git://git.onelab.eu / plstackapi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
checking in missing site/slice privilege steps
[plstackapi.git] / planetstack / core / models / controlleruser.py
diff --git a/planetstack/core/models/controlleruser.py b/planetstack/core/models/controlleruser.py
index d0fda11..678ab77 100644 (file)
--- a/planetstack/core/models/controlleruser.py
+++ b/planetstack/core/models/controlleruser.py
@@ -24,3 +24,66 @@ class ControllerUser(PlCoreBase):
             users = Users.select_by_user(user)
             qs = ControllerUser.objects.filter(user__in=users)
         return qs
+
+
+class ControllerSitePrivilege(PlCoreBase):
+    objects = ControllerLinkManager()
+    deleted_objects = ControllerLinkDeletionManager()
+
+    controller = models.ForeignKey('Controller', related_name='controllersiteprivileges')
+    site_privilege = models.ForeignKey('SitePrivilege', related_name='controllersiteprivileges')
+    role_id = models.CharField(null=True, blank=True, max_length=200, db_index=True, help_text="Keystone id")
+
+    def __unicode__(self):  return u'%s %s' % (self.controller, self.site_privilege)
+
+    def can_update(self, user):
+        if user.is_readonly:
+            return False
+        if user.is_admin:
+            return True
+        cprivs = ControllerSitePrivilege.objects.filter(site_privilege__user=user)
+        for cpriv in dprivs:
+            if cpriv.site_privilege.role.role == ['admin', 'Admin']:
+                return True
+        return False
+
+    @staticmethod
+    def select_by_user(user):
+        if user.is_admin:
+            qs = ControllerSitePrivilege.objects.all()
+        else:
+            cpriv_ids = [cp.id for cp in ControllerSitePrivilege.objects.filter(site_privilege__user=user)]
+            qs = ControllerSitePrivilege.objects.filter(id__in=cpriv_ids)
+        return qs
+
+
+class ControllerSlicePrivilege(PlCoreBase):
+    objects = ControllerLinkManager()
+    deleted_objects = ControllerLinkDeletionManager()
+
+    controller = models.ForeignKey('Controller', related_name='controllersliceprivileges')
+    slice_privilege = models.ForeignKey('SlicePrivilege', related_name='controllersliceprivileges')
+    role_id = models.CharField(null=True, blank=True, max_length=200, db_index=True, help_text="Keystone id")
+
+    def __unicode__(self):  return u'%s %s' % (self.controller, self.slice_privilege)
+
+    def can_update(self, user):
+        if user.is_readonly:
+            return False
+        if user.is_admin:
+            return True
+        cprivs = ControllerSlicePrivilege.objects.filter(slice_privilege__user=user)
+        for cpriv in dprivs:
+            if cpriv.role.role == ['admin', 'Admin']:
+                return True
+        return False
+
+    @staticmethod
+    def select_by_user(user):
+        if user.is_admin:
+            qs = ControllerSlicePrivilege.objects.all()
+        else:
+            cpriv_ids = [cp.id for cp in ControllerSlicePrivilege.objects.filter(slice_privilege__user=user)]
+            qs = ControllerSlicePrivilege.objects.filter(id__in=cpriv_ids)
+        return qs
+
plstackapi