Revision 88a6afb7 flowspec/views.py
b/flowspec/views.py | ||
---|---|---|
72 | 72 |
peer_members = UserProfile.objects.filter(peer=peer) |
73 | 73 |
users = [prof.user for prof in peer_members] |
74 | 74 |
group_routes = Route.objects.filter(applier__in=users) |
75 |
if request.user.is_superuser: |
|
76 |
group_routes = Route.objects.all() |
|
75 | 77 |
return render_to_response('user_routes.html', {'routes': group_routes}, |
76 | 78 |
context_instance=RequestContext(request)) |
77 | 79 |
|
... | ... | |
86 | 88 |
"Insufficient rights on administrative networks. Cannot add rule. Contact your administrator") |
87 | 89 |
return HttpResponseRedirect(reverse("group-routes")) |
88 | 90 |
if request.method == "GET": |
89 |
form = RouteForm() |
|
91 |
form = RouteForm(initial={'applier': applier})
|
|
90 | 92 |
if not request.user.is_superuser: |
91 | 93 |
form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True) |
92 | 94 |
form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False) |
... | ... | |
94 | 96 |
context_instance=RequestContext(request)) |
95 | 97 |
|
96 | 98 |
else: |
97 |
form = RouteForm(request.POST) |
|
99 |
request_data = request.POST.copy() |
|
100 |
if request.user.is_superuser: |
|
101 |
request_data['issuperuser'] = request.user.username |
|
102 |
else: |
|
103 |
try: |
|
104 |
del requset_data['issuperuser'] |
|
105 |
except: |
|
106 |
pass |
|
107 |
form = RouteForm(request_data) |
|
98 | 108 |
if form.is_valid(): |
99 | 109 |
route=form.save(commit=False) |
100 |
route.applier = request.user |
|
110 |
if not request.user.is_superuser: |
|
111 |
route.applier = request.user |
|
101 | 112 |
route.status = "PENDING" |
102 | 113 |
route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed |
103 | 114 |
route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed |
... | ... | |
116 | 127 |
logger.info(mail_body, extra=d) |
117 | 128 |
return HttpResponseRedirect(reverse("group-routes")) |
118 | 129 |
else: |
130 |
if not request.user.is_superuser: |
|
131 |
form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True) |
|
132 |
form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False) |
|
119 | 133 |
return render_to_response('apply.html', {'form': form, 'applier':applier}, |
120 | 134 |
context_instance=RequestContext(request)) |
121 | 135 |
|
... | ... | |
126 | 140 |
applier_peer = request.user.get_profile().peer |
127 | 141 |
route_edit = get_object_or_404(Route, name=route_slug) |
128 | 142 |
route_edit_applier_peer = route_edit.applier.get_profile().peer |
129 |
if applier_peer != route_edit_applier_peer: |
|
143 |
if applier_peer != route_edit_applier_peer and (not request.user.is_superuser):
|
|
130 | 144 |
messages.add_message(request, messages.WARNING, |
131 | 145 |
"Insufficient rights to edit rule %s" %(route_slug)) |
132 | 146 |
return HttpResponseRedirect(reverse("group-routes")) |
... | ... | |
144 | 158 |
return HttpResponseRedirect(reverse("group-routes")) |
145 | 159 |
route_original = deepcopy(route_edit) |
146 | 160 |
if request.POST: |
147 |
form = RouteForm(request.POST, instance = route_edit) |
|
161 |
request_data = request.POST.copy() |
|
162 |
if request.user.is_superuser: |
|
163 |
request_data['issuperuser'] = request.user.username |
|
164 |
else: |
|
165 |
try: |
|
166 |
del request_data['issuperuser'] |
|
167 |
except: |
|
168 |
pass |
|
169 |
form = RouteForm(request_data, instance = route_edit) |
|
148 | 170 |
critical_changed_values = ['source', 'destination', 'sourceport', 'destinationport', 'port', 'protocol', 'then'] |
149 | 171 |
if form.is_valid(): |
150 | 172 |
changed_data = form.changed_data |
... | ... | |
152 | 174 |
route.name = route_original.name |
153 | 175 |
route.status = route_original.status |
154 | 176 |
route.response = route_original.response |
155 |
route.applier = request.user |
|
177 |
if not request.user.is_superuser: |
|
178 |
route.applier = request.user |
|
156 | 179 |
if bool(set(changed_data) & set(critical_changed_values)) or (not route_original.status == 'ACTIVE'): |
157 | 180 |
route.status = "PENDING" |
158 |
route.response = "Committing..."
|
|
181 |
route.response = "Applying..."
|
|
159 | 182 |
route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed |
160 | 183 |
route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed |
161 | 184 |
route.save() |
... | ... | |
174 | 197 |
logger.info(mail_body, extra=d) |
175 | 198 |
return HttpResponseRedirect(reverse("group-routes")) |
176 | 199 |
else: |
200 |
if not request.user.is_superuser: |
|
201 |
form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True) |
|
202 |
form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False) |
|
177 | 203 |
return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier}, |
178 | 204 |
context_instance=RequestContext(request)) |
179 | 205 |
else: |
206 |
if (not route_original.status == 'ACTIVE'): |
|
207 |
route_edit.expires = datetime.date.today() + datetime.timedelta(days = settings.EXPIRATION_DAYS_OFFSET) |
|
180 | 208 |
dictionary = model_to_dict(route_edit, fields=[], exclude=[]) |
181 |
#form = RouteForm(instance=route_edit) |
|
209 |
if request.user.is_superuser: |
|
210 |
dictionary['issuperuser'] = request.user.username |
|
211 |
else: |
|
212 |
try: |
|
213 |
del dictionary['issuperuser'] |
|
214 |
except: |
|
215 |
pass |
|
182 | 216 |
form = RouteForm(dictionary) |
183 | 217 |
if not request.user.is_superuser: |
184 | 218 |
form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True) |
... | ... | |
193 | 227 |
route = get_object_or_404(Route, name=route_slug) |
194 | 228 |
applier_peer = route.applier.get_profile().peer |
195 | 229 |
requester_peer = request.user.get_profile().peer |
196 |
if applier_peer == requester_peer: |
|
230 |
if applier_peer == requester_peer or request.user.is_superuser:
|
|
197 | 231 |
route.status = "PENDING" |
198 | 232 |
route.expires = datetime.date.today() |
199 |
route.applier = request.user |
|
233 |
if not request.user.is_superuser: |
|
234 |
route.applier = request.user |
|
200 | 235 |
route.response = "Suspending..." |
201 | 236 |
route.save() |
202 | 237 |
route.commit_delete() |
... | ... | |
209 | 244 |
mail_body, settings.SERVER_EMAIL, user_mail, |
210 | 245 |
get_peer_techc_mails(route.applier)) |
211 | 246 |
d = { 'clientip' : requesters_address, 'user' : route.applier.username } |
212 |
logger.info(mail_body, extra=d)
|
|
247 |
logger.info(mail_body, extra=d) |
|
213 | 248 |
html = "<html><body>Done</body></html>" |
214 | 249 |
return HttpResponse(html) |
215 | 250 |
else: |
Also available in: Unified diff