X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=planetstack%2Fcore%2Fadmin.py;h=d2a9b53150dc505a41df1328c1da3d9c5ef42d1a;hb=3fc1fd85b57336a78ee88b131543e378962949ce;hp=1d64d9c1ad86473c0117ab87449b04697a59060c;hpb=3ea3173f09fefbe45d8e4f28fffb3ea4eaad0867;p=plstackapi.git diff --git a/planetstack/core/admin.py b/planetstack/core/admin.py index 1d64d9c..d2a9b53 100644 --- a/planetstack/core/admin.py +++ b/planetstack/core/admin.py @@ -8,7 +8,7 @@ from django import forms from django.utils.safestring import mark_safe from django.contrib.auth.admin import UserAdmin from django.contrib.admin.widgets import FilteredSelectMultiple -from django.contrib.auth.forms import ReadOnlyPasswordHashField +from django.contrib.auth.forms import ReadOnlyPasswordHashField, AdminPasswordChangeForm from django.contrib.auth.signals import user_logged_in from django.utils import timezone from django.contrib.contenttypes import generic @@ -17,6 +17,10 @@ from django.core.exceptions import PermissionDenied from django.core.urlresolvers import reverse, NoReverseMatch import django_evolution +import threading + +# thread locals necessary to work around a django-suit issue +_thread_locals = threading.local() def backend_icon(obj): # backend_status, enacted, updated): #return "%s %s %s" % (str(obj.updated), str(obj.enacted), str(obj.backend_status)) @@ -43,7 +47,8 @@ class PlainTextWidget(forms.HiddenInput): value = '' return mark_safe(str(value) + super(PlainTextWidget, self).render(name, value, attrs)) -class ReadOnlyAwareAdmin(admin.ModelAdmin): +class PermissionCheckingAdminMixin(object): + # call save_by_user and delete_by_user instead of save and delete def has_add_permission(self, request, obj=None): return (not self.__user_is_readonly(request)) @@ -53,13 +58,42 @@ class ReadOnlyAwareAdmin(admin.ModelAdmin): def save_model(self, request, obj, form, change): if self.__user_is_readonly(request): + # this 'if' might be redundant if save_by_user is implemented right raise PermissionDenied - #pass - else: - return super(ReadOnlyAwareAdmin, self).save_model(request, obj, form, change) + + obj.caller = request.user + # update openstack connection to use this site/tenant + obj.save_by_user(request.user) + + def delete_model(self, request, obj): + obj.delete_by_user(request.user) + + def save_formset(self, request, form, formset, change): + instances = formset.save(commit=False) + for instance in instances: + instance.save_by_user(request.user) + + # BUG in django 1.7? Objects are not deleted by formset.save if + # commit is False. So let's delete them ourselves. + # + # code from forms/models.py save_existing_objects() + try: + forms_to_delete = formset.deleted_forms + except AttributeError: + forms_to_delete = [] + if formset.initial_forms: + for form in formset.initial_forms: + obj = form.instance + if form in forms_to_delete: + if obj.pk is None: + continue + formset.deleted_objects.append(obj) + obj.delete() + + formset.save_m2m() def get_actions(self,request): - actions = super(ReadOnlyAwareAdmin,self).get_actions(request) + actions = super(PermissionCheckingAdminMixin,self).get_actions(request) if self.__user_is_readonly(request): if 'delete_selected' in actions: @@ -85,13 +119,13 @@ class ReadOnlyAwareAdmin(admin.ModelAdmin): self.inlines = self.inlines_save try: - return super(ReadOnlyAwareAdmin, self).change_view(request, object_id, extra_context=extra_context) + return super(PermissionCheckingAdminMixin, self).change_view(request, object_id, extra_context=extra_context) except PermissionDenied: pass if request.method == 'POST': raise PermissionDenied request.readonly = True - return super(ReadOnlyAwareAdmin, self).change_view(request, object_id, extra_context=extra_context) + return super(PermissionCheckingAdminMixin, self).change_view(request, object_id, extra_context=extra_context) def __user_is_readonly(self, request): return request.user.isReadOnlyUser() @@ -103,6 +137,14 @@ class ReadOnlyAwareAdmin(admin.ModelAdmin): return mark_safe(backend_icon(obj)) backend_status_icon.short_description = "" +class ReadOnlyAwareAdmin(PermissionCheckingAdminMixin, admin.ModelAdmin): + # Note: Make sure PermissionCheckingAdminMixin is listed before + # admin.ModelAdmin in the class declaration. + + pass + +class PlanetStackBaseAdmin(ReadOnlyAwareAdmin): + save_on_top = False class SingletonAdmin (ReadOnlyAwareAdmin): def has_add_permission(self, request): @@ -115,7 +157,6 @@ class SingletonAdmin (ReadOnlyAwareAdmin): else: return True - class PlStackTabularInline(admin.TabularInline): def __init__(self, *args, **kwargs): super(PlStackTabularInline, self).__init__(*args, **kwargs) @@ -404,23 +445,6 @@ class ImageDeploymentsInline(PlStackTabularInline): fields = ['backend_status_icon', 'image', 'deployment', 'glance_image_id'] readonly_fields = ['backend_status_icon', 'glance_image_id'] -class PlanetStackBaseAdmin(ReadOnlyAwareAdmin): - save_on_top = False - - def save_model(self, request, obj, form, change): - obj.caller = request.user - # update openstack connection to use this site/tenant - obj.save_by_user(request.user) - - def delete_model(self, request, obj): - obj.delete_by_user(request.user) - - def save_formset(self, request, form, formset, change): - instances = formset.save(commit=False) - for instance in instances: - instance.save_by_user(request.user) - formset.save_m2m() - class SliceRoleAdmin(PlanetStackBaseAdmin): model = SliceRole pass @@ -507,10 +531,10 @@ class DeploymentAdminForm(forms.ModelForm): def save(self, commit=True): deployment = super(DeploymentAdminForm, self).save(commit=False) - deployment.flavors = self.cleaned_data['flavors'] - if commit: deployment.save() + # this has to be done after save() if/when a deployment is first created + deployment.flavors = self.cleaned_data['flavors'] if deployment.pk: # save_m2m() doesn't seem to work with 'through' relations. So we @@ -535,7 +559,7 @@ class SiteAssocInline(PlStackTabularInline): class DeploymentAdmin(PlanetStackBaseAdmin): model = Deployment - fieldList = ['backend_status_text', 'name', 'sites', 'images', 'flavors', 'accessControl'] + fieldList = ['backend_status_text', 'name', 'availability_zone', 'sites', 'images', 'flavors', 'accessControl'] fieldsets = [(None, {'fields': fieldList, 'classes':['suit-tab suit-tab-sites']})] inlines = [DeploymentPrivilegeInline,NodeInline,TagInline] # ,ImageDeploymentsInline] list_display = ['backend_status_icon', 'name'] @@ -700,6 +724,17 @@ class SliceForm(forms.ModelForm): 'service': LinkedSelect } + def clean(self): + cleaned_data = super(SliceForm, self).clean() + name = cleaned_data.get('name') + site = cleaned_data.get('site') + if (not isinstance(site,Site)): + # previous code indicates 'site' could be a site_id and not a site? + site = Slice.objects.get(id=site.id) + if not name.startswith(site.login_base): + raise forms.ValidationError('slice name must begin with %s' % site.login_base) + return cleaned_data + class SliceAdmin(PlanetStackBaseAdmin): form = SliceForm fieldList = ['backend_status_text', 'site', 'name', 'serviceClass', 'enabled','description', 'service', 'slice_url', 'max_slivers'] @@ -977,7 +1012,10 @@ class UserDashboardViewInline(PlStackTabularInline): suit_classes = 'suit-tab suit-tab-dashboards' fields = ['user', 'dashboardView', 'order'] -class UserAdmin(UserAdmin): +class UserAdmin(PermissionCheckingAdminMixin, UserAdmin): + # Note: Make sure PermissionCheckingAdminMixin is listed before + # admin.ModelAdmin in the class declaration. + class Meta: app_label = "core" @@ -992,7 +1030,7 @@ class UserAdmin(UserAdmin): list_filter = ('site',) inlines = [SlicePrivilegeInline,SitePrivilegeInline,DeploymentPrivilegeInline,UserDashboardViewInline] - fieldListLoginDetails = ['email','site','password','is_active','is_readonly','is_admin','public_key'] + fieldListLoginDetails = ['backend_status_text', 'email','site','password','is_active','is_readonly','is_admin','public_key'] fieldListContactInfo = ['firstname','lastname','phone','timezone'] fieldsets = ( @@ -1004,7 +1042,7 @@ class UserAdmin(UserAdmin): add_fieldsets = ( (None, { 'classes': ('wide',), - 'fields': ('email', 'firstname', 'lastname', 'is_readonly', 'phone', 'public_key','password1', 'password2')} + 'fields': ('email', 'firstname', 'lastname', 'is_readonly', 'phone', 'public_key','password1', 'password2')}, ), ) readonly_fields = ('backend_status_text', ) @@ -1014,12 +1052,24 @@ class UserAdmin(UserAdmin): user_readonly_fields = fieldListLoginDetails + fieldListContactInfo - suit_form_tabs =(('general','Login Details'), - ('contact','Contact Information'), - ('sliceprivileges','Slice Privileges'), - ('siteprivileges','Site Privileges'), - ('deploymentprivileges','Deployment Privileges'), - ('dashboards','Dashboard Views')) + def get_form(self, request, obj=None): + # Save obj in thread-local storage, so suit_form_tabs can use it to + # determine whether we're in edit or add mode. + _thread_locals.request = request + _thread_locals.obj = obj + return super(UserAdmin, self).get_form(request, obj) + + @property + def suit_form_tabs(self): + if getattr(_thread_locals, "obj", None) is None: + return [] + else: + return (('general','Login Details'), + ('contact','Contact Information'), + ('sliceprivileges','Slice Privileges'), + ('siteprivileges','Site Privileges'), + ('deploymentprivileges','Deployment Privileges'), + ('dashboards','Dashboard Views')) def formfield_for_foreignkey(self, db_field, request, **kwargs): if db_field.name == 'site': @@ -1027,62 +1077,9 @@ class UserAdmin(UserAdmin): return super(UserAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs) - def has_add_permission(self, request, obj=None): - return (not self.__user_is_readonly(request)) - - def has_delete_permission(self, request, obj=None): - return (not self.__user_is_readonly(request)) - - def get_actions(self,request): - actions = super(UserAdmin,self).get_actions(request) - - if self.__user_is_readonly(request): - if 'delete_selected' in actions: - del actions['delete_selected'] - - return actions - - def change_view(self,request,object_id, extra_context=None): - - if self.__user_is_readonly(request): - if not hasattr(self, "readonly_save"): - # save the original readonly fields - self.readonly_save = self.readonly_fields - self.inlines_save = self.inlines - if hasattr(self, "user_readonly_fields"): - self.readonly_fields=self.user_readonly_fields - if hasattr(self, "user_readonly_inlines"): - self.inlines = self.user_readonly_inlines - else: - if hasattr(self, "readonly_save"): - # restore the original readonly fields - self.readonly_fields = self.readonly_save - self.inlines = self.inlines_save - - try: - return super(UserAdmin, self).change_view(request, object_id, extra_context=extra_context) - except PermissionDenied: - pass - if request.method == 'POST': - raise PermissionDenied - request.readonly = True - return super(UserAdmin, self).change_view(request, object_id, extra_context=extra_context) - - def __user_is_readonly(self, request): - #groups = [x.name for x in request.user.groups.all() ] - #return "readonly" in groups - return request.user.isReadOnlyUser() - def queryset(self, request): return User.select_by_user(request.user) - def backend_status_text(self, obj): - return mark_safe(backend_text(obj)) - - def backend_status_icon(self, obj): - return mark_safe(backend_icon(obj)) - backend_status_icon.short_description = "" - class DashboardViewAdmin(PlanetStackBaseAdmin): fieldsets = [('Dashboard View Details', {'fields': ['backend_status_text', 'name', 'url'],