Commit d50fd7b6 authored by Leonidas Poulopoulos's avatar Leonidas Poulopoulos
Browse files

Added admin deactivate action with user rights prevention

parent a387277a
......@@ -2,31 +2,36 @@ from django.contrib import admin
from flowspy.flowspec.models import *
from flowspy.accounts.models import *
from utils import proxy as PR
from flowspec.tasks import *
from django.contrib.auth.models import User
from django.contrib.auth.admin import UserAdmin
from accounts.models import UserProfile
#class RouteAdmin(admin.ModelAdmin):
#
# actions = ['deactivate']
#
# def deactivate(self, request, queryset):
# applier = PR.Applier(route_objects=queryset)
# commit, response = applier.apply(configuration=applier.delete_routes())
# if commit:
# rows = queryset.update(is_online=False, is_active=False)
# queryset.update(response="Successfully removed route from network")
# self.message_user(request, "Successfully removed %s routes from network" % rows)
# else:
# self.message_user(request, "Could not remove routes from network")
# deactivate.short_description = "Deactivate selected routes from network"
#
# list_display = ('name', 'is_online', 'applier', 'get_match', 'get_then', 'response')
# fieldsets = [
# (None, {'fields': ['name','applier']}),
# ("Match", {'fields': ['source', 'sourceport', 'destination', 'destinationport', 'port']}),
# ('Advanced Match Statements', {'fields': ['dscp', 'fragmenttype', 'icmpcode', 'icmptype', 'packetlength', 'protocol', 'tcpflag'], 'classes': ['collapse']}),
# ("Then", {'fields': ['then' ]}),
# (None, {'fields': ['comments',]}),
#
# ]
class RouteAdmin(admin.ModelAdmin):
actions = ['deactivate']
def deactivate(self, request, queryset):
response = batch_delete.delay(queryset, reason="ADMININACTIVE")
self.message_user(request, "Added request %s to job que. Check in a while for result" % response)
deactivate.short_description = "Remove selected routes from network"
list_display = ('name', 'status', 'applier' , 'applier_peer', 'get_match', 'get_then', 'response')
fieldsets = [
(None, {'fields': ['name','applier']}),
("Match", {'fields': ['source', 'sourceport', 'destination', 'destinationport', 'port']}),
('Advanced Match Statements', {'fields': ['dscp', 'fragmenttype', 'icmpcode', 'icmptype', 'packetlength', 'protocol', 'tcpflag'], 'classes': ['collapse']}),
("Then", {'fields': ['then' ]}),
(None, {'fields': ['comments',]}),
]
class UserProfileInline(admin.StackedInline):
model = UserProfile
class UserProfileAdmin(UserAdmin):
inlines = [UserProfileInline]
# fields = ('name', 'applier', 'expires')
#def formfield_for_dbfield(self, db_field, **kwargs):
......@@ -35,6 +40,7 @@ from utils import proxy as PR
# return db_field.formfield(**kwargs)
#admin.site.register(MatchAddress)
admin.site.unregister(User)
admin.site.register(MatchPort)
admin.site.register(MatchDscp)
admin.site.register(UserProfile)
......@@ -47,8 +53,8 @@ admin.site.register(UserProfile)
admin.site.register(ThenAction)
#admin.site.register(ThenStatement)
#admin.site.register(MatchStatement)
admin.site.register(Route)
admin.site.register(Route, RouteAdmin)
admin.site.register(User, UserProfileAdmin)
admin.site.disable_action('delete_selected')
......@@ -45,7 +45,8 @@ ROUTE_STATES = (
("EXPIRED", "EXPIRED"),
("PENDING", "PENDING"),
("OUTOFSYNC", "OUTOFSYNC"),
("INACTIVE", "INACTIVE"),
("INACTIVE", "INACTIVE"),
("ADMININACTIVE", "ADMININACTIVE"),
)
......@@ -299,6 +300,14 @@ class Route(models.Model):
get_match.short_description = 'Match statement'
get_match.allow_tags = True
@property
def applier_peer(self):
try:
applier_peer = self.applier.get_profile().peer
except:
applier_peer = None
return applier_peer
def send_message(msg, user):
# username = user.username
......
......@@ -71,6 +71,9 @@ def batch_delete(routes, **kwargs):
if "reason" in kwargs and kwargs['reason']=='EXPIRED':
status = 'EXPIRED'
reason_text = " Reason: %s " %status
elif "reason" in kwargs and kwargs['reason']!='EXPIRED':
status = kwargs['reason']
reason_text = " Reason: %s " %status
else:
status = "ERROR"
for route in routes:
......@@ -102,9 +105,13 @@ def check_sync(route_name=None, selected_routes = []):
if route_name:
routes = routes.filter(name=route_name)
for route in routes:
if route.has_expired() and route.status != 'EXPIRED':
if route.has_expired() and (route.status != 'EXPIRED' or route.status != 'ADMININACTIVE' or route.status != 'INACTIVE'):
logger.info('Expiring route %s' %route.name)
subtask(delete).delay(route, reason="EXPIRED")
elif route.has_expired() and (route.status == 'ADMININACTIVE' or route.status == 'INACTIVE'):
route.status = 'EXPIRED'
route.response = 'Route Expired'
route.save()
elif route.status != 'EXPIRED':
route.check_sync()
......
......@@ -119,6 +119,14 @@ def edit_route(request, route_slug):
messages.add_message(request, messages.WARNING,
"Insufficient rights to edit rule %s" %(route_slug))
return HttpResponseRedirect(reverse("group-routes"))
if route_edit.status == "ADMININACTIVE" :
messages.add_message(request, messages.WARNING,
"Administrator has disabled editing of rule %s" %(route_slug))
return HttpResponseRedirect(reverse("group-routes"))
if route_edit.status == "EXPIRED" :
messages.add_message(request, messages.WARNING,
"Cannot edit the expired rule %s. Contact helpdesk to enable it" %(route_slug))
return HttpResponseRedirect(reverse("group-routes"))
route_original = deepcopy(route_edit)
if request.POST:
form = RouteForm(request.POST, instance = route_edit)
......
......@@ -12,7 +12,6 @@ def exception_printer(sender, **kwargs):
traceback.print_exc()
got_request_exception.connect(exception_printer)
call_command('syncdb')
application = WSGIHandler()
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment