diff --git a/machines/models.py b/machines/models.py index f7b67b26..a7e2cd8f 100644 --- a/machines/models.py +++ b/machines/models.py @@ -72,6 +72,9 @@ class Machine(models.Model): % max_lambdauser_interfaces return True, None + def can_edit(user_request, machineid): + return True, None + def __str__(self): return str(self.user) + ' - ' + str(self.id) + ' - ' + str(self.name) @@ -97,6 +100,15 @@ class MachineType(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un type de machine" + def can_edit(user_request, machinetypeid): + if not user_request.has_perms(('infra',)): + return False, u"Vous n'avez pas le droit d'éditer des types de machine" + try: + machinetype_instance = MachineType.objects.get(pk=machinetypeid) + except MachineType.DoesNotExist: + return False, u"Type de machine inexistant" + return True, None + def __str__(self): return self.type @@ -211,6 +223,15 @@ class IpType(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un type d'ip" + def can_edit(user_request, iptypeid): + if not user_request.has_perms(('infra',)): + return False, u"Vous n'avez pas le droit d'éditer des types d'ip" + try: + iptype_instance = IpType.objects.get(pk=iptypeid) + except IpType.DoesNotExist: + return False, u"Type d'ip inexistant" + return True, None + def __str__(self): return self.type @@ -228,6 +249,15 @@ class Vlan(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un vlan" + def can_edit(user_request, vlanid): + if not user_request.has_perms(('infra',)): + return False, u"Vous n'avez pas le droit d'éditer des vlans" + try: + vlan_instance = Vlan.objects.get(pk=vlanid) + except Vlan.DoesNotExist: + return False, u"Vlan inexistant" + return True, None + def __str__(self): return self.name @@ -266,6 +296,15 @@ class Nas(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un nas" + def can_edit(user_request, nasid): + if not user_request.has_perms(('infra',)): + return False, u"Vous n'avez pas le droit d'éditer des nas" + try: + nas_instance = Nas.objects.get(pk=nasid) + except Nas.DoesNotExist: + return False, u"Nas inexistant" + return True, None + def __str__(self): return self.name @@ -306,6 +345,15 @@ class SOA(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un enregistrement SOA" + def can_edit(user_request, soaid): + if not user_request.has_perms(('infra',)): + return False, u"Vous n'avez pas le droit d'éditer des enregistrements SOA" + try: + soa_instance = SOA.objects.get(pk=soaid) + except SOA.DoesNotExist: + return False, u"Enregistrement SOA inexistant" + return True, None + def __str__(self): return str(self.name) @@ -392,6 +440,15 @@ class Extension(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer une extension" + def can_edit(user_request, extensionid): + if not user_request.has_perms(('infra',)): + return False, u"Vous n'avez pas le droit d'éditer des extensions" + try: + extension_instance = Extension.objects.get(pk=extensionid) + except Extension.DoesNotExist: + return False, u"Extension inexistante" + return True, None + def __str__(self): return self.name @@ -421,6 +478,15 @@ class Mx(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un enregistrement MX" + def can_edit(user_request, mxid): + if not user_request.has_perms(('infra',)): + return False, u"Vous n'avez pas le droit d'éditer des enregstrements MX" + try: + mx_instance = Mx.objects.get(pk=mxid) + except Mx.DoesNotExist: + return False, u"Enregistremet MX inexistant" + return True, None + def __str__(self): return str(self.zone) + ' ' + str(self.priority) + ' ' + str(self.name) @@ -441,6 +507,15 @@ class Ns(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un enregistrement NS" + def can_edit(user_request, nsid): + if not user_request.has_perms(('infra',)): + return False, u"Vous n'avez pas le droit d'éditer des enregistrements NS" + try: + ns_instance = Ns.objects.get(pk=nsid) + except Ns.DoesNotExist: + return False, u"Enregistrement NS inexistant" + return True, None + def __str__(self): return str(self.zone) + ' ' + str(self.ns) @@ -457,6 +532,15 @@ class Txt(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un enregistrement TXT" + def can_edit(user_request, txtid): + if not user_request.has_perms(('infra',)): + return False, u"Vous n'avez pas le droit d'éditer des enregistrement TXT" + try: + txt_instance = Txt.objects.get(pk=txtid) + except Txt.DoesNotExist: + return False, u"Enregistrement TXT inexistant" + return True, None + def __str__(self): return str(self.zone) + " : " + str(self.field1) + " " +\ str(self.field2) @@ -514,6 +598,15 @@ class Srv(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un enregistrement SRV" + def can_edit(user_request, srvid): + if not user_request.has_perms(('infra',)): + return False, u"Vous n'avez pas le droit d'éditer des enregistrements SRV" + try: + srv_instance = Srv.objects.get(pk=srvid) + except Srv.DoesNotExist: + return False, u"Enregistrement SRV inexistant" + return True, None + def __str__(self): return str(self.service) + ' ' + str(self.protocole) + ' ' +\ str(self.extension) + ' ' + str(self.priority) +\ @@ -648,6 +741,17 @@ class Interface(models.Model): % max_lambdauser_interfaces return True, None + def can_edit(user_request, interfaceid): + try: + interface = Interface.objects.get(pk=interfaceid) + except Interface.DoesNotExist: + return False, u"Interface inexistante" + if not user_request.has_perms(('infra',)): + if not user_request.has_perms(('cableur',)) and interface.machine.user != user_request: + return False, u"Vous ne pouvez pas éditer une machine\ + d'un autre user que vous sans droit" + return True, None + def __str__(self): try: domain = self.domain @@ -768,6 +872,16 @@ class Domain(models.Model): % max_lambdauser_aliases return True, None + def can_edit(user_request, domainid): + try: + alias_instance = Domain.objects.get(pk=domainid) + except Domain.DoesNotExist: + return False, u"Alias inexistant" + if not user_request.has_perms(('cableur',)) and (alias_instance.cname is None or alias_instance.cname.interface_parent.machine.user != user_request): + return False, u"Vous ne pouvez pas ajouter un alias à une machine\ + d'un autre user que vous sans droit" + return True, None + def __str__(self): return str(self.name) + str(self.extension) @@ -798,6 +912,9 @@ class IpList(models.Model): def can_create(user_request): return True, None + def can_edit(user_request, iplistid): + return True, None + def __str__(self): return self.ipv4 @@ -842,6 +959,15 @@ class Service(models.Model): return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\ de créer un service" + def can_edit(user_request, serviceid): + if not user_request.has_perms(('infra',)): + return False, u"Vous n'avez pas le droit d'éditer des services" + try: + service_instance = Service.objects.get(pk=serviceid) + except Service.DoesNotExist: + return False, u"Service inexistant" + return True, None + def __str__(self): return str(self.service_type) @@ -885,6 +1011,9 @@ class Service_link(models.Model): def can_create(user_request): return True, None + def can_edit(user_request, service_linkid): + return True, None + def __str__(self): return str(self.server) + " " + str(self.service) @@ -899,6 +1028,16 @@ class OuverturePortList(models.Model): ) def can_create(user_request): + return user_request.has_perms(('bureau',)) , u"Vous n'avez pas le droit\ + d'ouvrir un port" + + def can_edit(user_request, ouvertureportlistpk): + if not user_request.has_perms(('bureau',)): + return False, u"Vous n'avez pas le droit d'éditer des ouvertures de port" + try: + port_list_instance = OuverturePortList.objects.get(pk=ouvertureportlistpk) + except OuverturePortList.DoesNotExist: + return False, u"Ouverture de port inexistante" return True, None def __str__(self): @@ -972,8 +1111,10 @@ class OuverturePort(models.Model): ) def can_create(user_request): - return user_request.has_perms(('bureau',)) , u"Vous n'avez pas le droit\ - d'ouvrir un port" + return True, None + + def can_edit(user_request, ouvertureportid): + return True, None def __str__(self): if self.begin == self.end: diff --git a/machines/views.py b/machines/views.py index 3536b008..44c8d066 100644 --- a/machines/views.py +++ b/machines/views.py @@ -273,18 +273,17 @@ def new_machine(request, userid): def edit_interface(request, interfaceid): """ Edition d'une interface. Distingue suivant les droits les valeurs de interfaces et machines que l'user peut modifier infra permet de modifier le propriétaire""" - try: - interface = Interface.objects.get(pk=interfaceid) - except Interface.DoesNotExist: - messages.error(request, u"Interface inexistante" ) - return redirect(reverse('machines:index')) + + can, reason = Interface.can_edit(request.user, interfaceid) + if not can: + messages.error(request, reason) + return redirect(reverse( + 'users:profil', + kwargs={'userid':str(request.user.id)} + )) + + interface = Interface.objects.get(pk=interfaceid) if not request.user.has_perms(('infra',)): - if not request.user.has_perms(('cableur',)) and interface.machine.user != request.user: - messages.error(request, "Vous ne pouvez pas éditer une machine d'un autre user que vous sans droit") - return redirect(reverse( - 'users:profil', - kwargs={'userid':str(request.user.id)} - )) machine_form = BaseEditMachineForm(request.POST or None, instance=interface.machine) interface_form = BaseEditInterfaceForm(request.POST or None, instance=interface, infra=False) else: @@ -432,14 +431,18 @@ def add_iptype(request): return form({'iptypeform': iptype}, 'machines/machine.html', request) @login_required -@permission_required('infra') def edit_iptype(request, iptypeid): """ Edition d'un range. Ne permet pas de le redimensionner pour éviter l'incohérence""" - try: - iptype_instance = IpType.objects.get(pk=iptypeid) - except IpType.DoesNotExist: - messages.error(request, u"Entrée inexistante" ) - return redirect(reverse('machines:index-iptype')) + + can, reason = IpType.can_edit(request.user, iptypeid) + if not can: + messages.error(request, reason) + return redirect(reverse( + 'users:profil', + kwargs={'userid':str(request.user.id)} + )) + + iptype_instance = IpType.objects.get(pk=iptypeid) iptype = EditIpTypeForm(request.POST or None, instance=iptype_instance) if iptype.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -490,13 +493,17 @@ def add_machinetype(request): return form({'machinetypeform': machinetype}, 'machines/machine.html', request) @login_required -@permission_required('infra') def edit_machinetype(request, machinetypeid): - try: - machinetype_instance = MachineType.objects.get(pk=machinetypeid) - except MachineType.DoesNotExist: - messages.error(request, u"Entrée inexistante" ) - return redirect(reverse('machines:index-machinetype')) + + can, reason = MachineType.can_edit(request.user, machinetypeid) + if not can: + messages.error(request, reason) + return redirect(reverse( + 'users:profil', + kwargs={'userid':str(request.user.id)} + )) + + machinetype_instance = MachineType.objects.get(pk=machinetypeid) machinetype = MachineTypeForm(request.POST or None, instance=machinetype_instance) if machinetype.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -546,20 +553,24 @@ def add_extension(request): return form({'extensionform': extension}, 'machines/machine.html', request) @login_required -@permission_required('infra') def edit_extension(request, extensionid): - try: - extension_instance = Extension.objects.get(pk=extensionid) - except Extension.DoesNotExist: - messages.error(request, u"Entrée inexistante" ) - return redirect(reverse('machines:index-extension')) + + can, reason = Extension.can_edit(request.user, extensionid) + if not can: + messages.error(request, reason) + return redirect(reverse( + 'users:profil', + kwargs={'userid':str(request.user.id)} + )) + + extension_instance = Extension.objects.get(pk=extensionid) extension = ExtensionForm(request.POST or None, instance=extension_instance) if extension.is_valid(): with transaction.atomic(), reversion.create_revision(): extension.save() reversion.set_user(request.user) reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in extension.changed_data)) - messages.success(request, "Extension modifiée") + mssages.success(request, "Extension modifiée") return redirect(reverse('machines:index-extension')) return form({'extensionform': extension}, 'machines/machine.html', request) @@ -602,13 +613,17 @@ def add_soa(request): return form({'soaform': soa}, 'machines/machine.html', request) @login_required -@permission_required('infra') def edit_soa(request, soaid): - try: - soa_instance = SOA.objects.get(pk=soaid) - except SOA.DoesNotExist: - messages.error(request, u"Entrée inexistante" ) - return redirect(reverse('machines:index-extension')) + + can, reason = SOA.can_edit(request.user, soaid) + if not can: + messages.error(request, reason) + return redirect(reverse( + 'users:profil', + kwargs={'userid':str(request.user.id)} + )) + + soa_instance = SOA.objects.get(pk=soaid) soa = SOAForm(request.POST or None, instance=soa_instance) if soa.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -658,13 +673,17 @@ def add_mx(request): return form({'mxform': mx}, 'machines/machine.html', request) @login_required -@permission_required('infra') def edit_mx(request, mxid): - try: - mx_instance = Mx.objects.get(pk=mxid) - except Mx.DoesNotExist: - messages.error(request, u"Entrée inexistante" ) - return redirect(reverse('machines:index-extension')) + + can, reason = Mx.can_edit(request.user, mxid) + if not can: + messages.error(request, reason) + return redirect(reverse( + 'users:profil', + kwargs={'userid':str(request.user.id)} + )) + + mx_instance = Mx.objects.get(pk=mxid) mx = MxForm(request.POST or None, instance=mx_instance) if mx.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -714,13 +733,17 @@ def add_ns(request): return form({'nsform': ns}, 'machines/machine.html', request) @login_required -@permission_required('infra') def edit_ns(request, nsid): - try: - ns_instance = Ns.objects.get(pk=nsid) - except Ns.DoesNotExist: - messages.error(request, u"Entrée inexistante" ) - return redirect(reverse('machines:index-extension')) + + can, reason = Ns.can_edit(request.user, nsid) + if not can: + messages.error(request, reason) + return redirect(reverse( + 'users:profil', + kwargs={'userid':str(request.user.id)} + )) + + ns_instance = Ns.objects.get(pk=nsid) ns = NsForm(request.POST or None, instance=ns_instance) if ns.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -770,13 +793,17 @@ def add_txt(request): return form({'txtform': txt}, 'machines/machine.html', request) @login_required -@permission_required('infra') def edit_txt(request, txtid): - try: - txt_instance = Txt.objects.get(pk=txtid) - except Txt.DoesNotExist: - messages.error(request, u"Entrée inexistante" ) - return redirect(reverse('machines:index-extension')) + + can, reason = Txt.can_edit(request.user, txtid) + if not can: + messages.error(request, reason) + return redirect(reverse( + 'users:profil', + kwargs={'userid':str(request.user.id)} + )) + + txt_instance = Txt.objects.get(pk=txtid) txt = TxtForm(request.POST or None, instance=txt_instance) if txt.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -826,13 +853,17 @@ def add_srv(request): return form({'srvform': srv}, 'machines/machine.html', request) @login_required -@permission_required('infra') def edit_srv(request, srvid): - try: - srv_instance = Srv.objects.get(pk=srvid) - except Srv.DoesNotExist: - messages.error(request, u"Entrée inexistante" ) - return redirect(reverse('machines:index-extension')) + + can, reason = Srv.can_edit(request.user, srvid) + if not can: + messages.error(request, reason) + return redirect(reverse( + 'users:profil', + kwargs={'userid':str(request.user.id)} + )) + + srv_instance = Srv.objects.get(pk=srvid) srv = SrvForm(request.POST or None, instance=srv_instance) if srv.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -890,17 +921,16 @@ def add_alias(request, interfaceid): @login_required def edit_alias(request, aliasid): - try: - alias_instance = Domain.objects.get(pk=aliasid) - except Domain.DoesNotExist: - messages.error(request, u"Entrée inexistante" ) - return redirect(reverse('machines:index-extension')) - if not request.user.has_perms(('cableur',)) and alias_instance.cname.interface_parent.machine.user != request.user: - messages.error(request, "Vous ne pouvez pas ajouter un alias à une machine d'un autre user que vous sans droit") + + can, reason = Domain.can_edit(request.user, aliasid) + if not can: + messages.error(request, reason) return redirect(reverse( 'users:profil', kwargs={'userid':str(request.user.id)} - )) + )) + + alias_instance = Domain.objects.get(pk=aliasid) alias = AliasForm(request.POST or None, instance=alias_instance, infra=request.user.has_perms(('infra',))) if alias.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -967,13 +997,17 @@ def add_service(request): return form({'serviceform': service}, 'machines/machine.html', request) @login_required -@permission_required('infra') def edit_service(request, serviceid): - try: - service_instance = Service.objects.get(pk=serviceid) - except Ns.DoesNotExist: - messages.error(request, u"Entrée inexistante" ) - return redirect(reverse('machines:index-extension')) + + can, reason = Service.can_edit(request.user, serviceid) + if not can: + messages.error(request, reason) + return redirect(reverse( + 'users:profil', + kwargs={'userid':str(request.user.id)} + )) + + service_instance = Service.objects.get(pk=serviceid) service = ServiceForm(request.POST or None, instance=service_instance) if service.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -1023,13 +1057,17 @@ def add_vlan(request): return form({'vlanform': vlan}, 'machines/machine.html', request) @login_required -@permission_required('infra') def edit_vlan(request, vlanid): - try: - vlan_instance = Vlan.objects.get(pk=vlanid) - except Vlan.DoesNotExist: - messages.error(request, u"Entrée inexistante" ) - return redirect(reverse('machines:index-vlan')) + + can, reason = Vlan.can_edit(request.user, vlanid) + if not can: + messages.error(request, reason) + return redirect(reverse( + 'users:profil', + kwargs={'userid':str(request.user.id)} + )) + + vlan_instance = Vlan.objects.get(pk=vlanid) vlan = VlanForm(request.POST or None, instance=vlan_instance) if vlan.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -1079,13 +1117,17 @@ def add_nas(request): return form({'nasform': nas}, 'machines/machine.html', request) @login_required -@permission_required('infra') def edit_nas(request, nasid): - try: - nas_instance = Nas.objects.get(pk=nasid) - except Nas.DoesNotExist: - messages.error(request, u"Entrée inexistante" ) - return redirect(reverse('machines:index-nas')) + + can, reason = Nas.can_edit(request.user, nasid) + if not can: + messages.error(request, reason) + return redirect(reverse( + 'users:profil', + kwargs={'userid':str(request.user.id)} + )) + + nas_instance = Nas.objects.get(pk=nasid) nas = NasForm(request.POST or None, instance=nas_instance) if nas.is_valid(): with transaction.atomic(), reversion.create_revision(): @@ -1327,13 +1369,17 @@ def index_portlist(request): return render(request, "machines/index_portlist.html", {'port_list':port_list}) @login_required -@permission_required('bureau') def edit_portlist(request, pk): - try: - port_list_instance = OuverturePortList.objects.get(pk=pk) - except OuverturePortList.DoesNotExist: - messages.error(request, "Liste de ports inexistante") - return redirect(reverse('machines:index-portlist')) + + can, reason = OuverturePortList.can_edit(request.user, pk) + if not can: + messages.error(request, reason) + return redirect(reverse( + 'users:profil', + kwargs={'userid':str(request.user.id)} + )) + + port_list_instance = OuverturePortList.objects.get(pk=pk) port_list = EditOuverturePortListForm(request.POST or None, instance=port_list_instance) port_formset = modelformset_factory( OuverturePort, @@ -1373,7 +1419,7 @@ def del_portlist(request, pk): @login_required def add_portlist(request): - can, reason = OuverturePort.can_create(request.user) + can, reason = OuverturePortList.can_create(request.user) if not can: messages.error(request, reason) return redirect(reverse(