Revision 88a6afb7 flowspec/views.py
| b/flowspec/views.py | ||
|---|---|---|
| 72 | 72 |
peer_members = UserProfile.objects.filter(peer=peer) |
| 73 | 73 |
users = [prof.user for prof in peer_members] |
| 74 | 74 |
group_routes = Route.objects.filter(applier__in=users) |
| 75 |
if request.user.is_superuser: |
|
| 76 |
group_routes = Route.objects.all() |
|
| 75 | 77 |
return render_to_response('user_routes.html', {'routes': group_routes},
|
| 76 | 78 |
context_instance=RequestContext(request)) |
| 77 | 79 |
|
| ... | ... | |
| 86 | 88 |
"Insufficient rights on administrative networks. Cannot add rule. Contact your administrator") |
| 87 | 89 |
return HttpResponseRedirect(reverse("group-routes"))
|
| 88 | 90 |
if request.method == "GET": |
| 89 |
form = RouteForm() |
|
| 91 |
form = RouteForm(initial={'applier': applier})
|
|
| 90 | 92 |
if not request.user.is_superuser: |
| 91 | 93 |
form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True)
|
| 92 | 94 |
form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False)
|
| ... | ... | |
| 94 | 96 |
context_instance=RequestContext(request)) |
| 95 | 97 |
|
| 96 | 98 |
else: |
| 97 |
form = RouteForm(request.POST) |
|
| 99 |
request_data = request.POST.copy() |
|
| 100 |
if request.user.is_superuser: |
|
| 101 |
request_data['issuperuser'] = request.user.username |
|
| 102 |
else: |
|
| 103 |
try: |
|
| 104 |
del requset_data['issuperuser'] |
|
| 105 |
except: |
|
| 106 |
pass |
|
| 107 |
form = RouteForm(request_data) |
|
| 98 | 108 |
if form.is_valid(): |
| 99 | 109 |
route=form.save(commit=False) |
| 100 |
route.applier = request.user |
|
| 110 |
if not request.user.is_superuser: |
|
| 111 |
route.applier = request.user |
|
| 101 | 112 |
route.status = "PENDING" |
| 102 | 113 |
route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
|
| 103 | 114 |
route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
|
| ... | ... | |
| 116 | 127 |
logger.info(mail_body, extra=d) |
| 117 | 128 |
return HttpResponseRedirect(reverse("group-routes"))
|
| 118 | 129 |
else: |
| 130 |
if not request.user.is_superuser: |
|
| 131 |
form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True)
|
|
| 132 |
form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False)
|
|
| 119 | 133 |
return render_to_response('apply.html', {'form': form, 'applier':applier},
|
| 120 | 134 |
context_instance=RequestContext(request)) |
| 121 | 135 |
|
| ... | ... | |
| 126 | 140 |
applier_peer = request.user.get_profile().peer |
| 127 | 141 |
route_edit = get_object_or_404(Route, name=route_slug) |
| 128 | 142 |
route_edit_applier_peer = route_edit.applier.get_profile().peer |
| 129 |
if applier_peer != route_edit_applier_peer: |
|
| 143 |
if applier_peer != route_edit_applier_peer and (not request.user.is_superuser):
|
|
| 130 | 144 |
messages.add_message(request, messages.WARNING, |
| 131 | 145 |
"Insufficient rights to edit rule %s" %(route_slug)) |
| 132 | 146 |
return HttpResponseRedirect(reverse("group-routes"))
|
| ... | ... | |
| 144 | 158 |
return HttpResponseRedirect(reverse("group-routes"))
|
| 145 | 159 |
route_original = deepcopy(route_edit) |
| 146 | 160 |
if request.POST: |
| 147 |
form = RouteForm(request.POST, instance = route_edit) |
|
| 161 |
request_data = request.POST.copy() |
|
| 162 |
if request.user.is_superuser: |
|
| 163 |
request_data['issuperuser'] = request.user.username |
|
| 164 |
else: |
|
| 165 |
try: |
|
| 166 |
del request_data['issuperuser'] |
|
| 167 |
except: |
|
| 168 |
pass |
|
| 169 |
form = RouteForm(request_data, instance = route_edit) |
|
| 148 | 170 |
critical_changed_values = ['source', 'destination', 'sourceport', 'destinationport', 'port', 'protocol', 'then'] |
| 149 | 171 |
if form.is_valid(): |
| 150 | 172 |
changed_data = form.changed_data |
| ... | ... | |
| 152 | 174 |
route.name = route_original.name |
| 153 | 175 |
route.status = route_original.status |
| 154 | 176 |
route.response = route_original.response |
| 155 |
route.applier = request.user |
|
| 177 |
if not request.user.is_superuser: |
|
| 178 |
route.applier = request.user |
|
| 156 | 179 |
if bool(set(changed_data) & set(critical_changed_values)) or (not route_original.status == 'ACTIVE'): |
| 157 | 180 |
route.status = "PENDING" |
| 158 |
route.response = "Committing..."
|
|
| 181 |
route.response = "Applying..."
|
|
| 159 | 182 |
route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
|
| 160 | 183 |
route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
|
| 161 | 184 |
route.save() |
| ... | ... | |
| 174 | 197 |
logger.info(mail_body, extra=d) |
| 175 | 198 |
return HttpResponseRedirect(reverse("group-routes"))
|
| 176 | 199 |
else: |
| 200 |
if not request.user.is_superuser: |
|
| 201 |
form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True)
|
|
| 202 |
form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False)
|
|
| 177 | 203 |
return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
|
| 178 | 204 |
context_instance=RequestContext(request)) |
| 179 | 205 |
else: |
| 206 |
if (not route_original.status == 'ACTIVE'): |
|
| 207 |
route_edit.expires = datetime.date.today() + datetime.timedelta(days = settings.EXPIRATION_DAYS_OFFSET) |
|
| 180 | 208 |
dictionary = model_to_dict(route_edit, fields=[], exclude=[]) |
| 181 |
#form = RouteForm(instance=route_edit) |
|
| 209 |
if request.user.is_superuser: |
|
| 210 |
dictionary['issuperuser'] = request.user.username |
|
| 211 |
else: |
|
| 212 |
try: |
|
| 213 |
del dictionary['issuperuser'] |
|
| 214 |
except: |
|
| 215 |
pass |
|
| 182 | 216 |
form = RouteForm(dictionary) |
| 183 | 217 |
if not request.user.is_superuser: |
| 184 | 218 |
form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True)
|
| ... | ... | |
| 193 | 227 |
route = get_object_or_404(Route, name=route_slug) |
| 194 | 228 |
applier_peer = route.applier.get_profile().peer |
| 195 | 229 |
requester_peer = request.user.get_profile().peer |
| 196 |
if applier_peer == requester_peer: |
|
| 230 |
if applier_peer == requester_peer or request.user.is_superuser:
|
|
| 197 | 231 |
route.status = "PENDING" |
| 198 | 232 |
route.expires = datetime.date.today() |
| 199 |
route.applier = request.user |
|
| 233 |
if not request.user.is_superuser: |
|
| 234 |
route.applier = request.user |
|
| 200 | 235 |
route.response = "Suspending..." |
| 201 | 236 |
route.save() |
| 202 | 237 |
route.commit_delete() |
| ... | ... | |
| 209 | 244 |
mail_body, settings.SERVER_EMAIL, user_mail, |
| 210 | 245 |
get_peer_techc_mails(route.applier)) |
| 211 | 246 |
d = { 'clientip' : requesters_address, 'user' : route.applier.username }
|
| 212 |
logger.info(mail_body, extra=d)
|
|
| 247 |
logger.info(mail_body, extra=d) |
|
| 213 | 248 |
html = "<html><body>Done</body></html>" |
| 214 | 249 |
return HttpResponse(html) |
| 215 | 250 |
else: |
Also available in: Unified diff