From: Scott Baker Date: Wed, 21 Jan 2015 01:02:53 +0000 (-0800) Subject: tenant view only shows sites the user should be able to see X-Git-Url: http://git.onelab.eu/?p=plstackapi.git;a=commitdiff_plain;h=058ff324def456d1e4f2d85069b91f6cfc1108eb tenant view only shows sites the user should be able to see --- diff --git a/planetstack/core/xoslib/methods/sliceplus.py b/planetstack/core/xoslib/methods/sliceplus.py index 4d15d41..9e93e6d 100644 --- a/planetstack/core/xoslib/methods/sliceplus.py +++ b/planetstack/core/xoslib/methods/sliceplus.py @@ -45,6 +45,14 @@ class SlicePlusIdSerializer(serializers.ModelSerializer, PlusSerializerMixin): site_allocation = DictionaryField(required=False) users = ListField(required=False) user_names = ListField(required=False) # readonly = True ? + current_user_can_see = serializers.SerializerMethodField("getCurrentUserCanSee") + + def getCurrentUserCanSee(self, slice): + # user can 'see' the slice if he is the creator or he has a role + current_user = self.context['request'].user + if (slice.creator and slice.creator==current_user): + return True; + return (len(slice.getSliceInfo(current_user)["roles"]) > 0) def getSliceInfo(self, slice): return slice.getSliceInfo(user=self.context['request'].user) @@ -58,9 +66,9 @@ class SlicePlusIdSerializer(serializers.ModelSerializer, PlusSerializerMixin): model = SlicePlus fields = ('humanReadableName', 'id','created','updated','enacted','name','enabled','omf_friendly','description','slice_url','site','max_slivers','service','network','mount_data_sets', 'default_image', 'default_flavor', - 'serviceClass','creator','networks','sliceInfo','network_ports','backendIcon','backendHtml','site_allocation','users',"user_names") + 'serviceClass','creator','networks','sliceInfo','network_ports','backendIcon','backendHtml','site_allocation','users',"user_names","current_user_can_see") -class SlicePlusList(PlusListCreateAPIView): #generics.ListCreateAPIView): +class SlicePlusList(PlusListCreateAPIView): queryset = SlicePlus.objects.select_related().all() serializer_class = SlicePlusIdSerializer @@ -68,7 +76,22 @@ class SlicePlusList(PlusListCreateAPIView): #generics.ListCreateAPIView): method_name = "slicesplus" def get_queryset(self): - return SlicePlus.select_by_user(self.request.user) + current_user_can_see = self.request.QUERY_PARAMS.get('current_user_can_see', False) + + slices = SlicePlus.select_by_user(self.request.user) + + # If current_user_can_see is set, then filter the queryset to return + # only those slices that the user is either creator or has privilege + # on. + if (current_user_can_see): + slice_ids = [] + for slice in slices: + if (self.request.user == slice.creator) or (len(slice.getSliceInfo(self.request.user)["roles"]) > 0): + slice_ids.append(slice.id) + + slices = SlicePlus.objects.filter(id__in=slice_ids) + + return slices class SlicePlusDetail(PlusRetrieveUpdateDestroyAPIView): queryset = SlicePlus.objects.select_related().all() diff --git a/planetstack/core/xoslib/static/js/xosDeveloper_datatables.js b/planetstack/core/xoslib/static/js/xosDeveloper_datatables.js index 4be4e0f..7d6ee3c 100644 --- a/planetstack/core/xoslib/static/js/xosDeveloper_datatables.js +++ b/planetstack/core/xoslib/static/js/xosDeveloper_datatables.js @@ -12,12 +12,16 @@ row = data.models[rowkey]; slicename = row.get("name"); sliceid = row.get("id"); - role = row.get("sliceInfo").roles[0]; + role = row.get("sliceInfo").roles[0] || ""; slivercount = row.get("sliceInfo").sliverCount; sitecount = row.get("sliceInfo").siteCount; backendHtml = row.get("backendHtml") - if (! role) { + //if (! role) { + // continue; + //} + + if (! row.get("current_user_can_see") ) { continue; } diff --git a/planetstack/core/xoslib/static/js/xosTenant.js b/planetstack/core/xoslib/static/js/xosTenant.js index ae6f955..0182f9f 100644 --- a/planetstack/core/xoslib/static/js/xosTenant.js +++ b/planetstack/core/xoslib/static/js/xosTenant.js @@ -178,6 +178,9 @@ XOSTenantApp.buildViews = function() { sliceChanged: function(id) { XOSTenantApp.navToSlice(id); }, + filter: function(slice) { + return slice.attributes.current_user_can_see; + }, }); xos.sites.fetch(); diff --git a/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js b/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js index d359f36..1ca1307 100644 --- a/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js +++ b/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js @@ -319,18 +319,12 @@ if (! window.XOSLIB_LOADED ) { var url = this.urlRoot || ( models && models.length && models[0].urlRoot ); url && ( url += ( url.length > 0 && url.charAt( url.length - 1 ) === '/' ) ? '' : '/' ); - // Build a url to retrieve a set of models. This assume the last part of each model's idAttribute - // (set to 'resource_uri') contains the model's id. - if ( models && models.length ) { - var ids = _.map( models, function( model ) { - var parts = _.compact( model.id.split('/') ); - return parts[ parts.length - 1 ]; - }); - url += 'set/' + ids.join(';') + '/'; - } - url && ( url += "?no_hyperlinks=1" ); + if (this.currentUserCanSee) { + url && ( url += "¤t_user_can_see=1" ); + } + return url; }, @@ -364,6 +358,7 @@ if (! window.XOSLIB_LOADED ) { function define_model(lib, attrs) { modelName = attrs.modelName; modelClassName = modelName; + collectionClass = attrs.collectionClass || XOSCollection; collectionClassName = modelName + "Collection"; if (!attrs.addFields) { @@ -411,7 +406,7 @@ if (! window.XOSLIB_LOADED ) { collectionAttrs["model"] = lib[modelName]; - lib[collectionClassName] = XOSCollection.extend(collectionAttrs); + lib[collectionClassName] = collectionClass.extend(collectionAttrs); lib[collectionName] = new lib[collectionClassName](); lib.allCollectionNames.push(collectionName); @@ -692,7 +687,10 @@ if (! window.XOSLIB_LOADED ) { detailFields: [], }); - this.tenant = function() { return this.tenantview.models[0].attributes; } + /* by default, have slicePlus only fetch the slices the user can see */ + this.slicesPlus.currentUserCanSee = true; + + this.tenant = function() { return this.tenantview.models[0].attributes; }; this.listObjects = function() { return this.allCollectionNames; }; diff --git a/planetstack/core/xoslib/static/js/xoslib/xosHelper.js b/planetstack/core/xoslib/static/js/xoslib/xosHelper.js index 76254f6..7392843 100644 --- a/planetstack/core/xoslib/static/js/xoslib/xosHelper.js +++ b/planetstack/core/xoslib/static/js/xoslib/xosHelper.js @@ -4,6 +4,21 @@ HTMLView = Marionette.ItemView.extend({ }, }); +FilteredCompositeView = Marionette.CompositeView.extend( { + showCollection: function() { + var ChildView; + this.collection.each(function(child, index) { + filterFunc = this.options.filter || this.filter; + if (filterFunc && !filterFunc(child)) { + return; + } + ChildView = this.getChildView(child); + this.addChild(child, ChildView, index); + }, this); + + }, +}); + SliceSelectorOption = Marionette.ItemView.extend({ template: "#xos-sliceselector-option", tagName: "option", @@ -16,7 +31,7 @@ SliceSelectorOption = Marionette.ItemView.extend({ }, }); -SliceSelectorView = Marionette.CompositeView.extend({ +SliceSelectorView = FilteredCompositeView.extend({ template: "#xos-sliceselector-select", childViewContainer: "select", childView: SliceSelectorOption, @@ -39,20 +54,6 @@ SliceSelectorView = Marionette.CompositeView.extend({ templateHelpers: function() { return {caption: this.options.caption || this.caption }; }, }); -FilteredCompositeView = Marionette.CompositeView.extend( { - showCollection: function() { - var ChildView; - this.collection.each(function(child, index) { - if (this.filter && !this.filter(child)) { - return; - } - ChildView = this.getChildView(child); - this.addChild(child, ChildView, index); - }, this); - - }, -}); - XOSRouter = Marionette.AppRouter.extend({ initialize: function() { this.routeStack=[];