Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
itminedu
flowspy
Commits
88a6afb7
Commit
88a6afb7
authored
Mar 16, 2012
by
Leonidas Poulopoulos
Browse files
Refined administrator privileges and actions on users' rules
parent
3d81901c
Changes
3
Hide whitespace changes
Inline
Side-by-side
flowspec/forms.py
View file @
88a6afb7
...
...
@@ -26,7 +26,14 @@ class RouteForm(forms.ModelForm):
class
Meta
:
model
=
Route
def
clean_applier
(
self
):
applier
=
self
.
cleaned_data
[
'applier'
]
if
applier
:
return
self
.
cleaned_data
[
"applier"
]
else
:
raise
forms
.
ValidationError
(
'This field is required.'
)
def
clean_source
(
self
):
user
=
User
.
objects
.
get
(
pk
=
self
.
data
[
'applier'
])
peer
=
user
.
get_profile
().
peer
...
...
@@ -107,9 +114,14 @@ class RouteForm(forms.ModelForm):
destinationports
=
self
.
cleaned_data
.
get
(
'destinationport'
,
None
)
protocols
=
self
.
cleaned_data
.
get
(
'protocol'
,
None
)
user
=
self
.
cleaned_data
.
get
(
'applier'
,
None
)
try
:
issuperuser
=
self
.
data
[
'issuperuser'
]
su
=
User
.
objects
.
get
(
username
=
issuperuser
)
except
:
issuperuser
=
None
peer
=
user
.
get_profile
().
peer
networks
=
peer
.
networks
.
all
()
if
user
.
is
_
superuser
:
if
issuperuser
:
networks
=
PeerRange
.
objects
.
filter
(
peer__in
=
Peer
.
objects
.
all
()).
distinct
()
mynetwork
=
False
route_pk_list
=
[]
...
...
@@ -119,7 +131,7 @@ class RouteForm(forms.ModelForm):
if
IPNetwork
(
destination
)
in
net
:
mynetwork
=
True
if
not
mynetwork
:
raise
forms
.
ValidationError
(
'Destination address/network should belong to your administrative address space. Check My Profile to review your networks'
)
raise
forms
.
ValidationError
(
'Destination address/network should belong to your administrative address space. Check My Profile to review your networks'
)
if
(
sourceports
and
ports
):
raise
forms
.
ValidationError
(
'Cannot create rule for source ports and ports at the same time. Select either ports or source ports'
)
if
(
destinationports
and
ports
):
...
...
flowspec/views.py
View file @
88a6afb7
...
...
@@ -72,6 +72,8 @@ def group_routes(request):
peer_members
=
UserProfile
.
objects
.
filter
(
peer
=
peer
)
users
=
[
prof
.
user
for
prof
in
peer_members
]
group_routes
=
Route
.
objects
.
filter
(
applier__in
=
users
)
if
request
.
user
.
is_superuser
:
group_routes
=
Route
.
objects
.
all
()
return
render_to_response
(
'user_routes.html'
,
{
'routes'
:
group_routes
},
context_instance
=
RequestContext
(
request
))
...
...
@@ -86,7 +88,7 @@ def add_route(request):
"Insufficient rights on administrative networks. Cannot add rule. Contact your administrator"
)
return
HttpResponseRedirect
(
reverse
(
"group-routes"
))
if
request
.
method
==
"GET"
:
form
=
RouteForm
()
form
=
RouteForm
(
initial
=
{
'applier'
:
applier
}
)
if
not
request
.
user
.
is_superuser
:
form
.
fields
[
'then'
]
=
forms
.
ModelMultipleChoiceField
(
queryset
=
ThenAction
.
objects
.
filter
(
action__in
=
settings
.
UI_USER_THEN_ACTIONS
).
order_by
(
'action'
),
required
=
True
)
form
.
fields
[
'protocol'
]
=
forms
.
ModelMultipleChoiceField
(
queryset
=
MatchProtocol
.
objects
.
filter
(
protocol__in
=
settings
.
UI_USER_PROTOCOLS
).
order_by
(
'protocol'
),
required
=
False
)
...
...
@@ -94,10 +96,19 @@ def add_route(request):
context_instance
=
RequestContext
(
request
))
else
:
form
=
RouteForm
(
request
.
POST
)
request_data
=
request
.
POST
.
copy
()
if
request
.
user
.
is_superuser
:
request_data
[
'issuperuser'
]
=
request
.
user
.
username
else
:
try
:
del
requset_data
[
'issuperuser'
]
except
:
pass
form
=
RouteForm
(
request_data
)
if
form
.
is_valid
():
route
=
form
.
save
(
commit
=
False
)
route
.
applier
=
request
.
user
if
not
request
.
user
.
is_superuser
:
route
.
applier
=
request
.
user
route
.
status
=
"PENDING"
route
.
source
=
IPNetwork
(
"%s/%s"
%
(
IPNetwork
(
route
.
source
).
network
.
compressed
,
IPNetwork
(
route
.
source
).
prefixlen
)).
compressed
route
.
destination
=
IPNetwork
(
"%s/%s"
%
(
IPNetwork
(
route
.
destination
).
network
.
compressed
,
IPNetwork
(
route
.
destination
).
prefixlen
)).
compressed
...
...
@@ -116,6 +127,9 @@ def add_route(request):
logger
.
info
(
mail_body
,
extra
=
d
)
return
HttpResponseRedirect
(
reverse
(
"group-routes"
))
else
:
if
not
request
.
user
.
is_superuser
:
form
.
fields
[
'then'
]
=
forms
.
ModelMultipleChoiceField
(
queryset
=
ThenAction
.
objects
.
filter
(
action__in
=
settings
.
UI_USER_THEN_ACTIONS
).
order_by
(
'action'
),
required
=
True
)
form
.
fields
[
'protocol'
]
=
forms
.
ModelMultipleChoiceField
(
queryset
=
MatchProtocol
.
objects
.
filter
(
protocol__in
=
settings
.
UI_USER_PROTOCOLS
).
order_by
(
'protocol'
),
required
=
False
)
return
render_to_response
(
'apply.html'
,
{
'form'
:
form
,
'applier'
:
applier
},
context_instance
=
RequestContext
(
request
))
...
...
@@ -126,7 +140,7 @@ def edit_route(request, route_slug):
applier_peer
=
request
.
user
.
get_profile
().
peer
route_edit
=
get_object_or_404
(
Route
,
name
=
route_slug
)
route_edit_applier_peer
=
route_edit
.
applier
.
get_profile
().
peer
if
applier_peer
!=
route_edit_applier_peer
:
if
applier_peer
!=
route_edit_applier_peer
and
(
not
request
.
user
.
is_superuser
)
:
messages
.
add_message
(
request
,
messages
.
WARNING
,
"Insufficient rights to edit rule %s"
%
(
route_slug
))
return
HttpResponseRedirect
(
reverse
(
"group-routes"
))
...
...
@@ -144,7 +158,15 @@ def edit_route(request, route_slug):
return
HttpResponseRedirect
(
reverse
(
"group-routes"
))
route_original
=
deepcopy
(
route_edit
)
if
request
.
POST
:
form
=
RouteForm
(
request
.
POST
,
instance
=
route_edit
)
request_data
=
request
.
POST
.
copy
()
if
request
.
user
.
is_superuser
:
request_data
[
'issuperuser'
]
=
request
.
user
.
username
else
:
try
:
del
request_data
[
'issuperuser'
]
except
:
pass
form
=
RouteForm
(
request_data
,
instance
=
route_edit
)
critical_changed_values
=
[
'source'
,
'destination'
,
'sourceport'
,
'destinationport'
,
'port'
,
'protocol'
,
'then'
]
if
form
.
is_valid
():
changed_data
=
form
.
changed_data
...
...
@@ -152,10 +174,11 @@ def edit_route(request, route_slug):
route
.
name
=
route_original
.
name
route
.
status
=
route_original
.
status
route
.
response
=
route_original
.
response
route
.
applier
=
request
.
user
if
not
request
.
user
.
is_superuser
:
route
.
applier
=
request
.
user
if
bool
(
set
(
changed_data
)
&
set
(
critical_changed_values
))
or
(
not
route_original
.
status
==
'ACTIVE'
):
route
.
status
=
"PENDING"
route
.
response
=
"
Committ
ing..."
route
.
response
=
"
Apply
ing..."
route
.
source
=
IPNetwork
(
"%s/%s"
%
(
IPNetwork
(
route
.
source
).
network
.
compressed
,
IPNetwork
(
route
.
source
).
prefixlen
)).
compressed
route
.
destination
=
IPNetwork
(
"%s/%s"
%
(
IPNetwork
(
route
.
destination
).
network
.
compressed
,
IPNetwork
(
route
.
destination
).
prefixlen
)).
compressed
route
.
save
()
...
...
@@ -174,11 +197,22 @@ def edit_route(request, route_slug):
logger
.
info
(
mail_body
,
extra
=
d
)
return
HttpResponseRedirect
(
reverse
(
"group-routes"
))
else
:
if
not
request
.
user
.
is_superuser
:
form
.
fields
[
'then'
]
=
forms
.
ModelMultipleChoiceField
(
queryset
=
ThenAction
.
objects
.
filter
(
action__in
=
settings
.
UI_USER_THEN_ACTIONS
).
order_by
(
'action'
),
required
=
True
)
form
.
fields
[
'protocol'
]
=
forms
.
ModelMultipleChoiceField
(
queryset
=
MatchProtocol
.
objects
.
filter
(
protocol__in
=
settings
.
UI_USER_PROTOCOLS
).
order_by
(
'protocol'
),
required
=
False
)
return
render_to_response
(
'apply.html'
,
{
'form'
:
form
,
'edit'
:
True
,
'applier'
:
applier
},
context_instance
=
RequestContext
(
request
))
else
:
if
(
not
route_original
.
status
==
'ACTIVE'
):
route_edit
.
expires
=
datetime
.
date
.
today
()
+
datetime
.
timedelta
(
days
=
settings
.
EXPIRATION_DAYS_OFFSET
)
dictionary
=
model_to_dict
(
route_edit
,
fields
=
[],
exclude
=
[])
#form = RouteForm(instance=route_edit)
if
request
.
user
.
is_superuser
:
dictionary
[
'issuperuser'
]
=
request
.
user
.
username
else
:
try
:
del
dictionary
[
'issuperuser'
]
except
:
pass
form
=
RouteForm
(
dictionary
)
if
not
request
.
user
.
is_superuser
:
form
.
fields
[
'then'
]
=
forms
.
ModelMultipleChoiceField
(
queryset
=
ThenAction
.
objects
.
filter
(
action__in
=
settings
.
UI_USER_THEN_ACTIONS
).
order_by
(
'action'
),
required
=
True
)
...
...
@@ -193,10 +227,11 @@ def delete_route(request, route_slug):
route
=
get_object_or_404
(
Route
,
name
=
route_slug
)
applier_peer
=
route
.
applier
.
get_profile
().
peer
requester_peer
=
request
.
user
.
get_profile
().
peer
if
applier_peer
==
requester_peer
:
if
applier_peer
==
requester_peer
or
request
.
user
.
is_superuser
:
route
.
status
=
"PENDING"
route
.
expires
=
datetime
.
date
.
today
()
route
.
applier
=
request
.
user
if
not
request
.
user
.
is_superuser
:
route
.
applier
=
request
.
user
route
.
response
=
"Suspending..."
route
.
save
()
route
.
commit_delete
()
...
...
@@ -209,7 +244,7 @@ def delete_route(request, route_slug):
mail_body
,
settings
.
SERVER_EMAIL
,
user_mail
,
get_peer_techc_mails
(
route
.
applier
))
d
=
{
'clientip'
:
requesters_address
,
'user'
:
route
.
applier
.
username
}
logger
.
info
(
mail_body
,
extra
=
d
)
logger
.
info
(
mail_body
,
extra
=
d
)
html
=
"<html><body>Done</body></html>"
return
HttpResponse
(
html
)
else
:
...
...
templates/apply.html
View file @
88a6afb7
...
...
@@ -256,11 +256,29 @@ div.roundbox, #portsacc, #id_comments{
</p>
</div>
</fieldset>
{% if user.is_superuser %}
<fieldset>
<legend>
{% trans "Admin Options" %}
</legend>
<div
class=
"roundbox"
>
{{ form.applier.label_tag }}{{ form.applier }}
<br>
{% if form.applier.errors %}
<br>
<p
class=
"error"
style=
"clear:both;"
>
{{ form.applier.errors|join:", " }}
</p>
{% endif %}
</div>
</fieldset>
{% else %}
<input
type=
"hidden"
id=
"id_applier"
name=
"applier"
value=
"{{applier}}"
/>
{% endif %}
<fieldset>
<legend>
{% trans "Rule Match Conditions" %}
</legend>
<input
type=
"hidden"
id=
"id_applier"
name=
"applier"
value=
"{{applier}}"
/>
<div
class=
"roundbox"
>
{{ form.source.label_tag }}{{ form.source }}
<img
src=
"/static/threat_source.png"
/>
{% if form.source.errors %}
<br>
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment