Added alternate view for Helpdesk

[flowspy] / flowspec / views.py
diff --git a/flowspec/views.py b/flowspec/views.py

index d321558..0f14b6e 100644 (file)
--- a/flowspec/views.py
+++ b/flowspec/views.py
@@ -15,6 +15,7 @@ from django.shortcuts import get_object_or_404, render_to_response
  from django.core.context_processors import request
  from django.template.context import RequestContext
  from django.template.loader import get_template, render_to_string
+from django.utils.translation import ugettext as _
  from django.core.urlresolvers import reverse
  from django.contrib import messages
  from flowspy.accounts.models import *
@@ -67,7 +68,7 @@ def group_routes(request):
          peer = request.user.get_profile().peer
      except UserProfile.DoesNotExist:
          error = "User <strong>%s</strong> does not belong to any peer or organization. It is not possible to create new firewall rules.<br>Please contact Helpdesk to resolve this issue" % request.user.username
-        return render_to_response('error.html', {'error': error})
+        return render_to_response('error.html', {'error': error}, context_instance=RequestContext(request))
      if peer:
         peer_members = UserProfile.objects.filter(peer=peer)
         users = [prof.user for prof in peer_members]
@@ -85,7 +86,7 @@ def add_route(request):
      applier_peer_networks = request.user.get_profile().peer.networks.all()
      if not applier_peer_networks:
           messages.add_message(request, messages.WARNING,
-                             "Insufficient rights on administrative networks. Cannot add rule. Contact your administrator")
+                             _("Insufficient rights on administrative networks. Cannot add rule. Contact your administrator"))
           return HttpResponseRedirect(reverse("group-routes"))
      if request.method == "GET":
          form = RouteForm(initial={'applier': applier})
@@ -111,15 +112,17 @@ def add_route(request):
              if not request.user.is_superuser:
                  route.applier = request.user
              route.status = "PENDING"
-            route.response = "Applying..."
+            route.response = "Applying"
              route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
              route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
              route.save()
              form.save_m2m()
              route.commit_add()
              requesters_address = request.META['HTTP_X_FORWARDED_FOR']
-            mail_body = render_to_string("rule_add_mail.txt",
-                                             {"route": route, "address": requesters_address})
+            fqdn = Site.objects.get_current().domain
+            admin_url = "https://%s%s" % (fqdn, "/fod/edit/%s"%route.name)
+            mail_body = render_to_string("rule_action.txt",
+                                             {"route": route, "address": requesters_address, "action": "creation", "url": admin_url})
              user_mail = "%s" %route.applier.email
              user_mail = user_mail.split(';')
              send_new_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s creation request submitted by %s" %(route.name, route.applier.username),
@@ -144,7 +147,7 @@ def edit_route(request, route_slug):
      route_edit_applier_peer = route_edit.applier.get_profile().peer
      if applier_peer != route_edit_applier_peer and (not request.user.is_superuser):
          messages.add_message(request, messages.WARNING,
-                             "Insufficient rights to edit rule %s" %(route_slug))
+                             _("Insufficient rights to edit rule %s") %(route_slug))
          return HttpResponseRedirect(reverse("group-routes"))
  #    if route_edit.status == "ADMININACTIVE" :
  #        messages.add_message(request, messages.WARNING,
@@ -156,7 +159,7 @@ def edit_route(request, route_slug):
  #        return HttpResponseRedirect(reverse("group-routes"))
      if route_edit.status == "PENDING" :
          messages.add_message(request, messages.WARNING,
-                             "Cannot edit a pending rule: %s." %(route_slug))
+                             _("Cannot edit a pending rule: %s.") %(route_slug))
          return HttpResponseRedirect(reverse("group-routes"))
      route_original = deepcopy(route_edit)
      if request.POST:
@@ -181,7 +184,7 @@ def edit_route(request, route_slug):
                  route.applier = request.user
              if bool(set(changed_data) & set(critical_changed_values)) or (not route_original.status == 'ACTIVE'):
                  route.status = "PENDING"
-                route.response = "Applying..."
+                route.response = "Applying"
                  route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
                  route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
              route.save()
@@ -189,8 +192,10 @@ def edit_route(request, route_slug):
                  form.save_m2m()
                  route.commit_edit()
                  requesters_address = request.META['HTTP_X_FORWARDED_FOR']
-                mail_body = render_to_string("rule_edit_mail.txt",
-                                             {"route": route, "address": requesters_address})
+                fqdn = Site.objects.get_current().domain
+                admin_url = "https://%s%s" % (fqdn, "/fod/edit/%s"%route.name)
+                mail_body = render_to_string("rule_action.txt",
+                                             {"route": route, "address": requesters_address, "action": "edit", "url": admin_url})
                  user_mail = "%s" %route.applier.email
                  user_mail = user_mail.split(';')
                  send_new_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s edit request submitted by %s" %(route.name, route.applier.username),
@@ -235,12 +240,14 @@ def delete_route(request, route_slug):
              route.expires = datetime.date.today()
              if not request.user.is_superuser:
                  route.applier = request.user
-            route.response = "Suspending..."
+            route.response = "Suspending"
              route.save()
              route.commit_delete()
              requesters_address = request.META['HTTP_X_FORWARDED_FOR']
-            mail_body = render_to_string("rule_delete_mail.txt",
-                                             {"route": route, "address": requesters_address})
+            fqdn = Site.objects.get_current().domain
+            admin_url = "https://%s%s" % (fqdn, "/fod/edit/%s"%route.name)
+            mail_body = render_to_string("rule_action.txt",
+                                             {"route": route, "address": requesters_address, "action": "removal", "url": admin_url})
              user_mail = "%s" %route.applier.email
              user_mail = user_mail.split(';')
              send_new_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s removal request submitted by %s" %(route.name, route.applier.username), 
@@ -264,7 +271,7 @@ def user_profile(request):
              peers = Peer.objects.all()
      except UserProfile.DoesNotExist:
          error = "User <strong>%s</strong> does not belong to any peer or organization. It is not possible to create new firewall rules.<br>Please contact Helpdesk to resolve this issue" % user.username
-        return render_to_response('error.html', {'error': error})
+        return render_to_response('error.html', {'error': error}, context_instance=RequestContext(request))
      return render_to_response('profile.html', {'user': user, 'peers':peers},
                                    context_instance=RequestContext(request))
  
@@ -280,27 +287,28 @@ def user_login(request):
          username = request.META['HTTP_EPPN']
          if not username:
              error_username = True
-        firstname = request.META['HTTP_SHIB_INETORGPERSON_GIVENNAME']
-        lastname = request.META['HTTP_SHIB_PERSON_SURNAME']
-        mail = request.META['HTTP_SHIB_INETORGPERSON_MAIL']
-        organization = request.META['HTTP_SHIB_HOMEORGANIZATION']
-        entitlement = request.META['HTTP_SHIB_EP_ENTITLEMENT']
+        firstname = lookupShibAttr(settings.SHIB_FIRSTNAME, request.META)
+        lastname = lookupShibAttr(settings.SHIB_LASTNAME, request.META)
+        mail = lookupShibAttr(settings.SHIB_MAIL, request.META)
+        entitlement = lookupShibAttr(settings.SHIB_ENTITLEMENT, request.META)
+        #organization = request.META['HTTP_SHIB_HOMEORGANIZATION']
+        
          if settings.SHIB_AUTH_ENTITLEMENT in entitlement.split(";"):
              has_entitlement = True
          if not has_entitlement:
              error_entitlement = True
-        if not organization:
-            error_orgname = True
+#        if not organization:
+#            error_orgname = True
          if not mail:
              error_mail = True
          if error_username:
-            error = "Your idP should release the HTTP_EPPN attribute towards this service<br>"
-        if error_orgname:
-            error = error + "Your idP should release the HTTP_SHIB_HOMEORGANIZATION attribute towards this service<br>"
+            error = _("Your idP should release the HTTP_EPPN attribute towards this service<br>")
+#        if error_orgname:
+#            error = error + _("Your idP should release the HTTP_SHIB_HOMEORGANIZATION attribute towards this service<br>")
          if error_entitlement:
-            error = error + "Your idP should release an appropriate HTTP_SHIB_EP_ENTITLEMENT attribute towards this service<br>"
+            error = error + _("Your idP should release an appropriate HTTP_SHIB_EP_ENTITLEMENT attribute towards this service<br>")
          if error_mail:
-            error = error + "Your idP should release the HTTP_SHIB_INETORGPERSON_MAIL attribute towards this service"
+            error = error + _("Your idP should release the HTTP_SHIB_INETORGPERSON_MAIL attribute towards this service")
          if error_username or error_orgname or error_entitlement or error_mail:
              return render_to_response('error.html', {'error': error, "missing_attributes": True},
                                    context_instance=RequestContext(request))
@@ -314,28 +322,32 @@ def user_login(request):
          except:
              user_exists = False
          user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, authsource='shibboleth')
+        
          if user is not None:
              try:
-                peer = Peer.objects.get(domain_name=organization)
-                up = UserProfile.objects.get_or_create(user=user,peer=peer)
+                peer = user.get_profile().peer
+#                peer = Peer.objects.get(domain_name=organization)
+#                up = UserProfile.objects.get_or_create(user=user,peer=peer)
              except:
-                error = "Your organization's domain name does not match our peers' domain names<br>Please contact Helpdesk to resolve this issue"
-                return render_to_response('error.html', {'error': error})
+                form = UserProfileForm()
+                form.fields['user'] = forms.ModelChoiceField(queryset=User.objects.filter(pk=user.pk), empty_label=None)
+                form.fields['peer'] = forms.ModelChoiceField(queryset=Peer.objects.all(), empty_label=None)
+                return render_to_response('registration/select_institution.html', {'form': form}, context_instance=RequestContext(request))
              if not user_exists:
                  user_activation_notify(user)
              if user.is_active:
                 login(request, user)
                 return HttpResponseRedirect(reverse("group-routes"))
              else:
-                error = "User account <strong>%s</strong> is pending activation. Administrators have been notified and will activate this account within the next days. <br>If this account has remained inactive for a long time contact your technical coordinator or GRNET Helpdesk" %user.username
+                error = _("User account <strong>%s</strong> is pending activation. Administrators have been notified and will activate this account within the next days. <br>If this account has remained inactive for a long time contact your technical coordinator or GRNET Helpdesk") %user.username
                  return render_to_response('error.html', {'error': error, 'inactive': True},
                                    context_instance=RequestContext(request))
          else:
-            error = "Something went wrong during user authentication. Contact your administrator"
+            error = _("Something went wrong during user authentication. Contact your administrator")
              return render_to_response('error.html', {'error': error,},
                                    context_instance=RequestContext(request))
-    except Exception:
-        error = "Invalid login procedure"
+    except User.DoesNotExist as e:
+        error = _("Invalid login procedure. Error: %s" %e)
          return render_to_response('error.html', {'error': error,},
                                    context_instance=RequestContext(request))
          # Return an 'invalid login' error message.
@@ -399,6 +411,47 @@ def add_port(request):
              return render_to_response('add_port.html', {'form': form,},
                                        context_instance=RequestContext(request))
  
+@never_cache
+def selectinst(request):
+    if request.method == 'POST':
+        request_data = request.POST.copy()
+        user = request_data['user']
+        try:
+            existingProfile = UserProfile.objects.get(user=user)
+            error = _("Violation warning: User account is already associated with an institution.The event has been logged and our administrators will be notified about it")
+            return render_to_response('error.html', {'error': error, 'inactive': True},
+                                  context_instance=RequestContext(request))
+        except UserProfile.DoesNotExist:
+            pass
+            
+        form = UserProfileForm(request_data)
+        if form.is_valid():
+            userprofile = form.save()
+            user_activation_notify(userprofile.user)
+            error = _("User account <strong>%s</strong> is pending activation. Administrators have been notified and will activate this account within the next days. <br>If this account has remained inactive for a long time contact your technical coordinator or GRNET Helpdesk") %userprofile.user.username
+            return render_to_response('error.html', {'error': error, 'inactive': True},
+                                  context_instance=RequestContext(request))
+        else:
+            form.fields['user'] = forms.ModelChoiceField(queryset=User.objects.filter(pk=user.pk), empty_label=None)
+            form.fields['institution'] = forms.ModelChoiceField(queryset=Peer.objects.all(), empty_label=None)
+            return render_to_response('registration/select_institution.html', {'form': form}, context_instance=RequestContext(request))
+
+@never_cache
+def overview(request):
+    user = request.user
+    if user.is_authenticated():
+        if user.has_perm('accounts.overview'):
+            users = User.objects.all()
+            group_routes = Route.objects.all()
+            return render_to_response('overview/index.html', {'users': users, 'routes': group_routes},
+                                  context_instance=RequestContext(request))
+        else:
+            violation=True
+            return render_to_response('overview/index.html', {'violation': violation},
+                                  context_instance=RequestContext(request))
+    else:
+        return HttpResponseRedirect(reverse("altlogin"))
+
  @login_required
  @never_cache
  def user_logout(request):
@@ -428,7 +481,13 @@ def get_peer_techc_mails(user):
      mail.extend(techmails_list)
      return mail
  
-
  def send_new_mail(subject, message, from_email, recipient_list, bcc_list):
      return EmailMessage(subject, message, from_email, recipient_list, bcc_list).send()
  
+
+def lookupShibAttr(attrmap, requestMeta):
+    for attr in attrmap:
+        if (attr in requestMeta.keys()):
+            if len(requestMeta[attr]) > 0:
+                return requestMeta[attr]
+    return ''