rezometz
/
re2o
mirror of https://gitlab.federez.net/re2o/re2o
8
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Add can_create to machines.models

rewrite_authors
Maël Kervella 8 years ago
committed by root
parent
3f4838436c
commit
005497c662
2 changed files with 226 additions and 53 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 95
      machines/models.py
  2. 184
      machines/views.py

95
machines/models.py
View File

@ -93,6 +93,10 @@ class MachineType(models.Model):
machinetype""" machinetype"""
return Interface.objects.filter(type=self) return Interface.objects.filter(type=self)
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un type de machine"
def __str__(self): def __str__(self):
return self.type return self.type
@ -203,6 +207,10 @@ class IpType(models.Model):
self.clean() self.clean()
super(IpType, self).save(*args, **kwargs) super(IpType, self).save(*args, **kwargs)
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un type d'ip"
def __str__(self): def __str__(self):
return self.type return self.type
@ -216,6 +224,10 @@ class Vlan(models.Model):
name = models.CharField(max_length=256) name = models.CharField(max_length=256)
comment = models.CharField(max_length=256, blank=True) comment = models.CharField(max_length=256, blank=True)
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un vlan"
def __str__(self): def __str__(self):
return self.name return self.name
@ -250,6 +262,10 @@ class Nas(models.Model):
) )
autocapture_mac = models.BooleanField(default=False) autocapture_mac = models.BooleanField(default=False)
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un nas"
def __str__(self): def __str__(self):
return self.name return self.name
@ -286,6 +302,10 @@ class SOA(models.Model):
help_text='Time To Live' help_text='Time To Live'
) )
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un enregistrement SOA"
def __str__(self): def __str__(self):
return str(self.name) return str(self.name)
@ -368,6 +388,10 @@ class Extension(models.Model):
entry += "@ IN AAAA " + str(self.origin_v6) entry += "@ IN AAAA " + str(self.origin_v6)
return entry return entry
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer une extension"
def __str__(self): def __str__(self):
return self.name return self.name
@ -393,6 +417,10 @@ class Mx(models.Model):
fichiers de zones""" fichiers de zones"""
return "@ IN MX " + str(self.priority).ljust(3) + " " + str(self.name) return "@ IN MX " + str(self.priority).ljust(3) + " " + str(self.name)
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un enregistrement MX"
def __str__(self): def __str__(self):
return str(self.zone) + ' ' + str(self.priority) + ' ' + str(self.name) return str(self.zone) + ' ' + str(self.priority) + ' ' + str(self.name)
@ -409,6 +437,10 @@ class Ns(models.Model):
"""Renvoie un enregistrement NS complet pour les filezones""" """Renvoie un enregistrement NS complet pour les filezones"""
return "@ IN NS " + str(self.ns) return "@ IN NS " + str(self.ns)
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un enregistrement NS"
def __str__(self): def __str__(self):
return str(self.zone) + ' ' + str(self.ns) return str(self.zone) + ' ' + str(self.ns)
@ -421,6 +453,10 @@ class Txt(models.Model):
field1 = models.CharField(max_length=255) field1 = models.CharField(max_length=255)
field2 = models.TextField(max_length=2047) field2 = models.TextField(max_length=2047)
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un enregistrement TXT"
def __str__(self): def __str__(self):
return str(self.zone) + " : " + str(self.field1) + " " +\ return str(self.zone) + " : " + str(self.field1) + " " +\
str(self.field2) str(self.field2)
@ -474,6 +510,10 @@ class Srv(models.Model):
help_text="Serveur cible" help_text="Serveur cible"
) )
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un enregistrement SRV"
def __str__(self): def __str__(self):
return str(self.service) + ' ' + str(self.protocole) + ' ' +\ return str(self.service) + ' ' + str(self.protocole) + ' ' +\
str(self.extension) + ' ' + str(self.priority) +\ str(self.extension) + ' ' + str(self.priority) +\
@ -591,6 +631,23 @@ class Interface(models.Model):
correspondent pas") correspondent pas")
super(Interface, self).save(*args, **kwargs) super(Interface, self).save(*args, **kwargs)
def can_create(user_request, machineid_dest):
try:
machine = Machine.objects.get(pk=machineid_dest)
except Machine.DoesNotExist:
return False, u"Machine inexistante"
if not user_request.has_perms(('cableur',)):
options, created = preferences.models.OptionalMachine.objects.get_or_create()
max_lambdauser_interfaces = options.max_lambdauser_interfaces
if machine.user != user_request:
return False, u"Vous ne pouvez pas ajouter une interface à une\
machine d'un autre user que vous sans droit"
if machine.user.user_interfaces().count() >= max_lambdauser_interfaces:
return False, u"Vous avez atteint le maximum d'interfaces\
autorisées que vous pouvez créer vous même (%s) "\
% max_lambdauser_interfaces
return True, None
def __str__(self): def __str__(self):
try: try:
domain = self.domain domain = self.domain
@ -690,6 +747,27 @@ class Domain(models.Model):
self.full_clean() self.full_clean()
super(Domain, self).save(*args, **kwargs) super(Domain, self).save(*args, **kwargs)
def can_create(user_request, interfaceid_dest):
try:
interface = Interface.objects.get(pk=interfaceid_dest)
except Interface.DoesNotExist:
return False, u"Interface inexistante"
if not user_request.has_perms(('cableur',)):
options, created = preferences.models.OptionalMachine.objects.get_or_create()
max_lambdauser_aliases = options.max_lambdauser_aliases
if interface.machine.user != user_request:
return False, u"Vous ne pouvez pas ajouter un alias à une\
machine d'un autre user que vous sans droit"
if Domain.objects.filter(
cname__in=Domain.objects.filter(
interface_parent__in=interface.machine.user.user_interfaces()
)
).count() >= max_lambdauser_aliases:
return False, u"Vous avez atteint le maximum d'alias\
autorisés que vous pouvez créer vous même (%s) "\
% max_lambdauser_aliases
return True, None
def __str__(self): def __str__(self):
return str(self.name) + str(self.extension) return str(self.name) + str(self.extension)
@ -717,6 +795,9 @@ class IpList(models.Model):
self.clean() self.clean()
super(IpList, self).save(*args, **kwargs) super(IpList, self).save(*args, **kwargs)
def can_create(user_request):
return True, None
def __str__(self): def __str__(self):
return self.ipv4 return self.ipv4
@ -757,6 +838,10 @@ class Service(models.Model):
def save(self, *args, **kwargs): def save(self, *args, **kwargs):
super(Service, self).save(*args, **kwargs) super(Service, self).save(*args, **kwargs)
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un service"
def __str__(self): def __str__(self):
return str(self.service_type) return str(self.service_type)
@ -797,6 +882,9 @@ class Service_link(models.Model):
) < timezone.now() ) < timezone.now()
) )
def can_create(user_request):
return True, None
def __str__(self): def __str__(self):
return str(self.server) + " " + str(self.service) return str(self.server) + " " + str(self.service)
@ -810,6 +898,9 @@ class OuverturePortList(models.Model):
max_length=255 max_length=255
) )
def can_create(user_request):
return True, None
def __str__(self): def __str__(self):
return self.name return self.name
@ -880,6 +971,10 @@ class OuverturePort(models.Model):
default=OUT, default=OUT,
) )
def can_create(user_request):
return user_request.has_perms(('bureau',)) , u"Vous n'avez pas le droit\
d'ouvrir un port"
def __str__(self): def __str__(self):
if self.begin == self.end: if self.begin == self.end:
return str(self.begin) return str(self.begin)

184
machines/views.py
View File

@ -221,7 +221,7 @@ def new_machine(request, userid):
return redirect(reverse( return redirect(reverse(
'users:profil', 'users:profil',
kwargs={'userid':str(request.user.id)} kwargs={'userid':str(request.user.id)}
)) ))
# No need to check if userid exist, already done in can_create # No need to check if userid exist, already done in can_create
user = User.objects.get(pk=userid) user = User.objects.get(pk=userid)
@ -344,26 +344,17 @@ def del_machine(request, machineid):
@login_required @login_required
def new_interface(request, machineid): def new_interface(request, machineid):
""" Ajoute une interface et son domain associé à une machine existante""" """ Ajoute une interface et son domain associé à une machine existante"""
try:
machine = Machine.objects.get(pk=machineid) can, reason = Interface.can_create(request.user, machineid)
except Machine.DoesNotExist: if not can:
messages.error(request, u"Machine inexistante" ) messages.error(request, reason)
return redirect(reverse('machines:index')) return redirect(reverse(
if not request.user.has_perms(('cableur',)): 'users:profil',
options, created = OptionalMachine.objects.get_or_create() kwargs={'userid':str(request.user.id)}
max_lambdauser_interfaces = options.max_lambdauser_interfaces ))
if machine.user != request.user:
messages.error(request, "Vous ne pouvez pas ajouter une interface à une machine d'un autre user que vous sans droit") # No need to check if machineid exist, already done in can_create
return redirect(reverse( machine = Machine.objects.get(pk=machineid)
'users:profil',
kwargs={'userid':str(request.user.id)}
))
if machine.user.user_interfaces().count() >= max_lambdauser_interfaces:
messages.error(request, "Vous avez atteint le maximum d'interfaces autorisées que vous pouvez créer vous même (%s) " % max_lambdauser_interfaces)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
interface_form = AddInterfaceForm(request.POST or None, infra=request.user.has_perms(('infra',))) interface_form = AddInterfaceForm(request.POST or None, infra=request.user.has_perms(('infra',)))
domain_form = DomainForm(request.POST or None) domain_form = DomainForm(request.POST or None)
if interface_form.is_valid(): if interface_form.is_valid():
@ -419,9 +410,17 @@ def del_interface(request, interfaceid):
return form({'objet': interface, 'objet_name': 'interface'}, 'machines/delete.html', request) return form({'objet': interface, 'objet_name': 'interface'}, 'machines/delete.html', request)
@login_required @login_required
@permission_required('infra')
def add_iptype(request): def add_iptype(request):
""" Ajoute un range d'ip. Intelligence dans le models, fonction views minimaliste""" """ Ajoute un range d'ip. Intelligence dans le models, fonction views minimaliste"""
can, reason = IpType.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
iptype = IpTypeForm(request.POST or None) iptype = IpTypeForm(request.POST or None)
if iptype.is_valid(): if iptype.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -470,8 +469,16 @@ def del_iptype(request):
return form({'iptypeform': iptype}, 'machines/machine.html', request) return form({'iptypeform': iptype}, 'machines/machine.html', request)
@login_required @login_required
@permission_required('infra')
def add_machinetype(request): def add_machinetype(request):
can, reason = MachineType.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
machinetype = MachineTypeForm(request.POST or None) machinetype = MachineTypeForm(request.POST or None)
if machinetype.is_valid(): if machinetype.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -518,8 +525,16 @@ def del_machinetype(request):
return form({'machinetypeform': machinetype}, 'machines/machine.html', request) return form({'machinetypeform': machinetype}, 'machines/machine.html', request)
@login_required @login_required
@permission_required('infra')
def add_extension(request): def add_extension(request):
can, reason = Extension.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
extension = ExtensionForm(request.POST or None) extension = ExtensionForm(request.POST or None)
if extension.is_valid(): if extension.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -566,8 +581,16 @@ def del_extension(request):
return form({'extensionform': extension}, 'machines/machine.html', request) return form({'extensionform': extension}, 'machines/machine.html', request)
@login_required @login_required
@permission_required('infra')
def add_soa(request): def add_soa(request):
can, reason = SOA.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
soa = SOAForm(request.POST or None) soa = SOAForm(request.POST or None)
if soa.is_valid(): if soa.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -614,8 +637,16 @@ def del_soa(request):
return form({'soaform': soa}, 'machines/machine.html', request) return form({'soaform': soa}, 'machines/machine.html', request)
@login_required @login_required
@permission_required('infra')
def add_mx(request): def add_mx(request):
can, reason = Mx.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
mx = MxForm(request.POST or None) mx = MxForm(request.POST or None)
if mx.is_valid(): if mx.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -662,8 +693,16 @@ def del_mx(request):
return form({'mxform': mx}, 'machines/machine.html', request) return form({'mxform': mx}, 'machines/machine.html', request)
@login_required @login_required
@permission_required('infra')
def add_ns(request): def add_ns(request):
can, reason = Ns.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
ns = NsForm(request.POST or None) ns = NsForm(request.POST or None)
if ns.is_valid(): if ns.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -710,8 +749,16 @@ def del_ns(request):
return form({'nsform': ns}, 'machines/machine.html', request) return form({'nsform': ns}, 'machines/machine.html', request)
@login_required @login_required
@permission_required('infra')
def add_txt(request): def add_txt(request):
can, reason = Txt.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
txt = TxtForm(request.POST or None) txt = TxtForm(request.POST or None)
if txt.is_valid(): if txt.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -758,8 +805,16 @@ def del_txt(request):
return form({'txtform': txt}, 'machines/machine.html', request) return form({'txtform': txt}, 'machines/machine.html', request)
@login_required @login_required
@permission_required('infra')
def add_srv(request): def add_srv(request):
can, reason = Srv.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
srv = SrvForm(request.POST or None) srv = SrvForm(request.POST or None)
if srv.is_valid(): if srv.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -807,26 +862,17 @@ def del_srv(request):
@login_required @login_required
def add_alias(request, interfaceid): def add_alias(request, interfaceid):
try:
interface = Interface.objects.get(pk=interfaceid) can, reason = Domain.can_create(request.user, interfaceid)
except Interface.DoesNotExist: if not can:
messages.error(request, u"Interface inexistante" ) messages.error(request, reason)
return redirect(reverse('machines:index')) return redirect(reverse(
if not request.user.has_perms(('cableur',)): 'users:profil',
options, created = OptionalMachine.objects.get_or_create() kwargs={'userid':str(request.user.id)}
max_lambdauser_aliases = options.max_lambdauser_aliases ))
if interface.machine.user != request.user:
messages.error(request, "Vous ne pouvez pas ajouter un alias à une machine d'un autre user que vous sans droit") # No need to check if interfaceid exist, already done in can_create
return redirect(reverse( interface = Interface.objects.get(pk=interfaceid)
'users:profil',
kwargs={'userid':str(request.user.id)}
))
if Domain.objects.filter(cname__in=Domain.objects.filter(interface_parent__in=interface.machine.user.user_interfaces())).count() >= max_lambdauser_aliases:
messages.error(request, "Vous avez atteint le maximum d'alias autorisées que vous pouvez créer vous même (%s) " % max_lambdauser_aliases)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
alias = AliasForm(request.POST or None, infra=request.user.has_perms(('infra',))) alias = AliasForm(request.POST or None, infra=request.user.has_perms(('infra',)))
if alias.is_valid(): if alias.is_valid():
alias = alias.save(commit=False) alias = alias.save(commit=False)
@ -900,8 +946,16 @@ def del_alias(request, interfaceid):
@login_required @login_required
@permission_required('infra')
def add_service(request): def add_service(request):
can, reason = Service.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
service = ServiceForm(request.POST or None) service = ServiceForm(request.POST or None)
if service.is_valid(): if service.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -948,8 +1002,16 @@ def del_service(request):
return form({'serviceform': service}, 'machines/machine.html', request) return form({'serviceform': service}, 'machines/machine.html', request)
@login_required @login_required
@permission_required('infra')
def add_vlan(request): def add_vlan(request):
can, reason = Vlan.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
vlan = VlanForm(request.POST or None) vlan = VlanForm(request.POST or None)
if vlan.is_valid(): if vlan.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -996,8 +1058,16 @@ def del_vlan(request):
return form({'vlanform': vlan}, 'machines/machine.html', request) return form({'vlanform': vlan}, 'machines/machine.html', request)
@login_required @login_required
@permission_required('infra')
def add_nas(request): def add_nas(request):
can, reason = Nas.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
nas = NasForm(request.POST or None) nas = NasForm(request.POST or None)
if nas.is_valid(): if nas.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -1301,8 +1371,16 @@ def del_portlist(request, pk):
return redirect(reverse('machines:index-portlist')) return redirect(reverse('machines:index-portlist'))
@login_required @login_required
@permission_required('bureau')
def add_portlist(request): def add_portlist(request):
can, reason = OuverturePort.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
port_list = EditOuverturePortListForm(request.POST or None) port_list = EditOuverturePortListForm(request.POST or None)
port_formset = modelformset_factory( port_formset = modelformset_factory(
OuverturePort, OuverturePort,

Write Preview
Loading…
Cancel
Save