views.py 117 KB
Newer Older
1
# Copyright 2014 Budapest University of Technology and Economics (BME IK)
2

3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
#
# This file is part of CIRCLE Cloud.
#
# CIRCLE is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# CIRCLE is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along
# with CIRCLE.  If not, see <http://www.gnu.org/licenses/>.

19
from __future__ import unicode_literals, absolute_import
20

21
from collections import OrderedDict
22
from itertools import chain
23
from os import getenv
24
from os.path import join, normpath, dirname, basename
25
from urlparse import urljoin
26
import json
Őry Máté committed
27
import logging
28
import re
29
import requests
30

31
from django.conf import settings
32
from django.contrib.auth.models import User, Group
Őry Máté committed
33
from django.contrib.auth.views import login, redirect_to_login
34
from django.contrib.auth.decorators import login_required
35
from django.contrib.messages.views import SuccessMessageMixin
36
from django.core.exceptions import (
37
    PermissionDenied, SuspiciousOperation,
38
)
Kálmán Viktor committed
39
from django.core.cache import get_cache
40 41
from django.core import signing
from django.core.urlresolvers import reverse, reverse_lazy
42
from django.db.models import Count, Q
43
from django.http import HttpResponse, HttpResponseRedirect, Http404
44 45 46
from django.shortcuts import (
    redirect, render, get_object_or_404, render_to_response,
)
47
from django.views.decorators.http import require_GET, require_POST
48
from django.views.generic.detail import SingleObjectMixin
49
from django.views.generic import (TemplateView, DetailView, View, DeleteView,
50
                                  UpdateView, CreateView, ListView)
51
from django.contrib import messages
52 53 54
from django.utils.translation import (
    ugettext as _, ugettext_noop, ungettext_lazy
)
55
from django.template.loader import render_to_string
56
from django.template import RequestContext
57

58
from django.forms.models import inlineformset_factory
59
from django_tables2 import SingleTableView
60 61
from braces.views import (LoginRequiredMixin, SuperuserRequiredMixin,
                          PermissionRequiredMixin)
62
from braces.views._access import AccessMixin
63
from celery.exceptions import TimeoutError
Kálmán Viktor committed
64

65 66
from django_sshkey.models import UserKey

67
from .forms import (
68
    CircleAuthenticationForm, HostForm, LeaseForm, MyProfileForm,
69
    NodeForm, TemplateForm, TraitForm, VmCustomizeForm, GroupCreateForm,
70
    UserCreationForm, GroupProfileUpdateForm, UnsubscribeForm,
71
    VmSaveForm, UserKeyForm, VmRenewForm,
72
    CirclePasswordChangeForm, VmCreateDiskForm, VmDownloadDiskForm,
73 74
    TraitsForm, RawDataForm, GroupPermissionForm, AclUserAddForm,
    VmAddInterfaceForm,
75
)
76 77 78

from .tables import (
    NodeListTable, NodeVmListTable, TemplateListTable, LeaseListTable,
79
    GroupListTable, UserKeyListTable
80
)
81
from common.models import HumanReadableObject, HumanReadableException
Őry Máté committed
82 83 84 85
from vm.models import (
    Instance, instance_activity, InstanceActivity, InstanceTemplate, Interface,
    InterfaceTemplate, Lease, Node, NodeActivity, Trait,
)
86
from storage.models import Disk
87
from firewall.models import Vlan, Host, Rule
88
from .models import Favourite, Profile, GroupProfile, FutureMember
89

90
from .store_api import Store, NoStoreException
Kálmán Viktor committed
91

Őry Máté committed
92
logger = logging.getLogger(__name__)
93
saml_available = hasattr(settings, "SAML_CONFIG")
94

95

96 97 98 99
def search_user(keyword):
    try:
        return User.objects.get(username=keyword)
    except User.DoesNotExist:
100 101 102 103
        try:
            return User.objects.get(profile__org_id=keyword)
        except User.DoesNotExist:
            return User.objects.get(email=keyword)
104 105


106 107 108 109 110 111 112 113 114 115 116 117 118
class RedirectToLoginMixin(AccessMixin):

    redirect_exception_classes = (PermissionDenied, )

    def dispatch(self, request, *args, **kwargs):
        try:
            return super(RedirectToLoginMixin, self).dispatch(
                request, *args, **kwargs)
        except self.redirect_exception_classes:
            if not request.user.is_authenticated():
                return redirect_to_login(request.get_full_path(),
                                         self.get_login_url(),
                                         self.get_redirect_field_name())
119 120
            else:
                raise
121 122


123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145
class GroupCodeMixin(object):

    @classmethod
    def get_available_group_codes(cls, request):
        newgroups = []
        if saml_available:
            from djangosaml2.cache import StateCache, IdentityCache
            from djangosaml2.conf import get_config
            from djangosaml2.views import _get_subject_id
            from saml2.client import Saml2Client

            state = StateCache(request.session)
            conf = get_config(None, request)
            client = Saml2Client(conf, state_cache=state,
                                 identity_cache=IdentityCache(request.session),
                                 logger=logger)
            subject_id = _get_subject_id(request.session)
            identity = client.users.get_identity(subject_id,
                                                 check_not_on_or_after=False)
            if identity:
                attributes = identity[0]
                owneratrs = getattr(
                    settings, 'SAML_GROUP_OWNER_ATTRIBUTES', [])
146 147
                for group in chain(*[attributes[i]
                                     for i in owneratrs if i in attributes]):
148 149 150 151 152 153 154 155
                    try:
                        GroupProfile.search(group)
                    except Group.DoesNotExist:
                        newgroups.append(group)

        return newgroups


156
class FilterMixin(object):
157

158 159 160 161
    def get_queryset_filters(self):
        filters = {}
        for item in self.allowed_filters:
            if item in self.request.GET:
162 163 164 165 166
                filters[self.allowed_filters[item]] = (
                    self.request.GET[item].split(",")
                    if self.allowed_filters[item].endswith("__in") else
                    self.request.GET[item])

167
        return filters
168

169 170 171
    def get_queryset(self):
        return super(FilterMixin,
                     self).get_queryset().filter(**self.get_queryset_filters())
172 173


174
class IndexView(LoginRequiredMixin, TemplateView):
Kálmán Viktor committed
175
    template_name = "dashboard/index.html"
176

177
    def get_context_data(self, **kwargs):
178
        user = self.request.user
179
        context = super(IndexView, self).get_context_data(**kwargs)
180

181
        # instances
182
        favs = Instance.objects.filter(favourite__user=self.request.user)
183
        instances = Instance.get_objects_with_level(
184
            'user', user, disregard_superuser=True).filter(destroyed_at=None)
185 186 187
        display = list(favs) + list(set(instances) - set(favs))
        for d in display:
            d.fav = True if d in favs else False
188
        context.update({
189
            'instances': display[:5],
190
            'more_instances': instances.count() - len(instances[:5])
191 192
        })

193 194
        running = instances.filter(status='RUNNING')
        stopped = instances.exclude(status__in=('RUNNING', 'NOSTATE'))
195

196
        context.update({
197 198 199
            'running_vms': running[:20],
            'running_vm_num': running.count(),
            'stopped_vm_num': stopped.count()
200
        })
201

202 203 204 205
        # nodes
        if user.is_superuser:
            nodes = Node.objects.all()
            context.update({
206 207
                'nodes': nodes[:5],
                'more_nodes': nodes.count() - len(nodes[:5]),
208 209 210 211 212 213 214 215 216 217
                'sum_node_num': nodes.count(),
                'node_num': {
                    'running': Node.get_state_count(True, True),
                    'missing': Node.get_state_count(False, True),
                    'disabled': Node.get_state_count(True, False),
                    'offline': Node.get_state_count(False, False)
                }
            })

        # groups
218
        if user.has_module_perms('auth'):
219 220
            profiles = GroupProfile.get_objects_with_level('operator', user)
            groups = Group.objects.filter(groupprofile__in=profiles)
221 222 223 224
            context.update({
                'groups': groups[:5],
                'more_groups': groups.count() - len(groups[:5]),
            })
225 226 227 228 229 230

        # template
        if user.has_perm('vm.create_template'):
            context['templates'] = InstanceTemplate.get_objects_with_level(
                'operator', user).all()[:5]

Kálmán Viktor committed
231
        # toplist
232
        if settings.STORE_URL:
233
            cache_key = "files-%d" % self.request.user.pk
234
            cache = get_cache("default")
235 236
            files = cache.get(cache_key)
            if not files:
237
                try:
238 239 240 241
                    store = Store(self.request.user)
                    toplist = store.toplist()
                    quota = store.get_quota()
                    files = {'toplist': toplist, 'quota': quota}
242 243 244
                except Exception:
                    logger.exception("Unable to get tolist for %s",
                                     unicode(self.request.user))
245 246
                    files = {'toplist': []}
                cache.set(cache_key, files, 300)
Kálmán Viktor committed
247

248
            context['files'] = files
249 250
        else:
            context['no_store'] = True
Kálmán Viktor committed
251

252 253
        return context

254

255
class CheckedDetailView(LoginRequiredMixin, DetailView):
256 257
    read_level = 'user'

258 259 260
    def get_has_level(self):
        return self.object.has_level

261 262
    def get_context_data(self, **kwargs):
        context = super(CheckedDetailView, self).get_context_data(**kwargs)
263
        if not self.get_has_level()(self.request.user, self.read_level):
264 265 266 267
            raise PermissionDenied()
        return context


268 269 270 271 272 273 274 275
class VmDetailVncTokenView(CheckedDetailView):
    template_name = "dashboard/vm-detail.html"
    model = Instance

    def get(self, request, **kwargs):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'operator'):
            raise PermissionDenied()
276 277
        if not request.user.has_perm('vm.access_console'):
            raise PermissionDenied()
278
        if self.object.node:
279 280 281 282
            with instance_activity(
                    code_suffix='console-accessed', instance=self.object,
                    user=request.user, readable_name=ugettext_noop(
                        "console access"), concurrency_check=False):
283 284 285 286 287
                port = self.object.vnc_port
                host = str(self.object.node.host.ipv4)
                value = signing.dumps({'host': host, 'port': port},
                                      key=getenv("PROXY_SECRET", 'asdasd')),
                return HttpResponse('vnc/?d=%s' % value)
288 289 290 291
        else:
            raise Http404()


292
class VmDetailView(CheckedDetailView):
Kálmán Viktor committed
293
    template_name = "dashboard/vm-detail.html"
294
    model = Instance
295 296

    def get_context_data(self, **kwargs):
297
        context = super(VmDetailView, self).get_context_data(**kwargs)
298
        instance = context['instance']
299
        ops = get_operations(instance, self.request.user)
300
        context.update({
Bach Dániel committed
301
            'graphite_enabled': settings.GRAPHITE_URL is not None,
302
            'vnc_url': reverse_lazy("dashboard.views.detail-vnc",
303
                                    kwargs={'pk': self.object.pk}),
304 305
            'ops': ops,
            'op': {i.op: i for i in ops},
306
        })
307 308

        # activity data
309 310 311 312 313
        activities = instance.get_merged_activities(self.request.user)
        show_show_all = len(activities) > 10
        activities = activities[:10]
        context['activities'] = activities
        context['show_show_all'] = show_show_all
314

315
        context['vlans'] = Vlan.get_objects_with_level(
316
            'user', self.request.user
317
        ).exclude(  # exclude already added interfaces
318 319 320
            pk__in=Interface.objects.filter(
                instance=self.get_object()).values_list("vlan", flat=True)
        ).all()
321 322
        context['acl'] = AclUpdateView.get_acl_data(
            instance, self.request.user, 'dashboard.views.vm-acl')
323
        context['aclform'] = AclUserAddForm()
324 325
        context['os_type_icon'] = instance.os_type.replace("unknown",
                                                           "question")
326 327 328
        # ipv6 infos
        context['ipv6_host'] = instance.get_connect_host(use_ipv6=True)
        context['ipv6_port'] = instance.get_connect_port(use_ipv6=True)
329 330 331 332 333

        # resources forms
        if self.request.user.is_superuser:
            context['traits_form'] = TraitsForm(instance=instance)
            context['raw_data_form'] = RawDataForm(instance=instance)
334

335 336 337
        # resources change perm
        context['can_change_resources'] = self.request.user.has_perm(
            "vm.change_resources")
338

339
        return context
Kálmán Viktor committed
340

341
    def post(self, request, *args, **kwargs):
342 343
        options = {
            'new_name': self.__set_name,
344
            'new_description': self.__set_description,
345 346
            'new_tag': self.__add_tag,
            'to_remove': self.__remove_tag,
347
            'port': self.__add_port,
348
            'abort_operation': self.__abort_operation,
349 350 351 352
        }
        for k, v in options.iteritems():
            if request.POST.get(k) is not None:
                return v(request)
353 354 355
        raise Http404()

        raise Http404()
356

357 358
    def __set_name(self, request):
        self.object = self.get_object()
359 360
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
361 362 363 364
        new_name = request.POST.get("new_name")
        Instance.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

365
        success_message = _("VM successfully renamed.")
366 367 368 369 370 371 372 373 374 375 376 377
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
                'vm_pk': self.object.pk
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
378 379 380 381 382 383 384 385 386 387 388
            return redirect(self.object.get_absolute_url())

    def __set_description(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()

        new_description = request.POST.get("new_description")
        Instance.objects.filter(pk=self.object.pk).update(
            **{'description': new_description})

389
        success_message = _("VM description successfully updated.")
390 391 392 393 394 395 396 397 398 399 400 401
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_description': new_description,
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(self.object.get_absolute_url())
402

Kálmán Viktor committed
403 404 405
    def __add_tag(self, request):
        new_tag = request.POST.get('new_tag')
        self.object = self.get_object()
406 407
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
Kálmán Viktor committed
408 409

        if len(new_tag) < 1:
410
            message = u"Please input something."
Kálmán Viktor committed
411
        elif len(new_tag) > 20:
412
            message = u"Tag name is too long."
Kálmán Viktor committed
413 414 415 416 417 418 419 420 421 422 423 424 425 426 427
        else:
            self.object.tags.add(new_tag)

        try:
            messages.error(request, message)
        except:
            pass

        return redirect(reverse_lazy("dashboard.views.detail",
                                     kwargs={'pk': self.object.pk}))

    def __remove_tag(self, request):
        try:
            to_remove = request.POST.get('to_remove')
            self.object = self.get_object()
428 429
            if not self.object.has_level(request.user, 'owner'):
                raise PermissionDenied()
Kálmán Viktor committed
430 431 432 433 434 435 436 437 438 439 440

            self.object.tags.remove(to_remove)
            message = u"Success"
        except:  # note this won't really happen
            message = u"Not success"

        if request.is_ajax():
            return HttpResponse(
                json.dumps({'message': message}),
                content_type="application=json"
            )
441 442 443
        else:
            return redirect(reverse_lazy("dashboard.views.detail",
                            kwargs={'pk': self.object.pk}))
Kálmán Viktor committed
444

445 446
    def __add_port(self, request):
        object = self.get_object()
447 448
        if (not object.has_level(request.user, 'owner') or
                not request.user.has_perm('vm.config_ports')):
449
            raise PermissionDenied()
450 451 452 453 454 455

        port = request.POST.get("port")
        proto = request.POST.get("proto")

        try:
            error = None
456 457 458
            interfaces = object.interface_set.all()
            host = Host.objects.get(pk=request.POST.get("host_pk"),
                                    interface__in=interfaces)
459
            host.add_port(proto, private=port)
460 461 462 463 464
        except Host.DoesNotExist:
            logger.error('Tried to add port to nonexistent host %d. User: %s. '
                         'Instance: %s', request.POST.get("host_pk"),
                         unicode(request.user), object)
            raise PermissionDenied()
465
        except ValueError:
466
            error = _("There is a problem with your input.")
467
        except Exception as e:
Bach Dániel committed
468 469
            error = _("Unknown error.")
            logger.error(e)
470 471 472 473 474 475 476 477 478

        if request.is_ajax():
            pass
        else:
            if error:
                messages.error(request, error)
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.get_object().pk}))

479
    def __abort_operation(self, request):
Kálmán Viktor committed
480 481 482 483
        self.object = self.get_object()

        activity = get_object_or_404(InstanceActivity,
                                     pk=request.POST.get("activity"))
484 485
        if not activity.is_abortable_for(request.user):
            raise PermissionDenied()
Kálmán Viktor committed
486 487 488
        activity.abort()
        return redirect("%s#activity" % self.object.get_absolute_url())

489

490
class VmTraitsUpdate(SuperuserRequiredMixin, UpdateView):
491 492 493 494 495 496 497
    form_class = TraitsForm
    model = Instance

    def get_success_url(self):
        return self.get_object().get_absolute_url() + "#resources"


498
class VmRawDataUpdate(SuperuserRequiredMixin, UpdateView):
499 500
    form_class = RawDataForm
    model = Instance
501
    template_name = 'dashboard/vm-detail/raw_data.html'
502 503 504 505 506

    def get_success_url(self):
        return self.get_object().get_absolute_url() + "#resources"


507
class OperationView(RedirectToLoginMixin, DetailView):
508

509
    template_name = 'dashboard/operate.html'
510
    show_in_toolbar = True
511
    effect = None
512
    wait_for_result = None
513

514 515 516
    @property
    def name(self):
        return self.get_op().name
517

518 519 520
    @property
    def description(self):
        return self.get_op().description
521

522 523 524
    def is_preferred(self):
        return self.get_op().is_preferred()

525 526 527
    @classmethod
    def get_urlname(cls):
        return 'dashboard.vm.op.%s' % cls.op
528

529 530 531 532 533 534 535 536 537 538
    @classmethod
    def get_instance_url(cls, pk, key=None, *args, **kwargs):
        url = reverse(cls.get_urlname(), args=(pk, ) + args, kwargs=kwargs)
        if key is None:
            return url
        else:
            return "%s?k=%s" % (url, key)

    def get_url(self, **kwargs):
        return self.get_instance_url(self.get_object().pk, **kwargs)
539

540
    def get_template_names(self):
541
        if self.request.is_ajax():
542
            return ['dashboard/_modal.html']
543
        else:
544
            return ['dashboard/_base.html']
545

546 547 548
    @classmethod
    def get_op_by_object(cls, obj):
        return getattr(obj, cls.op)
549

550 551 552 553
    def get_op(self):
        if not hasattr(self, '_opobj'):
            setattr(self, '_opobj', getattr(self.get_object(), self.op))
        return self._opobj
554

555
    def get_context_data(self, **kwargs):
556
        ctx = super(OperationView, self).get_context_data(**kwargs)
557
        ctx['op'] = self.get_op()
558
        ctx['opview'] = self
559 560 561 562
        url = self.request.path
        if self.request.GET:
            url += '?' + self.request.GET.urlencode()
        ctx['url'] = url
563
        ctx['template'] = super(OperationView, self).get_template_names()[0]
564
        return ctx
565

566 567 568 569
    def check_auth(self):
        logger.debug("OperationView.check_auth(%s)", unicode(self))
        self.get_op().check_auth(self.request.user)

570
    def get(self, request, *args, **kwargs):
571
        self.check_auth()
572
        return super(OperationView, self).get(request, *args, **kwargs)
573

574
    def get_response_data(self, result, done, extra=None, **kwargs):
575 576 577 578 579 580
        """Return serializable data to return to agents requesting json
        response to POST"""

        if extra is None:
            extra = {}
        extra["success"] = not isinstance(result, Exception)
581 582 583
        extra["done"] = done
        if isinstance(result, HumanReadableObject):
            extra["message"] = result.get_user_text()
584 585
        return extra

586
    def post(self, request, extra=None, *args, **kwargs):
587
        self.check_auth()
588
        self.object = self.get_object()
589 590
        if extra is None:
            extra = {}
591
        result = None
592
        done = False
593
        try:
594
            task = self.get_op().async(user=request.user, **extra)
595 596 597 598
        except HumanReadableException as e:
            e.send_message(request)
            logger.exception("Could not start operation")
            result = e
599 600
        except Exception as e:
            messages.error(request, _('Could not start operation.'))
601
            logger.exception("Could not start operation")
602
            result = e
603
        else:
604 605 606 607 608 609 610 611
            wait = self.wait_for_result
            if wait:
                try:
                    result = task.get(timeout=wait,
                                      interval=min((wait / 5, .5)))
                except TimeoutError:
                    logger.debug("Result didn't arrive in %ss",
                                 self.wait_for_result, exc_info=True)
612 613 614 615
                except HumanReadableException as e:
                    e.send_message(request)
                    logger.exception(e)
                    result = e
616 617 618 619 620
                except Exception as e:
                    messages.error(request, _('Operation failed.'))
                    logger.debug("Operation failed.", exc_info=True)
                    result = e
                else:
621
                    done = True
622
                    messages.success(request, _('Operation succeeded.'))
623
            if result is None and not done:
624
                messages.success(request, _('Operation is started.'))
625 626

        if "/json" in request.META.get("HTTP_ACCEPT", ""):
627 628
            data = self.get_response_data(result, done,
                                          post_extra=extra, **kwargs)
629 630 631 632
            return HttpResponse(json.dumps(data),
                                content_type="application/json")
        else:
            return redirect("%s#activity" % self.object.get_absolute_url())
633

634
    @classmethod
635 636
    def factory(cls, op, icon='cog', effect='info', extra_bases=(), **kwargs):
        kwargs.update({'op': op, 'icon': icon, 'effect': effect})
637
        return type(str(cls.__name__ + op),
638
                    tuple(list(extra_bases) + [cls]), kwargs)
639

640
    @classmethod
641
    def bind_to_object(cls, instance, **kwargs):
642 643
        me = cls()
        me.get_object = lambda: instance
644
        for key, value in kwargs.iteritems():
645 646
            setattr(me, key, value)
        return me
647 648


649
class AjaxOperationMixin(object):
650

651
    def post(self, request, extra=None, *args, **kwargs):
652 653
        resp = super(AjaxOperationMixin, self).post(
            request, extra, *args, **kwargs)
654 655 656 657
        if request.is_ajax():
            store = messages.get_messages(request)
            store.used = True
            return HttpResponse(
658
                json.dumps({'success': True,
659
                            'with_reload': getattr(self, 'with_reload', False),
660 661 662 663 664 665
                            'messages': [unicode(m) for m in store]}),
                content_type="application=json"
            )
        else:
            return resp

666

667 668 669 670 671 672
class VmOperationView(AjaxOperationMixin, OperationView):

    model = Instance
    context_object_name = 'instance'  # much simpler to mock object


673 674 675 676
class FormOperationMixin(object):

    form_class = None

677 678 679
    def get_form_kwargs(self):
        return {}

680 681 682
    def get_context_data(self, **kwargs):
        ctx = super(FormOperationMixin, self).get_context_data(**kwargs)
        if self.request.method == 'POST':
683 684
            ctx['form'] = self.form_class(self.request.POST,
                                          **self.get_form_kwargs())
685
        else:
686
            ctx['form'] = self.form_class(**self.get_form_kwargs())
687 688 689 690 691
        return ctx

    def post(self, request, extra=None, *args, **kwargs):
        if extra is None:
            extra = {}
692
        form = self.form_class(self.request.POST, **self.get_form_kwargs())
693 694
        if form.is_valid():
            extra.update(form.cleaned_data)
695
            resp = super(FormOperationMixin, self).post(
696
                request, extra, *args, **kwargs)
697 698
            if request.is_ajax():
                return HttpResponse(
699 700 701
                    json.dumps({
                        'success': True,
                        'with_reload': getattr(self, 'with_reload', False)}),
702 703 704 705
                    content_type="application=json"
                )
            else:
                return resp
706 707 708 709
        else:
            return self.get(request)


710 711 712 713 714 715 716 717
class RequestFormOperationMixin(FormOperationMixin):

    def get_form_kwargs(self):
        val = super(FormOperationMixin, self).get_form_kwargs()
        val.update({'request': self.request})
        return val


718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736
class VmAddInterfaceView(FormOperationMixin, VmOperationView):

    op = 'add_interface'
    form_class = VmAddInterfaceForm
    show_in_toolbar = False
    icon = 'globe'
    effect = 'success'
    with_reload = True

    def get_form_kwargs(self):
        inst = self.get_op().instance
        choices = Vlan.get_objects_with_level(
            "user", self.request.user).exclude(
            vm_interface__instance__in=[inst])
        val = super(VmAddInterfaceView, self).get_form_kwargs()
        val.update({'choices': choices})
        return val


737 738 739 740 741
class VmCreateDiskView(FormOperationMixin, VmOperationView):

    op = 'create_disk'
    form_class = VmCreateDiskForm
    show_in_toolbar = False
742
    icon = 'hdd-o'
743
    effect = "success"
744
    is_disk_operation = True
745 746 747 748 749 750 751 752


class VmDownloadDiskView(FormOperationMixin, VmOperationView):

    op = 'download_disk'
    form_class = VmDownloadDiskForm
    show_in_toolbar = False
    icon = 'download'
753
    effect = "success"
754
    is_disk_operation = True
755 756


757 758 759 760
class VmMigrateView(VmOperationView):

    op = 'migrate'
    icon = 'truck'
761
    effect = 'info'
762 763 764
    template_name = 'dashboard/_vm-migrate.html'

    def get_context_data(self, **kwargs):
765
        ctx = super(VmMigrateView, self).get_context_data(**kwargs)
766 767 768 769 770
        ctx['nodes'] = [n for n in Node.objects.filter(enabled=True)
                        if n.state == "ONLINE"]
        return ctx

    def post(self, request, extra=None, *args, **kwargs):
771 772
        if extra is None:
            extra = {}
773 774 775 776 777 778 779
        node = self.request.POST.get("node")
        if node:
            node = get_object_or_404(Node, pk=node)
            extra["to_node"] = node
        return super(VmMigrateView, self).post(request, extra, *args, **kwargs)


780
class VmSaveView(FormOperationMixin, VmOperationView):
781 782 783

    op = 'save_as_template'
    icon = 'save'
784
    effect = 'info'
785
    form_class = VmSaveForm
786

787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809

class VmResourcesChangeView(VmOperationView):
    op = 'resources_change'
    icon = "save"
    show_in_toolbar = False

    def post(self, request, extra=None, *args, **kwargs):
        if extra is None:
            extra = {}

        resources = {
            'num_cores': "cpu-count",
            'priority': "cpu-priority",
            'ram_size': "ram-size",
            "max_ram_size": "ram-size",  # TODO
        }
        for k, v in resources.iteritems():
            extra[k] = request.POST.get(v)

        return super(VmResourcesChangeView, self).post(request, extra,
                                                       *args, **kwargs)


810 811 812 813 814 815
class TokenOperationView(OperationView):
    """Abstract operation view with token support.

    User can do the action with a valid token instead of logging in.
    """
    token_max_age = 3 * 24 * 3600
816
    redirect_exception_classes = (PermissionDenied, SuspiciousOperation, )
817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850

    @classmethod
    def get_salt(cls):
        return unicode(cls)

    @classmethod
    def get_token(cls, instance, user):
        t = tuple([getattr(i, 'pk', i) for i in [instance, user]])
        return signing.dumps(t, salt=cls.get_salt(), compress=True)

    @classmethod
    def get_token_url(cls, instance, user):
        key = cls.get_token(instance, user)
        return cls.get_instance_url(instance.pk, key)

    def check_auth(self):
        if 'k' in self.request.GET:
            try:  # check if token is needed at all
                return super(TokenOperationView, self).check_auth()
            except Exception:
                op = self.get_op()
                pk = op.instance.pk
                key = self.request.GET.get('k')

                logger.debug("checking token supplied to %s",
                             self.request.get_full_path())
                try:
                    user = self.validate_key(pk, key)
                except signing.SignatureExpired:
                    messages.error(self.request, _('The token has expired.'))
                else:
                    logger.info("Request user changed to %s at %s",
                                user, self.request.get_full_path())
                    self.request.user = user
851
                    self.request.token_user = True
852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886
        else:
            logger.debug("no token supplied to %s",
                         self.request.get_full_path())

        return super(TokenOperationView, self).check_auth()

    def validate_key(self, pk, key):
        """Get object based on signed token.
        """
        try:
            data = signing.loads(key, salt=self.get_salt())
            logger.debug('Token data: %s', unicode(data))
            instance, user = data
            logger.debug('Extracted token data: instance: %s, user: %s',
                         unicode(instance), unicode(user))
        except (signing.BadSignature, ValueError, TypeError) as e:
            logger.warning('Tried invalid token. Token: %s, user: %s. %s',
                           key, unicode(self.request.user), unicode(e))
            raise SuspiciousOperation()

        try:
            instance, user = signing.loads(key, max_age=self.token_max_age,
                                           salt=self.get_salt())
            logger.debug('Extracted non-expired token data: %s, %s',
                         unicode(instance), unicode(user))
        except signing.BadSignature as e:
            raise signing.SignatureExpired()

        if pk != instance:
            logger.debug('pk (%d) != instance (%d)', pk, instance)
            raise SuspiciousOperation()
        user = User.objects.get(pk=user)
        return user


887 888
class VmRenewView(FormOperationMixin, TokenOperationView, VmOperationView):

889 890 891 892
    op = 'renew'
    icon = 'calendar'
    effect = 'info'
    show_in_toolbar = False
893
    form_class = VmRenewForm
894
    wait_for_result = 0.5
895 896 897 898 899

    def get_form_kwargs(self):
        choices = Lease.get_objects_with_level("user", self.request.user)
        default = self.get_op().instance.lease
        if default and default not in choices:
900 901
            choices = (choices.distinct() |
                       Lease.objects.filter(pk=default.pk).distinct())
902 903 904 905

        val = super(VmRenewView, self).get_form_kwargs()
        val.update({'choices': choices, 'default': default})
        return val
906

907 908
    def get_response_data(self, result, done, extra=None, **kwargs):
        extra = super(VmRenewView, self).get_response_data(result, done,
909 910 911 912 913
                                                           extra, **kwargs)
        extra["new_suspend_time"] = unicode(self.get_op().
                                            instance.time_of_suspend)
        return extra

914

915 916
vm_ops = OrderedDict([
    ('deploy', VmOperationView.factory(
917
        op='deploy', icon='play', effect='success')),
918
    ('wake_up', VmOperationView.factory(
919
        op='wake_up', icon='sun-o', effect='success')),
920
    ('sleep', VmOperationView.factory(
921
        extra_bases=[TokenOperationView],
922
        op='sleep', icon='moon-o', effect='info')),
923 924 925
    ('migrate', VmMigrateView),
    ('save_as_template', VmSaveView),
    ('reboot', VmOperationView.factory(
926
        op='reboot', icon='refresh', effect='warning')),
927
    ('reset', VmOperationView.factory(
928
        op='reset', icon='bolt', effect='warning')),
929
    ('shutdown', VmOperationView.factory(
930
        op='shutdown', icon='power-off', effect='warning')),
931
    ('shut_off', VmOperationView.factory(
932
        op='shut_off', icon='ban', effect='warning')),
933 934
    ('recover', VmOperationView.factory(
        op='recover', icon='medkit', effect='warning')),
935
    ('nostate', VmOperationView.factory(
936
        op='emergency_change_state', icon='legal', effect='danger')),
937
    ('destroy', VmOperationView.factory(
938
        extra_bases=[TokenOperationView],
939
        op='destroy', icon='times', effect='danger')),
940 941
    ('create_disk', VmCreateDiskView),
    ('download_disk', VmDownloadDiskView),
942
    ('add_interface', VmAddInterfaceView),
943
    ('renew', VmRenewView),
944
    ('resources_change', VmResourcesChangeView),
945 946
    ('password_reset', VmOperationView.factory(
        op='password_reset', icon='unlock', effect='warning',
947
        show_in_toolbar=False, wait_for_result=0.5, with_reload=True)),
948
])
949 950 951 952 953 954 955 956 957


def get_operations(instance, user):
    ops = []
    for k, v in vm_ops.iteritems():
        try:
            op = v.get_op_by_object(instance)
            op.check_auth(user)
            op.check_precond()
958
        except PermissionDenied as e:
959 960
            logger.debug('Not showing operation %s for %s: %s',
                         k, instance, unicode(e))
961 962
        except Exception:
            ops.append(v.bind_to_object(instance, disabled=True))
963 964 965
        else:
            ops.append(v.bind_to_object(instance))
    return ops
966

Kálmán Viktor committed
967

968
class NodeDetailView(LoginRequiredMixin, SuperuserRequiredMixin, DetailView):
969 970
    template_name = "dashboard/node-detail.html"
    model = Node
971 972
    form = None
    form_class = TraitForm
973

974 975 976
    def get_context_data(self, form=None, **kwargs):
        if form is None:
            form = self.form_class()
977
        context = super(NodeDetailView, self).get_context_data(**kwargs)
978 979
        instances = Instance.active.filter(node=self.object)
        context['table'] = NodeVmListTable(instances)
980 981 982 983
        na = NodeActivity.objects.filter(
            node=self.object, parent=None
        ).order_by('-started').select_related()
        context['activities'] = na
984
        context['trait_form'] = form
985
        context['graphite_enabled'] = (
Bach Dániel committed
986
            settings.GRAPHITE_URL is not None)
987 988
        return context

989 990 991
    def post(self, request, *args, **kwargs):
        if request.POST.get('new_name'):
            return self.__set_name(request)
992 993
        if request.POST.get('to_remove'):
            return self.__remove_trait(request)
994 995
        return redirect(reverse_lazy("dashboard.views.node-detail",
                                     kwargs={'pk': self.get_object().pk}))
996 997 998 999 1000 1001 1002

    def __set_name(self, request):
        self.object = self.get_object()
        new_name = request.POST.get("new_name")
        Node.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

1003
        success_message = _("Node successfully renamed.")
1004 1005 1006 1007 1008
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
                'node_pk': self.object.pk
1009 1010 1011 1012 1013 1014 1015 1016 1017 1018
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.node-detail",
                                         kwargs={'pk': self.object.pk}))

1019 1020 1021 1022
    def __remove_trait(self, request):
        try:
            to_remove = request.POST.get('to_remove')
            self.object = self.get_object()
1023
            self.object.traits.remove(to_remove)
1024 1025 1026 1027 1028 1029 1030
            message = u"Success"
        except:  # note this won't really happen
            message = u"Not success"

        if request.is_ajax():
            return HttpResponse(
                json.dumps({'message': message}),
1031
                content_type="application/json"
1032
            )
1033
        else:
1034
            return redirect(self.object.get_absolute_url())
1035

1036

1037
class GroupDetailView(CheckedDetailView):
1038 1039
    template_name = "dashboard/group-detail.html"
    model = Group
1040
    read_level = 'operator'
1041 1042 1043

    def get_has_level(self):
        return self.object.profile.has_level
1044 1045 1046

    def get_context_data(self, **kwargs):
        context = super(GroupDetailView, self).get_context_data(**kwargs)
1047 1048
        context['group'] = self.object
        context['users'] = self.object.user_set.all()
1049 1050
        context['future_users'] = FutureMember.objects.filter(
            group=self.object)
1051 1052 1053
        context['acl'] = AclUpdateView.get_acl_data(
            self.object.profile, self.request.user,
            'dashboard.views.group-acl')
1054
        context['aclform'] = AclUserAddForm()
1055 1056
        context['group_profile_form'] = GroupProfileUpdate.get_form_object(
            self.request, self.object.profile)
1057 1058 1059 1060 1061

        if self.request.user.is_superuser:
            context['group_perm_form'] = GroupPermissionForm(
                instance=self.object)

1062 1063 1064
        return context

    def post(self, request, *args, **kwargs):
1065 1066 1067
        self.object = self.get_object()
        if not self.get_has_level()(request.user, 'operator'):
            raise PermissionDenied()
1068

1069 1070
        if request.POST.get('new_name'):
            return self.__set_name(request)
1071
        if request.POST.get('list-new-name'):
1072
            return self.__add_user(request)
1073
        if request.POST.get('list-new-namelist'):
1074
            return self.__add_list(request)
1075 1076 1077 1078
        if (request.POST.get('list-new-name') is not None) and \
                (request.POST.get('list-new-namelist') is not None):
            return redirect(reverse_lazy("dashboard.views.group-detail",
                                         kwargs={'pk': self.get_object().pk}))
1079 1080

    def __add_user(self, request):
1081
        name = request.POST['list-new-name']
1082 1083 1084
        self.__add_username(request, name)
        return redirect(reverse_lazy("dashboard.views.group-detail",
                                     kwargs={'pk': self.object.pk}))
1085 1086

    def __add_username(self, request, name):
1087
        if not name:
1088
            return
1089
        try:
1090
            entity = search_user(name)
1091
            self.object.user_set.add(entity)
1092
        except User.DoesNotExist:
1093 1094 1095 1096
            if saml_available:
                FutureMember.objects.get_or_create(org_id=name,
                                                   group=self.object)
            else:
1097
                messages.warning(request, _('User "%s" not found.') % name)
1098

1099
    def __add_list(self, request):
1100 1101
        if not self.get_has_level()(request.user, 'operator'):
            raise PermissionDenied()
1102 1103 1104
        userlist = request.POST.get('list-new-namelist').split('\r\n')
        for line in userlist:
            self.__add_username(request, line)
1105 1106
        return redirect(reverse_lazy("dashboard.views.group-detail",
                                     kwargs={'pk': self.object.pk}))
1107 1108 1109 1110 1111 1112

    def __set_name(self, request):
        new_name = request.POST.get("new_name")
        Group.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

1113
        success_message = _("Group successfully renamed.")
1114 1115 1116 1117
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
1118
                'group_pk': self.object.pk
1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.group-detail",
                                         kwargs={'pk': self.object.pk}))


1130 1131 1132 1133 1134 1135 1136
class GroupPermissionsView(SuperuserRequiredMixin, UpdateView):
    model = Group
    form_class = GroupPermissionForm
    slug_field = "pk"
    slug_url_kwarg = "group_pk"

    def get_success_url(self):
1137
        return "%s#group-detail-permissions" % (
1138 1139 1140
            self.get_object().groupprofile.get_absolute_url())


1141
class AclUpdateView(LoginRequiredMixin, View, SingleObjectMixin):
1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156
    def send_success_message(self, whom, old_level, new_level):
        if old_level and new_level:
            msg = _("Acl user/group %(w)s successfully modified.")
        elif not old_level and new_level:
            msg = _("Acl user/group %(w)s successfully added.")
        elif old_level and not new_level:
            msg = _("Acl user/group %(w)s successfully removed.")
        if msg:
            messages.success(self.request, msg % {'w': whom})

    def get_level(self, whom):
        for u, level in self.acl_data:
            if u == whom:
                return level
        return None
1157

1158 1159 1160
    @classmethod
    def get_acl_data(cls, obj, user, url):
        levels = obj.ACL_LEVELS
1161 1162
        allowed_levels = list(l for l in OrderedDict(levels)
                              if cls.has_next_level(user, obj, l))
1163 1164
        is_owner = 'owner' in allowed_levels

1165 1166
        allowed_users = cls.get_allowed_users(user)
        allowed_groups = cls.get_allowed_groups(user)