views.py 107 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
# Copyright 2014 Budapest University of Technology and Economics (BME IK)
#
# This file is part of CIRCLE Cloud.
#
# CIRCLE is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# CIRCLE is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along
# with CIRCLE.  If not, see <http://www.gnu.org/licenses/>.

18
from __future__ import unicode_literals, absolute_import
19

20
from itertools import chain
21 22
from os import getenv
import json
Őry Máté committed
23
import logging
24
import re
25
import requests
26

27
from django.conf import settings
28
from django.contrib.auth.models import User, Group
Őry Máté committed
29
from django.contrib.auth.views import login, redirect_to_login
30
from django.contrib.messages import warning
31
from django.contrib.messages.views import SuccessMessageMixin
32
from django.core.exceptions import (
33
    PermissionDenied, SuspiciousOperation,
34
)
35 36
from django.core import signing
from django.core.urlresolvers import reverse, reverse_lazy
37
from django.db.models import Count
38
from django.http import HttpResponse, HttpResponseRedirect, Http404
Őry Máté committed
39
from django.shortcuts import redirect, render, get_object_or_404
40
from django.views.decorators.http import require_GET, require_POST
41
from django.views.generic.detail import SingleObjectMixin
42
from django.views.generic import (TemplateView, DetailView, View, DeleteView,
43
                                  UpdateView, CreateView, ListView)
44 45
from django.contrib import messages
from django.utils.translation import ugettext as _
46
from django.utils.translation import ungettext as __
47
from django.template.loader import render_to_string
48
from django.template import RequestContext
49

50
from django.forms.models import inlineformset_factory
51
from django_tables2 import SingleTableView
52 53
from braces.views import (LoginRequiredMixin, SuperuserRequiredMixin,
                          PermissionRequiredMixin)
54
from braces.views._access import AccessMixin
Kálmán Viktor committed
55

56 57
from django_sshkey.models import UserKey

58
from .forms import (
59
    CircleAuthenticationForm, HostForm, LeaseForm, MyProfileForm,
60
    NodeForm, TemplateForm, TraitForm, VmCustomizeForm, GroupCreateForm,
61
    UserCreationForm, GroupProfileUpdateForm, UnsubscribeForm,
62
    VmSaveForm, UserKeyForm,
63
    CirclePasswordChangeForm, VmCreateDiskForm, VmDownloadDiskForm,
64
    TraitsForm, RawDataForm
65
)
66 67 68

from .tables import (
    NodeListTable, NodeVmListTable, TemplateListTable, LeaseListTable,
69
    GroupListTable, UserKeyListTable
70
)
Őry Máté committed
71 72 73 74
from vm.models import (
    Instance, instance_activity, InstanceActivity, InstanceTemplate, Interface,
    InterfaceTemplate, Lease, Node, NodeActivity, Trait,
)
75
from storage.models import Disk
76
from firewall.models import Vlan, Host, Rule
77
from .models import Favourite, Profile, GroupProfile
78

Őry Máté committed
79
logger = logging.getLogger(__name__)
80
saml_available = hasattr(settings, "SAML_CONFIG")
81

82

83 84 85 86
def search_user(keyword):
    try:
        return User.objects.get(username=keyword)
    except User.DoesNotExist:
87 88 89 90
        try:
            return User.objects.get(profile__org_id=keyword)
        except User.DoesNotExist:
            return User.objects.get(email=keyword)
91 92


93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115
class GroupCodeMixin(object):

    @classmethod
    def get_available_group_codes(cls, request):
        newgroups = []
        if saml_available:
            from djangosaml2.cache import StateCache, IdentityCache
            from djangosaml2.conf import get_config
            from djangosaml2.views import _get_subject_id
            from saml2.client import Saml2Client

            state = StateCache(request.session)
            conf = get_config(None, request)
            client = Saml2Client(conf, state_cache=state,
                                 identity_cache=IdentityCache(request.session),
                                 logger=logger)
            subject_id = _get_subject_id(request.session)
            identity = client.users.get_identity(subject_id,
                                                 check_not_on_or_after=False)
            if identity:
                attributes = identity[0]
                owneratrs = getattr(
                    settings, 'SAML_GROUP_OWNER_ATTRIBUTES', [])
116 117
                for group in chain(*[attributes[i]
                                     for i in owneratrs if i in attributes]):
118 119 120 121 122 123 124 125
                    try:
                        GroupProfile.search(group)
                    except Group.DoesNotExist:
                        newgroups.append(group)

        return newgroups


126
class FilterMixin(object):
127

128 129 130 131
    def get_queryset_filters(self):
        filters = {}
        for item in self.allowed_filters:
            if item in self.request.GET:
132 133 134 135 136
                filters[self.allowed_filters[item]] = (
                    self.request.GET[item].split(",")
                    if self.allowed_filters[item].endswith("__in") else
                    self.request.GET[item])

137
        return filters
138

139 140 141
    def get_queryset(self):
        return super(FilterMixin,
                     self).get_queryset().filter(**self.get_queryset_filters())
142 143


144
class IndexView(LoginRequiredMixin, TemplateView):
Kálmán Viktor committed
145
    template_name = "dashboard/index.html"
146

147
    def get_context_data(self, **kwargs):
148
        user = self.request.user
149
        context = super(IndexView, self).get_context_data(**kwargs)
150

151
        # instances
152
        favs = Instance.objects.filter(favourite__user=self.request.user)
153
        instances = Instance.get_objects_with_level(
154
            'user', user, disregard_superuser=True).filter(destroyed_at=None)
155 156 157
        display = list(favs) + list(set(instances) - set(favs))
        for d in display:
            d.fav = True if d in favs else False
158
        context.update({
159
            'instances': display[:5],
160
            'more_instances': instances.count() - len(instances[:5])
161 162
        })

163 164
        running = instances.filter(status='RUNNING')
        stopped = instances.exclude(status__in=('RUNNING', 'NOSTATE'))
165

166
        context.update({
167 168 169
            'running_vms': running[:20],
            'running_vm_num': running.count(),
            'stopped_vm_num': stopped.count()
170
        })
171

172 173 174 175
        # nodes
        if user.is_superuser:
            nodes = Node.objects.all()
            context.update({
176 177
                'nodes': nodes[:5],
                'more_nodes': nodes.count() - len(nodes[:5]),
178 179 180 181 182 183 184 185 186 187
                'sum_node_num': nodes.count(),
                'node_num': {
                    'running': Node.get_state_count(True, True),
                    'missing': Node.get_state_count(False, True),
                    'disabled': Node.get_state_count(True, False),
                    'offline': Node.get_state_count(False, False)
                }
            })

        # groups
188
        if user.has_module_perms('auth'):
189 190
            profiles = GroupProfile.get_objects_with_level('operator', user)
            groups = Group.objects.filter(groupprofile__in=profiles)
191 192 193 194
            context.update({
                'groups': groups[:5],
                'more_groups': groups.count() - len(groups[:5]),
            })
195 196 197 198 199 200

        # template
        if user.has_perm('vm.create_template'):
            context['templates'] = InstanceTemplate.get_objects_with_level(
                'operator', user).all()[:5]

201 202
        return context

203

204
def get_vm_acl_data(obj):
205 206 207 208 209 210 211 212 213
    levels = obj.ACL_LEVELS
    users = obj.get_users_with_level()
    users = [{'user': u, 'level': l} for u, l in users]
    groups = obj.get_groups_with_level()
    groups = [{'group': g, 'level': l} for g, l in groups]
    return {'users': users, 'groups': groups, 'levels': levels,
            'url': reverse('dashboard.views.vm-acl', args=[obj.pk])}


214 215 216 217 218 219 220 221 222 223 224
def get_group_acl_data(obj):
    aclobj = obj.profile
    levels = aclobj.ACL_LEVELS
    users = aclobj.get_users_with_level()
    users = [{'user': u, 'level': l} for u, l in users]
    groups = aclobj.get_groups_with_level()
    groups = [{'group': g, 'level': l} for g, l in groups]
    return {'users': users, 'groups': groups, 'levels': levels,
            'url': reverse('dashboard.views.group-acl', args=[obj.pk])}


225
class CheckedDetailView(LoginRequiredMixin, DetailView):
226 227
    read_level = 'user'

228 229 230
    def get_has_level(self):
        return self.object.has_level

231 232
    def get_context_data(self, **kwargs):
        context = super(CheckedDetailView, self).get_context_data(**kwargs)
233
        if not self.get_has_level()(self.request.user, self.read_level):
234 235 236 237
            raise PermissionDenied()
        return context


238 239 240 241 242 243 244 245 246
class VmDetailVncTokenView(CheckedDetailView):
    template_name = "dashboard/vm-detail.html"
    model = Instance

    def get(self, request, **kwargs):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'operator'):
            raise PermissionDenied()
        if self.object.node:
247 248 249 250 251 252 253 254
            with instance_activity(code_suffix='console-accessed',
                                   instance=self.object, user=request.user,
                                   concurrency_check=False):
                port = self.object.vnc_port
                host = str(self.object.node.host.ipv4)
                value = signing.dumps({'host': host, 'port': port},
                                      key=getenv("PROXY_SECRET", 'asdasd')),
                return HttpResponse('vnc/?d=%s' % value)
255 256 257 258
        else:
            raise Http404()


259
class VmDetailView(CheckedDetailView):
Kálmán Viktor committed
260
    template_name = "dashboard/vm-detail.html"
261
    model = Instance
262 263

    def get_context_data(self, **kwargs):
264
        context = super(VmDetailView, self).get_context_data(**kwargs)
265
        instance = context['instance']
266
        ops = get_operations(instance, self.request.user)
267
        context.update({
Bach Dániel committed
268
            'graphite_enabled': settings.GRAPHITE_URL is not None,
269
            'vnc_url': reverse_lazy("dashboard.views.detail-vnc",
270
                                    kwargs={'pk': self.object.pk}),
271 272
            'ops': ops,
            'op': {i.op: i for i in ops},
273
        })
274 275

        # activity data
276 277
        context['activities'] = self.object.get_merged_activities(
            self.request.user)
278

279
        context['vlans'] = Vlan.get_objects_with_level(
280
            'user', self.request.user
281
        ).exclude(  # exclude already added interfaces
282 283 284
            pk__in=Interface.objects.filter(
                instance=self.get_object()).values_list("vlan", flat=True)
        ).all()
285
        context['acl'] = get_vm_acl_data(instance)
286 287
        context['os_type_icon'] = instance.os_type.replace("unknown",
                                                           "question")
288 289 290
        # ipv6 infos
        context['ipv6_host'] = instance.get_connect_host(use_ipv6=True)
        context['ipv6_port'] = instance.get_connect_port(use_ipv6=True)
291 292 293 294 295

        # resources forms
        if self.request.user.is_superuser:
            context['traits_form'] = TraitsForm(instance=instance)
            context['raw_data_form'] = RawDataForm(instance=instance)
296
        return context
Kálmán Viktor committed
297

298 299 300 301 302
    def post(self, request, *args, **kwargs):
        if (request.POST.get('ram-size') and request.POST.get('cpu-count')
                and request.POST.get('cpu-priority')):
            return self.__set_resources(request)

303 304 305
        options = {
            'change_password': self.__change_password,
            'new_name': self.__set_name,
306
            'new_description': self.__set_description,
307 308
            'new_tag': self.__add_tag,
            'to_remove': self.__remove_tag,
309 310
            'port': self.__add_port,
            'new_network_vlan': self.__new_network,
311
            'abort_operation': self.__abort_operation,
312 313 314 315
        }
        for k, v in options.iteritems():
            if request.POST.get(k) is not None:
                return v(request)
Kálmán Viktor committed
316

317 318 319 320
    def __change_password(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
Kálmán Viktor committed
321

322
        self.object.change_password(user=request.user)
323
        messages.success(request, _("Password changed."))
324
        if request.is_ajax():
325
            return HttpResponse("Success.")
326 327 328
        else:
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.object.pk}))
329

330 331 332 333
    def __set_resources(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
334 335
        if not request.user.has_perm('vm.change_resources'):
            raise PermissionDenied()
336 337 338 339

        resources = {
            'num_cores': request.POST.get('cpu-count'),
            'ram_size': request.POST.get('ram-size'),
340
            'max_ram_size': request.POST.get('ram-size'),  # TODO: max_ram
341 342 343 344
            'priority': request.POST.get('cpu-priority')
        }
        Instance.objects.filter(pk=self.object.pk).update(**resources)

345
        success_message = _("Resources successfully updated.")
346 347 348 349 350 351 352 353 354 355 356
        if request.is_ajax():
            response = {'message': success_message}
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.object.pk}))

357 358
    def __set_name(self, request):
        self.object = self.get_object()
359 360
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
361 362 363 364
        new_name = request.POST.get("new_name")
        Instance.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

365
        success_message = _("VM successfully renamed.")
366 367 368 369 370 371 372 373 374 375 376 377
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
                'vm_pk': self.object.pk
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
378 379 380 381 382 383 384 385 386 387 388
            return redirect(self.object.get_absolute_url())

    def __set_description(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()

        new_description = request.POST.get("new_description")
        Instance.objects.filter(pk=self.object.pk).update(
            **{'description': new_description})

389
        success_message = _("VM description successfully updated.")
390 391 392 393 394 395 396 397 398 399 400 401
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_description': new_description,
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(self.object.get_absolute_url())
402

Kálmán Viktor committed
403 404 405
    def __add_tag(self, request):
        new_tag = request.POST.get('new_tag')
        self.object = self.get_object()
406 407
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
Kálmán Viktor committed
408 409

        if len(new_tag) < 1:
410
            message = u"Please input something."
Kálmán Viktor committed
411
        elif len(new_tag) > 20:
412
            message = u"Tag name is too long."
Kálmán Viktor committed
413 414 415 416 417 418 419 420 421 422 423 424 425 426 427
        else:
            self.object.tags.add(new_tag)

        try:
            messages.error(request, message)
        except:
            pass

        return redirect(reverse_lazy("dashboard.views.detail",
                                     kwargs={'pk': self.object.pk}))

    def __remove_tag(self, request):
        try:
            to_remove = request.POST.get('to_remove')
            self.object = self.get_object()
428 429
            if not self.object.has_level(request.user, 'owner'):
                raise PermissionDenied()
Kálmán Viktor committed
430 431 432 433 434 435 436 437 438 439 440

            self.object.tags.remove(to_remove)
            message = u"Success"
        except:  # note this won't really happen
            message = u"Not success"

        if request.is_ajax():
            return HttpResponse(
                json.dumps({'message': message}),
                content_type="application=json"
            )
441 442 443
        else:
            return redirect(reverse_lazy("dashboard.views.detail",
                            kwargs={'pk': self.object.pk}))
Kálmán Viktor committed
444

445 446
    def __add_port(self, request):
        object = self.get_object()
447 448
        if (not object.has_level(request.user, 'owner') or
                not request.user.has_perm('vm.config_ports')):
449
            raise PermissionDenied()
450 451 452 453 454 455

        port = request.POST.get("port")
        proto = request.POST.get("proto")

        try:
            error = None
456 457 458
            interfaces = object.interface_set.all()
            host = Host.objects.get(pk=request.POST.get("host_pk"),
                                    interface__in=interfaces)
459
            host.add_port(proto, private=port)
460 461 462 463 464
        except Host.DoesNotExist:
            logger.error('Tried to add port to nonexistent host %d. User: %s. '
                         'Instance: %s', request.POST.get("host_pk"),
                         unicode(request.user), object)
            raise PermissionDenied()
465
        except ValueError:
466
            error = _("There is a problem with your input.")
467
        except Exception as e:
Bach Dániel committed
468 469
            error = _("Unknown error.")
            logger.error(e)
470 471 472 473 474 475 476 477 478

        if request.is_ajax():
            pass
        else:
            if error:
                messages.error(request, error)
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.get_object().pk}))

479 480 481 482 483
    def __new_network(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()

484
        vlan = get_object_or_404(Vlan, pk=request.POST.get("new_network_vlan"))
485 486
        if not vlan.has_level(request.user, 'user'):
            raise PermissionDenied()
487
        try:
488
            self.object.add_interface(vlan=vlan, user=request.user)
489
            messages.success(request, _("Successfully added new interface."))
490 491 492 493 494 495 496
        except Exception, e:
            error = u' '.join(e.messages)
            messages.error(request, error)

        return redirect("%s#network" % reverse_lazy(
            "dashboard.views.detail", kwargs={'pk': self.object.pk}))

497
    def __abort_operation(self, request):
Kálmán Viktor committed
498 499 500 501
        self.object = self.get_object()

        activity = get_object_or_404(InstanceActivity,
                                     pk=request.POST.get("activity"))
502 503
        if not activity.is_abortable_for(request.user):
            raise PermissionDenied()
Kálmán Viktor committed
504 505 506
        activity.abort()
        return redirect("%s#activity" % self.object.get_absolute_url())

507

508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523
class VmTraitsUpdate(UpdateView):
    form_class = TraitsForm
    model = Instance

    def get_success_url(self):
        return self.get_object().get_absolute_url() + "#resources"


class VmRawDataUpdate(UpdateView):
    form_class = RawDataForm
    model = Instance

    def get_success_url(self):
        return self.get_object().get_absolute_url() + "#resources"


524
class OperationView(DetailView):
525

526
    template_name = 'dashboard/operate.html'
527
    show_in_toolbar = True
528

529 530 531
    @property
    def name(self):
        return self.get_op().name
532

533 534 535
    @property
    def description(self):
        return self.get_op().description
536

537 538 539
    @classmethod
    def get_urlname(cls):
        return 'dashboard.vm.op.%s' % cls.op
540

541 542
    def get_url(self):
        return reverse(self.get_urlname(), args=(self.get_object().pk, ))
543

544 545 546 547 548
    def get_wrapper_template_name(self):
        if self.request.is_ajax():
            return 'dashboard/_modal.html'
        else:
            return 'dashboard/_base.html'
549

550 551 552
    @classmethod
    def get_op_by_object(cls, obj):
        return getattr(obj, cls.op)
553

554 555 556 557
    def get_op(self):
        if not hasattr(self, '_opobj'):
            setattr(self, '_opobj', getattr(self.get_object(), self.op))
        return self._opobj
558

559
    def get_context_data(self, **kwargs):
560
        ctx = super(OperationView, self).get_context_data(**kwargs)
561
        ctx['op'] = self.get_op()
562
        ctx['opview'] = self
563 564
        ctx['url'] = self.request.path
        return ctx
565

566 567 568 569 570 571 572
    def get(self, request, *args, **kwargs):
        self.get_op().check_auth(request.user)
        response = super(OperationView, self).get(request, *args, **kwargs)
        response.render()
        response.content = render_to_string(self.get_wrapper_template_name(),
                                            {'body': response.content})
        return response
573

574
    def post(self, request, extra=None, *args, **kwargs):
575
        self.object = self.get_object()
576 577
        if extra is None:
            extra = {}
578
        try:
579
            self.get_op().async(user=request.user, **extra)
580 581 582
        except Exception as e:
            messages.error(request, _('Could not start operation.'))
            logger.error(e)
583
        return redirect("%s#activity" % self.object.get_absolute_url())
584

585 586 587 588
    @classmethod
    def factory(cls, op, icon='cog'):
        return type(str(cls.__name__ + op),
                    (cls, ), {'op': op, 'icon': icon})
589

590 591 592 593 594 595 596 597 598 599
    @classmethod
    def bind_to_object(cls, instance):
        v = cls()
        v.get_object = lambda: instance
        return v


class VmOperationView(OperationView):

    model = Instance
600
    context_object_name = 'instance'  # much simpler to mock object
601

602 603 604 605 606 607
    def post(self, request, *args, **kwargs):
        resp = super(VmOperationView, self).post(request, *args, **kwargs)
        if request.is_ajax():
            store = messages.get_messages(request)
            store.used = True
            return HttpResponse(
608
                json.dumps({'success': True,
609 610 611 612 613 614
                            'messages': [unicode(m) for m in store]}),
                content_type="application=json"
            )
        else:
            return resp

615

616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633
class FormOperationMixin(object):

    form_class = None

    def get_context_data(self, **kwargs):
        ctx = super(FormOperationMixin, self).get_context_data(**kwargs)
        if self.request.method == 'POST':
            ctx['form'] = self.form_class(self.request.POST)
        else:
            ctx['form'] = self.form_class()
        return ctx

    def post(self, request, extra=None, *args, **kwargs):
        if extra is None:
            extra = {}
        form = self.form_class(self.request.POST)
        if form.is_valid():
            extra.update(form.cleaned_data)
634
            resp = super(FormOperationMixin, self).post(
635
                request, extra, *args, **kwargs)
636 637
            if request.is_ajax():
                return HttpResponse(
638
                    json.dumps({'success': True}),
639 640 641 642
                    content_type="application=json"
                )
            else:
                return resp
643 644 645 646
        else:
            return self.get(request)


647 648 649 650 651 652
class VmCreateDiskView(FormOperationMixin, VmOperationView):

    op = 'create_disk'
    form_class = VmCreateDiskForm
    show_in_toolbar = False
    icon = 'hdd'
653
    is_disk_operation = True
654 655 656 657 658 659 660 661


class VmDownloadDiskView(FormOperationMixin, VmOperationView):

    op = 'download_disk'
    form_class = VmDownloadDiskForm
    show_in_toolbar = False
    icon = 'download'
662
    is_disk_operation = True
663 664


665 666 667 668 669 670 671
class VmMigrateView(VmOperationView):

    op = 'migrate'
    icon = 'truck'
    template_name = 'dashboard/_vm-migrate.html'

    def get_context_data(self, **kwargs):
672
        ctx = super(VmMigrateView, self).get_context_data(**kwargs)
673 674 675 676 677
        ctx['nodes'] = [n for n in Node.objects.filter(enabled=True)
                        if n.state == "ONLINE"]
        return ctx

    def post(self, request, extra=None, *args, **kwargs):
678 679
        if extra is None:
            extra = {}
680 681 682 683 684 685 686
        node = self.request.POST.get("node")
        if node:
            node = get_object_or_404(Node, pk=node)
            extra["to_node"] = node
        return super(VmMigrateView, self).post(request, extra, *args, **kwargs)


687
class VmSaveView(FormOperationMixin, VmOperationView):
688 689 690

    op = 'save_as_template'
    icon = 'save'
691
    form_class = VmSaveForm
692

693 694 695
vm_ops = {
    'reset': VmOperationView.factory(op='reset', icon='bolt'),
    'deploy': VmOperationView.factory(op='deploy', icon='play'),
696
    'migrate': VmMigrateView,
697 698 699
    'reboot': VmOperationView.factory(op='reboot', icon='refresh'),
    'shut_off': VmOperationView.factory(op='shut_off', icon='ban-circle'),
    'shutdown': VmOperationView.factory(op='shutdown', icon='off'),
700
    'save_as_template': VmSaveView,
701 702 703
    'destroy': VmOperationView.factory(op='destroy', icon='remove'),
    'sleep': VmOperationView.factory(op='sleep', icon='moon'),
    'wake_up': VmOperationView.factory(op='wake_up', icon='sun'),
704 705
    'create_disk': VmCreateDiskView,
    'download_disk': VmDownloadDiskView,
706 707 708 709 710 711 712 713 714 715
}


def get_operations(instance, user):
    ops = []
    for k, v in vm_ops.iteritems():
        try:
            op = v.get_op_by_object(instance)
            op.check_auth(user)
            op.check_precond()
716 717 718
        except Exception as e:
            logger.debug('Not showing operation %s for %s: %s',
                         k, instance, unicode(e))
719 720 721
        else:
            ops.append(v.bind_to_object(instance))
    return ops
722

Kálmán Viktor committed
723

724
class NodeDetailView(LoginRequiredMixin, SuperuserRequiredMixin, DetailView):
725 726
    template_name = "dashboard/node-detail.html"
    model = Node
727 728
    form = None
    form_class = TraitForm
729

730 731 732
    def get_context_data(self, form=None, **kwargs):
        if form is None:
            form = self.form_class()
733
        context = super(NodeDetailView, self).get_context_data(**kwargs)
734 735
        instances = Instance.active.filter(node=self.object)
        context['table'] = NodeVmListTable(instances)
736 737 738 739
        na = NodeActivity.objects.filter(
            node=self.object, parent=None
        ).order_by('-started').select_related()
        context['activities'] = na
740
        context['trait_form'] = form
741
        context['graphite_enabled'] = (
Bach Dániel committed
742
            settings.GRAPHITE_URL is not None)
743 744
        return context

745 746 747
    def post(self, request, *args, **kwargs):
        if request.POST.get('new_name'):
            return self.__set_name(request)
748 749
        if request.POST.get('to_remove'):
            return self.__remove_trait(request)
750 751
        return redirect(reverse_lazy("dashboard.views.node-detail",
                                     kwargs={'pk': self.get_object().pk}))
752 753 754 755 756 757 758

    def __set_name(self, request):
        self.object = self.get_object()
        new_name = request.POST.get("new_name")
        Node.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

759
        success_message = _("Node successfully renamed.")
760 761 762 763 764
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
                'node_pk': self.object.pk
765 766 767 768 769 770 771 772 773 774
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.node-detail",
                                         kwargs={'pk': self.object.pk}))

775 776 777 778
    def __remove_trait(self, request):
        try:
            to_remove = request.POST.get('to_remove')
            self.object = self.get_object()
779
            self.object.traits.remove(to_remove)
780 781 782 783 784 785 786
            message = u"Success"
        except:  # note this won't really happen
            message = u"Not success"

        if request.is_ajax():
            return HttpResponse(
                json.dumps({'message': message}),
787
                content_type="application/json"
788
            )
789
        else:
790
            return redirect(self.object.get_absolute_url())
791

792

793
class GroupDetailView(CheckedDetailView):
794 795
    template_name = "dashboard/group-detail.html"
    model = Group
796
    read_level = 'operator'
797 798 799

    def get_has_level(self):
        return self.object.profile.has_level
800 801 802

    def get_context_data(self, **kwargs):
        context = super(GroupDetailView, self).get_context_data(**kwargs)
803 804 805
        context['group'] = self.object
        context['users'] = self.object.user_set.all()
        context['acl'] = get_group_acl_data(self.object)
806 807
        context['group_profile_form'] = GroupProfileUpdate.get_form_object(
            self.request, self.object.profile)
808 809 810
        return context

    def post(self, request, *args, **kwargs):
811 812 813
        self.object = self.get_object()
        if not self.get_has_level()(request.user, 'operator'):
            raise PermissionDenied()
814 815
        if request.POST.get('new_name'):
            return self.__set_name(request)
816
        if request.POST.get('list-new-name'):
817
            return self.__add_user(request)
818
        if request.POST.get('list-new-namelist'):
819
            return self.__add_list(request)
820 821 822 823
        if (request.POST.get('list-new-name') is not None) and \
                (request.POST.get('list-new-namelist') is not None):
            return redirect(reverse_lazy("dashboard.views.group-detail",
                                         kwargs={'pk': self.get_object().pk}))
824 825

    def __add_user(self, request):
826
        name = request.POST['list-new-name']
827 828 829
        self.__add_username(request, name)
        return redirect(reverse_lazy("dashboard.views.group-detail",
                                     kwargs={'pk': self.object.pk}))
830 831

    def __add_username(self, request, name):
832
        if not name:
833
            return
834 835
        try:
            entity = User.objects.get(username=name)
836
            self.object.user_set.add(entity)
837 838
        except User.DoesNotExist:
            warning(request, _('User "%s" not found.') % name)
839

840
    def __add_list(self, request):
841 842
        if not self.get_has_level()(request.user, 'operator'):
            raise PermissionDenied()
843 844 845
        userlist = request.POST.get('list-new-namelist').split('\r\n')
        for line in userlist:
            self.__add_username(request, line)
846 847
        return redirect(reverse_lazy("dashboard.views.group-detail",
                                     kwargs={'pk': self.object.pk}))
848 849 850 851 852 853

    def __set_name(self, request):
        new_name = request.POST.get("new_name")
        Group.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

854
        success_message = _("Group successfully renamed.")
855 856 857 858
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
859
                'group_pk': self.object.pk
860 861 862 863 864 865 866 867 868 869 870
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.group-detail",
                                         kwargs={'pk': self.object.pk}))


871
class AclUpdateView(LoginRequiredMixin, View, SingleObjectMixin):
872

873
    def post(self, request, *args, **kwargs):
874
        instance = self.get_object()
875 876
        if not (instance.has_level(request.user, "owner") or
                getattr(instance, 'owner', None) == request.user):
Őry Máté committed
877 878
            logger.warning('Tried to set permissions of %s by non-owner %s.',
                           unicode(instance), unicode(request.user))
879
            raise PermissionDenied()
880
        self.set_levels(request, instance)
881
        self.remove_levels(request, instance)
882
        self.add_levels(request, instance)
883
        return redirect("%s#access" % instance.get_absolute_url())
884 885

    def set_levels(self, request, instance):
886 887 888
        for key, value in request.POST.items():
            m = re.match('perm-([ug])-(\d+)', key)
            if m:
889 890
                typ, id = m.groups()
                entity = {'u': User, 'g': Group}[typ].objects.get(id=id)
891
                if getattr(instance, "owner", None) == entity:
892 893 894
                    logger.info("Tried to set owner's acl level for %s by %s.",
                                unicode(instance), unicode(request.user))
                    continue
895
                instance.set_level(entity, value)
Őry Máté committed
896 897 898
                logger.info("Set %s's acl level for %s to %s by %s.",
                            unicode(entity), unicode(instance),
                            value, unicode(request.user))
899

900 901 902 903 904 905 906 907 908 909
    def remove_levels(self, request, instance):
        for key, value in request.POST.items():
            if key.startswith("remove"):
                typ = key[7:8]  # len("remove-")
                id = key[9:]  # len("remove-x-")
                entity = {'u': User, 'g': Group}[typ].objects.get(id=id)
                if getattr(instance, "owner", None) == entity:
                    logger.info("Tried to remove owner from %s by %s.",
                                unicode(instance), unicode(request.user))
                    msg = _("The original owner cannot be removed, however "
910
                            "you can transfer ownership.")
911 912 913 914 915 916 917
                    messages.warning(request, msg)
                    continue
                instance.set_level(entity, None)
                logger.info("Revoked %s's access to %s by %s.",
                            unicode(entity), unicode(instance),
                            unicode(request.user))

918
    def add_levels(self, request, instance):
919 920
        name = request.POST['perm-new-name']
        value = request.POST['perm-new']
921 922 923 924 925 926
        if not name:
            return
        try:
            entity = User.objects.get(username=name)
        except User.DoesNotExist:
            entity = None
927 928
            try:
                entity = Group.objects.get(name=name)
929 930 931 932
            except Group.DoesNotExist:
                warning(request, _('User or group "%s" not found.') % name)
                return

933
        instance.set_level(entity, value)
Őry Máté committed
934 935 936
        logger.info("Set %s's new acl level for %s to %s by %s.",
                    unicode(entity), unicode(instance),
                    value, unicode(request.user))
937

Kálmán Viktor committed
938

939 940 941 942 943 944 945 946 947 948
class TemplateAclUpdateView(AclUpdateView):
    model = InstanceTemplate

    def post(self, request, *args, **kwargs):
        template = self.get_object()
        if not (template.has_level(request.user, "owner") or
                getattr(template, 'owner', None) == request.user):
            logger.warning('Tried to set permissions of %s by non-owner %s.',
                           unicode(template), unicode(request.user))
            raise PermissionDenied()
949 950 951 952 953 954 955 956 957

        name = request.POST['perm-new-name']
        if (User.objects.filter(username=name).count() +
                Group.objects.filter(name=name).count() < 1
                and len(name) > 0):
            warning(request, _('User or group "%s" not found.') % name)
        else:
            self.set_levels(request, template)
            self.add_levels(request, template)
958
            self.remove_levels(request, template)
959 960 961 962 963

            post_for_disk = request.POST.copy()
            post_for_disk['perm-new'] = 'user'
            request.POST = post_for_disk
            for d in template.disks.all():
964
                self.set_levels(request, d)
965
                self.add_levels(request, d)
966
                self.remove_levels(request, d)
967

968
        return redirect(template)
969 970


971 972 973 974 975 976 977 978 979 980
class GroupAclUpdateView(AclUpdateView):
    model = Group

    def post(self, request, *args, **kwargs):
        instance = self.get_object().profile
        if not (instance.has_level(request.user, "owner") or
                getattr(instance, 'owner', None) == request.user):
            logger.warning('Tried to set permissions of %s by non-owner %s.',
                           unicode(instance), unicode(request.user))
            raise PermissionDenied()
Kálmán Viktor committed
981 982 983

        self.set_levels(request, instance)
        self.add_levels(request, instance)
984 985 986 987
        return redirect(reverse("dashboard.views.group-detail",
                                kwargs=self.kwargs))


988 989 990 991 992 993 994 995 996 997
class TemplateChoose(TemplateView):

    def get_template_names(self):
        if self.request.is_ajax():
            return ['dashboard/modal-wrapper.html']
        else:
            return ['dashboard/nojs-wrapper.html']

    def get_context_data(self, *args, **kwargs):
        context = super(TemplateChoose, self).get_context_data(*args, **kwargs)
998
        templates = InstanceTemplate.get_objects_with_level("user",
999 1000 1001 1002
                                                            self.request.user)
        context.update({
            'box_title': _('Choose template'),
            'ajax_title': False,
1003
            'template': "dashboard/_template-choose.html",
1004
            'templates': templates.all(),
1005 1006 1007
        })
        return context

1008 1009 1010 1011 1012 1013 1014
    def post(self, request, *args, **kwargs):
        if not request.user.has_perm('vm.create_template'):
            raise PermissionDenied()

        template = request.POST.get("parent")
        if template == "base_vm":
            return redirect(reverse("dashboard.views.template-create"))
1015
        elif template is None:
1016
            messages.warning(request, _("Select an option to proceed."))
1017
            return redirect(reverse("dashboard.views.template-choose"))
1018 1019 1020 1021 1022 1023 1024 1025
        else:
            template = get_object_or_404(InstanceTemplate, pk=template)

        instance = Instance.create_from_template(
            template=template, owner=request.user, is_base=True)

        return redirect(instance.get_absolute_url())

1026

1027 1028 1029 1030
class TemplateCreate(SuccessMessageMixin, CreateView):
    model = InstanceTemplate
    form_class = TemplateForm

1031 1032
    def get_template_names(self):
        if self.request.is_ajax():
1033
            pass
1034 1035 1036 1037 1038 1039 1040
        else:
            return ['dashboard/nojs-wrapper.html']

    def get_context_data(self, *args, **kwargs):
        context = super(TemplateCreate, self).get_context_data(*args, **kwargs)

        context.update({
1041
            'box_title': _("Create a new base VM"),
1042
            'template': "dashboard/_template-create.html",
1043
            'leases': Lease.objects.count()
1044 1045 1046
        })
        return context

1047
    def get(self, *args, **kwargs):
1048 1049
        if not self.request.user.has_perm('vm.create_template'):
            raise PermissionDenied()
1050

1051 1052 1053 1054
        return super(TemplateCreate, self).get(*args, **kwargs)

    def get_form_kwargs(self):
        kwargs = super(TemplateCreate, self).get_form_kwargs()
1055
        kwargs['user'] = self.request.user
1056 1057
        return kwargs

1058 1059 1060
    def post(self, request, *args, **kwargs):
        if not self.request.user.has_perm('vm.create_template'):
            raise PermissionDenied()
1061 1062

        form = self.form_class(request.POST, user=request.user)
1063 1064
        if not form.is_valid():
            return self.get(request, form, *args, **kwargs)
1065
        else:
1066
            post = form.cleaned_data
1067 1068
            networks = self.__create_networks(post.pop("networks"),
                                              request.user)
1069
            post.pop("parent")
1070
            post['max_ram_size'] = post['ram_size']
1071 1072 1073 1074 1075 1076 1077
            req_traits = post.pop("req_traits")
            tags = post.pop("tags")
            post['pw'] = User.objects.make_random_password()
            post['is_base'] = True
            inst = Instance.create(params=post, disks=[],
                                   networks=networks,
                                   tags=tags, req_traits=req_traits)
1078

1079
            return redirect("%s#resources" % inst.get_absolute_url())
1080

1081 1082
        return super(TemplateCreate, self).post(self, request, args, kwargs)

1083
    def __create_networks(self, vlans, user):
1084 1085
        networks = []
        for v in vlans:
1086 1087
            if not v.has_level(user, "user"):
                raise PermissionDenied()
1088 1089 1090
            networks.append(InterfaceTemplate(vlan=v, managed=v.managed))
        return networks

1091 1092 1093 1094
    def get_success_url(self):
        return reverse_lazy("dashboard.views.template-list")


1095
class TemplateDetail(LoginRequiredMixin, SuccessMessageMixin, UpdateView):
1096
    model = InstanceTemplate
1097 1098
    template_name = "dashboard/template-edit.html"
    form_class = TemplateForm
1099
    success_message = _("Successfully modified template.")
1100 1101

    def get(self, request, *args, **kwargs):
1102
        template = self.get_object()
1103
        if not template.has_level(request.user, 'user'):
1104
            raise PermissionDenied()
1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125
        if request.is_ajax():
            template = {
                'num_cores': template.num_cores,
                'ram_size': template.ram_size,
                'priority': template.priority,
                'arch': template.arch,
                'description': template.description,
                'system': template.system,
                'name': template.name,
                'disks': [{'pk': d.pk, 'name': d.name}
                          for d in template.disks.all()],
                'network': [
                    {'vlan_pk': i.vlan.pk, 'vlan': i.vlan.name,
                     'managed': i.managed}
                    for i in InterfaceTemplate.objects.filter(
                        template=self.get_object()).all()
                ]
            }
            return HttpResponse(json.dumps(template),
                                content_type="application/json")
        else:
1126 1127
            return super(TemplateDetail, self).get(request, *args, **kwargs)

1128
    def get_context_data(self, **kwargs):
1129
        obj = self.get_object()
1130
        context = super(TemplateDetail, self).get_context_data(**kwargs)
1131 1132
        context['acl'] = get_vm_acl_data(obj)
        context['disks'] = obj.disks.all()
1133 1134
        return context

1135 1136 1137 1138
    def get_success_url(self):
        return reverse_lazy("dashboard.views.template-detail",
                            kwargs=self.kwargs)

1139 1140 1141 1142 1143 1144 1145
    def post(self, request, *args, **kwargs):
        template = self.get_object()
        if not template.has_level(request.user, 'owner'):
            raise PermissionDenied()
        for disk in self.get_object().disks.all():
            if not disk.has_level(request.user, 'user'):
                raise PermissionDenied()
1146 1147 1148
        for network in self.get_object().interface_set.all():
            if not network.vlan.has_level(request.user, "user"):
                raise PermissionDenied()
1149 1150
        return super(TemplateDetail, self).post(self, request, args, kwargs)

1151 1152 1153 1154 1155
    def get_form_kwargs(self):
        kwargs = super(TemplateDetail, self).get_form_kwargs()
        kwargs['user'] = self.request.user
        return kwargs

1156

1157
class TemplateList(LoginRequiredMixin, SingleTableView):
1158 1159 1160 1161 1162 1163 1164
    template_name = "dashboard/template-list.html"
    model = InstanceTemplate
    table_class = TemplateListTable
    table_pagination = False

    def get_context_data(self, *args, **kwargs):
        context = super(TemplateList, self).get_context_data(*args, **kwargs)
1165 1166
        context['lease_table'] = LeaseListTable(Lease.objects.all(),
                                                request=self.request)
1167
        return context
1168

1169 1170 1171 1172 1173 1174
    def get_queryset(self):
        logger.debug('TemplateList.get_queryset() called. User: %s',
                     unicode(self.request.user))
        return InstanceTemplate.get_objects_with_level(
            'user', self.request.user).all()

1175

1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192
class TemplateDelete(LoginRequiredMixin, DeleteView):
    model = InstanceTemplate

    def get_success_url(self):
        return reverse("dashboard.views.template-list")

    def get_template_names(self):
        if self.request.is_ajax():
            return ['dashboard/confirm/ajax-delete.html']
        else:
            return ['dashboard/confirm/base-delete.html']

    def delete(self, request, *args, **kwargs):
        object = self.get_object()
        if not object.has_level(request.user, 'owner'):
            raise PermissionDenied()

1193
        object.destroy_disks()
1194 1195
        object.delete()
        success_url = self.get_success_url()