8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-23 11:53:12 +00:00

Add can_create to machines.models

This commit is contained in:
Maël Kervella 2017-11-29 00:53:32 +00:00 committed by root
parent 3f4838436c
commit 005497c662
2 changed files with 226 additions and 53 deletions

View file

@ -93,6 +93,10 @@ class MachineType(models.Model):
machinetype""" machinetype"""
return Interface.objects.filter(type=self) return Interface.objects.filter(type=self)
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un type de machine"
def __str__(self): def __str__(self):
return self.type return self.type
@ -203,6 +207,10 @@ class IpType(models.Model):
self.clean() self.clean()
super(IpType, self).save(*args, **kwargs) super(IpType, self).save(*args, **kwargs)
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un type d'ip"
def __str__(self): def __str__(self):
return self.type return self.type
@ -216,6 +224,10 @@ class Vlan(models.Model):
name = models.CharField(max_length=256) name = models.CharField(max_length=256)
comment = models.CharField(max_length=256, blank=True) comment = models.CharField(max_length=256, blank=True)
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un vlan"
def __str__(self): def __str__(self):
return self.name return self.name
@ -250,6 +262,10 @@ class Nas(models.Model):
) )
autocapture_mac = models.BooleanField(default=False) autocapture_mac = models.BooleanField(default=False)
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un nas"
def __str__(self): def __str__(self):
return self.name return self.name
@ -286,6 +302,10 @@ class SOA(models.Model):
help_text='Time To Live' help_text='Time To Live'
) )
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un enregistrement SOA"
def __str__(self): def __str__(self):
return str(self.name) return str(self.name)
@ -368,6 +388,10 @@ class Extension(models.Model):
entry += "@ IN AAAA " + str(self.origin_v6) entry += "@ IN AAAA " + str(self.origin_v6)
return entry return entry
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer une extension"
def __str__(self): def __str__(self):
return self.name return self.name
@ -393,6 +417,10 @@ class Mx(models.Model):
fichiers de zones""" fichiers de zones"""
return "@ IN MX " + str(self.priority).ljust(3) + " " + str(self.name) return "@ IN MX " + str(self.priority).ljust(3) + " " + str(self.name)
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un enregistrement MX"
def __str__(self): def __str__(self):
return str(self.zone) + ' ' + str(self.priority) + ' ' + str(self.name) return str(self.zone) + ' ' + str(self.priority) + ' ' + str(self.name)
@ -409,6 +437,10 @@ class Ns(models.Model):
"""Renvoie un enregistrement NS complet pour les filezones""" """Renvoie un enregistrement NS complet pour les filezones"""
return "@ IN NS " + str(self.ns) return "@ IN NS " + str(self.ns)
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un enregistrement NS"
def __str__(self): def __str__(self):
return str(self.zone) + ' ' + str(self.ns) return str(self.zone) + ' ' + str(self.ns)
@ -421,6 +453,10 @@ class Txt(models.Model):
field1 = models.CharField(max_length=255) field1 = models.CharField(max_length=255)
field2 = models.TextField(max_length=2047) field2 = models.TextField(max_length=2047)
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un enregistrement TXT"
def __str__(self): def __str__(self):
return str(self.zone) + " : " + str(self.field1) + " " +\ return str(self.zone) + " : " + str(self.field1) + " " +\
str(self.field2) str(self.field2)
@ -474,6 +510,10 @@ class Srv(models.Model):
help_text="Serveur cible" help_text="Serveur cible"
) )
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un enregistrement SRV"
def __str__(self): def __str__(self):
return str(self.service) + ' ' + str(self.protocole) + ' ' +\ return str(self.service) + ' ' + str(self.protocole) + ' ' +\
str(self.extension) + ' ' + str(self.priority) +\ str(self.extension) + ' ' + str(self.priority) +\
@ -591,6 +631,23 @@ class Interface(models.Model):
correspondent pas") correspondent pas")
super(Interface, self).save(*args, **kwargs) super(Interface, self).save(*args, **kwargs)
def can_create(user_request, machineid_dest):
try:
machine = Machine.objects.get(pk=machineid_dest)
except Machine.DoesNotExist:
return False, u"Machine inexistante"
if not user_request.has_perms(('cableur',)):
options, created = preferences.models.OptionalMachine.objects.get_or_create()
max_lambdauser_interfaces = options.max_lambdauser_interfaces
if machine.user != user_request:
return False, u"Vous ne pouvez pas ajouter une interface à une\
machine d'un autre user que vous sans droit"
if machine.user.user_interfaces().count() >= max_lambdauser_interfaces:
return False, u"Vous avez atteint le maximum d'interfaces\
autorisées que vous pouvez créer vous même (%s) "\
% max_lambdauser_interfaces
return True, None
def __str__(self): def __str__(self):
try: try:
domain = self.domain domain = self.domain
@ -690,6 +747,27 @@ class Domain(models.Model):
self.full_clean() self.full_clean()
super(Domain, self).save(*args, **kwargs) super(Domain, self).save(*args, **kwargs)
def can_create(user_request, interfaceid_dest):
try:
interface = Interface.objects.get(pk=interfaceid_dest)
except Interface.DoesNotExist:
return False, u"Interface inexistante"
if not user_request.has_perms(('cableur',)):
options, created = preferences.models.OptionalMachine.objects.get_or_create()
max_lambdauser_aliases = options.max_lambdauser_aliases
if interface.machine.user != user_request:
return False, u"Vous ne pouvez pas ajouter un alias à une\
machine d'un autre user que vous sans droit"
if Domain.objects.filter(
cname__in=Domain.objects.filter(
interface_parent__in=interface.machine.user.user_interfaces()
)
).count() >= max_lambdauser_aliases:
return False, u"Vous avez atteint le maximum d'alias\
autorisés que vous pouvez créer vous même (%s) "\
% max_lambdauser_aliases
return True, None
def __str__(self): def __str__(self):
return str(self.name) + str(self.extension) return str(self.name) + str(self.extension)
@ -717,6 +795,9 @@ class IpList(models.Model):
self.clean() self.clean()
super(IpList, self).save(*args, **kwargs) super(IpList, self).save(*args, **kwargs)
def can_create(user_request):
return True, None
def __str__(self): def __str__(self):
return self.ipv4 return self.ipv4
@ -757,6 +838,10 @@ class Service(models.Model):
def save(self, *args, **kwargs): def save(self, *args, **kwargs):
super(Service, self).save(*args, **kwargs) super(Service, self).save(*args, **kwargs)
def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un service"
def __str__(self): def __str__(self):
return str(self.service_type) return str(self.service_type)
@ -797,6 +882,9 @@ class Service_link(models.Model):
) < timezone.now() ) < timezone.now()
) )
def can_create(user_request):
return True, None
def __str__(self): def __str__(self):
return str(self.server) + " " + str(self.service) return str(self.server) + " " + str(self.service)
@ -810,6 +898,9 @@ class OuverturePortList(models.Model):
max_length=255 max_length=255
) )
def can_create(user_request):
return True, None
def __str__(self): def __str__(self):
return self.name return self.name
@ -880,6 +971,10 @@ class OuverturePort(models.Model):
default=OUT, default=OUT,
) )
def can_create(user_request):
return user_request.has_perms(('bureau',)) , u"Vous n'avez pas le droit\
d'ouvrir un port"
def __str__(self): def __str__(self):
if self.begin == self.end: if self.begin == self.end:
return str(self.begin) return str(self.begin)

View file

@ -221,7 +221,7 @@ def new_machine(request, userid):
return redirect(reverse( return redirect(reverse(
'users:profil', 'users:profil',
kwargs={'userid':str(request.user.id)} kwargs={'userid':str(request.user.id)}
)) ))
# No need to check if userid exist, already done in can_create # No need to check if userid exist, already done in can_create
user = User.objects.get(pk=userid) user = User.objects.get(pk=userid)
@ -344,26 +344,17 @@ def del_machine(request, machineid):
@login_required @login_required
def new_interface(request, machineid): def new_interface(request, machineid):
""" Ajoute une interface et son domain associé à une machine existante""" """ Ajoute une interface et son domain associé à une machine existante"""
try:
machine = Machine.objects.get(pk=machineid) can, reason = Interface.can_create(request.user, machineid)
except Machine.DoesNotExist: if not can:
messages.error(request, u"Machine inexistante" ) messages.error(request, reason)
return redirect(reverse('machines:index')) return redirect(reverse(
if not request.user.has_perms(('cableur',)): 'users:profil',
options, created = OptionalMachine.objects.get_or_create() kwargs={'userid':str(request.user.id)}
max_lambdauser_interfaces = options.max_lambdauser_interfaces ))
if machine.user != request.user:
messages.error(request, "Vous ne pouvez pas ajouter une interface à une machine d'un autre user que vous sans droit") # No need to check if machineid exist, already done in can_create
return redirect(reverse( machine = Machine.objects.get(pk=machineid)
'users:profil',
kwargs={'userid':str(request.user.id)}
))
if machine.user.user_interfaces().count() >= max_lambdauser_interfaces:
messages.error(request, "Vous avez atteint le maximum d'interfaces autorisées que vous pouvez créer vous même (%s) " % max_lambdauser_interfaces)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
interface_form = AddInterfaceForm(request.POST or None, infra=request.user.has_perms(('infra',))) interface_form = AddInterfaceForm(request.POST or None, infra=request.user.has_perms(('infra',)))
domain_form = DomainForm(request.POST or None) domain_form = DomainForm(request.POST or None)
if interface_form.is_valid(): if interface_form.is_valid():
@ -419,9 +410,17 @@ def del_interface(request, interfaceid):
return form({'objet': interface, 'objet_name': 'interface'}, 'machines/delete.html', request) return form({'objet': interface, 'objet_name': 'interface'}, 'machines/delete.html', request)
@login_required @login_required
@permission_required('infra')
def add_iptype(request): def add_iptype(request):
""" Ajoute un range d'ip. Intelligence dans le models, fonction views minimaliste""" """ Ajoute un range d'ip. Intelligence dans le models, fonction views minimaliste"""
can, reason = IpType.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
iptype = IpTypeForm(request.POST or None) iptype = IpTypeForm(request.POST or None)
if iptype.is_valid(): if iptype.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -470,8 +469,16 @@ def del_iptype(request):
return form({'iptypeform': iptype}, 'machines/machine.html', request) return form({'iptypeform': iptype}, 'machines/machine.html', request)
@login_required @login_required
@permission_required('infra')
def add_machinetype(request): def add_machinetype(request):
can, reason = MachineType.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
machinetype = MachineTypeForm(request.POST or None) machinetype = MachineTypeForm(request.POST or None)
if machinetype.is_valid(): if machinetype.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -518,8 +525,16 @@ def del_machinetype(request):
return form({'machinetypeform': machinetype}, 'machines/machine.html', request) return form({'machinetypeform': machinetype}, 'machines/machine.html', request)
@login_required @login_required
@permission_required('infra')
def add_extension(request): def add_extension(request):
can, reason = Extension.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
extension = ExtensionForm(request.POST or None) extension = ExtensionForm(request.POST or None)
if extension.is_valid(): if extension.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -566,8 +581,16 @@ def del_extension(request):
return form({'extensionform': extension}, 'machines/machine.html', request) return form({'extensionform': extension}, 'machines/machine.html', request)
@login_required @login_required
@permission_required('infra')
def add_soa(request): def add_soa(request):
can, reason = SOA.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
soa = SOAForm(request.POST or None) soa = SOAForm(request.POST or None)
if soa.is_valid(): if soa.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -614,8 +637,16 @@ def del_soa(request):
return form({'soaform': soa}, 'machines/machine.html', request) return form({'soaform': soa}, 'machines/machine.html', request)
@login_required @login_required
@permission_required('infra')
def add_mx(request): def add_mx(request):
can, reason = Mx.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
mx = MxForm(request.POST or None) mx = MxForm(request.POST or None)
if mx.is_valid(): if mx.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -662,8 +693,16 @@ def del_mx(request):
return form({'mxform': mx}, 'machines/machine.html', request) return form({'mxform': mx}, 'machines/machine.html', request)
@login_required @login_required
@permission_required('infra')
def add_ns(request): def add_ns(request):
can, reason = Ns.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
ns = NsForm(request.POST or None) ns = NsForm(request.POST or None)
if ns.is_valid(): if ns.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -710,8 +749,16 @@ def del_ns(request):
return form({'nsform': ns}, 'machines/machine.html', request) return form({'nsform': ns}, 'machines/machine.html', request)
@login_required @login_required
@permission_required('infra')
def add_txt(request): def add_txt(request):
can, reason = Txt.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
txt = TxtForm(request.POST or None) txt = TxtForm(request.POST or None)
if txt.is_valid(): if txt.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -758,8 +805,16 @@ def del_txt(request):
return form({'txtform': txt}, 'machines/machine.html', request) return form({'txtform': txt}, 'machines/machine.html', request)
@login_required @login_required
@permission_required('infra')
def add_srv(request): def add_srv(request):
can, reason = Srv.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
srv = SrvForm(request.POST or None) srv = SrvForm(request.POST or None)
if srv.is_valid(): if srv.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -807,26 +862,17 @@ def del_srv(request):
@login_required @login_required
def add_alias(request, interfaceid): def add_alias(request, interfaceid):
try:
interface = Interface.objects.get(pk=interfaceid) can, reason = Domain.can_create(request.user, interfaceid)
except Interface.DoesNotExist: if not can:
messages.error(request, u"Interface inexistante" ) messages.error(request, reason)
return redirect(reverse('machines:index')) return redirect(reverse(
if not request.user.has_perms(('cableur',)): 'users:profil',
options, created = OptionalMachine.objects.get_or_create() kwargs={'userid':str(request.user.id)}
max_lambdauser_aliases = options.max_lambdauser_aliases ))
if interface.machine.user != request.user:
messages.error(request, "Vous ne pouvez pas ajouter un alias à une machine d'un autre user que vous sans droit") # No need to check if interfaceid exist, already done in can_create
return redirect(reverse( interface = Interface.objects.get(pk=interfaceid)
'users:profil',
kwargs={'userid':str(request.user.id)}
))
if Domain.objects.filter(cname__in=Domain.objects.filter(interface_parent__in=interface.machine.user.user_interfaces())).count() >= max_lambdauser_aliases:
messages.error(request, "Vous avez atteint le maximum d'alias autorisées que vous pouvez créer vous même (%s) " % max_lambdauser_aliases)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
alias = AliasForm(request.POST or None, infra=request.user.has_perms(('infra',))) alias = AliasForm(request.POST or None, infra=request.user.has_perms(('infra',)))
if alias.is_valid(): if alias.is_valid():
alias = alias.save(commit=False) alias = alias.save(commit=False)
@ -900,8 +946,16 @@ def del_alias(request, interfaceid):
@login_required @login_required
@permission_required('infra')
def add_service(request): def add_service(request):
can, reason = Service.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
service = ServiceForm(request.POST or None) service = ServiceForm(request.POST or None)
if service.is_valid(): if service.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -948,8 +1002,16 @@ def del_service(request):
return form({'serviceform': service}, 'machines/machine.html', request) return form({'serviceform': service}, 'machines/machine.html', request)
@login_required @login_required
@permission_required('infra')
def add_vlan(request): def add_vlan(request):
can, reason = Vlan.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
vlan = VlanForm(request.POST or None) vlan = VlanForm(request.POST or None)
if vlan.is_valid(): if vlan.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -996,8 +1058,16 @@ def del_vlan(request):
return form({'vlanform': vlan}, 'machines/machine.html', request) return form({'vlanform': vlan}, 'machines/machine.html', request)
@login_required @login_required
@permission_required('infra')
def add_nas(request): def add_nas(request):
can, reason = Nas.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
nas = NasForm(request.POST or None) nas = NasForm(request.POST or None)
if nas.is_valid(): if nas.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -1301,8 +1371,16 @@ def del_portlist(request, pk):
return redirect(reverse('machines:index-portlist')) return redirect(reverse('machines:index-portlist'))
@login_required @login_required
@permission_required('bureau')
def add_portlist(request): def add_portlist(request):
can, reason = OuverturePort.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
port_list = EditOuverturePortListForm(request.POST or None) port_list = EditOuverturePortListForm(request.POST or None)
port_formset = modelformset_factory( port_formset = modelformset_factory(
OuverturePort, OuverturePort,