from django.core.context_processors import request
from django.template.context import RequestContext
from django.template.loader import get_template, render_to_string
-from django.utils import simplejson
from django.core.urlresolvers import reverse
from django.contrib import messages
from flowspy.accounts.models import *
from flowspy.flowspec.forms import *
from flowspy.flowspec.models import *
+from flowspy.peers.models import *
+
from registration.models import RegistrationProfile
from copy import deepcopy
@never_cache
def group_routes(request):
group_routes = []
- peer = request.user.get_profile().peer
+ try:
+ peer = request.user.get_profile().peer
+ except UserProfile.DoesNotExist:
+ error = "User <strong>%s</strong> does not belong to any peer or organization. It is not possible to create new firewall rules.<br>Please contact Helpdesk to resolve this issue" % request.user.username
+ return render_to_response('error.html', {'error': error})
if peer:
peer_members = UserProfile.objects.filter(peer=peer)
users = [prof.user for prof in peer_members]
group_routes = Route.objects.filter(applier__in=users)
- return render_to_response('user_routes.html', {'routes': group_routes},
+ if request.user.is_superuser:
+ group_routes = Route.objects.all()
+ return render_to_response('user_routes.html', {'routes': group_routes},
context_instance=RequestContext(request))
"Insufficient rights on administrative networks. Cannot add rule. Contact your administrator")
return HttpResponseRedirect(reverse("group-routes"))
if request.method == "GET":
- form = RouteForm()
+ form = RouteForm(initial={'applier': applier})
if not request.user.is_superuser:
form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True)
+ form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False)
return render_to_response('apply.html', {'form': form, 'applier': applier},
context_instance=RequestContext(request))
else:
- form = RouteForm(request.POST)
+ request_data = request.POST.copy()
+ if request.user.is_superuser:
+ request_data['issuperuser'] = request.user.username
+ else:
+ request_data['applier'] = applier
+ try:
+ del requset_data['issuperuser']
+ except:
+ pass
+ form = RouteForm(request_data)
if form.is_valid():
route=form.save(commit=False)
- route.applier = request.user
+ if not request.user.is_superuser:
+ route.applier = request.user
route.status = "PENDING"
+ route.response = "Applying..."
route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
route.save()
logger.info(mail_body, extra=d)
return HttpResponseRedirect(reverse("group-routes"))
else:
+ if not request.user.is_superuser:
+ form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True)
+ form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False)
return render_to_response('apply.html', {'form': form, 'applier':applier},
context_instance=RequestContext(request))
applier_peer = request.user.get_profile().peer
route_edit = get_object_or_404(Route, name=route_slug)
route_edit_applier_peer = route_edit.applier.get_profile().peer
- if applier_peer != route_edit_applier_peer:
+ if applier_peer != route_edit_applier_peer and (not request.user.is_superuser):
messages.add_message(request, messages.WARNING,
"Insufficient rights to edit rule %s" %(route_slug))
return HttpResponseRedirect(reverse("group-routes"))
return HttpResponseRedirect(reverse("group-routes"))
route_original = deepcopy(route_edit)
if request.POST:
- form = RouteForm(request.POST, instance = route_edit)
+ request_data = request.POST.copy()
+ if request.user.is_superuser:
+ request_data['issuperuser'] = request.user.username
+ else:
+ request_data['applier'] = applier
+ try:
+ del request_data['issuperuser']
+ except:
+ pass
+ form = RouteForm(request_data, instance = route_edit)
+ critical_changed_values = ['source', 'destination', 'sourceport', 'destinationport', 'port', 'protocol', 'then']
if form.is_valid():
+ changed_data = form.changed_data
route=form.save(commit=False)
route.name = route_original.name
- route.applier = request.user
- route.status = "PENDING"
- route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
- route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
+ route.status = route_original.status
+ route.response = route_original.response
+ if not request.user.is_superuser:
+ route.applier = request.user
+ if bool(set(changed_data) & set(critical_changed_values)) or (not route_original.status == 'ACTIVE'):
+ route.status = "PENDING"
+ route.response = "Applying..."
+ route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
+ route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
route.save()
- form.save_m2m()
- route.commit_edit()
- requesters_address = request.META['HTTP_X_FORWARDED_FOR']
- mail_body = render_to_string("rule_edit_mail.txt",
+ if bool(set(changed_data) & set(critical_changed_values)) or (not route_original.status == 'ACTIVE'):
+ form.save_m2m()
+ route.commit_edit()
+ requesters_address = request.META['HTTP_X_FORWARDED_FOR']
+ mail_body = render_to_string("rule_edit_mail.txt",
{"route": route, "address": requesters_address})
- user_mail = "%s" %route.applier.email
- user_mail = user_mail.split(';')
- send_new_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s edit request submitted by %s" %(route.name, route.applier.username),
+ user_mail = "%s" %route.applier.email
+ user_mail = user_mail.split(';')
+ send_new_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s edit request submitted by %s" %(route.name, route.applier.username),
mail_body, settings.SERVER_EMAIL, user_mail,
get_peer_techc_mails(route.applier))
- d = { 'clientip' : requesters_address, 'user' : route.applier.username }
- logger.info(mail_body, extra=d)
+ d = { 'clientip' : requesters_address, 'user' : route.applier.username }
+ logger.info(mail_body, extra=d)
return HttpResponseRedirect(reverse("group-routes"))
else:
+ if not request.user.is_superuser:
+ form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True)
+ form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False)
return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
context_instance=RequestContext(request))
else:
+ if (not route_original.status == 'ACTIVE'):
+ route_edit.expires = datetime.date.today() + datetime.timedelta(days = settings.EXPIRATION_DAYS_OFFSET)
dictionary = model_to_dict(route_edit, fields=[], exclude=[])
- #form = RouteForm(instance=route_edit)
+ if request.user.is_superuser:
+ dictionary['issuperuser'] = request.user.username
+ else:
+ try:
+ del dictionary['issuperuser']
+ except:
+ pass
form = RouteForm(dictionary)
if not request.user.is_superuser:
form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True)
+ form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False)
return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
context_instance=RequestContext(request))
route = get_object_or_404(Route, name=route_slug)
applier_peer = route.applier.get_profile().peer
requester_peer = request.user.get_profile().peer
- if applier_peer == requester_peer:
+ if applier_peer == requester_peer or request.user.is_superuser:
route.status = "PENDING"
route.expires = datetime.date.today()
+ if not request.user.is_superuser:
+ route.applier = request.user
+ route.response = "Suspending..."
route.save()
route.commit_delete()
requesters_address = request.META['HTTP_X_FORWARDED_FOR']
mail_body, settings.SERVER_EMAIL, user_mail,
get_peer_techc_mails(route.applier))
d = { 'clientip' : requesters_address, 'user' : route.applier.username }
- logger.info(mail_body, extra=d)
+ logger.info(mail_body, extra=d)
html = "<html><body>Done</body></html>"
return HttpResponse(html)
else:
@never_cache
def user_profile(request):
user = request.user
- peer = request.user.get_profile().peer
-
- return render_to_response('profile.html', {'user': user, 'peer':peer},
+ try:
+ peer = request.user.get_profile().peer
+ peers = Peer.objects.filter(pk=peer.pk)
+ if user.is_superuser:
+ peers = Peer.objects.all()
+ except UserProfile.DoesNotExist:
+ error = "User <strong>%s</strong> does not belong to any peer or organization. It is not possible to create new firewall rules.<br>Please contact Helpdesk to resolve this issue" % user.username
+ return render_to_response('error.html', {'error': error})
+ return render_to_response('profile.html', {'user': user, 'peers':peers},
context_instance=RequestContext(request))
@never_cache
try:
error_username = False
error_orgname = False
- error_affiliation = False
+ error_entitlement = False
error_mail = False
- has_affiliation = False
+ has_entitlement = False
error = ''
username = request.META['HTTP_EPPN']
if not username:
lastname = request.META['HTTP_SHIB_PERSON_SURNAME']
mail = request.META['HTTP_SHIB_INETORGPERSON_MAIL']
organization = request.META['HTTP_SHIB_HOMEORGANIZATION']
- affiliation = request.META['HTTP_SHIB_EP_ENTITLEMENT']
- if settings.SHIB_AUTH_AFFILIATION in affiliation.split(";"):
- has_affiliation = True
- if not has_affiliation:
- error_affiliation = True
+ entitlement = request.META['HTTP_SHIB_EP_ENTITLEMENT']
+ if settings.SHIB_AUTH_ENTITLEMENT in entitlement.split(";"):
+ has_entitlement = True
+ if not has_entitlement:
+ error_entitlement = True
if not organization:
error_orgname = True
if not mail:
error = "Your idP should release the HTTP_EPPN attribute towards this service<br>"
if error_orgname:
error = error + "Your idP should release the HTTP_SHIB_HOMEORGANIZATION attribute towards this service<br>"
- if error_affiliation:
+ if error_entitlement:
error = error + "Your idP should release an appropriate HTTP_SHIB_EP_ENTITLEMENT attribute towards this service<br>"
if error_mail:
error = error + "Your idP should release the HTTP_SHIB_INETORGPERSON_MAIL attribute towards this service"
- if error_username or error_orgname or error_affiliation or error_mail:
+ if error_username or error_orgname or error_entitlement or error_mail:
return render_to_response('error.html', {'error': error, "missing_attributes": True},
context_instance=RequestContext(request))
try:
user = User.objects.get(username__exact=username)
+ user.email = mail
+ user.first_name = firstname
+ user.last_name = lastname
+ user.save()
user_exists = True
except:
user_exists = False
- user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, organization=organization, affiliation=affiliation)
+ user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, authsource='shibboleth')
if user is not None:
+ try:
+ peer = Peer.objects.get(domain_name=organization)
+ up = UserProfile.objects.get_or_create(user=user,peer=peer)
+ except:
+ error = "Your organization's domain name does not match our peers' domain names<br>Please contact Helpdesk to resolve this issue"
+ return render_to_response('error.html', {'error': error})
if not user_exists:
user_activation_notify(user)
if user.is_active:
login(request, user)
return HttpResponseRedirect(reverse("group-routes"))
else:
- error = "User <strong>%s</strong> is not active yet. Administrators have been notified and will soon activate this account. <br>If your problem persists contact Helpdesk" %user.username
+ error = "User account <strong>%s</strong> is pending activation. Administrators have been notified and will activate this account within the next days. <br>If this account has remained inactive for a long time contact your technical coordinator or GRNET Helpdesk" %user.username
return render_to_response('error.html', {'error': error, 'inactive': True},
context_instance=RequestContext(request))
else:
send_new_mail(settings.EMAIL_SUBJECT_PREFIX + subject,
message, settings.SERVER_EMAIL,
get_peer_techc_mails(user), [])
-
+
@login_required
@never_cache
def add_rate_limit(request):
response_data = {}
response_data['pk'] = "%s" %then.pk
response_data['value'] = "%s:%s" %(then.action, then.action_value)
- return HttpResponse(simplejson.dumps(response_data), mimetype='application/json')
+ return HttpResponse(json.dumps(response_data), mimetype='application/json')
else:
return render_to_response('add_rate_limit.html', {'form': form,},
context_instance=RequestContext(request))
response_data = {}
response_data['value'] = "%s" %port.pk
response_data['text'] = "%s" %port.port
- return HttpResponse(simplejson.dumps(response_data), mimetype='application/json')
+ return HttpResponse(json.dumps(response_data), mimetype='application/json')
else:
return render_to_response('add_port.html', {'form': form,},
context_instance=RequestContext(request))
techmails_list = []
user_mail = "%s" %user.email
user_mail = user_mail.split(';')
- techmails = user.get_profile().peer.techc()
+ techmails = user.get_profile().peer.techc_emails.all()
if techmails:
- techmails_list = techmails.split(';')
+ for techmail in techmails:
+ techmails_list.append(techmail.email)
if settings.NOTIFY_ADMIN_MAILS:
additional_mail = settings.NOTIFY_ADMIN_MAILS
# mail.extend(user_mail)
projects / flowspy / blobdiff