from django.utils.translation import ugettext_lazy
from django.template.defaultfilters import filesizeformat
from flowspy.flowspec.models import *
+from flowspy.peers.models import *
from ipaddr import *
from django.core.urlresolvers import reverse
from django.contrib.auth.models import User
model = Route
def clean_source(self):
- user = User.objects.get(pk=self.data['applier'][0])
+ user = User.objects.get(pk=self.data['applier'])
+ peer = user.get_profile().peer
data = self.cleaned_data['source']
private_error = False
protected_error = False
for net in settings.PROTECTED_SUBNETS:
if address in IPNetwork(net):
protected_error = True
- mail_body = "User %s:%s attempted to set %s as the source address in a firewall rule" %(user.username, user.email, data)
+ mail_body = "User %s %s (%s) attempted to set %s as the source address in a firewall rule" %(user.username, user.email, peer.peer_name, data)
send_mail(settings.EMAIL_SUBJECT_PREFIX + "Caught an attempt to set a protected IP/network as a source address",
mail_body, settings.SERVER_EMAIL,
- [settings.NOC_MAIL], fail_silently=True)
- raise forms.ValidationError("Not allowed")
+ settings.NOTIFY_ADMIN_MAILS, fail_silently=True)
+ raise Exception
if address.is_private:
private_error = True
- raise forms.ValidationError('Private addresses not allowed')
+ raise Exception
else:
return self.cleaned_data["source"]
except Exception:
raise forms.ValidationError(error_text)
def clean_destination(self):
- user = User.objects.get(pk=self.data['applier'][0])
+ user = User.objects.get(pk=self.data['applier'])
+ peer = user.get_profile().peer
data = self.cleaned_data['destination']
error = None
protected_error = False
for net in settings.PROTECTED_SUBNETS:
if address in IPNetwork(net):
protected_error = True
- mail_body = "User %s:%s attempted to set %s as the destination address in a firewall rule" %(user.username, user.email, data)
+ mail_body = "User %s %s (%s) attempted to set %s as the destination address in a firewall rule" %(user.username, user.email, peer.peer_name, data)
send_mail(settings.EMAIL_SUBJECT_PREFIX + "Caught an attempt to set a protected IP/network as the destination address",
mail_body, settings.SERVER_EMAIL,
- [settings.NOC_MAIL], fail_silently=True)
- raise forms.ValidationError("Not allowed")
+ settings.NOTIFY_ADMIN_MAILS, fail_silently=True)
+ raise Exception
if address.prefixlen < settings.PREFIX_LENGTH:
error = "Currently no prefix lengths < %s are allowed" %settings.PREFIX_LENGTH
- raise forms.ValidationError('error')
+ raise Exception
return self.cleaned_data["destination"]
except Exception:
error_text = 'Invalid network address format'
raise forms.ValidationError('Invalid date range')
def clean(self):
+ if self.errors:
+ raise forms.ValidationError('Errors in form. Please review and fix them')
name = self.cleaned_data.get('name', None)
source = self.cleaned_data.get('source', None)
sourceports = self.cleaned_data.get('sourceport', None)
then = self.cleaned_data.get('then', None)
destination = self.cleaned_data.get('destination', None)
destinationports = self.cleaned_data.get('destinationport', None)
+ protocols = self.cleaned_data.get('protocol', None)
user = self.cleaned_data.get('applier', None)
peer = user.get_profile().peer
networks = peer.networks.all()
+ if user.is_superuser:
+ networks = PeerRange.objects.filter(peer__in=Peer.objects.all()).distinct()
mynetwork = False
route_pk_list = []
if destination:
if destinationports and not destination:
raise forms.ValidationError('Once destination port is matched, destination has to be filled as well. Either deselect destination port or fill destination address')
if not (source or sourceports or ports or destination or destinationports):
- raise forms.ValidationError('Fill at least a Route Match Condition')
+ raise forms.ValidationError('Fill at least a Rule Match Condition')
if not user.is_superuser and then[0].action not in settings.UI_USER_THEN_ACTIONS:
raise forms.ValidationError('This action "%s" is not permitted' %(then[0].action))
- existing_routes = Route.objects.exclude(status='EXPIRED').exclude(status='PENDING').exclude(status='ERROR').exclude(status='ADMININACTIVE')
+ existing_routes = Route.objects.exclude(status='EXPIRED').exclude(status='ERROR').exclude(status='ADMININACTIVE')
existing_routes = existing_routes.filter(applier__userprofile__peer=peer)
if source:
source = IPNetwork(source).compressed
existing_routes = existing_routes.filter(source=source)
else:
existing_routes = existing_routes.filter(source=None)
+ if protocols:
+ route_pk_list=get_matchingprotocol_route_pks(protocols, existing_routes)
+ if route_pk_list:
+ existing_routes = existing_routes.filter(pk__in=route_pk_list)
+ else:
+ existing_routes = existing_routes.filter(protocol=None)
+ else:
+ existing_routes = existing_routes.filter(protocol=None)
if sourceports:
route_pk_list=get_matchingport_route_pks(sourceports, existing_routes)
if route_pk_list:
existing_routes = existing_routes.filter(pk__in=route_pk_list)
else:
existing_routes = existing_routes.filter(port=None)
-
for route in existing_routes:
if name != route.name:
existing_url = reverse('edit-route', args=[route.name])
rsp = value_list_to_list(route.destinationport.all().values_list('port').order_by('port'))
if rsp and rsp == ports_value_list:
route_pk_list.append(route.pk)
+ return route_pk_list
+
+def get_matchingprotocol_route_pks(protocolist, routes):
+ route_pk_list = []
+ protocols_value_list = value_list_to_list(protocolist.values_list('protocol').order_by('protocol'))
+ for route in routes:
+ rsp = value_list_to_list(route.protocol.all().values_list('protocol').order_by('protocol'))
+ if rsp and rsp == protocols_value_list:
+ route_pk_list.append(route.pk)
return route_pk_list
\ No newline at end of file