From cd4ef6cdd7ea6d4ead183970d20d4c3739481251 Mon Sep 17 00:00:00 2001 From: Loic Baron Date: Mon, 10 Feb 2014 18:28:33 +0100 Subject: [PATCH] Validation for Sub-Authorities: if I'm a PI on PLE, then I can validate any Request for PLE.UPMC, PLE.INRIA, ... --- portal/templates/validate_pending.html | 59 ++++++++++++++++++++++++-- portal/validationview.py | 56 +++++++++++++++--------- 2 files changed, 91 insertions(+), 24 deletions(-) diff --git a/portal/templates/validate_pending.html b/portal/templates/validate_pending.html index 735abf67..c9b971fe 100644 --- a/portal/templates/validate_pending.html +++ b/portal/templates/validate_pending.html @@ -88,7 +88,7 @@ {% if request.type == 'slice' %} Slice name: {{request.slice_name}} -- Number of nodes: {{request.number_of_nodes}} -- Type of nodes: {{request.type_of_nodes}} -- Purpose: {{request.purpose}} {% else %} {# authority #} - Site name: {{request.site_name}} -- authority_hrn: {{request.site_authority}} -- City: {{request.address_city}} -- Country: {{request.address_country}} + Authority name: {{request.site_name}} -- authority_hrn: {{request.site_authority}} -- City: {{request.address_city}} -- Country: {{request.address_country}} {% endif %} {% endif %} @@ -107,6 +107,59 @@ There is no pending request waiting for validation. {% endif %} +{% if sub_authorities %} +
+

Sub-Authorities

+ +{% for authority, requests in sub_authorities.items %} +

{{authority}}

+ + + + + + + + {% for request in requests %} + + + + + + + + + + + + {% endfor %} +
+ typeiddetailstimestampstatus
+ {% if request.allowed == 'allowed' %} + + {% else %} + {% if request.allowed == 'expired' %} + expired + {% else %} {# denied #} + denied + {% endif %} + {% endif %} + {{ request.type }}{{ request.id }} + {% if request.type == 'user' %} + Login: {{request.login}} -- First name: {{request.first_name}} -- Last name: {{request.last_name}} -- Email: {{request.email}} + {% else %} + {% if request.type == 'slice' %} + Slice name: {{request.slice_name}} -- Number of nodes: {{request.number_of_nodes}} -- Type of nodes: {{request.type_of_nodes}} -- Purpose: {{request.purpose}} + {% else %} {# authority #} + Authority name: {{request.site_name}} -- authority_hrn: {{request.site_authority}} -- City: {{request.address_city}} -- Country: {{request.address_country}} + {% endif %} + {% endif %} + {{ request.timestamp }}
+{% endfor %} +
+ +{% endif %} + {% if delegation_authorities %}
@@ -144,9 +197,9 @@ {% if request.type == 'slice' %} Slice name: {{request.slice_name}} -- Number of nodes: {{request.number_of_nodes}} -- Type of nodes: {{request.type_of_nodes}} -- Purpose: {{request.purpose}} {% else %} {# authority #} - TODO + Authority name: {{request.site_name}} -- authority_hrn: {{request.site_authority}} -- City: {{request.address_city}} -- Country: {{request.address_country}} {% endif %} - {% endif %} + {% endif %} {{ request.timestamp }} diff --git a/portal/validationview.py b/portal/validationview.py index ad69a2e5..b3d2a370 100644 --- a/portal/validationview.py +++ b/portal/validationview.py @@ -58,6 +58,7 @@ class ValidatePendingView(FreeAccessView): ctx_my_authorities = {} ctx_delegation_authorities = {} + ctx_sub_authorities = {} # The user need to be logged in @@ -153,17 +154,20 @@ class ValidatePendingView(FreeAccessView): for pa in pi_authorities_tmp: pi_authorities |= set(pa['pi_authorities']) -# include all sub-authorities of the PI -# if PI on ple, include all sub-auths ple.upmc, ple.inria and so on... -# a = set() -# for authority in authorities: -# for my_authority in my_authorities: -# if authority.startswith(my_authority) and authority not in a: -# a.add(authority) - + #print "all_auths = " + #print all_authorities + # include all sub-authorities of the PI + # if PI on ple, include all sub-auths ple.upmc, ple.inria and so on... + pi_subauthorities = set() + for authority in all_authorities: + authority_hrn = authority['authority_hrn'] + for my_authority in pi_authorities: + if authority_hrn.startswith(my_authority) and authority_hrn not in pi_subauthorities: + pi_subauthorities.add(authority_hrn) - print "pi_authorities =", pi_authorities + #print "pi_authorities =", pi_authorities + #print "pi_subauthorities =", pi_subauthorities # My authorities + I have a credential pi_credential_authorities = pi_authorities & credential_authorities @@ -173,29 +177,30 @@ class ValidatePendingView(FreeAccessView): pi_delegation_credential_authorities = credential_authorities - pi_authorities pi_delegation_expired_authorities = credential_authorities_expired - pi_authorities - print "pi_credential_authorities =", pi_credential_authorities - print "pi_no_credential_authorities =", pi_no_credential_authorities - print "pi_expired_credential_authorities =", pi_expired_credential_authorities - print "pi_delegation_credential_authorities = ", pi_delegation_credential_authorities - print "pi_delegation_expired_authorities = ", pi_delegation_expired_authorities + #print "pi_credential_authorities =", pi_credential_authorities + #print "pi_no_credential_authorities =", pi_no_credential_authorities + #print "pi_expired_credential_authorities =", pi_expired_credential_authorities + #print "pi_delegation_credential_authorities = ", pi_delegation_credential_authorities + #print "pi_delegation_expired_authorities = ", pi_delegation_expired_authorities # Summary intermediary pi_my_authorities = pi_credential_authorities | pi_no_credential_authorities | pi_expired_credential_authorities pi_delegation_authorities = pi_delegation_credential_authorities | pi_delegation_expired_authorities - print "--" - print "pi_my_authorities = ", pi_my_authorities - print "pi_delegation_authorities = ", pi_delegation_authorities + #print "--" + #print "pi_my_authorities = ", pi_my_authorities + #print "pi_delegation_authorities = ", pi_delegation_authorities + #print "pi_subauthorities = ", pi_subauthorities # Summary all - queried_pending_authorities = pi_my_authorities | pi_delegation_authorities - print "----" - print "queried_pending_authorities = ", queried_pending_authorities + queried_pending_authorities = pi_my_authorities | pi_delegation_authorities | pi_subauthorities + #print "----" + #print "queried_pending_authorities = ", queried_pending_authorities requests = get_request_by_authority(queried_pending_authorities) for request in requests: auth_hrn = request['authority_hrn'] - print "authority for this request", auth_hrn + #print "authority for this request", auth_hrn if auth_hrn in pi_my_authorities: dest = ctx_my_authorities @@ -216,6 +221,14 @@ class ValidatePendingView(FreeAccessView): else: # pi_delegation_expired_authorities request['allowed'] = 'expired' + elif auth_hrn in pi_subauthorities: + dest = ctx_sub_authorities + + if auth_hrn in pi_subauthorities: + request['allowed'] = 'allowed' + else: # pi_delegation_expired_authorities + request['allowed'] = 'denied' + else: continue @@ -225,6 +238,7 @@ class ValidatePendingView(FreeAccessView): context = super(ValidatePendingView, self).get_context_data(**kwargs) context['my_authorities'] = ctx_my_authorities + context['sub_authorities'] = ctx_sub_authorities context['delegation_authorities'] = ctx_delegation_authorities # XXX This is repeated in all pages -- 2.43.0