8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-25 22:22:26 +00:00

Use @can_create and @can_edit on machines.models

This commit is contained in:
Maël Kervella 2017-11-30 20:38:16 +00:00 committed by root
parent 3d89386bba
commit 28ef82176f
5 changed files with 95 additions and 313 deletions

View file

@ -58,9 +58,9 @@ class Machine(models.Model):
def get_instance(machineid): def get_instance(machineid):
return Machine.objects.get(pk=machineid) return Machine.objects.get(pk=machineid)
def can_create(user_request, userid_dest): def can_create(user_request, userid):
try: try:
user = users.models.User.objects.get(pk=userid_dest) user = users.models.User.objects.get(pk=userid)
except users.models.User.DoesNotExist: except users.models.User.DoesNotExist:
return False, u"Utilisateur inexistant" return False, u"Utilisateur inexistant"
options, created = preferences.models.OptionalMachine.objects.get_or_create() options, created = preferences.models.OptionalMachine.objects.get_or_create()
@ -75,7 +75,7 @@ class Machine(models.Model):
% max_lambdauser_interfaces % max_lambdauser_interfaces
return True, None return True, None
def can_edit(user_request, machine): def can_edit(self, user_request):
return True, None return True, None
def __str__(self): def __str__(self):
@ -106,7 +106,7 @@ class MachineType(models.Model):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un type de machine" de créer un type de machine"
def can_edit(user_request, machinetype): def can_edit(self, user_request):
if not user_request.has_perms(('infra',)): if not user_request.has_perms(('infra',)):
return False, u"Vous n'avez pas le droit d'éditer des types de machine" return False, u"Vous n'avez pas le droit d'éditer des types de machine"
return True, None return True, None
@ -221,14 +221,14 @@ class IpType(models.Model):
self.clean() self.clean()
super(IpType, self).save(*args, **kwargs) super(IpType, self).save(*args, **kwargs)
def get_instance(iptyeid): def get_instance(iptypeid):
return IpType.objects.get(pk=iptypeid) return IpType.objects.get(pk=iptypeid)
def can_create(user_request): def can_create(user_request):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un type d'ip" de créer un type d'ip"
def can_edit(user_request, iptype): def can_edit(self, user_request):
if not user_request.has_perms(('infra',)): if not user_request.has_perms(('infra',)):
return False, u"Vous n'avez pas le droit d'éditer des types d'ip" return False, u"Vous n'avez pas le droit d'éditer des types d'ip"
return True, None return True, None
@ -253,7 +253,7 @@ class Vlan(models.Model):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un vlan" de créer un vlan"
def can_edit(user_request, vlan): def can_edit(self, user_request):
if not user_request.has_perms(('infra',)): if not user_request.has_perms(('infra',)):
return False, u"Vous n'avez pas le droit d'éditer des vlans" return False, u"Vous n'avez pas le droit d'éditer des vlans"
return True, None return True, None
@ -299,7 +299,7 @@ class Nas(models.Model):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un nas" de créer un nas"
def can_edit(user_request, nas): def can_edit(self, user_request):
if not user_request.has_perms(('infra',)): if not user_request.has_perms(('infra',)):
return False, u"Vous n'avez pas le droit d'éditer des nas" return False, u"Vous n'avez pas le droit d'éditer des nas"
return True, None return True, None
@ -347,7 +347,7 @@ class SOA(models.Model):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un enregistrement SOA" de créer un enregistrement SOA"
def can_edit(user_request, soa): def can_edit(self, user_request):
if not user_request.has_perms(('infra',)): if not user_request.has_perms(('infra',)):
return False, u"Vous n'avez pas le droit d'éditer des enregistrements SOA" return False, u"Vous n'avez pas le droit d'éditer des enregistrements SOA"
return True, None return True, None
@ -441,7 +441,7 @@ class Extension(models.Model):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer une extension" de créer une extension"
def can_edit(user_request, extension): def can_edit(self, user_request):
if not user_request.has_perms(('infra',)): if not user_request.has_perms(('infra',)):
return False, u"Vous n'avez pas le droit d'éditer des extensions" return False, u"Vous n'avez pas le droit d'éditer des extensions"
return True, None return True, None
@ -478,7 +478,7 @@ class Mx(models.Model):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un enregistrement MX" de créer un enregistrement MX"
def can_edit(user_request, mx): def can_edit(self, user_request):
if not user_request.has_perms(('infra',)): if not user_request.has_perms(('infra',)):
return False, u"Vous n'avez pas le droit d'éditer des enregstrements MX" return False, u"Vous n'avez pas le droit d'éditer des enregstrements MX"
return True, None return True, None
@ -506,7 +506,7 @@ class Ns(models.Model):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un enregistrement NS" de créer un enregistrement NS"
def can_edit(user_request, ns): def can_edit(self, user_request):
if not user_request.has_perms(('infra',)): if not user_request.has_perms(('infra',)):
return False, u"Vous n'avez pas le droit d'éditer des enregistrements NS" return False, u"Vous n'avez pas le droit d'éditer des enregistrements NS"
return True, None return True, None
@ -530,7 +530,7 @@ class Txt(models.Model):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un enregistrement TXT" de créer un enregistrement TXT"
def can_edit(user_request, txt): def can_edit(self, user_request):
if not user_request.has_perms(('infra',)): if not user_request.has_perms(('infra',)):
return False, u"Vous n'avez pas le droit d'éditer des enregistrement TXT" return False, u"Vous n'avez pas le droit d'éditer des enregistrement TXT"
return True, None return True, None
@ -595,7 +595,7 @@ class Srv(models.Model):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un enregistrement SRV" de créer un enregistrement SRV"
def can_edit(user_request, srv): def can_edit(self, user_request):
if not user_request.has_perms(('infra',)): if not user_request.has_perms(('infra',)):
return False, u"Vous n'avez pas le droit d'éditer des enregistrements SRV" return False, u"Vous n'avez pas le droit d'éditer des enregistrements SRV"
return True, None return True, None
@ -720,9 +720,9 @@ class Interface(models.Model):
def get_instance(interfaceid): def get_instance(interfaceid):
return Interface.objects.get(pk=interfaceid) return Interface.objects.get(pk=interfaceid)
def can_create(user_request, machineid_dest): def can_create(user_request, machineid):
try: try:
machine = Machine.objects.get(pk=machineid_dest) machine = Machine.objects.get(pk=machineid)
except Machine.DoesNotExist: except Machine.DoesNotExist:
return False, u"Machine inexistante" return False, u"Machine inexistante"
if not user_request.has_perms(('cableur',)): if not user_request.has_perms(('cableur',)):
@ -737,10 +737,10 @@ class Interface(models.Model):
% max_lambdauser_interfaces % max_lambdauser_interfaces
return True, None return True, None
def can_edit(user_request, interface): def can_edit(self, user_request):
if not user_request.has_perms(('infra',)) and \ if not user_request.has_perms(('infra',)) and \
not user_request.has_perms(('cableur',)) and \ not user_request.has_perms(('cableur',)) and \
interface.machine.user != user_request: self.machine.user != user_request:
return False, u"Vous ne pouvez pas éditer une machine\ return False, u"Vous ne pouvez pas éditer une machine\
d'un autre user que vous sans droit" d'un autre user que vous sans droit"
return True, None return True, None
@ -847,9 +847,9 @@ class Domain(models.Model):
def get_instance(domainid): def get_instance(domainid):
return Domain.objects.get(pk=domainid) return Domain.objects.get(pk=domainid)
def can_create(user_request, interfaceid_dest): def can_create(user_request, interfaceid):
try: try:
interface = Interface.objects.get(pk=interfaceid_dest) interface = Interface.objects.get(pk=interfaceid)
except Interface.DoesNotExist: except Interface.DoesNotExist:
return False, u"Interface inexistante" return False, u"Interface inexistante"
if not user_request.has_perms(('cableur',)): if not user_request.has_perms(('cableur',)):
@ -868,10 +868,10 @@ class Domain(models.Model):
% max_lambdauser_aliases % max_lambdauser_aliases
return True, None return True, None
def can_edit(user_request, domain): def can_edit(self, user_request):
if not user_request.has_perms(('cableur',)) and ( if not user_request.has_perms(('cableur',)) and (
domain.cname is None or \ self.cname is None or \
domain.cname.interface_parent.machine.user != user_request self.cname.interface_parent.machine.user != user_request
): ):
return False, u"Vous ne pouvez pas ajouter un alias à une machine\ return False, u"Vous ne pouvez pas ajouter un alias à une machine\
d'un autre user que vous sans droit" d'un autre user que vous sans droit"
@ -910,7 +910,7 @@ class IpList(models.Model):
def can_create(user_request): def can_create(user_request):
return True, None return True, None
def can_edit(user_request, iplist): def can_edit(self, user_request):
return True, None return True, None
def __str__(self): def __str__(self):
@ -960,7 +960,7 @@ class Service(models.Model):
return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
de créer un service" de créer un service"
def can_edit(user_request, service): def can_edit(self, user_request):
if not user_request.has_perms(('infra',)): if not user_request.has_perms(('infra',)):
return False, u"Vous n'avez pas le droit d'éditer des services" return False, u"Vous n'avez pas le droit d'éditer des services"
return True, None return True, None
@ -1011,7 +1011,7 @@ class Service_link(models.Model):
def can_create(user_request): def can_create(user_request):
return True, None return True, None
def can_edit(user_request, servicelink): def can_edit(self, user_request):
return True, None return True, None
def __str__(self): def __str__(self):
@ -1034,7 +1034,7 @@ class OuverturePortList(models.Model):
return user_request.has_perms(('bureau',)) , u"Vous n'avez pas le droit\ return user_request.has_perms(('bureau',)) , u"Vous n'avez pas le droit\
d'ouvrir un port" d'ouvrir un port"
def can_edit(user_request, ouvertureportlist): def can_edit(self, user_request):
if not user_request.has_perms(('bureau',)): if not user_request.has_perms(('bureau',)):
return False, u"Vous n'avez pas le droit d'éditer des ouvertures de port" return False, u"Vous n'avez pas le droit d'éditer des ouvertures de port"
return True, None return True, None
@ -1115,7 +1115,7 @@ class OuverturePort(models.Model):
def can_create(user_request): def can_create(user_request):
return True, None return True, None
def can_edit(user_request, ouvertureport): def can_edit(self, user_request):
return True, None return True, None
def __str__(self): def __str__(self):

View file

@ -61,7 +61,7 @@ urlpatterns = [
url(r'^del_srv/$', views.del_srv, name='del-srv'), url(r'^del_srv/$', views.del_srv, name='del-srv'),
url(r'^index_extension/$', views.index_extension, name='index-extension'), url(r'^index_extension/$', views.index_extension, name='index-extension'),
url(r'^add_alias/(?P<interfaceid>[0-9]+)$', views.add_alias, name='add-alias'), url(r'^add_alias/(?P<interfaceid>[0-9]+)$', views.add_alias, name='add-alias'),
url(r'^edit_alias/(?P<aliasid>[0-9]+)$', views.edit_alias, name='edit-alias'), url(r'^edit_alias/(?P<domainid>[0-9]+)$', views.edit_alias, name='edit-alias'),
url(r'^del_alias/(?P<interfaceid>[0-9]+)$', views.del_alias, name='del-alias'), url(r'^del_alias/(?P<interfaceid>[0-9]+)$', views.del_alias, name='del-alias'),
url(r'^index_alias/(?P<interfaceid>[0-9]+)$', views.index_alias, name='index-alias'), url(r'^index_alias/(?P<interfaceid>[0-9]+)$', views.index_alias, name='index-alias'),
url(r'^add_service/$', views.add_service, name='add-service'), url(r'^add_service/$', views.add_service, name='add-service'),
@ -104,8 +104,8 @@ urlpatterns = [
url(r'^rest/service_servers/$', views.service_servers, name='service-servers'), url(r'^rest/service_servers/$', views.service_servers, name='service-servers'),
url(r'^rest/ouverture_ports/$', views.ouverture_ports, name='ouverture-ports'), url(r'^rest/ouverture_ports/$', views.ouverture_ports, name='ouverture-ports'),
url(r'index_portlist/$', views.index_portlist, name='index-portlist'), url(r'index_portlist/$', views.index_portlist, name='index-portlist'),
url(r'^edit_portlist/(?P<pk>[0-9]+)$', views.edit_portlist, name='edit-portlist'), url(r'^edit_portlist/(?P<ouvertureportlistid>[0-9]+)$', views.edit_portlist, name='edit-portlist'),
url(r'^del_portlist/(?P<pk>[0-9]+)$', views.del_portlist, name='del-portlist'), url(r'^del_portlist/(?P<ouvertureportlistid>[0-9]+)$', views.del_portlist, name='del-portlist'),
url(r'^add_portlist/$', views.add_portlist, name='add-portlist'), url(r'^add_portlist/$', views.add_portlist, name='add-portlist'),
url(r'^port_config/(?P<pk>[0-9]+)$', views.configure_ports, name='port-config'), url(r'^port_config/(?P<pk>[0-9]+)$', views.configure_ports, name='port-config'),

View file

@ -123,7 +123,9 @@ from re2o.utils import (
all_active_assigned_interfaces, all_active_assigned_interfaces,
all_has_access, all_has_access,
filter_active_interfaces, filter_active_interfaces,
SortTable SortTable,
can_create,
can_edit
) )
from re2o.views import form from re2o.views import form
@ -210,20 +212,12 @@ def generate_ipv4_mbf_param( form, is_type_tt ):
return i_mbf_param return i_mbf_param
@login_required @login_required
@can_create(Machine)
def new_machine(request, userid): def new_machine(request, userid):
""" Fonction de creation d'une machine. Cree l'objet machine, """ Fonction de creation d'une machine. Cree l'objet machine,
le sous objet interface et l'objet domain à partir de model forms. le sous objet interface et l'objet domain à partir de model forms.
Trop complexe, devrait être simplifié""" Trop complexe, devrait être simplifié"""
can, reason = Machine.can_create(request.user, userid)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
# No need to check if userid exist, already done in can_create
user = User.objects.get(pk=userid) user = User.objects.get(pk=userid)
machine = NewMachineForm(request.POST or None) machine = NewMachineForm(request.POST or None)
interface = AddInterfaceForm( interface = AddInterfaceForm(
@ -270,26 +264,18 @@ def new_machine(request, userid):
) )
@login_required @login_required
def edit_interface(request, interfaceid): @can_edit(Interface)
def edit_interface(request, interface_instance, interfaceid):
""" Edition d'une interface. Distingue suivant les droits les valeurs de interfaces et machines que l'user peut modifier """ Edition d'une interface. Distingue suivant les droits les valeurs de interfaces et machines que l'user peut modifier
infra permet de modifier le propriétaire""" infra permet de modifier le propriétaire"""
can, reason = Interface.can_edit(request.user, interfaceid)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
interface = Interface.objects.get(pk=interfaceid)
if not request.user.has_perms(('infra',)): if not request.user.has_perms(('infra',)):
machine_form = BaseEditMachineForm(request.POST or None, instance=interface.machine) machine_form = BaseEditMachineForm(request.POST or None, instance=interface_instance.machine)
interface_form = BaseEditInterfaceForm(request.POST or None, instance=interface, infra=False) interface_form = BaseEditInterfaceForm(request.POST or None, instance=interface_instance, infra=False)
else: else:
machine_form = EditMachineForm(request.POST or None, instance=interface.machine) machine_form = EditMachineForm(request.POST or None, instance=interface_instance.machine)
interface_form = EditInterfaceForm(request.POST or None, instance=interface) interface_form = EditInterfaceForm(request.POST or None, instance=interface_instance)
domain_form = DomainForm(request.POST or None, instance=interface.domain) domain_form = DomainForm(request.POST or None, instance=interface_instance.domain)
if machine_form.is_valid() and interface_form.is_valid() and domain_form.is_valid(): if machine_form.is_valid() and interface_form.is_valid() and domain_form.is_valid():
new_machine = machine_form.save(commit=False) new_machine = machine_form.save(commit=False)
new_interface = interface_form.save(commit=False) new_interface = interface_form.save(commit=False)
@ -309,7 +295,7 @@ def edit_interface(request, interfaceid):
messages.success(request, "La machine a été modifiée") messages.success(request, "La machine a été modifiée")
return redirect(reverse( return redirect(reverse(
'users:profil', 'users:profil',
kwargs={'userid':str(interface.machine.user.id)} kwargs={'userid':str(interface_instance.machine.user.id)}
)) ))
i_mbf_param = generate_ipv4_mbf_param( interface_form, False ) i_mbf_param = generate_ipv4_mbf_param( interface_form, False )
return form({'machineform': machine_form, 'interfaceform': interface_form, 'domainform': domain_form, 'i_mbf_param': i_mbf_param}, 'machines/machine.html', request) return form({'machineform': machine_form, 'interfaceform': interface_form, 'domainform': domain_form, 'i_mbf_param': i_mbf_param}, 'machines/machine.html', request)
@ -341,18 +327,10 @@ def del_machine(request, machineid):
return form({'objet': machine, 'objet_name': 'machine'}, 'machines/delete.html', request) return form({'objet': machine, 'objet_name': 'machine'}, 'machines/delete.html', request)
@login_required @login_required
@can_create(Interface)
def new_interface(request, machineid): def new_interface(request, machineid):
""" Ajoute une interface et son domain associé à une machine existante""" """ Ajoute une interface et son domain associé à une machine existante"""
can, reason = Interface.can_create(request.user, machineid)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
# No need to check if machineid exist, already done in can_create
machine = Machine.objects.get(pk=machineid) machine = Machine.objects.get(pk=machineid)
interface_form = AddInterfaceForm(request.POST or None, infra=request.user.has_perms(('infra',))) interface_form = AddInterfaceForm(request.POST or None, infra=request.user.has_perms(('infra',)))
domain_form = DomainForm(request.POST or None) domain_form = DomainForm(request.POST or None)
@ -409,17 +387,10 @@ def del_interface(request, interfaceid):
return form({'objet': interface, 'objet_name': 'interface'}, 'machines/delete.html', request) return form({'objet': interface, 'objet_name': 'interface'}, 'machines/delete.html', request)
@login_required @login_required
@can_create(IpType)
def add_iptype(request): def add_iptype(request):
""" Ajoute un range d'ip. Intelligence dans le models, fonction views minimaliste""" """ Ajoute un range d'ip. Intelligence dans le models, fonction views minimaliste"""
can, reason = IpType.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
iptype = IpTypeForm(request.POST or None) iptype = IpTypeForm(request.POST or None)
if iptype.is_valid(): if iptype.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -431,18 +402,10 @@ def add_iptype(request):
return form({'iptypeform': iptype}, 'machines/machine.html', request) return form({'iptypeform': iptype}, 'machines/machine.html', request)
@login_required @login_required
def edit_iptype(request, iptypeid): @can_edit(IpType)
def edit_iptype(request, iptype_instance, iptypeid):
""" Edition d'un range. Ne permet pas de le redimensionner pour éviter l'incohérence""" """ Edition d'un range. Ne permet pas de le redimensionner pour éviter l'incohérence"""
can, reason = IpType.can_edit(request.user, iptypeid)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
iptype_instance = IpType.objects.get(pk=iptypeid)
iptype = EditIpTypeForm(request.POST or None, instance=iptype_instance) iptype = EditIpTypeForm(request.POST or None, instance=iptype_instance)
if iptype.is_valid(): if iptype.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -472,16 +435,9 @@ def del_iptype(request):
return form({'iptypeform': iptype}, 'machines/machine.html', request) return form({'iptypeform': iptype}, 'machines/machine.html', request)
@login_required @login_required
@can_create(MachineType)
def add_machinetype(request): def add_machinetype(request):
can, reason = MachineType.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
machinetype = MachineTypeForm(request.POST or None) machinetype = MachineTypeForm(request.POST or None)
if machinetype.is_valid(): if machinetype.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -493,17 +449,9 @@ def add_machinetype(request):
return form({'machinetypeform': machinetype}, 'machines/machine.html', request) return form({'machinetypeform': machinetype}, 'machines/machine.html', request)
@login_required @login_required
def edit_machinetype(request, machinetypeid): @can_edit(MachineType)
def edit_machinetype(request, machinetype_instance, machinetypeid):
can, reason = MachineType.can_edit(request.user, machinetypeid)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
machinetype_instance = MachineType.objects.get(pk=machinetypeid)
machinetype = MachineTypeForm(request.POST or None, instance=machinetype_instance) machinetype = MachineTypeForm(request.POST or None, instance=machinetype_instance)
if machinetype.is_valid(): if machinetype.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -532,16 +480,9 @@ def del_machinetype(request):
return form({'machinetypeform': machinetype}, 'machines/machine.html', request) return form({'machinetypeform': machinetype}, 'machines/machine.html', request)
@login_required @login_required
@can_create(Extension)
def add_extension(request): def add_extension(request):
can, reason = Extension.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
extension = ExtensionForm(request.POST or None) extension = ExtensionForm(request.POST or None)
if extension.is_valid(): if extension.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -553,17 +494,9 @@ def add_extension(request):
return form({'extensionform': extension}, 'machines/machine.html', request) return form({'extensionform': extension}, 'machines/machine.html', request)
@login_required @login_required
def edit_extension(request, extensionid): @can_edit(Extension)
def edit_extension(request, extension_instance, extensionid):
can, reason = Extension.can_edit(request.user, extensionid)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
extension_instance = Extension.objects.get(pk=extensionid)
extension = ExtensionForm(request.POST or None, instance=extension_instance) extension = ExtensionForm(request.POST or None, instance=extension_instance)
if extension.is_valid(): if extension.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -592,16 +525,9 @@ def del_extension(request):
return form({'extensionform': extension}, 'machines/machine.html', request) return form({'extensionform': extension}, 'machines/machine.html', request)
@login_required @login_required
@can_create(SOA)
def add_soa(request): def add_soa(request):
can, reason = SOA.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
soa = SOAForm(request.POST or None) soa = SOAForm(request.POST or None)
if soa.is_valid(): if soa.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -613,17 +539,9 @@ def add_soa(request):
return form({'soaform': soa}, 'machines/machine.html', request) return form({'soaform': soa}, 'machines/machine.html', request)
@login_required @login_required
def edit_soa(request, soaid): @can_edit(SOA)
def edit_soa(request, soa_instance, soaid):
can, reason = SOA.can_edit(request.user, soaid)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
soa_instance = SOA.objects.get(pk=soaid)
soa = SOAForm(request.POST or None, instance=soa_instance) soa = SOAForm(request.POST or None, instance=soa_instance)
if soa.is_valid(): if soa.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -652,16 +570,9 @@ def del_soa(request):
return form({'soaform': soa}, 'machines/machine.html', request) return form({'soaform': soa}, 'machines/machine.html', request)
@login_required @login_required
@can_create(Mx)
def add_mx(request): def add_mx(request):
can, reason = Mx.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
mx = MxForm(request.POST or None) mx = MxForm(request.POST or None)
if mx.is_valid(): if mx.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -673,17 +584,9 @@ def add_mx(request):
return form({'mxform': mx}, 'machines/machine.html', request) return form({'mxform': mx}, 'machines/machine.html', request)
@login_required @login_required
def edit_mx(request, mxid): @can_edit(Mx)
def edit_mx(request, mx_instance, mxid):
can, reason = Mx.can_edit(request.user, mxid)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
mx_instance = Mx.objects.get(pk=mxid)
mx = MxForm(request.POST or None, instance=mx_instance) mx = MxForm(request.POST or None, instance=mx_instance)
if mx.is_valid(): if mx.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -712,16 +615,9 @@ def del_mx(request):
return form({'mxform': mx}, 'machines/machine.html', request) return form({'mxform': mx}, 'machines/machine.html', request)
@login_required @login_required
@can_create(Ns)
def add_ns(request): def add_ns(request):
can, reason = Ns.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
ns = NsForm(request.POST or None) ns = NsForm(request.POST or None)
if ns.is_valid(): if ns.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -733,17 +629,9 @@ def add_ns(request):
return form({'nsform': ns}, 'machines/machine.html', request) return form({'nsform': ns}, 'machines/machine.html', request)
@login_required @login_required
def edit_ns(request, nsid): @can_edit(Ns)
def edit_ns(request, ns_instance, nsid):
can, reason = Ns.can_edit(request.user, nsid)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
ns_instance = Ns.objects.get(pk=nsid)
ns = NsForm(request.POST or None, instance=ns_instance) ns = NsForm(request.POST or None, instance=ns_instance)
if ns.is_valid(): if ns.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -772,16 +660,9 @@ def del_ns(request):
return form({'nsform': ns}, 'machines/machine.html', request) return form({'nsform': ns}, 'machines/machine.html', request)
@login_required @login_required
@can_create(Txt)
def add_txt(request): def add_txt(request):
can, reason = Txt.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
txt = TxtForm(request.POST or None) txt = TxtForm(request.POST or None)
if txt.is_valid(): if txt.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -793,17 +674,9 @@ def add_txt(request):
return form({'txtform': txt}, 'machines/machine.html', request) return form({'txtform': txt}, 'machines/machine.html', request)
@login_required @login_required
def edit_txt(request, txtid): @can_edit(Txt)
def edit_txt(request, txt_instance, txtid):
can, reason = Txt.can_edit(request.user, txtid)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
txt_instance = Txt.objects.get(pk=txtid)
txt = TxtForm(request.POST or None, instance=txt_instance) txt = TxtForm(request.POST or None, instance=txt_instance)
if txt.is_valid(): if txt.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -832,16 +705,9 @@ def del_txt(request):
return form({'txtform': txt}, 'machines/machine.html', request) return form({'txtform': txt}, 'machines/machine.html', request)
@login_required @login_required
@can_create(Srv)
def add_srv(request): def add_srv(request):
can, reason = Srv.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
srv = SrvForm(request.POST or None) srv = SrvForm(request.POST or None)
if srv.is_valid(): if srv.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -853,17 +719,9 @@ def add_srv(request):
return form({'srvform': srv}, 'machines/machine.html', request) return form({'srvform': srv}, 'machines/machine.html', request)
@login_required @login_required
def edit_srv(request, srvid): @can_edit(Srv)
def edit_srv(request, srv_instance, srvid):
can, reason = Srv.can_edit(request.user, srvid)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
srv_instance = Srv.objects.get(pk=srvid)
srv = SrvForm(request.POST or None, instance=srv_instance) srv = SrvForm(request.POST or None, instance=srv_instance)
if srv.is_valid(): if srv.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -892,17 +750,9 @@ def del_srv(request):
return form({'srvform': srv}, 'machines/machine.html', request) return form({'srvform': srv}, 'machines/machine.html', request)
@login_required @login_required
@can_create(Domain)
def add_alias(request, interfaceid): def add_alias(request, interfaceid):
can, reason = Domain.can_create(request.user, interfaceid)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
# No need to check if interfaceid exist, already done in can_create
interface = Interface.objects.get(pk=interfaceid) interface = Interface.objects.get(pk=interfaceid)
alias = AliasForm(request.POST or None, infra=request.user.has_perms(('infra',))) alias = AliasForm(request.POST or None, infra=request.user.has_perms(('infra',)))
if alias.is_valid(): if alias.is_valid():
@ -920,27 +770,19 @@ def add_alias(request, interfaceid):
return form({'aliasform': alias}, 'machines/machine.html', request) return form({'aliasform': alias}, 'machines/machine.html', request)
@login_required @login_required
def edit_alias(request, aliasid): @can_edit(Domain)
def edit_alias(request, domain_instance, domainid):
can, reason = Domain.can_edit(request.user, aliasid) alias = AliasForm(request.POST or None, instance=domain_instance, infra=request.user.has_perms(('infra',)))
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
alias_instance = Domain.objects.get(pk=aliasid)
alias = AliasForm(request.POST or None, instance=alias_instance, infra=request.user.has_perms(('infra',)))
if alias.is_valid(): if alias.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
alias_instance = alias.save() domain_instance = alias.save()
reversion.set_user(request.user) reversion.set_user(request.user)
reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in alias.changed_data)) reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in alias.changed_data))
messages.success(request, "Alias modifié") messages.success(request, "Alias modifié")
return redirect(reverse( return redirect(reverse(
'machines:index-alias', 'machines:index-alias',
kwargs={'interfaceid':str(alias_instance.cname.interface_parent.id)} kwargs={'interfaceid':str(domain_instance.cname.interface_parent.id)}
)) ))
return form({'aliasform': alias}, 'machines/machine.html', request) return form({'aliasform': alias}, 'machines/machine.html', request)
@ -976,16 +818,9 @@ def del_alias(request, interfaceid):
@login_required @login_required
@can_create(Service)
def add_service(request): def add_service(request):
can, reason = Service.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
service = ServiceForm(request.POST or None) service = ServiceForm(request.POST or None)
if service.is_valid(): if service.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -997,17 +832,9 @@ def add_service(request):
return form({'serviceform': service}, 'machines/machine.html', request) return form({'serviceform': service}, 'machines/machine.html', request)
@login_required @login_required
def edit_service(request, serviceid): @can_edit(Service)
def edit_service(request, service_instance, serviceid):
can, reason = Service.can_edit(request.user, serviceid)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
service_instance = Service.objects.get(pk=serviceid)
service = ServiceForm(request.POST or None, instance=service_instance) service = ServiceForm(request.POST or None, instance=service_instance)
if service.is_valid(): if service.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -1036,16 +863,9 @@ def del_service(request):
return form({'serviceform': service}, 'machines/machine.html', request) return form({'serviceform': service}, 'machines/machine.html', request)
@login_required @login_required
@can_create(Vlan)
def add_vlan(request): def add_vlan(request):
can, reason = Vlan.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
vlan = VlanForm(request.POST or None) vlan = VlanForm(request.POST or None)
if vlan.is_valid(): if vlan.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -1057,17 +877,9 @@ def add_vlan(request):
return form({'vlanform': vlan}, 'machines/machine.html', request) return form({'vlanform': vlan}, 'machines/machine.html', request)
@login_required @login_required
def edit_vlan(request, vlanid): @can_edit(Vlan)
def edit_vlan(request, vlan_instance, vlanid):
can, reason = Vlan.can_edit(request.user, vlanid)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
vlan_instance = Vlan.objects.get(pk=vlanid)
vlan = VlanForm(request.POST or None, instance=vlan_instance) vlan = VlanForm(request.POST or None, instance=vlan_instance)
if vlan.is_valid(): if vlan.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -1096,16 +908,9 @@ def del_vlan(request):
return form({'vlanform': vlan}, 'machines/machine.html', request) return form({'vlanform': vlan}, 'machines/machine.html', request)
@login_required @login_required
@can_create(Nas)
def add_nas(request): def add_nas(request):
can, reason = Nas.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
nas = NasForm(request.POST or None) nas = NasForm(request.POST or None)
if nas.is_valid(): if nas.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -1117,17 +922,9 @@ def add_nas(request):
return form({'nasform': nas}, 'machines/machine.html', request) return form({'nasform': nas}, 'machines/machine.html', request)
@login_required @login_required
def edit_nas(request, nasid): @can_edit(Nas)
def edit_nas(request, nas_instance, nasid):
can, reason = Nas.can_edit(request.user, nasid)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
nas_instance = Nas.objects.get(pk=nasid)
nas = NasForm(request.POST or None, instance=nas_instance) nas = NasForm(request.POST or None, instance=nas_instance)
if nas.is_valid(): if nas.is_valid():
with transaction.atomic(), reversion.create_revision(): with transaction.atomic(), reversion.create_revision():
@ -1369,18 +1166,10 @@ def index_portlist(request):
return render(request, "machines/index_portlist.html", {'port_list':port_list}) return render(request, "machines/index_portlist.html", {'port_list':port_list})
@login_required @login_required
def edit_portlist(request, pk): @can_edit(OuverturePortList)
def edit_portlist(request, ouvertureportlist_instance, ouvertureportlistid):
can, reason = OuverturePortList.can_edit(request.user, pk) port_list = EditOuverturePortListForm(request.POST or None, instance=ouvertureportlist_instance)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
port_list_instance = OuverturePortList.objects.get(pk=pk)
port_list = EditOuverturePortListForm(request.POST or None, instance=port_list_instance)
port_formset = modelformset_factory( port_formset = modelformset_factory(
OuverturePort, OuverturePort,
fields=('begin','end','protocole','io'), fields=('begin','end','protocole','io'),
@ -1388,7 +1177,7 @@ def edit_portlist(request, pk):
can_delete=True, can_delete=True,
min_num=1, min_num=1,
validate_min=True, validate_min=True,
)(request.POST or None, queryset=port_list_instance.ouvertureport_set.all()) )(request.POST or None, queryset=ouvertureportlist_instance.ouvertureport_set.all())
if port_list.is_valid() and port_formset.is_valid(): if port_list.is_valid() and port_formset.is_valid():
pl = port_list.save() pl = port_list.save()
instances = port_formset.save(commit=False) instances = port_formset.save(commit=False)
@ -1403,9 +1192,9 @@ def edit_portlist(request, pk):
@login_required @login_required
@permission_required('bureau') @permission_required('bureau')
def del_portlist(request, pk): def del_portlist(request, ouvertureportlistid):
try: try:
port_list_instance = OuverturePortList.objects.get(pk=pk) port_list_instance = OuverturePortList.objects.get(pk=ouvertureportlistid)
except OuverturePortList.DoesNotExist: except OuverturePortList.DoesNotExist:
messages.error(request, "Liste de ports inexistante") messages.error(request, "Liste de ports inexistante")
return redirect(reverse('machines:index-portlist')) return redirect(reverse('machines:index-portlist'))
@ -1417,16 +1206,9 @@ def del_portlist(request, pk):
return redirect(reverse('machines:index-portlist')) return redirect(reverse('machines:index-portlist'))
@login_required @login_required
@can_create(OuverturePortList)
def add_portlist(request): def add_portlist(request):
can, reason = OuverturePortList.can_create(request.user)
if not can:
messages.error(request, reason)
return redirect(reverse(
'users:profil',
kwargs={'userid':str(request.user.id)}
))
port_list = EditOuverturePortListForm(request.POST or None) port_list = EditOuverturePortListForm(request.POST or None)
port_formset = modelformset_factory( port_formset = modelformset_factory(
OuverturePort, OuverturePort,

View file

@ -57,8 +57,8 @@ def can_create(model):
of models. of models.
""" """
def decorator(view): def decorator(view):
def wrapper(request,*args, **kwargs): def wrapper(request, *args, **kwargs):
can, msg = model.can_create(request.user) can, msg = model.can_create(request.user, *args, **kwargs)
if not can: if not can:
messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu") messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu")
return redirect(reverse('users:profil', return redirect(reverse('users:profil',
@ -85,7 +85,7 @@ def can_edit(model):
return redirect(reverse('users:profil', return redirect(reverse('users:profil',
kwargs={'userid':str(request.user.id)} kwargs={'userid':str(request.user.id)}
)) ))
can, msg = model.can_edit(instance, request.user) can, msg = instance.can_edit(request.user)
if not can: if not can:
messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu") messages.error(request, msg or "Vous ne pouvez pas accéder à ce menu")
return redirect(reverse('users:profil', return redirect(reverse('users:profil',

View file

@ -935,7 +935,7 @@ class ServiceUser(AbstractBaseUser):
return user.has_perms(('infra',)), u"Vous n'avez pas le droit de\ return user.has_perms(('infra',)), u"Vous n'avez pas le droit de\
créer un service user" créer un service user"
def can_edit(instance, user): def can_edit(self, user):
return user.has_perms(('infra',)), u"Vous n'avez pas le droit d'éditer\ return user.has_perms(('infra',)), u"Vous n'avez pas le droit d'éditer\
les services users" les services users"
@ -1119,7 +1119,7 @@ class Ban(models.Model):
def __str__(self): def __str__(self):
return str(self.user) + ' ' + str(self.raison) return str(self.user) + ' ' + str(self.raison)
def can_create(user): def can_create(user, userid):
return user.has_perms(('bofh',)), u"Vous n'avez pas le droit de\ return user.has_perms(('bofh',)), u"Vous n'avez pas le droit de\
créer des bannissement" créer des bannissement"