3 from django.db.models import F, Q
4 from planetstack.config import Config
5 from observer.openstacksyncstep import OpenStackSyncStep
6 from core.models import User, ControllerUsers, SitePrivilege, ControllerSites
8 class SyncSitePrivileges(OpenStackSyncStep):
10 provides=[SitePrivilege]
12 def fetch_pending(self, deleted):
13 # Deleting site privileges is not supported yet
17 return SitePrivilege.objects.filter(Q(enacted__lt=F('updated')) | Q(enacted=None))
19 def sync_record(self, site_priv):
20 # sync site privileges at all site controllers
21 controller_sites = ControllerSites.objects.filter(site=site_priv.site)
22 for controller_site in controller_sites:
23 controller_users = ControllerUsers.objects.filter(controller=controller_site.controller)
25 kuser_id = controller_users[0].kuser_id
26 driver = self.driver.admin_driver(controller=controller_site.controller)
27 driver.add_user_role(kuser_id,
28 controller_site.tenant_id,