X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=planetstack%2Fcore%2Fmodels%2Fsite.py;h=0ade5dfb07045913bfc8823d981eaa4e21895ec8;hb=bd7c6e6fea5040498995bc7e4a54a2506e1e5984;hp=9b9aba94061de57750d478472249c7312b2b9741;hpb=929af702e18376824b21c4382d619f082ab05861;p=plstackapi.git

diff --git a/planetstack/core/models/site.py b/planetstack/core/models/site.py
index 9b9aba9..0ade5df 100644
--- a/planetstack/core/models/site.py
+++ b/planetstack/core/models/site.py
@@ -1,16 +1,99 @@
 import os
 from django.db import models
-from core.models import PlCoreBase
-#from core.models import Deployment
+from django.db.models import Q
+from core.models import PlCoreBase,PlCoreBaseManager,PlCoreBaseDeletionManager
 from core.models import Tag
 from django.contrib.contenttypes import generic
 from geoposition.fields import GeopositionField
+from core.acl import AccessControlList
+from planetstack.config import Config
+
+config = Config()
+
+class DeploymentLinkDeletionManager(PlCoreBaseDeletionManager):
+    def get_queryset(self):
+        parent=super(DeploymentLinkDeletionManager, self)
+        try:
+            backend_type = config.observer_backend_type
+        except AttributeError:
+            backend_type = None
+
+        parent_queryset = parent.get_queryset() if hasattr(parent, "get_queryset") else parent.get_query_set()
+        if (backend_type):
+            return parent_queryset.filter(Q(deployment__backend_type=backend_type))
+        else:
+            return parent_queryset
+
+    # deprecated in django 1.7 in favor of get_queryset().
+    def get_query_set(self):
+        return self.get_queryset()
+
+
+class DeploymentDeletionManager(PlCoreBaseDeletionManager):
+    def get_queryset(self):
+        parent=super(DeploymentDeletionManager, self)
+
+        try:
+            backend_type = config.observer_backend_type
+        except AttributeError:
+            backend_type = None
+
+        parent_queryset = parent.get_queryset() if hasattr(parent, "get_queryset") else parent.get_query_set()
+
+        if backend_type:
+            return parent_queryset.filter(Q(backend_type=backend_type))
+        else:
+            return parent_queryset
+
+    # deprecated in django 1.7 in favor of get_queryset().
+    def get_query_set(self):
+        return self.get_queryset()
+
+class DeploymentLinkManager(PlCoreBaseManager):
+    def get_queryset(self):
+        parent=super(DeploymentLinkManager, self)
+
+        try:
+            backend_type = config.observer_backend_type
+        except AttributeError:
+            backend_type = None
+
+        parent_queryset = parent.get_queryset() if hasattr(parent, "get_queryset") else parent.get_query_set()
+
+        if backend_type:
+            return parent_queryset.filter(Q(deployment__backend_type=backend_type))
+        else:
+            return parent_queryset
+
+    # deprecated in django 1.7 in favor of get_queryset().
+    def get_query_set(self):
+        return self.get_queryset()
+
+
+class DeploymentManager(PlCoreBaseManager):
+    def get_queryset(self):
+        parent=super(DeploymentManager, self)
+
+        try:
+            backend_type = config.observer_backend_type
+        except AttributeError:
+            backend_type = None
+
+        parent_queryset = parent.get_queryset() if hasattr(parent, "get_queryset") else parent.get_query_set()
+
+        if backend_type:
+            return parent_queryset.filter(Q(backend_type=backend_type))
+        else:
+            return parent_queryset
+
+    # deprecated in django 1.7 in favor of get_queryset().
+    def get_query_set(self):
+        return self.get_queryset()
 
 class Site(PlCoreBase):
     """
         A logical grouping of Nodes that are co-located at the same geographic location, which also typically corresponds to the Nodes' location in the physical network.
     """
-    tenant_id = models.CharField(null=True, blank=True, max_length=200, help_text="Keystone tenant id")
     name = models.CharField(max_length=200, help_text="Name for this Site")
     site_url = models.URLField(null=True, blank=True, max_length=512, help_text="Site's Home URL Page")
     enabled = models.BooleanField(default=True, help_text="Status for this Site")
@@ -21,18 +104,20 @@ class Site(PlCoreBase):
     is_public = models.BooleanField(default=True, help_text="Indicates the visibility of this site to other members")
     abbreviated_name = models.CharField(max_length=80)
 
-    deployments = models.ManyToManyField('Deployment', blank=True, related_name='sites')
-    #deployments = models.ManyToManyField('Deployment', through='SiteDeployments', blank=True)
+    #deployments = models.ManyToManyField('Deployment', blank=True, related_name='sites')
+    deployments = models.ManyToManyField('Deployment', through='SiteDeployments', blank=True, help_text="Select which sites are allowed to host nodes in this deployment", related_name='sites')
     tags = generic.GenericRelation(Tag)
 
     def __unicode__(self):  return u'%s' % (self.name)
 
     def can_update(self, user):
+        if user.is_readonly:
+            return False
         if user.is_admin:
             return True
         site_privs = SitePrivilege.objects.filter(user=user, site=self)
         for site_priv in site_privs:
-            if site_priv.role.role_type == 'pi':
+            if site_priv.role.role == 'pi':
                 return True
         return False 
 
@@ -69,13 +154,7 @@ class SitePrivilege(PlCoreBase):
         super(SitePrivilege, self).delete(*args, **kwds)
 
     def can_update(self, user):
-        if user.is_admin:
-            return True
-        site_privs = SitePrivilege.objects.filter(user=user, site=self)
-        for site_priv in site_privs:
-            if site_priv.role.role_type == 'pi':
-                return True
-        return False 
+        return self.site.can_update(user)
 
     @staticmethod
     def select_by_user(user):
@@ -87,13 +166,59 @@ class SitePrivilege(PlCoreBase):
         return qs
 
 class Deployment(PlCoreBase):
+    objects = DeploymentManager()
+    deleted_objects = DeploymentDeletionManager()
     name = models.CharField(max_length=200, unique=True, help_text="Name of the Deployment")
-    #sites = models.ManyToManyField('Site', through='SiteDeployments', blank=True)
+    admin_user = models.CharField(max_length=200, null=True, blank=True, help_text="Username of an admin user at this deployment")
+    admin_password = models.CharField(max_length=200, null=True, blank=True, help_text="Password of theadmin user at this deployment")
+    admin_tenant = models.CharField(max_length=200, null=True, blank=True, help_text="Name of the tenant the admin user belongs to")
+    auth_url = models.CharField(max_length=200, null=True, blank=True, help_text="Auth url for the deployment")
+    backend_type = models.CharField(max_length=200, null=True, blank=True, help_text="Type of deployment, e.g. EC2, OpenStack, or OpenStack version")
+    availability_zone = models.CharField(max_length=200, null=True, blank=True, help_text="OpenStack availability zone")
 
-    def __unicode__(self):  return u'%s' % (self.name)
+    # smbaker: the default of 'allow all' is intended for evolutions of existing
+    #    deployments. When new deployments are created via the GUI, they are
+    #    given a default of 'allow site <site_of_creator>'
+    accessControl = models.TextField(max_length=200, blank=False, null=False, default="allow all",
+                                     help_text="Access control list that specifies which sites/users may use nodes in this deployment")
+
+    def get_acl(self):
+        return AccessControlList(self.accessControl)
+
+    def test_acl(self, slice=None, user=None):
+        potential_users=[]
 
+        if user:
+            potential_users.append(user)
+
+        if slice:
+            potential_users.append(slice.creator)
+            for priv in slice.slice_privileges.all():
+                if priv.user not in potential_users:
+                    potential_users.append(priv.user)
+
+        acl = self.get_acl()
+        for user in potential_users:
+            if acl.test(user) == "allow":
+                return True
+
+        return False
+
+    @staticmethod
+    def select_by_acl(user):
+        ids = []
+        for deployment in Deployment.objects.all():
+            acl = deployment.get_acl()
+            if acl.test(user) == "allow":
+                ids.append(deployment.id)
+
+        return Deployment.objects.filter(id__in=ids)
+
+    def __unicode__(self):  return u'%s' % (self.name)
 
 class DeploymentRole(PlCoreBase):
+    #objects = DeploymentLinkManager()
+    #deleted_objects = DeploymentLinkDeletionManager()
 
     ROLE_CHOICES = (('admin','Admin'),)
     role = models.CharField(choices=ROLE_CHOICES, unique=True, max_length=30)
@@ -101,6 +226,8 @@ class DeploymentRole(PlCoreBase):
     def __unicode__(self):  return u'%s' % (self.role)
 
 class DeploymentPrivilege(PlCoreBase):
+    objects = DeploymentLinkManager()
+    deleted_objects = DeploymentLinkDeletionManager()
 
     user = models.ForeignKey('User', related_name='deployment_privileges')
     deployment = models.ForeignKey('Deployment', related_name='deployment_privileges')
@@ -115,7 +242,7 @@ class DeploymentPrivilege(PlCoreBase):
             return True
         dprivs = DeploymentPrivilege.objects.filter(user=user)
         for dpriv in dprivs:
-            if dpriv.role.role_type == 'admin':
+            if dpriv.role.role == 'admin':
                 return True
         return False
 
@@ -129,8 +256,12 @@ class DeploymentPrivilege(PlCoreBase):
         return qs 
 
 class SiteDeployments(PlCoreBase):
+    objects = DeploymentLinkManager()
+    deleted_objects = DeploymentLinkDeletionManager()
+
     site = models.ForeignKey(Site)
     deployment = models.ForeignKey(Deployment)
+    tenant_id = models.CharField(null=True, blank=True, max_length=200, help_text="Keystone tenant id")    
 
     #class Meta:
     #    db_table = 'core_site_deployments'