git://git.onelab.eu / plstackapi.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
DeploymentLinkManager, for filtering deployment-linked objects such as
[plstackapi.git] / planetstack / core / models / site.py
1 import os
2 from django.db import models
3 from core.models import PlCoreBase,PlCoreBaseManager,PlCoreBaseDeletionManager
4 from core.models import Tag
5 from django.contrib.contenttypes import generic
6 from geoposition.fields import GeopositionField
7 from core.acl import AccessControlList
8
9 class DeploymentLinkManager(PlCoreBaseManager):
10     def get_queryset(self):
11         parent=super(DeploymentLinkManager, self)
12         if hasattr(parent, "get_queryset"):
13             return parent.get_queryset().filter(Q(deployment__backend_type=config.observer_backend_type)|Q(backend_type=None))
14         else:
15             return parent.get_queryset().filter(Q(deployment__backend_type=config.observer_backend_type)|Q(backend_type=None))
16
17     # deprecated in django 1.7 in favor of get_queryset().
18     def get_query_set(self):
19         return self.get_queryset()
20
21
22 class DeploymentManager(PlCoreBaseManager):
23     def get_queryset(self):
24         parent=super(DeploymentManager, self)
25         if hasattr(parent, "get_queryset"):
26             return parent.get_queryset().filter(Q(backend_type=config.observer_backend_type)|Q(backend_type=None))
27         else:
28             return parent.get_queryset().filter(Q(backend_type=config.observer_backend_type)|Q(backend_type=None))
29
30     # deprecated in django 1.7 in favor of get_queryset().
31     def get_query_set(self):
32         return self.get_queryset()
33
34 class Site(PlCoreBase):
35     """
36         A logical grouping of Nodes that are co-located at the same geographic location, which also typically corresponds to the Nodes' location in the physical network.
37     """
38     name = models.CharField(max_length=200, help_text="Name for this Site")
39     site_url = models.URLField(null=True, blank=True, max_length=512, help_text="Site's Home URL Page")
40     enabled = models.BooleanField(default=True, help_text="Status for this Site")
41     location = GeopositionField()
42     longitude = models.FloatField(null=True, blank=True)
43     latitude = models.FloatField(null=True, blank=True)
44     login_base = models.CharField(max_length=50, unique=True, help_text="Prefix for Slices associated with this Site")
45     is_public = models.BooleanField(default=True, help_text="Indicates the visibility of this site to other members")
46     abbreviated_name = models.CharField(max_length=80)
47
48     #deployments = models.ManyToManyField('Deployment', blank=True, related_name='sites')
49     deployments = models.ManyToManyField('Deployment', through='SiteDeployments', blank=True, help_text="Select which sites are allowed to host nodes in this deployment", related_name='sites')
50     tags = generic.GenericRelation(Tag)
51
52     def __unicode__(self):  return u'%s' % (self.name)
53
54     def can_update(self, user):
55         if user.is_readonly:
56             return False
57         if user.is_admin:
58             return True
59         site_privs = SitePrivilege.objects.filter(user=user, site=self)
60         for site_priv in site_privs:
61             if site_priv.role.role == 'pi':
62                 return True
63         return False 
64
65     @staticmethod
66     def select_by_user(user):
67         if user.is_admin:
68             qs = Site.objects.all()
69         else:
70             site_ids = [sp.site.id for sp in SitePrivilege.objects.filter(user=user)]
71             site_ids.append(user.site.id)
72             qs = Site.objects.filter(id__in=site_ids)
73         return qs
74
75
76 class SiteRole(PlCoreBase):
77
78     ROLE_CHOICES = (('admin','Admin'),('pi','PI'),('tech','Tech'),('billing','Billing'))
79     role = models.CharField(choices=ROLE_CHOICES, unique=True, max_length=30)
80
81     def __unicode__(self):  return u'%s' % (self.role)
82
83 class SitePrivilege(PlCoreBase):
84
85     user = models.ForeignKey('User', related_name='site_privileges')
86     site = models.ForeignKey('Site', related_name='site_privileges')
87     role = models.ForeignKey('SiteRole')
88
89     def __unicode__(self):  return u'%s %s %s' % (self.site, self.user, self.role)
90
91     def save(self, *args, **kwds):
92         super(SitePrivilege, self).save(*args, **kwds)
93
94     def delete(self, *args, **kwds):
95         super(SitePrivilege, self).delete(*args, **kwds)
96
97     def can_update(self, user):
98         return self.site.can_update(user)
99
100     @staticmethod
101     def select_by_user(user):
102         if user.is_admin:
103             qs = SitePrivilege.objects.all()
104         else:
105             sp_ids = [sp.id for sp in SitePrivilege.objects.filter(user=user)]
106             qs = SitePrivilege.objects.filter(id__in=sp_ids)
107         return qs
108
109 class Deployment(PlCoreBase):
110     name = models.CharField(max_length=200, unique=True, help_text="Name of the Deployment")
111     admin_user = models.CharField(max_length=200, null=True, blank=True, help_text="Username of an admin user at this deployment")
112     admin_password = models.CharField(max_length=200, null=True, blank=True, help_text="Password of theadmin user at this deployment")\r
113     admin_tenant = models.CharField(max_length=200, null=True, blank=True, help_text="Name of the tenant the admin user belongs to")\r
114     auth_url = models.CharField(max_length=200, null=True, blank=True, help_text="Auth url for the deployment")
115     backend_type = models.CharField(max_length=200, null=True, blank=True, help_text="Type of deployment, e.g. EC2, OpenStack, or OpenStack version")
116
117     # smbaker: the default of 'allow all' is intended for evolutions of existing
118     #    deployments. When new deployments are created via the GUI, they are
119     #    given a default of 'allow site <site_of_creator>'
120     accessControl = models.TextField(max_length=200, blank=False, null=False, default="allow all",
121                                      help_text="Access control list that specifies which sites/users may use nodes in this deployment")
122
123     def get_acl(self):
124         return AccessControlList(self.accessControl)
125
126     def test_acl(self, slice=None, user=None):
127         potential_users=[]
128
129         if user:
130             potential_users.append(user)
131
132         if slice:
133             potential_users.append(slice.creator)
134             for priv in slice.slice_privileges.all():
135                 if priv.user not in potential_users:
136                     potential_users.append(priv.user)
137
138         acl = self.get_acl()
139         for user in potential_users:
140             if acl.test(user) == "allow":
141                 return True
142
143         return False
144
145     @staticmethod
146     def select_by_acl(user):
147         ids = []
148         for deployment in Deployment.objects.all():
149             acl = deployment.get_acl()
150             if acl.test(user) == "allow":
151                 ids.append(deployment.id)
152
153         return Deployment.objects.filter(id__in=ids)
154
155     def __unicode__(self):  return u'%s' % (self.name)
156
157     @staticmethod
158     def select_by_user(user):
159         return Deployment.objects.all()
160
161 class DeploymentRole(PlCoreBase):
162
163     ROLE_CHOICES = (('admin','Admin'),)
164     role = models.CharField(choices=ROLE_CHOICES, unique=True, max_length=30)
165
166     def __unicode__(self):  return u'%s' % (self.role)
167
168 class DeploymentPrivilege(PlCoreBase):
169
170     user = models.ForeignKey('User', related_name='deployment_privileges')
171     deployment = models.ForeignKey('Deployment', related_name='deployment_privileges')
172     role = models.ForeignKey('DeploymentRole')
173
174     def __unicode__(self):  return u'%s %s %s' % (self.deployment, self.user, self.role)
175
176     def can_update(self, user):
177         if user.is_readonly:
178             return False
179         if user.is_admin:
180             return True
181         dprivs = DeploymentPrivilege.objects.filter(user=user)
182         for dpriv in dprivs:
183             if dpriv.role.role == 'admin':
184                 return True
185         return False
186
187     @staticmethod
188     def select_by_user(user):
189         if user.is_admin:
190             qs = DeploymentPrivilege.objects.all()
191         else:
192             dpriv_ids = [dp.id for dp in DeploymentPrivilege.objects.filter(user=user)]
193             qs = DeploymentPrivilege.objects.filter(id__in=dpriv_ids)
194         return qs 
195
196 class SiteDeployments(PlCoreBase):
197     site = models.ForeignKey(Site)
198     deployment = models.ForeignKey(Deployment)
199     tenant_id = models.CharField(null=True, blank=True, max_length=200, help_text="Keystone tenant id")    
200
201     @staticmethod
202     def select_by_user(user):
203         return SiteDeployments.objects.all()
204
205     #class Meta:
206     #    db_table = 'core_site_deployments'
207     #    #auto_created = Site
208
plstackapi