db_field, request=None, **kwargs): + field = super(ReservedResourceInline, self).formfield_for_foreignkey(db_field, request, **kwargs) + + if db_field.name == 'resource': + # restrict resources to those that the slice's service class allows + if request._slice is not None: + field.queryset = field.queryset.filter(serviceClass = request._slice.serviceClass, calendarReservable=True) + if len(field.queryset) > 0: + field.initial = field.queryset.all()[0] + else: + field.queryset = field.queryset.none() + elif db_field.name == 'sliver': + # restrict slivers to those that belong to the slice + if request._slice is not None: + field.queryset = field.queryset.filter(slice = request._slice) + else: + field.queryset = field.queryset.none() + + return field + +class ReservationChangeForm(forms.ModelForm): + class Meta: + model = Reservation + +class ReservationAddForm(forms.ModelForm): + slice = forms.ModelChoiceField(queryset=Slice.objects.all(), widget=forms.Select(attrs={"onChange":"document.getElementById('id_refresh').value=1; submit()"})) + refresh = forms.CharField(widget=forms.HiddenInput()) + + class Media: + css = {'all': ('planetstack.css',)} # .field-refresh { display: none; } + + def clean_slice(self): + slice = self.cleaned_data.get("slice") + x = ServiceResource.objects.filter(serviceClass = slice.serviceClass, calendarReservable=True) + if len(x) == 0: + raise forms.ValidationError("The slice you selected does not have a service class that allows reservations") + return slice + + class Meta: + model = Reservation + +class ReservationAddRefreshForm(ReservationAddForm): + """ This form is displayed when the Reservation Form receives an update + from the Slice dropdown onChange handler. It doesn't validate the + data and doesn't save the data. This will cause the form to be + redrawn. + """ + + """ don't validate anything other than slice """ + dont_validate_fields = ("startTime", "duration") + + def full_clean(self): + result = super(ReservationAddForm, self).full_clean() + + for fieldname in self.dont_validate_fields: + if fieldname in self._errors: + del self._errors[fieldname] + + return result + + """ don't save anything """ + def is_valid(self): + return False + +class ReservationAdmin(admin.ModelAdmin): + list_display = ('startTime', 'duration') + inlines = [ReservedResourceInline] + form = ReservationAddForm + + def add_view(self, request, form_url='', extra_context=None): + timezone.activate(request.user.timezone) + request._refresh = False + request._slice = None + if request.method == 'POST': + # "refresh" will be set to "1" if the form was submitted due to + # a change in the Slice dropdown. + if request.POST.get("refresh","1") == "1": + request._refresh = True + request.POST["refresh"] = "0" + + # Keep track of the slice that was selected, so the + # reservedResource inline can filter items for the slice. + request._slice = request.POST.get("slice",None) + if (request._slice is not None): + request._slice = Slice.objects.get(id=request._slice) + + result = super(ReservationAdmin, self).add_view(request, form_url, extra_context) + return result + + def changelist_view(self, request, extra_context = None): + timezone.activate(request.user.timezone) + return super(ReservationAdmin, self).changelist_view(request, extra_context) + + def get_form(self, request, obj=None, **kwargs): + request._obj_ = obj + if obj is not None: + # For changes, set request._slice to the slice already set in the + # object. + request._slice = obj.slice + self.form = ReservationChangeForm + else: + if getattr(request, "_refresh", False): + self.form = ReservationAddRefreshForm + else: + self.form = ReservationAddForm + return super(ReservationAdmin, self).get_form(request, obj, **kwargs) + + def get_readonly_fields(self, request, obj=None): + if (obj is not None): + # Prevent slice from being changed after the reservation has been + # created. + return ['slice'] + else: + return [] + # register a signal that caches the user's credentials when they log in def cache_credentials(sender, user, request, **kwds): auth = {'username': request.POST['username'], @@ -374,14 +580,16 @@ admin.site.register(User, UserAdmin) admin.site.unregister(Group) admin.site.register(Site, SiteAdmin) -#admin.site.register(SitePrivilege, SitePrivilegeAdmin) +admin.site.register(SitePrivilege, SitePrivilegeAdmin) admin.site.register(Slice, SliceAdmin) -#admin.site.register(SliceMembership, SliceMembershipAdmin) -admin.site.register(Subnet, SubnetAdmin) -#admin.site.register(Image, ImageAdmin) -#admin.site.register(Node, NodeAdmin) +admin.site.register(SliceMembership, SliceMembershipAdmin) +#admin.site.register(Subnet) +admin.site.register(Image, ImageAdmin) +admin.site.register(Node, NodeAdmin) admin.site.register(Sliver, SliverAdmin) admin.site.register(Key, KeyAdmin) -#admin.site.register(Role, RoleAdmin) +admin.site.register(Role, RoleAdmin) admin.site.register(DeploymentNetwork, DeploymentNetworkAdmin) +admin.site.register(ServiceClass, ServiceClassAdmin) +admin.site.register(Reservation, ReservationAdmin)