from django.core.context_processors import request
from django.template.context import RequestContext
from django.template.loader import get_template, render_to_string
+from django.utils.translation import ugettext as _
from django.core.urlresolvers import reverse
from django.contrib import messages
from flowspy.accounts.models import *
peer = request.user.get_profile().peer
except UserProfile.DoesNotExist:
error = "User <strong>%s</strong> does not belong to any peer or organization. It is not possible to create new firewall rules.<br>Please contact Helpdesk to resolve this issue" % request.user.username
- return render_to_response('error.html', {'error': error})
+ return render_to_response('error.html', {'error': error}, context_instance=RequestContext(request))
if peer:
peer_members = UserProfile.objects.filter(peer=peer)
users = [prof.user for prof in peer_members]
applier_peer_networks = request.user.get_profile().peer.networks.all()
if not applier_peer_networks:
messages.add_message(request, messages.WARNING,
- "Insufficient rights on administrative networks. Cannot add rule. Contact your administrator")
+ _("Insufficient rights on administrative networks. Cannot add rule. Contact your administrator"))
return HttpResponseRedirect(reverse("group-routes"))
if request.method == "GET":
form = RouteForm(initial={'applier': applier})
if not request.user.is_superuser:
route.applier = request.user
route.status = "PENDING"
- route.response = "Applying..."
+ route.response = "Applying"
route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
route.save()
form.save_m2m()
route.commit_add()
requesters_address = request.META['HTTP_X_FORWARDED_FOR']
- mail_body = render_to_string("rule_add_mail.txt",
- {"route": route, "address": requesters_address})
+ fqdn = Site.objects.get_current().domain
+ admin_url = "https://%s%s" % (fqdn, "/fod/edit/%s"%route.name)
+ mail_body = render_to_string("rule_action.txt",
+ {"route": route, "address": requesters_address, "action": "creation", "url": admin_url})
user_mail = "%s" %route.applier.email
user_mail = user_mail.split(';')
send_new_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s creation request submitted by %s" %(route.name, route.applier.username),
route_edit_applier_peer = route_edit.applier.get_profile().peer
if applier_peer != route_edit_applier_peer and (not request.user.is_superuser):
messages.add_message(request, messages.WARNING,
- "Insufficient rights to edit rule %s" %(route_slug))
+ _("Insufficient rights to edit rule %s") %(route_slug))
return HttpResponseRedirect(reverse("group-routes"))
# if route_edit.status == "ADMININACTIVE" :
# messages.add_message(request, messages.WARNING,
# return HttpResponseRedirect(reverse("group-routes"))
if route_edit.status == "PENDING" :
messages.add_message(request, messages.WARNING,
- "Cannot edit a pending rule: %s." %(route_slug))
+ _("Cannot edit a pending rule: %s.") %(route_slug))
return HttpResponseRedirect(reverse("group-routes"))
route_original = deepcopy(route_edit)
if request.POST:
route.applier = request.user
if bool(set(changed_data) & set(critical_changed_values)) or (not route_original.status == 'ACTIVE'):
route.status = "PENDING"
- route.response = "Applying..."
+ route.response = "Applying"
route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
route.save()
form.save_m2m()
route.commit_edit()
requesters_address = request.META['HTTP_X_FORWARDED_FOR']
- mail_body = render_to_string("rule_edit_mail.txt",
- {"route": route, "address": requesters_address})
+ fqdn = Site.objects.get_current().domain
+ admin_url = "https://%s%s" % (fqdn, "/fod/edit/%s"%route.name)
+ mail_body = render_to_string("rule_action.txt",
+ {"route": route, "address": requesters_address, "action": "edit", "url": admin_url})
user_mail = "%s" %route.applier.email
user_mail = user_mail.split(';')
send_new_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s edit request submitted by %s" %(route.name, route.applier.username),
route.expires = datetime.date.today()
if not request.user.is_superuser:
route.applier = request.user
- route.response = "Suspending..."
+ route.response = "Suspending"
route.save()
route.commit_delete()
requesters_address = request.META['HTTP_X_FORWARDED_FOR']
- mail_body = render_to_string("rule_delete_mail.txt",
- {"route": route, "address": requesters_address})
+ fqdn = Site.objects.get_current().domain
+ admin_url = "https://%s%s" % (fqdn, "/fod/edit/%s"%route.name)
+ mail_body = render_to_string("rule_action.txt",
+ {"route": route, "address": requesters_address, "action": "removal", "url": admin_url})
user_mail = "%s" %route.applier.email
user_mail = user_mail.split(';')
send_new_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s removal request submitted by %s" %(route.name, route.applier.username),
peers = Peer.objects.all()
except UserProfile.DoesNotExist:
error = "User <strong>%s</strong> does not belong to any peer or organization. It is not possible to create new firewall rules.<br>Please contact Helpdesk to resolve this issue" % user.username
- return render_to_response('error.html', {'error': error})
+ return render_to_response('error.html', {'error': error}, context_instance=RequestContext(request))
return render_to_response('profile.html', {'user': user, 'peers':peers},
context_instance=RequestContext(request))
username = request.META['HTTP_EPPN']
if not username:
error_username = True
- firstname = request.META['HTTP_SHIB_INETORGPERSON_GIVENNAME']
- lastname = request.META['HTTP_SHIB_PERSON_SURNAME']
- mail = request.META['HTTP_SHIB_INETORGPERSON_MAIL']
- organization = request.META['HTTP_SHIB_HOMEORGANIZATION']
- entitlement = request.META['HTTP_SHIB_EP_ENTITLEMENT']
+ firstname = lookupShibAttr(settings.SHIB_FIRSTNAME, request.META)
+ lastname = lookupShibAttr(settings.SHIB_LASTNAME, request.META)
+ mail = lookupShibAttr(settings.SHIB_MAIL, request.META)
+ entitlement = lookupShibAttr(settings.SHIB_ENTITLEMENT, request.META)
+ #organization = request.META['HTTP_SHIB_HOMEORGANIZATION']
+
if settings.SHIB_AUTH_ENTITLEMENT in entitlement.split(";"):
has_entitlement = True
if not has_entitlement:
error_entitlement = True
- if not organization:
- error_orgname = True
+# if not organization:
+# error_orgname = True
if not mail:
error_mail = True
if error_username:
- error = "Your idP should release the HTTP_EPPN attribute towards this service<br>"
- if error_orgname:
- error = error + "Your idP should release the HTTP_SHIB_HOMEORGANIZATION attribute towards this service<br>"
+ error = _("Your idP should release the HTTP_EPPN attribute towards this service<br>")
+# if error_orgname:
+# error = error + _("Your idP should release the HTTP_SHIB_HOMEORGANIZATION attribute towards this service<br>")
if error_entitlement:
- error = error + "Your idP should release an appropriate HTTP_SHIB_EP_ENTITLEMENT attribute towards this service<br>"
+ error = error + _("Your idP should release an appropriate HTTP_SHIB_EP_ENTITLEMENT attribute towards this service<br>")
if error_mail:
- error = error + "Your idP should release the HTTP_SHIB_INETORGPERSON_MAIL attribute towards this service"
+ error = error + _("Your idP should release the HTTP_SHIB_INETORGPERSON_MAIL attribute towards this service")
if error_username or error_orgname or error_entitlement or error_mail:
return render_to_response('error.html', {'error': error, "missing_attributes": True},
context_instance=RequestContext(request))
except:
user_exists = False
user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, authsource='shibboleth')
+
if user is not None:
try:
- peer = Peer.objects.get(domain_name=organization)
- up = UserProfile.objects.get_or_create(user=user,peer=peer)
+ peer = user.get_profile().peer
+# peer = Peer.objects.get(domain_name=organization)
+# up = UserProfile.objects.get_or_create(user=user,peer=peer)
except:
- error = "Your organization's domain name does not match our peers' domain names<br>Please contact Helpdesk to resolve this issue"
- return render_to_response('error.html', {'error': error})
+ form = UserProfileForm()
+ form.fields['user'] = forms.ModelChoiceField(queryset=User.objects.filter(pk=user.pk), empty_label=None)
+ form.fields['peer'] = forms.ModelChoiceField(queryset=Peer.objects.all(), empty_label=None)
+ return render_to_response('registration/select_institution.html', {'form': form}, context_instance=RequestContext(request))
if not user_exists:
user_activation_notify(user)
if user.is_active:
login(request, user)
return HttpResponseRedirect(reverse("group-routes"))
else:
- error = "User account <strong>%s</strong> is pending activation. Administrators have been notified and will activate this account within the next days. <br>If this account has remained inactive for a long time contact your technical coordinator or GRNET Helpdesk" %user.username
+ error = _("User account <strong>%s</strong> is pending activation. Administrators have been notified and will activate this account within the next days. <br>If this account has remained inactive for a long time contact your technical coordinator or GRNET Helpdesk") %user.username
return render_to_response('error.html', {'error': error, 'inactive': True},
context_instance=RequestContext(request))
else:
- error = "Something went wrong during user authentication. Contact your administrator"
+ error = _("Something went wrong during user authentication. Contact your administrator")
return render_to_response('error.html', {'error': error,},
context_instance=RequestContext(request))
- except Exception:
- error = "Invalid login procedure"
+ except User.DoesNotExist as e:
+ error = _("Invalid login procedure. Error: %s" %e)
return render_to_response('error.html', {'error': error,},
context_instance=RequestContext(request))
# Return an 'invalid login' error message.
return render_to_response('add_port.html', {'form': form,},
context_instance=RequestContext(request))
+@never_cache
+def selectinst(request):
+ if request.method == 'POST':
+ request_data = request.POST.copy()
+ user = request_data['user']
+ try:
+ existingProfile = UserProfile.objects.get(user=user)
+ error = _("Violation warning: User account is already associated with an institution.The event has been logged and our administrators will be notified about it")
+ return render_to_response('error.html', {'error': error, 'inactive': True},
+ context_instance=RequestContext(request))
+ except UserProfile.DoesNotExist:
+ pass
+
+ form = UserProfileForm(request_data)
+ if form.is_valid():
+ userprofile = form.save()
+ user_activation_notify(userprofile.user)
+ error = _("User account <strong>%s</strong> is pending activation. Administrators have been notified and will activate this account within the next days. <br>If this account has remained inactive for a long time contact your technical coordinator or GRNET Helpdesk") %userprofile.user.username
+ return render_to_response('error.html', {'error': error, 'inactive': True},
+ context_instance=RequestContext(request))
+ else:
+ form.fields['user'] = forms.ModelChoiceField(queryset=User.objects.filter(pk=user.pk), empty_label=None)
+ form.fields['institution'] = forms.ModelChoiceField(queryset=Peer.objects.all(), empty_label=None)
+ return render_to_response('registration/select_institution.html', {'form': form}, context_instance=RequestContext(request))
+
+@never_cache
+def overview(request):
+ user = request.user
+ if user.is_authenticated():
+ if user.has_perm('accounts.overview'):
+ users = User.objects.all()
+ group_routes = Route.objects.all()
+ return render_to_response('overview/index.html', {'users': users, 'routes': group_routes},
+ context_instance=RequestContext(request))
+ else:
+ violation=True
+ return render_to_response('overview/index.html', {'violation': violation},
+ context_instance=RequestContext(request))
+ else:
+ return HttpResponseRedirect(reverse("altlogin"))
+
@login_required
@never_cache
def user_logout(request):
mail.extend(techmails_list)
return mail
-
def send_new_mail(subject, message, from_email, recipient_list, bcc_list):
return EmailMessage(subject, message, from_email, recipient_list, bcc_list).send()
+
+def lookupShibAttr(attrmap, requestMeta):
+ for attr in attrmap:
+ if (attr in requestMeta.keys()):
+ if len(requestMeta[attr]) > 0:
+ return requestMeta[attr]
+ return ''