views.py 103 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
# Copyright 2014 Budapest University of Technology and Economics (BME IK)
#
# This file is part of CIRCLE Cloud.
#
# CIRCLE is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# CIRCLE is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along
# with CIRCLE.  If not, see <http://www.gnu.org/licenses/>.

18
from __future__ import unicode_literals, absolute_import
19

20
from itertools import chain
21 22
from os import getenv
import json
Őry Máté committed
23
import logging
24
import re
25
from hashlib import md5
26
import requests
27

28
from django.conf import settings
29
from django.contrib.auth.models import User, Group
Őry Máté committed
30
from django.contrib.auth.views import login, redirect_to_login
31
from django.contrib.messages import warning
32
from django.contrib.messages.views import SuccessMessageMixin
33
from django.core.exceptions import (
34
    PermissionDenied, SuspiciousOperation,
35
)
36 37
from django.core import signing
from django.core.urlresolvers import reverse, reverse_lazy
38
from django.db.models import Count
39
from django.http import HttpResponse, HttpResponseRedirect, Http404
Őry Máté committed
40
from django.shortcuts import redirect, render, get_object_or_404
41
from django.views.decorators.http import require_GET, require_POST
42
from django.views.generic.detail import SingleObjectMixin
43
from django.views.generic import (TemplateView, DetailView, View, DeleteView,
44
                                  UpdateView, CreateView, ListView)
45 46
from django.contrib import messages
from django.utils.translation import ugettext as _
47
from django.utils.translation import ungettext as __
48
from django.template.loader import render_to_string
49
from django.template import RequestContext
50
from django.templatetags.static import static
51

52
from django.forms.models import inlineformset_factory
53
from django_tables2 import SingleTableView
54 55
from braces.views import (LoginRequiredMixin, SuperuserRequiredMixin,
                          PermissionRequiredMixin)
56
from braces.views._access import AccessMixin
Kálmán Viktor committed
57

58
from .forms import (
59
    CircleAuthenticationForm, HostForm, LeaseForm, MyProfileForm,
60
    NodeForm, TemplateForm, TraitForm, VmCustomizeForm, GroupCreateForm,
61
    UserCreationForm, GroupProfileUpdateForm, UnsubscribeForm,
62 63
    VmSaveForm,
    CirclePasswordChangeForm, VmCreateDiskForm, VmDownloadDiskForm,
64
)
65 66 67 68

from .tables import (
    NodeListTable, NodeVmListTable, TemplateListTable, LeaseListTable,
    GroupListTable,
69
)
Őry Máté committed
70 71 72 73
from vm.models import (
    Instance, instance_activity, InstanceActivity, InstanceTemplate, Interface,
    InterfaceTemplate, Lease, Node, NodeActivity, Trait,
)
74
from storage.models import Disk
75
from firewall.models import Vlan, Host, Rule
76
from .models import Favourite, Profile, GroupProfile
77

Őry Máté committed
78
logger = logging.getLogger(__name__)
79
saml_available = hasattr(settings, "SAML_CONFIG")
80

81

82 83 84 85
def search_user(keyword):
    try:
        return User.objects.get(username=keyword)
    except User.DoesNotExist:
86 87 88 89
        try:
            return User.objects.get(profile__org_id=keyword)
        except User.DoesNotExist:
            return User.objects.get(email=keyword)
90 91


92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114
class GroupCodeMixin(object):

    @classmethod
    def get_available_group_codes(cls, request):
        newgroups = []
        if saml_available:
            from djangosaml2.cache import StateCache, IdentityCache
            from djangosaml2.conf import get_config
            from djangosaml2.views import _get_subject_id
            from saml2.client import Saml2Client

            state = StateCache(request.session)
            conf = get_config(None, request)
            client = Saml2Client(conf, state_cache=state,
                                 identity_cache=IdentityCache(request.session),
                                 logger=logger)
            subject_id = _get_subject_id(request.session)
            identity = client.users.get_identity(subject_id,
                                                 check_not_on_or_after=False)
            if identity:
                attributes = identity[0]
                owneratrs = getattr(
                    settings, 'SAML_GROUP_OWNER_ATTRIBUTES', [])
115 116
                for group in chain(*[attributes[i]
                                     for i in owneratrs if i in attributes]):
117 118 119 120 121 122 123 124
                    try:
                        GroupProfile.search(group)
                    except Group.DoesNotExist:
                        newgroups.append(group)

        return newgroups


125
class FilterMixin(object):
126

127 128 129 130 131 132
    def get_queryset_filters(self):
        filters = {}
        for item in self.allowed_filters:
            if item in self.request.GET:
                filters[self.allowed_filters[item]] = self.request.GET[item]
        return filters
133

134 135 136
    def get_queryset(self):
        return super(FilterMixin,
                     self).get_queryset().filter(**self.get_queryset_filters())
137 138


139
class IndexView(LoginRequiredMixin, TemplateView):
Kálmán Viktor committed
140
    template_name = "dashboard/index.html"
141

142
    def get_context_data(self, **kwargs):
143
        user = self.request.user
144
        context = super(IndexView, self).get_context_data(**kwargs)
145

146
        # instances
147
        favs = Instance.objects.filter(favourite__user=self.request.user)
148
        instances = Instance.get_objects_with_level(
149
            'user', user, disregard_superuser=True).filter(destroyed_at=None)
150 151 152
        display = list(favs) + list(set(instances) - set(favs))
        for d in display:
            d.fav = True if d in favs else False
153
        context.update({
154
            'instances': display[:5],
155
            'more_instances': instances.count() - len(instances[:5])
156 157
        })

158 159
        running = instances.filter(status='RUNNING')
        stopped = instances.exclude(status__in=('RUNNING', 'NOSTATE'))
160

161
        context.update({
162 163 164
            'running_vms': running[:20],
            'running_vm_num': running.count(),
            'stopped_vm_num': stopped.count()
165
        })
166

167 168 169 170
        # nodes
        if user.is_superuser:
            nodes = Node.objects.all()
            context.update({
171 172
                'nodes': nodes[:5],
                'more_nodes': nodes.count() - len(nodes[:5]),
173 174 175 176 177 178 179 180 181 182
                'sum_node_num': nodes.count(),
                'node_num': {
                    'running': Node.get_state_count(True, True),
                    'missing': Node.get_state_count(False, True),
                    'disabled': Node.get_state_count(True, False),
                    'offline': Node.get_state_count(False, False)
                }
            })

        # groups
183
        if user.has_module_perms('auth'):
184 185
            profiles = GroupProfile.get_objects_with_level('operator', user)
            groups = Group.objects.filter(groupprofile__in=profiles)
186 187 188 189
            context.update({
                'groups': groups[:5],
                'more_groups': groups.count() - len(groups[:5]),
            })
190 191 192 193 194 195

        # template
        if user.has_perm('vm.create_template'):
            context['templates'] = InstanceTemplate.get_objects_with_level(
                'operator', user).all()[:5]

196 197
        return context

198

199
def get_vm_acl_data(obj):
200 201 202 203 204 205 206 207 208
    levels = obj.ACL_LEVELS
    users = obj.get_users_with_level()
    users = [{'user': u, 'level': l} for u, l in users]
    groups = obj.get_groups_with_level()
    groups = [{'group': g, 'level': l} for g, l in groups]
    return {'users': users, 'groups': groups, 'levels': levels,
            'url': reverse('dashboard.views.vm-acl', args=[obj.pk])}


209 210 211 212 213 214 215 216 217 218 219
def get_group_acl_data(obj):
    aclobj = obj.profile
    levels = aclobj.ACL_LEVELS
    users = aclobj.get_users_with_level()
    users = [{'user': u, 'level': l} for u, l in users]
    groups = aclobj.get_groups_with_level()
    groups = [{'group': g, 'level': l} for g, l in groups]
    return {'users': users, 'groups': groups, 'levels': levels,
            'url': reverse('dashboard.views.group-acl', args=[obj.pk])}


220
class CheckedDetailView(LoginRequiredMixin, DetailView):
221 222
    read_level = 'user'

223 224 225
    def get_has_level(self):
        return self.object.has_level

226 227
    def get_context_data(self, **kwargs):
        context = super(CheckedDetailView, self).get_context_data(**kwargs)
228
        if not self.get_has_level()(self.request.user, self.read_level):
229 230 231 232
            raise PermissionDenied()
        return context


233 234 235 236 237 238 239 240 241
class VmDetailVncTokenView(CheckedDetailView):
    template_name = "dashboard/vm-detail.html"
    model = Instance

    def get(self, request, **kwargs):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'operator'):
            raise PermissionDenied()
        if self.object.node:
242 243 244 245 246 247 248 249
            with instance_activity(code_suffix='console-accessed',
                                   instance=self.object, user=request.user,
                                   concurrency_check=False):
                port = self.object.vnc_port
                host = str(self.object.node.host.ipv4)
                value = signing.dumps({'host': host, 'port': port},
                                      key=getenv("PROXY_SECRET", 'asdasd')),
                return HttpResponse('vnc/?d=%s' % value)
250 251 252 253
        else:
            raise Http404()


254
class VmDetailView(CheckedDetailView):
Kálmán Viktor committed
255
    template_name = "dashboard/vm-detail.html"
256
    model = Instance
257 258

    def get_context_data(self, **kwargs):
259
        context = super(VmDetailView, self).get_context_data(**kwargs)
260
        instance = context['instance']
261
        ops = get_operations(instance, self.request.user)
262 263 264
        context.update({
            'graphite_enabled': VmGraphView.get_graphite_url() is not None,
            'vnc_url': reverse_lazy("dashboard.views.detail-vnc",
265
                                    kwargs={'pk': self.object.pk}),
266 267
            'ops': ops,
            'op': {i.op: i for i in ops},
268
        })
269 270

        # activity data
271
        context['activities'] = self.object.get_activities(self.request.user)
272

273
        context['vlans'] = Vlan.get_objects_with_level(
274
            'user', self.request.user
275
        ).exclude(  # exclude already added interfaces
276 277 278
            pk__in=Interface.objects.filter(
                instance=self.get_object()).values_list("vlan", flat=True)
        ).all()
279
        context['acl'] = get_vm_acl_data(instance)
280 281
        context['os_type_icon'] = instance.os_type.replace("unknown",
                                                           "question")
282 283 284
        # ipv6 infos
        context['ipv6_host'] = instance.get_connect_host(use_ipv6=True)
        context['ipv6_port'] = instance.get_connect_port(use_ipv6=True)
285
        return context
Kálmán Viktor committed
286

287 288 289 290 291
    def post(self, request, *args, **kwargs):
        if (request.POST.get('ram-size') and request.POST.get('cpu-count')
                and request.POST.get('cpu-priority')):
            return self.__set_resources(request)

292 293 294
        options = {
            'change_password': self.__change_password,
            'new_name': self.__set_name,
295
            'new_description': self.__set_description,
296 297
            'new_tag': self.__add_tag,
            'to_remove': self.__remove_tag,
298 299
            'port': self.__add_port,
            'new_network_vlan': self.__new_network,
300
            'abort_operation': self.__abort_operation,
301 302 303 304
        }
        for k, v in options.iteritems():
            if request.POST.get(k) is not None:
                return v(request)
Kálmán Viktor committed
305

306 307 308 309
    def __change_password(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
Kálmán Viktor committed
310

311
        self.object.change_password(user=request.user)
312
        messages.success(request, _("Password changed."))
313
        if request.is_ajax():
314
            return HttpResponse("Success.")
315 316 317
        else:
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.object.pk}))
318

319 320 321 322
    def __set_resources(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
323 324
        if not request.user.has_perm('vm.change_resources'):
            raise PermissionDenied()
325 326 327 328

        resources = {
            'num_cores': request.POST.get('cpu-count'),
            'ram_size': request.POST.get('ram-size'),
329
            'max_ram_size': request.POST.get('ram-size'),  # TODO: max_ram
330 331 332 333
            'priority': request.POST.get('cpu-priority')
        }
        Instance.objects.filter(pk=self.object.pk).update(**resources)

334
        success_message = _("Resources successfully updated.")
335 336 337 338 339 340 341 342 343 344 345
        if request.is_ajax():
            response = {'message': success_message}
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.object.pk}))

346 347
    def __set_name(self, request):
        self.object = self.get_object()
348 349
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
350 351 352 353
        new_name = request.POST.get("new_name")
        Instance.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

354
        success_message = _("VM successfully renamed.")
355 356 357 358 359 360 361 362 363 364 365 366
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
                'vm_pk': self.object.pk
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
367 368 369 370 371 372 373 374 375 376 377
            return redirect(self.object.get_absolute_url())

    def __set_description(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()

        new_description = request.POST.get("new_description")
        Instance.objects.filter(pk=self.object.pk).update(
            **{'description': new_description})

378
        success_message = _("VM description successfully updated.")
379 380 381 382 383 384 385 386 387 388 389 390
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_description': new_description,
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(self.object.get_absolute_url())
391

Kálmán Viktor committed
392 393 394
    def __add_tag(self, request):
        new_tag = request.POST.get('new_tag')
        self.object = self.get_object()
395 396
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
Kálmán Viktor committed
397 398

        if len(new_tag) < 1:
399
            message = u"Please input something."
Kálmán Viktor committed
400
        elif len(new_tag) > 20:
401
            message = u"Tag name is too long."
Kálmán Viktor committed
402 403 404 405 406 407 408 409 410 411 412 413 414 415 416
        else:
            self.object.tags.add(new_tag)

        try:
            messages.error(request, message)
        except:
            pass

        return redirect(reverse_lazy("dashboard.views.detail",
                                     kwargs={'pk': self.object.pk}))

    def __remove_tag(self, request):
        try:
            to_remove = request.POST.get('to_remove')
            self.object = self.get_object()
417 418
            if not self.object.has_level(request.user, 'owner'):
                raise PermissionDenied()
Kálmán Viktor committed
419 420 421 422 423 424 425 426 427 428 429

            self.object.tags.remove(to_remove)
            message = u"Success"
        except:  # note this won't really happen
            message = u"Not success"

        if request.is_ajax():
            return HttpResponse(
                json.dumps({'message': message}),
                content_type="application=json"
            )
430 431 432
        else:
            return redirect(reverse_lazy("dashboard.views.detail",
                            kwargs={'pk': self.object.pk}))
Kálmán Viktor committed
433

434 435
    def __add_port(self, request):
        object = self.get_object()
436 437
        if (not object.has_level(request.user, 'owner') or
                not request.user.has_perm('vm.config_ports')):
438
            raise PermissionDenied()
439 440 441 442 443 444

        port = request.POST.get("port")
        proto = request.POST.get("proto")

        try:
            error = None
445 446 447
            interfaces = object.interface_set.all()
            host = Host.objects.get(pk=request.POST.get("host_pk"),
                                    interface__in=interfaces)
448
            host.add_port(proto, private=port)
449 450 451 452 453
        except Host.DoesNotExist:
            logger.error('Tried to add port to nonexistent host %d. User: %s. '
                         'Instance: %s', request.POST.get("host_pk"),
                         unicode(request.user), object)
            raise PermissionDenied()
454
        except ValueError:
455
            error = _("There is a problem with your input.")
456
        except Exception as e:
Bach Dániel committed
457 458
            error = _("Unknown error.")
            logger.error(e)
459 460 461 462 463 464 465 466 467

        if request.is_ajax():
            pass
        else:
            if error:
                messages.error(request, error)
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.get_object().pk}))

468 469 470 471 472
    def __new_network(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()

473
        vlan = get_object_or_404(Vlan, pk=request.POST.get("new_network_vlan"))
474 475
        if not vlan.has_level(request.user, 'user'):
            raise PermissionDenied()
476
        try:
477
            self.object.add_interface(vlan=vlan, user=request.user)
478
            messages.success(request, _("Successfully added new interface."))
479 480 481 482 483 484 485
        except Exception, e:
            error = u' '.join(e.messages)
            messages.error(request, error)

        return redirect("%s#network" % reverse_lazy(
            "dashboard.views.detail", kwargs={'pk': self.object.pk}))

486
    def __abort_operation(self, request):
Kálmán Viktor committed
487 488 489 490
        self.object = self.get_object()

        activity = get_object_or_404(InstanceActivity,
                                     pk=request.POST.get("activity"))
491 492
        if not activity.is_abortable_for(request.user):
            raise PermissionDenied()
Kálmán Viktor committed
493 494 495
        activity.abort()
        return redirect("%s#activity" % self.object.get_absolute_url())

496

497
class OperationView(DetailView):
498

499
    template_name = 'dashboard/operate.html'
500
    show_in_toolbar = True
501

502 503 504
    @property
    def name(self):
        return self.get_op().name
505

506 507 508
    @property
    def description(self):
        return self.get_op().description
509

510 511 512
    @classmethod
    def get_urlname(cls):
        return 'dashboard.vm.op.%s' % cls.op
513

514 515
    def get_url(self):
        return reverse(self.get_urlname(), args=(self.get_object().pk, ))
516

517 518 519 520 521
    def get_wrapper_template_name(self):
        if self.request.is_ajax():
            return 'dashboard/_modal.html'
        else:
            return 'dashboard/_base.html'
522

523 524 525
    @classmethod
    def get_op_by_object(cls, obj):
        return getattr(obj, cls.op)
526

527 528 529 530
    def get_op(self):
        if not hasattr(self, '_opobj'):
            setattr(self, '_opobj', getattr(self.get_object(), self.op))
        return self._opobj
531

532
    def get_context_data(self, **kwargs):
533
        ctx = super(OperationView, self).get_context_data(**kwargs)
534 535 536
        ctx['op'] = self.get_op()
        ctx['url'] = self.request.path
        return ctx
537

538 539 540 541 542 543 544
    def get(self, request, *args, **kwargs):
        self.get_op().check_auth(request.user)
        response = super(OperationView, self).get(request, *args, **kwargs)
        response.render()
        response.content = render_to_string(self.get_wrapper_template_name(),
                                            {'body': response.content})
        return response
545

546
    def post(self, request, extra=None, *args, **kwargs):
547
        self.object = self.get_object()
548 549
        if extra is None:
            extra = {}
550
        try:
551
            self.get_op().async(user=request.user, **extra)
552 553 554
        except Exception as e:
            messages.error(request, _('Could not start operation.'))
            logger.error(e)
555
        return redirect("%s#activity" % self.object.get_absolute_url())
556

557 558 559 560
    @classmethod
    def factory(cls, op, icon='cog'):
        return type(str(cls.__name__ + op),
                    (cls, ), {'op': op, 'icon': icon})
561

562 563 564 565 566 567 568 569 570 571
    @classmethod
    def bind_to_object(cls, instance):
        v = cls()
        v.get_object = lambda: instance
        return v


class VmOperationView(OperationView):

    model = Instance
572
    context_object_name = 'instance'  # much simpler to mock object
573

574

575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598
class FormOperationMixin(object):

    form_class = None

    def get_context_data(self, **kwargs):
        ctx = super(FormOperationMixin, self).get_context_data(**kwargs)
        if self.request.method == 'POST':
            ctx['form'] = self.form_class(self.request.POST)
        else:
            ctx['form'] = self.form_class()
        return ctx

    def post(self, request, extra=None, *args, **kwargs):
        if extra is None:
            extra = {}
        form = self.form_class(self.request.POST)
        if form.is_valid():
            extra.update(form.cleaned_data)
            return super(FormOperationMixin, self).post(
                request, extra, *args, **kwargs)
        else:
            return self.get(request)


599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614
class VmCreateDiskView(FormOperationMixin, VmOperationView):

    op = 'create_disk'
    form_class = VmCreateDiskForm
    show_in_toolbar = False
    icon = 'hdd'


class VmDownloadDiskView(FormOperationMixin, VmOperationView):

    op = 'download_disk'
    form_class = VmDownloadDiskForm
    show_in_toolbar = False
    icon = 'download'


615 616 617 618 619 620 621
class VmMigrateView(VmOperationView):

    op = 'migrate'
    icon = 'truck'
    template_name = 'dashboard/_vm-migrate.html'

    def get_context_data(self, **kwargs):
622
        ctx = super(VmMigrateView, self).get_context_data(**kwargs)
623 624 625 626 627
        ctx['nodes'] = [n for n in Node.objects.filter(enabled=True)
                        if n.state == "ONLINE"]
        return ctx

    def post(self, request, extra=None, *args, **kwargs):
628 629
        if extra is None:
            extra = {}
630 631 632 633 634 635 636
        node = self.request.POST.get("node")
        if node:
            node = get_object_or_404(Node, pk=node)
            extra["to_node"] = node
        return super(VmMigrateView, self).post(request, extra, *args, **kwargs)


637
class VmSaveView(FormOperationMixin, VmOperationView):
638 639 640

    op = 'save_as_template'
    icon = 'save'
641
    form_class = VmSaveForm
642

643 644 645
vm_ops = {
    'reset': VmOperationView.factory(op='reset', icon='bolt'),
    'deploy': VmOperationView.factory(op='deploy', icon='play'),
646
    'migrate': VmMigrateView,
647 648 649
    'reboot': VmOperationView.factory(op='reboot', icon='refresh'),
    'shut_off': VmOperationView.factory(op='shut_off', icon='ban-circle'),
    'shutdown': VmOperationView.factory(op='shutdown', icon='off'),
650
    'save_as_template': VmSaveView,
651 652 653
    'destroy': VmOperationView.factory(op='destroy', icon='remove'),
    'sleep': VmOperationView.factory(op='sleep', icon='moon'),
    'wake_up': VmOperationView.factory(op='wake_up', icon='sun'),
654 655
    'create_disk': VmCreateDiskView,
    'download_disk': VmDownloadDiskView,
656 657 658 659 660 661 662 663 664 665
}


def get_operations(instance, user):
    ops = []
    for k, v in vm_ops.iteritems():
        try:
            op = v.get_op_by_object(instance)
            op.check_auth(user)
            op.check_precond()
666 667 668
        except Exception as e:
            logger.debug('Not showing operation %s for %s: %s',
                         k, instance, unicode(e))
669 670 671
        else:
            ops.append(v.bind_to_object(instance))
    return ops
672

Kálmán Viktor committed
673

674
class NodeDetailView(LoginRequiredMixin, SuperuserRequiredMixin, DetailView):
675 676
    template_name = "dashboard/node-detail.html"
    model = Node
677 678
    form = None
    form_class = TraitForm
679

680 681 682
    def get_context_data(self, form=None, **kwargs):
        if form is None:
            form = self.form_class()
683
        context = super(NodeDetailView, self).get_context_data(**kwargs)
684 685
        instances = Instance.active.filter(node=self.object)
        context['table'] = NodeVmListTable(instances)
686 687 688 689
        na = NodeActivity.objects.filter(
            node=self.object, parent=None
        ).order_by('-started').select_related()
        context['activities'] = na
690
        context['trait_form'] = form
691 692
        context['graphite_enabled'] = (
            NodeGraphView.get_graphite_url() is not None)
693 694
        return context

695 696 697
    def post(self, request, *args, **kwargs):
        if request.POST.get('new_name'):
            return self.__set_name(request)
698 699
        if request.POST.get('to_remove'):
            return self.__remove_trait(request)
700 701
        return redirect(reverse_lazy("dashboard.views.node-detail",
                                     kwargs={'pk': self.get_object().pk}))
702 703 704 705 706 707 708

    def __set_name(self, request):
        self.object = self.get_object()
        new_name = request.POST.get("new_name")
        Node.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

709
        success_message = _("Node successfully renamed.")
710 711 712 713 714
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
                'node_pk': self.object.pk
715 716 717 718 719 720 721 722 723 724
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.node-detail",
                                         kwargs={'pk': self.object.pk}))

725 726 727 728
    def __remove_trait(self, request):
        try:
            to_remove = request.POST.get('to_remove')
            self.object = self.get_object()
729
            self.object.traits.remove(to_remove)
730 731 732 733 734 735 736
            message = u"Success"
        except:  # note this won't really happen
            message = u"Not success"

        if request.is_ajax():
            return HttpResponse(
                json.dumps({'message': message}),
737
                content_type="application/json"
738
            )
739
        else:
740
            return redirect(self.object.get_absolute_url())
741

742

743
class GroupDetailView(CheckedDetailView):
744 745
    template_name = "dashboard/group-detail.html"
    model = Group
746
    read_level = 'operator'
747 748 749

    def get_has_level(self):
        return self.object.profile.has_level
750 751 752

    def get_context_data(self, **kwargs):
        context = super(GroupDetailView, self).get_context_data(**kwargs)
753 754 755
        context['group'] = self.object
        context['users'] = self.object.user_set.all()
        context['acl'] = get_group_acl_data(self.object)
756 757
        context['group_profile_form'] = GroupProfileUpdate.get_form_object(
            self.request, self.object.profile)
758 759 760
        return context

    def post(self, request, *args, **kwargs):
761 762 763
        self.object = self.get_object()
        if not self.get_has_level()(request.user, 'operator'):
            raise PermissionDenied()
764 765
        if request.POST.get('new_name'):
            return self.__set_name(request)
766
        if request.POST.get('list-new-name'):
767
            return self.__add_user(request)
768
        if request.POST.get('list-new-namelist'):
769
            return self.__add_list(request)
770 771 772 773
        if (request.POST.get('list-new-name') is not None) and \
                (request.POST.get('list-new-namelist') is not None):
            return redirect(reverse_lazy("dashboard.views.group-detail",
                                         kwargs={'pk': self.get_object().pk}))
774 775

    def __add_user(self, request):
776
        name = request.POST['list-new-name']
777 778 779
        self.__add_username(request, name)
        return redirect(reverse_lazy("dashboard.views.group-detail",
                                     kwargs={'pk': self.object.pk}))
780 781

    def __add_username(self, request, name):
782
        if not name:
783
            return
784 785
        try:
            entity = User.objects.get(username=name)
786
            self.object.user_set.add(entity)
787 788
        except User.DoesNotExist:
            warning(request, _('User "%s" not found.') % name)
789

790
    def __add_list(self, request):
791 792
        if not self.get_has_level()(request.user, 'operator'):
            raise PermissionDenied()
793 794 795
        userlist = request.POST.get('list-new-namelist').split('\r\n')
        for line in userlist:
            self.__add_username(request, line)
796 797
        return redirect(reverse_lazy("dashboard.views.group-detail",
                                     kwargs={'pk': self.object.pk}))
798 799 800 801 802 803

    def __set_name(self, request):
        new_name = request.POST.get("new_name")
        Group.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

804
        success_message = _("Group successfully renamed.")
805 806 807 808
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
809
                'group_pk': self.object.pk
810 811 812 813 814 815 816 817 818 819 820
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.group-detail",
                                         kwargs={'pk': self.object.pk}))


821
class AclUpdateView(LoginRequiredMixin, View, SingleObjectMixin):
822

823
    def post(self, request, *args, **kwargs):
824
        instance = self.get_object()
825 826
        if not (instance.has_level(request.user, "owner") or
                getattr(instance, 'owner', None) == request.user):
Őry Máté committed
827 828
            logger.warning('Tried to set permissions of %s by non-owner %s.',
                           unicode(instance), unicode(request.user))
829
            raise PermissionDenied()
830
        self.set_levels(request, instance)
831
        self.remove_levels(request, instance)
832
        self.add_levels(request, instance)
833
        return redirect("%s#access" % instance.get_absolute_url())
834 835

    def set_levels(self, request, instance):
836 837 838
        for key, value in request.POST.items():
            m = re.match('perm-([ug])-(\d+)', key)
            if m:
839 840
                typ, id = m.groups()
                entity = {'u': User, 'g': Group}[typ].objects.get(id=id)
841
                if getattr(instance, "owner", None) == entity:
842 843 844
                    logger.info("Tried to set owner's acl level for %s by %s.",
                                unicode(instance), unicode(request.user))
                    continue
845
                instance.set_level(entity, value)
Őry Máté committed
846 847 848
                logger.info("Set %s's acl level for %s to %s by %s.",
                            unicode(entity), unicode(instance),
                            value, unicode(request.user))
849

850 851 852 853 854 855 856 857 858 859
    def remove_levels(self, request, instance):
        for key, value in request.POST.items():
            if key.startswith("remove"):
                typ = key[7:8]  # len("remove-")
                id = key[9:]  # len("remove-x-")
                entity = {'u': User, 'g': Group}[typ].objects.get(id=id)
                if getattr(instance, "owner", None) == entity:
                    logger.info("Tried to remove owner from %s by %s.",
                                unicode(instance), unicode(request.user))
                    msg = _("The original owner cannot be removed, however "
860
                            "you can transfer ownership.")
861 862 863 864 865 866 867
                    messages.warning(request, msg)
                    continue
                instance.set_level(entity, None)
                logger.info("Revoked %s's access to %s by %s.",
                            unicode(entity), unicode(instance),
                            unicode(request.user))

868
    def add_levels(self, request, instance):
869 870
        name = request.POST['perm-new-name']
        value = request.POST['perm-new']
871 872 873 874 875 876
        if not name:
            return
        try:
            entity = User.objects.get(username=name)
        except User.DoesNotExist:
            entity = None
877 878
            try:
                entity = Group.objects.get(name=name)
879 880 881 882
            except Group.DoesNotExist:
                warning(request, _('User or group "%s" not found.') % name)
                return

883
        instance.set_level(entity, value)
Őry Máté committed
884 885 886
        logger.info("Set %s's new acl level for %s to %s by %s.",
                    unicode(entity), unicode(instance),
                    value, unicode(request.user))
887

Kálmán Viktor committed
888

889 890 891 892 893 894 895 896 897 898
class TemplateAclUpdateView(AclUpdateView):
    model = InstanceTemplate

    def post(self, request, *args, **kwargs):
        template = self.get_object()
        if not (template.has_level(request.user, "owner") or
                getattr(template, 'owner', None) == request.user):
            logger.warning('Tried to set permissions of %s by non-owner %s.',
                           unicode(template), unicode(request.user))
            raise PermissionDenied()
899 900 901 902 903 904 905 906 907

        name = request.POST['perm-new-name']
        if (User.objects.filter(username=name).count() +
                Group.objects.filter(name=name).count() < 1
                and len(name) > 0):
            warning(request, _('User or group "%s" not found.') % name)
        else:
            self.set_levels(request, template)
            self.add_levels(request, template)
908
            self.remove_levels(request, template)
909 910 911 912 913 914

            post_for_disk = request.POST.copy()
            post_for_disk['perm-new'] = 'user'
            request.POST = post_for_disk
            for d in template.disks.all():
                self.add_levels(request, d)
915

916
        return redirect(template)
917 918


919 920 921 922 923 924 925 926 927 928
class GroupAclUpdateView(AclUpdateView):
    model = Group

    def post(self, request, *args, **kwargs):
        instance = self.get_object().profile
        if not (instance.has_level(request.user, "owner") or
                getattr(instance, 'owner', None) == request.user):
            logger.warning('Tried to set permissions of %s by non-owner %s.',
                           unicode(instance), unicode(request.user))
            raise PermissionDenied()
Kálmán Viktor committed
929 930 931

        self.set_levels(request, instance)
        self.add_levels(request, instance)
932 933 934 935
        return redirect(reverse("dashboard.views.group-detail",
                                kwargs=self.kwargs))


936 937 938 939 940 941 942 943 944 945
class TemplateChoose(TemplateView):

    def get_template_names(self):
        if self.request.is_ajax():
            return ['dashboard/modal-wrapper.html']
        else:
            return ['dashboard/nojs-wrapper.html']

    def get_context_data(self, *args, **kwargs):
        context = super(TemplateChoose, self).get_context_data(*args, **kwargs)
946
        templates = InstanceTemplate.get_objects_with_level("user",
947 948 949 950
                                                            self.request.user)
        context.update({
            'box_title': _('Choose template'),
            'ajax_title': False,
951
            'template': "dashboard/_template-choose.html",
952
            'templates': templates.all(),
953 954 955
        })
        return context

956 957 958 959 960 961 962
    def post(self, request, *args, **kwargs):
        if not request.user.has_perm('vm.create_template'):
            raise PermissionDenied()

        template = request.POST.get("parent")
        if template == "base_vm":
            return redirect(reverse("dashboard.views.template-create"))
963
        elif template is None:
964
            messages.warning(request, _("Select an option to proceed."))
965
            return redirect(reverse("dashboard.views.template-choose"))
966 967 968 969 970 971 972 973
        else:
            template = get_object_or_404(InstanceTemplate, pk=template)

        instance = Instance.create_from_template(
            template=template, owner=request.user, is_base=True)

        return redirect(instance.get_absolute_url())

974

975 976 977 978
class TemplateCreate(SuccessMessageMixin, CreateView):
    model = InstanceTemplate
    form_class = TemplateForm

979 980
    def get_template_names(self):
        if self.request.is_ajax():
981
            pass
982 983 984 985 986 987 988
        else:
            return ['dashboard/nojs-wrapper.html']

    def get_context_data(self, *args, **kwargs):
        context = super(TemplateCreate, self).get_context_data(*args, **kwargs)

        context.update({
989
            'box_title': _("Create a new base VM"),
990
            'template': "dashboard/_template-create.html",
991
            'leases': Lease.objects.count()
992 993 994
        })
        return context

995
    def get(self, *args, **kwargs):
996 997
        if not self.request.user.has_perm('vm.create_template'):
            raise PermissionDenied()
998

999 1000 1001 1002
        return super(TemplateCreate, self).get(*args, **kwargs)

    def get_form_kwargs(self):
        kwargs = super(TemplateCreate, self).get_form_kwargs()
1003
        kwargs['user'] = self.request.user
1004 1005
        return kwargs

1006 1007 1008
    def post(self, request, *args, **kwargs):
        if not self.request.user.has_perm('vm.create_template'):
            raise PermissionDenied()
1009 1010

        form = self.form_class(request.POST, user=request.user)
1011 1012
        if not form.is_valid():
            return self.get(request, form, *args, **kwargs)
1013
        else:
1014
            post = form.cleaned_data
1015 1016
            networks = self.__create_networks(post.pop("networks"),
                                              request.user)
1017
            post.pop("parent")
1018
            post['max_ram_size'] = post['ram_size']
1019 1020 1021 1022 1023 1024 1025
            req_traits = post.pop("req_traits")
            tags = post.pop("tags")
            post['pw'] = User.objects.make_random_password()
            post['is_base'] = True
            inst = Instance.create(params=post, disks=[],
                                   networks=networks,
                                   tags=tags, req_traits=req_traits)
1026

1027
            return redirect("%s#resources" % inst.get_absolute_url())
1028

1029 1030
        return super(TemplateCreate, self).post(self, request, args, kwargs)

1031
    def __create_networks(self, vlans, user):
1032 1033
        networks = []
        for v in vlans:
1034 1035
            if not v.has_level(user, "user"):
                raise PermissionDenied()
1036 1037 1038
            networks.append(InterfaceTemplate(vlan=v, managed=v.managed))
        return networks

1039 1040 1041 1042
    def get_success_url(self):
        return reverse_lazy("dashboard.views.template-list")


1043
class TemplateDetail(LoginRequiredMixin, SuccessMessageMixin, UpdateView):
1044
    model = InstanceTemplate
1045 1046
    template_name = "dashboard/template-edit.html"
    form_class = TemplateForm
1047
    success_message = _("Successfully modified template.")
1048 1049

    def get(self, request, *args, **kwargs):
1050
        template = self.get_object()
1051
        if not template.has_level(request.user, 'user'):
1052
            raise PermissionDenied()
1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073
        if request.is_ajax():
            template = {
                'num_cores': template.num_cores,
                'ram_size': template.ram_size,
                'priority': template.priority,
                'arch': template.arch,
                'description': template.description,
                'system': template.system,
                'name': template.name,
                'disks': [{'pk': d.pk, 'name': d.name}
                          for d in template.disks.all()],
                'network': [
                    {'vlan_pk': i.vlan.pk, 'vlan': i.vlan.name,
                     'managed': i.managed}
                    for i in InterfaceTemplate.objects.filter(
                        template=self.get_object()).all()
                ]
            }
            return HttpResponse(json.dumps(template),
                                content_type="application/json")
        else:
1074 1075
            return super(TemplateDetail, self).get(request, *args, **kwargs)

1076
    def get_context_data(self, **kwargs):
1077
        obj = self.get_object()
1078
        context = super(TemplateDetail, self).get_context_data(**kwargs)
1079 1080
        context['acl'] = get_vm_acl_data(obj)
        context['disks'] = obj.disks.all()
1081 1082
        return context

1083 1084 1085 1086
    def get_success_url(self):
        return reverse_lazy("dashboard.views.template-detail",
                            kwargs=self.kwargs)

1087 1088 1089 1090 1091 1092 1093
    def post(self, request, *args, **kwargs):
        template = self.get_object()
        if not template.has_level(request.user, 'owner'):
            raise PermissionDenied()
        for disk in self.get_object().disks.all():
            if not disk.has_level(request.user, 'user'):
                raise PermissionDenied()
1094 1095 1096
        for network in self.get_object().interface_set.all():
            if not network.vlan.has_level(request.user, "user"):
                raise PermissionDenied()
1097 1098
        return super(TemplateDetail, self).post(self, request, args, kwargs)

1099 1100 1101 1102 1103
    def get_form_kwargs(self):
        kwargs = super(TemplateDetail, self).get_form_kwargs()
        kwargs['user'] = self.request.user
        return kwargs

1104

1105
class TemplateList(LoginRequiredMixin, SingleTableView):
1106 1107 1108 1109 1110 1111 1112
    template_name = "dashboard/template-list.html"
    model = InstanceTemplate
    table_class = TemplateListTable
    table_pagination = False

    def get_context_data(self, *args, **kwargs):
        context = super(TemplateList, self).get_context_data(*args, **kwargs)
1113 1114
        context['lease_table'] = LeaseListTable(Lease.objects.all(),
                                                request=self.request)
1115
        return context
1116

1117 1118 1119 1120 1121 1122
    def get_queryset(self):
        logger.debug('TemplateList.get_queryset() called. User: %s',
                     unicode(self.request.user))
        return InstanceTemplate.get_objects_with_level(
            'user', self.request.user).all()

1123

1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142
class TemplateDelete(LoginRequiredMixin, DeleteView):
    model = InstanceTemplate

    def get_success_url(self):
        return reverse("dashboard.views.template-list")

    def get_template_names(self):
        if self.request.is_ajax():
            return ['dashboard/confirm/ajax-delete.html']
        else:
            return ['dashboard/confirm/base-delete.html']

    def delete(self, request, *args, **kwargs):
        object = self.get_object()
        if not object.has_level(request.user, 'owner'):
            raise PermissionDenied()

        object.delete()
        success_url = self.get_success_url()
1143
        success_message = _("Template successfully deleted.")
1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154

        if request.is_ajax():
            return HttpResponse(
                json.dumps({'message': success_message}),
                content_type="application/json",
            )
        else:
            messages.success(request, success_message)
            return HttpResponseRedirect(success_url)


1155
class VmList(LoginRequiredMixin, FilterMixin, ListView):
Kálmán Viktor committed
1156
    template_name = "dashboard/vm-list.html"
1157 1158 1159 1160 1161
    allowed_filters = {
        'name': "name__icontains",
        'node': "node__name__icontains",
        'status': "status__iexact",
        'tags': "tags__name__in",  # note: use it as ?tags[]=a,b
Kálmán Viktor committed
1162
        'owner': "owner__username",
1163
    }
1164

1165 1166
    def get(self, *args, **kwargs):
        if self.request.is_ajax():
1167 1168 1169 1170
            favs = Instance.objects.filter(
                favourite__user=self.request.user).values_list('pk', flat=True)
            instances = Instance.get_objects_with_level(
                'user', self.request.user).filter(
1171
                destroyed_at=None).all()
1172 1173 1174
            instances = [{
                'pk': i.pk,
                'name': i.name,
1175 1176 1177
                'icon': i.get_status_icon(),
                'host': "" if not i.primary_host else i.primary_host.hostname,
                'status': i.get_status_display(),
1178
                'fav': i.pk in favs} for i in instances]
1179
            return HttpResponse(
1180
                json.dumps(list(instances)),  # instances is ValuesQuerySet
1181 1182 1183 1184 1185
                content_type="application/json",
            )
        else:
            return super(VmList, self).get(*args, **kwargs)

1186
    def get_queryset(self):
1187
        logger.debug('VmList.get_queryset() called. User: %s',
1188
                     unicode(self.request.user))
1189
        queryset = Instance.get_objects_with_level(
1190
            'user', self.request.user).filter(destroyed_at=None)
1191

1192
        self.create_fake_get()
1193 1194 1195 1196
        sort = self.request.GET.get("sort")
        # remove "-" that means descending order
        # also check if the column name is valid
        if (sort and
1197
            (sort[1:] if sort[0] == "-" else sort)
1198
                in [i.name for i in Instance._meta.fields] + ["pk"]):