views.py 107 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
# Copyright 2014 Budapest University of Technology and Economics (BME IK)
#
# This file is part of CIRCLE Cloud.
#
# CIRCLE is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# CIRCLE is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along
# with CIRCLE.  If not, see <http://www.gnu.org/licenses/>.

18
from __future__ import unicode_literals, absolute_import
19

20
from collections import OrderedDict
21
from itertools import chain
22 23
from os import getenv
import json
Őry Máté committed
24
import logging
25
import re
26
import requests
27

28
from django.conf import settings
29
from django.contrib.auth.models import User, Group
Őry Máté committed
30
from django.contrib.auth.views import login, redirect_to_login
31
from django.contrib.messages import warning
32
from django.contrib.messages.views import SuccessMessageMixin
33
from django.core.exceptions import (
34
    PermissionDenied, SuspiciousOperation,
35
)
36 37
from django.core import signing
from django.core.urlresolvers import reverse, reverse_lazy
38
from django.db.models import Count
39
from django.http import HttpResponse, HttpResponseRedirect, Http404
Őry Máté committed
40
from django.shortcuts import redirect, render, get_object_or_404
41
from django.views.decorators.http import require_GET, require_POST
42
from django.views.generic.detail import SingleObjectMixin
43
from django.views.generic import (TemplateView, DetailView, View, DeleteView,
44
                                  UpdateView, CreateView, ListView)
45 46
from django.contrib import messages
from django.utils.translation import ugettext as _
47
from django.utils.translation import ungettext as __
48
from django.template.loader import render_to_string
49
from django.template import RequestContext
50

51
from django.forms.models import inlineformset_factory
52
from django_tables2 import SingleTableView
53 54
from braces.views import (LoginRequiredMixin, SuperuserRequiredMixin,
                          PermissionRequiredMixin)
55
from braces.views._access import AccessMixin
Kálmán Viktor committed
56

57 58
from django_sshkey.models import UserKey

59
from .forms import (
60
    CircleAuthenticationForm, HostForm, LeaseForm, MyProfileForm,
61
    NodeForm, TemplateForm, TraitForm, VmCustomizeForm, GroupCreateForm,
62
    UserCreationForm, GroupProfileUpdateForm, UnsubscribeForm,
63
    VmSaveForm, UserKeyForm,
64
    CirclePasswordChangeForm, VmCreateDiskForm, VmDownloadDiskForm,
65
    TraitsForm, RawDataForm
66
)
67 68 69

from .tables import (
    NodeListTable, NodeVmListTable, TemplateListTable, LeaseListTable,
70
    GroupListTable, UserKeyListTable
71
)
Őry Máté committed
72 73 74 75
from vm.models import (
    Instance, instance_activity, InstanceActivity, InstanceTemplate, Interface,
    InterfaceTemplate, Lease, Node, NodeActivity, Trait,
)
76
from storage.models import Disk
77
from firewall.models import Vlan, Host, Rule
78
from .models import Favourite, Profile, GroupProfile
79

Őry Máté committed
80
logger = logging.getLogger(__name__)
81
saml_available = hasattr(settings, "SAML_CONFIG")
82

83

84 85 86 87
def search_user(keyword):
    try:
        return User.objects.get(username=keyword)
    except User.DoesNotExist:
88 89 90 91
        try:
            return User.objects.get(profile__org_id=keyword)
        except User.DoesNotExist:
            return User.objects.get(email=keyword)
92 93


94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116
class GroupCodeMixin(object):

    @classmethod
    def get_available_group_codes(cls, request):
        newgroups = []
        if saml_available:
            from djangosaml2.cache import StateCache, IdentityCache
            from djangosaml2.conf import get_config
            from djangosaml2.views import _get_subject_id
            from saml2.client import Saml2Client

            state = StateCache(request.session)
            conf = get_config(None, request)
            client = Saml2Client(conf, state_cache=state,
                                 identity_cache=IdentityCache(request.session),
                                 logger=logger)
            subject_id = _get_subject_id(request.session)
            identity = client.users.get_identity(subject_id,
                                                 check_not_on_or_after=False)
            if identity:
                attributes = identity[0]
                owneratrs = getattr(
                    settings, 'SAML_GROUP_OWNER_ATTRIBUTES', [])
117 118
                for group in chain(*[attributes[i]
                                     for i in owneratrs if i in attributes]):
119 120 121 122 123 124 125 126
                    try:
                        GroupProfile.search(group)
                    except Group.DoesNotExist:
                        newgroups.append(group)

        return newgroups


127
class FilterMixin(object):
128

129 130 131 132
    def get_queryset_filters(self):
        filters = {}
        for item in self.allowed_filters:
            if item in self.request.GET:
133 134 135 136 137
                filters[self.allowed_filters[item]] = (
                    self.request.GET[item].split(",")
                    if self.allowed_filters[item].endswith("__in") else
                    self.request.GET[item])

138
        return filters
139

140 141 142
    def get_queryset(self):
        return super(FilterMixin,
                     self).get_queryset().filter(**self.get_queryset_filters())
143 144


145
class IndexView(LoginRequiredMixin, TemplateView):
Kálmán Viktor committed
146
    template_name = "dashboard/index.html"
147

148
    def get_context_data(self, **kwargs):
149
        user = self.request.user
150
        context = super(IndexView, self).get_context_data(**kwargs)
151

152
        # instances
153
        favs = Instance.objects.filter(favourite__user=self.request.user)
154
        instances = Instance.get_objects_with_level(
155
            'user', user, disregard_superuser=True).filter(destroyed_at=None)
156 157 158
        display = list(favs) + list(set(instances) - set(favs))
        for d in display:
            d.fav = True if d in favs else False
159
        context.update({
160
            'instances': display[:5],
161
            'more_instances': instances.count() - len(instances[:5])
162 163
        })

164 165
        running = instances.filter(status='RUNNING')
        stopped = instances.exclude(status__in=('RUNNING', 'NOSTATE'))
166

167
        context.update({
168 169 170
            'running_vms': running[:20],
            'running_vm_num': running.count(),
            'stopped_vm_num': stopped.count()
171
        })
172

173 174 175 176
        # nodes
        if user.is_superuser:
            nodes = Node.objects.all()
            context.update({
177 178
                'nodes': nodes[:5],
                'more_nodes': nodes.count() - len(nodes[:5]),
179 180 181 182 183 184 185 186 187 188
                'sum_node_num': nodes.count(),
                'node_num': {
                    'running': Node.get_state_count(True, True),
                    'missing': Node.get_state_count(False, True),
                    'disabled': Node.get_state_count(True, False),
                    'offline': Node.get_state_count(False, False)
                }
            })

        # groups
189
        if user.has_module_perms('auth'):
190 191
            profiles = GroupProfile.get_objects_with_level('operator', user)
            groups = Group.objects.filter(groupprofile__in=profiles)
192 193 194 195
            context.update({
                'groups': groups[:5],
                'more_groups': groups.count() - len(groups[:5]),
            })
196 197 198 199 200 201

        # template
        if user.has_perm('vm.create_template'):
            context['templates'] = InstanceTemplate.get_objects_with_level(
                'operator', user).all()[:5]

202 203
        return context

204

205
def get_vm_acl_data(obj):
206 207 208 209 210 211 212 213 214
    levels = obj.ACL_LEVELS
    users = obj.get_users_with_level()
    users = [{'user': u, 'level': l} for u, l in users]
    groups = obj.get_groups_with_level()
    groups = [{'group': g, 'level': l} for g, l in groups]
    return {'users': users, 'groups': groups, 'levels': levels,
            'url': reverse('dashboard.views.vm-acl', args=[obj.pk])}


215 216 217 218 219 220 221 222 223 224 225
def get_group_acl_data(obj):
    aclobj = obj.profile
    levels = aclobj.ACL_LEVELS
    users = aclobj.get_users_with_level()
    users = [{'user': u, 'level': l} for u, l in users]
    groups = aclobj.get_groups_with_level()
    groups = [{'group': g, 'level': l} for g, l in groups]
    return {'users': users, 'groups': groups, 'levels': levels,
            'url': reverse('dashboard.views.group-acl', args=[obj.pk])}


226
class CheckedDetailView(LoginRequiredMixin, DetailView):
227 228
    read_level = 'user'

229 230 231
    def get_has_level(self):
        return self.object.has_level

232 233
    def get_context_data(self, **kwargs):
        context = super(CheckedDetailView, self).get_context_data(**kwargs)
234
        if not self.get_has_level()(self.request.user, self.read_level):
235 236 237 238
            raise PermissionDenied()
        return context


239 240 241 242 243 244 245 246 247
class VmDetailVncTokenView(CheckedDetailView):
    template_name = "dashboard/vm-detail.html"
    model = Instance

    def get(self, request, **kwargs):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'operator'):
            raise PermissionDenied()
        if self.object.node:
248 249 250 251 252 253 254 255
            with instance_activity(code_suffix='console-accessed',
                                   instance=self.object, user=request.user,
                                   concurrency_check=False):
                port = self.object.vnc_port
                host = str(self.object.node.host.ipv4)
                value = signing.dumps({'host': host, 'port': port},
                                      key=getenv("PROXY_SECRET", 'asdasd')),
                return HttpResponse('vnc/?d=%s' % value)
256 257 258 259
        else:
            raise Http404()


260
class VmDetailView(CheckedDetailView):
Kálmán Viktor committed
261
    template_name = "dashboard/vm-detail.html"
262
    model = Instance
263 264

    def get_context_data(self, **kwargs):
265
        context = super(VmDetailView, self).get_context_data(**kwargs)
266
        instance = context['instance']
267
        ops = get_operations(instance, self.request.user)
268
        context.update({
Bach Dániel committed
269
            'graphite_enabled': settings.GRAPHITE_URL is not None,
270
            'vnc_url': reverse_lazy("dashboard.views.detail-vnc",
271
                                    kwargs={'pk': self.object.pk}),
272 273
            'ops': ops,
            'op': {i.op: i for i in ops},
274
        })
275 276

        # activity data
277 278
        context['activities'] = self.object.get_merged_activities(
            self.request.user)
279

280
        context['vlans'] = Vlan.get_objects_with_level(
281
            'user', self.request.user
282
        ).exclude(  # exclude already added interfaces
283 284 285
            pk__in=Interface.objects.filter(
                instance=self.get_object()).values_list("vlan", flat=True)
        ).all()
286
        context['acl'] = get_vm_acl_data(instance)
287 288
        context['os_type_icon'] = instance.os_type.replace("unknown",
                                                           "question")
289 290 291
        # ipv6 infos
        context['ipv6_host'] = instance.get_connect_host(use_ipv6=True)
        context['ipv6_port'] = instance.get_connect_port(use_ipv6=True)
292 293 294 295 296

        # resources forms
        if self.request.user.is_superuser:
            context['traits_form'] = TraitsForm(instance=instance)
            context['raw_data_form'] = RawDataForm(instance=instance)
297
        return context
Kálmán Viktor committed
298

299 300 301 302 303
    def post(self, request, *args, **kwargs):
        if (request.POST.get('ram-size') and request.POST.get('cpu-count')
                and request.POST.get('cpu-priority')):
            return self.__set_resources(request)

304 305 306
        options = {
            'change_password': self.__change_password,
            'new_name': self.__set_name,
307
            'new_description': self.__set_description,
308 309
            'new_tag': self.__add_tag,
            'to_remove': self.__remove_tag,
310 311
            'port': self.__add_port,
            'new_network_vlan': self.__new_network,
312
            'abort_operation': self.__abort_operation,
313 314 315 316
        }
        for k, v in options.iteritems():
            if request.POST.get(k) is not None:
                return v(request)
Kálmán Viktor committed
317

318 319 320 321
    def __change_password(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
Kálmán Viktor committed
322

323
        self.object.change_password(user=request.user)
324
        messages.success(request, _("Password changed."))
325
        if request.is_ajax():
326
            return HttpResponse("Success.")
327 328 329
        else:
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.object.pk}))
330

331 332 333 334
    def __set_resources(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
335 336
        if not request.user.has_perm('vm.change_resources'):
            raise PermissionDenied()
337 338 339 340

        resources = {
            'num_cores': request.POST.get('cpu-count'),
            'ram_size': request.POST.get('ram-size'),
341
            'max_ram_size': request.POST.get('ram-size'),  # TODO: max_ram
342 343 344 345
            'priority': request.POST.get('cpu-priority')
        }
        Instance.objects.filter(pk=self.object.pk).update(**resources)

346
        success_message = _("Resources successfully updated.")
347 348 349 350 351 352 353 354 355 356 357
        if request.is_ajax():
            response = {'message': success_message}
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.object.pk}))

358 359
    def __set_name(self, request):
        self.object = self.get_object()
360 361
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
362 363 364 365
        new_name = request.POST.get("new_name")
        Instance.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

366
        success_message = _("VM successfully renamed.")
367 368 369 370 371 372 373 374 375 376 377 378
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
                'vm_pk': self.object.pk
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
379 380 381 382 383 384 385 386 387 388 389
            return redirect(self.object.get_absolute_url())

    def __set_description(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()

        new_description = request.POST.get("new_description")
        Instance.objects.filter(pk=self.object.pk).update(
            **{'description': new_description})

390
        success_message = _("VM description successfully updated.")
391 392 393 394 395 396 397 398 399 400 401 402
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_description': new_description,
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(self.object.get_absolute_url())
403

Kálmán Viktor committed
404 405 406
    def __add_tag(self, request):
        new_tag = request.POST.get('new_tag')
        self.object = self.get_object()
407 408
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
Kálmán Viktor committed
409 410

        if len(new_tag) < 1:
411
            message = u"Please input something."
Kálmán Viktor committed
412
        elif len(new_tag) > 20:
413
            message = u"Tag name is too long."
Kálmán Viktor committed
414 415 416 417 418 419 420 421 422 423 424 425 426 427 428
        else:
            self.object.tags.add(new_tag)

        try:
            messages.error(request, message)
        except:
            pass

        return redirect(reverse_lazy("dashboard.views.detail",
                                     kwargs={'pk': self.object.pk}))

    def __remove_tag(self, request):
        try:
            to_remove = request.POST.get('to_remove')
            self.object = self.get_object()
429 430
            if not self.object.has_level(request.user, 'owner'):
                raise PermissionDenied()
Kálmán Viktor committed
431 432 433 434 435 436 437 438 439 440 441

            self.object.tags.remove(to_remove)
            message = u"Success"
        except:  # note this won't really happen
            message = u"Not success"

        if request.is_ajax():
            return HttpResponse(
                json.dumps({'message': message}),
                content_type="application=json"
            )
442 443 444
        else:
            return redirect(reverse_lazy("dashboard.views.detail",
                            kwargs={'pk': self.object.pk}))
Kálmán Viktor committed
445

446 447
    def __add_port(self, request):
        object = self.get_object()
448 449
        if (not object.has_level(request.user, 'owner') or
                not request.user.has_perm('vm.config_ports')):
450
            raise PermissionDenied()
451 452 453 454 455 456

        port = request.POST.get("port")
        proto = request.POST.get("proto")

        try:
            error = None
457 458 459
            interfaces = object.interface_set.all()
            host = Host.objects.get(pk=request.POST.get("host_pk"),
                                    interface__in=interfaces)
460
            host.add_port(proto, private=port)
461 462 463 464 465
        except Host.DoesNotExist:
            logger.error('Tried to add port to nonexistent host %d. User: %s. '
                         'Instance: %s', request.POST.get("host_pk"),
                         unicode(request.user), object)
            raise PermissionDenied()
466
        except ValueError:
467
            error = _("There is a problem with your input.")
468
        except Exception as e:
Bach Dániel committed
469 470
            error = _("Unknown error.")
            logger.error(e)
471 472 473 474 475 476 477 478 479

        if request.is_ajax():
            pass
        else:
            if error:
                messages.error(request, error)
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.get_object().pk}))

480 481 482 483 484
    def __new_network(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()

485
        vlan = get_object_or_404(Vlan, pk=request.POST.get("new_network_vlan"))
486 487
        if not vlan.has_level(request.user, 'user'):
            raise PermissionDenied()
488
        try:
489
            self.object.add_interface(vlan=vlan, user=request.user)
490
            messages.success(request, _("Successfully added new interface."))
491 492 493 494 495 496 497
        except Exception, e:
            error = u' '.join(e.messages)
            messages.error(request, error)

        return redirect("%s#network" % reverse_lazy(
            "dashboard.views.detail", kwargs={'pk': self.object.pk}))

498
    def __abort_operation(self, request):
Kálmán Viktor committed
499 500 501 502
        self.object = self.get_object()

        activity = get_object_or_404(InstanceActivity,
                                     pk=request.POST.get("activity"))
503 504
        if not activity.is_abortable_for(request.user):
            raise PermissionDenied()
Kálmán Viktor committed
505 506 507
        activity.abort()
        return redirect("%s#activity" % self.object.get_absolute_url())

508

509
class VmTraitsUpdate(SuperuserRequiredMixin, UpdateView):
510 511 512 513 514 515 516
    form_class = TraitsForm
    model = Instance

    def get_success_url(self):
        return self.get_object().get_absolute_url() + "#resources"


517
class VmRawDataUpdate(SuperuserRequiredMixin, UpdateView):
518 519 520 521 522 523 524
    form_class = RawDataForm
    model = Instance

    def get_success_url(self):
        return self.get_object().get_absolute_url() + "#resources"


525
class OperationView(DetailView):
526

527
    template_name = 'dashboard/operate.html'
528
    show_in_toolbar = True
529
    effect = None
530

531 532 533
    @property
    def name(self):
        return self.get_op().name
534

535 536 537
    @property
    def description(self):
        return self.get_op().description
538

539 540 541
    def is_preferred(self):
        return self.get_op().is_preferred()

542 543 544
    @classmethod
    def get_urlname(cls):
        return 'dashboard.vm.op.%s' % cls.op
545

546 547
    def get_url(self):
        return reverse(self.get_urlname(), args=(self.get_object().pk, ))
548

549 550 551 552 553
    def get_wrapper_template_name(self):
        if self.request.is_ajax():
            return 'dashboard/_modal.html'
        else:
            return 'dashboard/_base.html'
554

555 556 557
    @classmethod
    def get_op_by_object(cls, obj):
        return getattr(obj, cls.op)
558

559 560 561 562
    def get_op(self):
        if not hasattr(self, '_opobj'):
            setattr(self, '_opobj', getattr(self.get_object(), self.op))
        return self._opobj
563

564
    def get_context_data(self, **kwargs):
565
        ctx = super(OperationView, self).get_context_data(**kwargs)
566
        ctx['op'] = self.get_op()
567
        ctx['opview'] = self
568 569
        ctx['url'] = self.request.path
        return ctx
570

571 572 573 574 575 576 577
    def get(self, request, *args, **kwargs):
        self.get_op().check_auth(request.user)
        response = super(OperationView, self).get(request, *args, **kwargs)
        response.render()
        response.content = render_to_string(self.get_wrapper_template_name(),
                                            {'body': response.content})
        return response
578

579
    def post(self, request, extra=None, *args, **kwargs):
580
        self.object = self.get_object()
581 582
        if extra is None:
            extra = {}
583
        try:
584
            self.get_op().async(user=request.user, **extra)
585 586 587
        except Exception as e:
            messages.error(request, _('Could not start operation.'))
            logger.error(e)
588
        return redirect("%s#activity" % self.object.get_absolute_url())
589

590
    @classmethod
591
    def factory(cls, op, icon='cog', effect='info'):
592
        return type(str(cls.__name__ + op),
593
                    (cls, ), {'op': op, 'icon': icon, 'effect': effect})
594

595
    @classmethod
596
    def bind_to_object(cls, instance, **kwargs):
597 598
        v = cls()
        v.get_object = lambda: instance
599 600
        for key, value in kwargs.iteritems():
            setattr(v, key, value)
601 602 603 604 605 606
        return v


class VmOperationView(OperationView):

    model = Instance
607
    context_object_name = 'instance'  # much simpler to mock object
608

609 610 611 612 613 614
    def post(self, request, *args, **kwargs):
        resp = super(VmOperationView, self).post(request, *args, **kwargs)
        if request.is_ajax():
            store = messages.get_messages(request)
            store.used = True
            return HttpResponse(
615
                json.dumps({'success': True,
616 617 618 619 620 621
                            'messages': [unicode(m) for m in store]}),
                content_type="application=json"
            )
        else:
            return resp

622

623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640
class FormOperationMixin(object):

    form_class = None

    def get_context_data(self, **kwargs):
        ctx = super(FormOperationMixin, self).get_context_data(**kwargs)
        if self.request.method == 'POST':
            ctx['form'] = self.form_class(self.request.POST)
        else:
            ctx['form'] = self.form_class()
        return ctx

    def post(self, request, extra=None, *args, **kwargs):
        if extra is None:
            extra = {}
        form = self.form_class(self.request.POST)
        if form.is_valid():
            extra.update(form.cleaned_data)
641
            resp = super(FormOperationMixin, self).post(
642
                request, extra, *args, **kwargs)
643 644
            if request.is_ajax():
                return HttpResponse(
645
                    json.dumps({'success': True}),
646 647 648 649
                    content_type="application=json"
                )
            else:
                return resp
650 651 652 653
        else:
            return self.get(request)


654 655 656 657 658 659
class VmCreateDiskView(FormOperationMixin, VmOperationView):

    op = 'create_disk'
    form_class = VmCreateDiskForm
    show_in_toolbar = False
    icon = 'hdd'
660
    is_disk_operation = True
661 662 663 664 665 666 667 668


class VmDownloadDiskView(FormOperationMixin, VmOperationView):

    op = 'download_disk'
    form_class = VmDownloadDiskForm
    show_in_toolbar = False
    icon = 'download'
669
    is_disk_operation = True
670 671


672 673 674 675
class VmMigrateView(VmOperationView):

    op = 'migrate'
    icon = 'truck'
676
    effect = 'info'
677 678 679
    template_name = 'dashboard/_vm-migrate.html'

    def get_context_data(self, **kwargs):
680
        ctx = super(VmMigrateView, self).get_context_data(**kwargs)
681 682 683 684 685
        ctx['nodes'] = [n for n in Node.objects.filter(enabled=True)
                        if n.state == "ONLINE"]
        return ctx

    def post(self, request, extra=None, *args, **kwargs):
686 687
        if extra is None:
            extra = {}
688 689 690 691 692 693 694
        node = self.request.POST.get("node")
        if node:
            node = get_object_or_404(Node, pk=node)
            extra["to_node"] = node
        return super(VmMigrateView, self).post(request, extra, *args, **kwargs)


695
class VmSaveView(FormOperationMixin, VmOperationView):
696 697 698

    op = 'save_as_template'
    icon = 'save'
699
    effect = 'info'
700
    form_class = VmSaveForm
701

702 703
vm_ops = OrderedDict([
    ('deploy', VmOperationView.factory(
704
        op='deploy', icon='play', effect='success')),
705
    ('wake_up', VmOperationView.factory(
706
        op='wake_up', icon='sun', effect='success')),
707
    ('sleep', VmOperationView.factory(
708
        op='sleep', icon='moon', effect='info')),
709 710 711
    ('migrate', VmMigrateView),
    ('save_as_template', VmSaveView),
    ('reboot', VmOperationView.factory(
712
        op='reboot', icon='refresh', effect='warning')),
713
    ('reset', VmOperationView.factory(
714
        op='reset', icon='bolt', effect='warning')),
715
    ('shutdown', VmOperationView.factory(
716
        op='shutdown', icon='off', effect='warning')),
717
    ('shut_off', VmOperationView.factory(
718
        op='shut_off', icon='ban-circle', effect='warning')),
719
    ('destroy', VmOperationView.factory(
720
        op='destroy', icon='remove', effect='danger')),
721 722 723
    ('create_disk', VmCreateDiskView),
    ('download_disk', VmDownloadDiskView),
])
724 725 726 727 728 729 730 731 732


def get_operations(instance, user):
    ops = []
    for k, v in vm_ops.iteritems():
        try:
            op = v.get_op_by_object(instance)
            op.check_auth(user)
            op.check_precond()
733
        except PermissionDenied as e:
734 735
            logger.debug('Not showing operation %s for %s: %s',
                         k, instance, unicode(e))
736 737
        except Exception:
            ops.append(v.bind_to_object(instance, disabled=True))
738 739 740
        else:
            ops.append(v.bind_to_object(instance))
    return ops
741

Kálmán Viktor committed
742

743
class NodeDetailView(LoginRequiredMixin, SuperuserRequiredMixin, DetailView):
744 745
    template_name = "dashboard/node-detail.html"
    model = Node
746 747
    form = None
    form_class = TraitForm
748

749 750 751
    def get_context_data(self, form=None, **kwargs):
        if form is None:
            form = self.form_class()
752
        context = super(NodeDetailView, self).get_context_data(**kwargs)
753 754
        instances = Instance.active.filter(node=self.object)
        context['table'] = NodeVmListTable(instances)
755 756 757 758
        na = NodeActivity.objects.filter(
            node=self.object, parent=None
        ).order_by('-started').select_related()
        context['activities'] = na
759
        context['trait_form'] = form
760
        context['graphite_enabled'] = (
Bach Dániel committed
761
            settings.GRAPHITE_URL is not None)
762 763
        return context

764 765 766
    def post(self, request, *args, **kwargs):
        if request.POST.get('new_name'):
            return self.__set_name(request)
767 768
        if request.POST.get('to_remove'):
            return self.__remove_trait(request)
769 770
        return redirect(reverse_lazy("dashboard.views.node-detail",
                                     kwargs={'pk': self.get_object().pk}))
771 772 773 774 775 776 777

    def __set_name(self, request):
        self.object = self.get_object()
        new_name = request.POST.get("new_name")
        Node.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

778
        success_message = _("Node successfully renamed.")
779 780 781 782 783
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
                'node_pk': self.object.pk
784 785 786 787 788 789 790 791 792 793
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.node-detail",
                                         kwargs={'pk': self.object.pk}))

794 795 796 797
    def __remove_trait(self, request):
        try:
            to_remove = request.POST.get('to_remove')
            self.object = self.get_object()
798
            self.object.traits.remove(to_remove)
799 800 801 802 803 804 805
            message = u"Success"
        except:  # note this won't really happen
            message = u"Not success"

        if request.is_ajax():
            return HttpResponse(
                json.dumps({'message': message}),
806
                content_type="application/json"
807
            )
808
        else:
809
            return redirect(self.object.get_absolute_url())
810

811

812
class GroupDetailView(CheckedDetailView):
813 814
    template_name = "dashboard/group-detail.html"
    model = Group
815
    read_level = 'operator'
816 817 818

    def get_has_level(self):
        return self.object.profile.has_level
819 820 821

    def get_context_data(self, **kwargs):
        context = super(GroupDetailView, self).get_context_data(**kwargs)
822 823 824
        context['group'] = self.object
        context['users'] = self.object.user_set.all()
        context['acl'] = get_group_acl_data(self.object)
825 826
        context['group_profile_form'] = GroupProfileUpdate.get_form_object(
            self.request, self.object.profile)
827 828 829
        return context

    def post(self, request, *args, **kwargs):
830 831 832
        self.object = self.get_object()
        if not self.get_has_level()(request.user, 'operator'):
            raise PermissionDenied()
833 834
        if request.POST.get('new_name'):
            return self.__set_name(request)
835
        if request.POST.get('list-new-name'):
836
            return self.__add_user(request)
837
        if request.POST.get('list-new-namelist'):
838
            return self.__add_list(request)
839 840 841 842
        if (request.POST.get('list-new-name') is not None) and \
                (request.POST.get('list-new-namelist') is not None):
            return redirect(reverse_lazy("dashboard.views.group-detail",
                                         kwargs={'pk': self.get_object().pk}))
843 844

    def __add_user(self, request):
845
        name = request.POST['list-new-name']
846 847 848
        self.__add_username(request, name)
        return redirect(reverse_lazy("dashboard.views.group-detail",
                                     kwargs={'pk': self.object.pk}))
849 850

    def __add_username(self, request, name):
851
        if not name:
852
            return
853 854
        try:
            entity = User.objects.get(username=name)
855
            self.object.user_set.add(entity)
856 857
        except User.DoesNotExist:
            warning(request, _('User "%s" not found.') % name)
858

859
    def __add_list(self, request):
860 861
        if not self.get_has_level()(request.user, 'operator'):
            raise PermissionDenied()
862 863 864
        userlist = request.POST.get('list-new-namelist').split('\r\n')
        for line in userlist:
            self.__add_username(request, line)
865 866
        return redirect(reverse_lazy("dashboard.views.group-detail",
                                     kwargs={'pk': self.object.pk}))
867 868 869 870 871 872

    def __set_name(self, request):
        new_name = request.POST.get("new_name")
        Group.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

873
        success_message = _("Group successfully renamed.")
874 875 876 877
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
878
                'group_pk': self.object.pk
879 880 881 882 883 884 885 886 887 888 889
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.group-detail",
                                         kwargs={'pk': self.object.pk}))


890
class AclUpdateView(LoginRequiredMixin, View, SingleObjectMixin):
891

892
    def post(self, request, *args, **kwargs):
893
        instance = self.get_object()
894 895
        if not (instance.has_level(request.user, "owner") or
                getattr(instance, 'owner', None) == request.user):
Őry Máté committed
896 897
            logger.warning('Tried to set permissions of %s by non-owner %s.',
                           unicode(instance), unicode(request.user))
898
            raise PermissionDenied()
899
        self.set_levels(request, instance)
900
        self.remove_levels(request, instance)
901
        self.add_levels(request, instance)
902
        return redirect("%s#access" % instance.get_absolute_url())
903 904

    def set_levels(self, request, instance):
905 906 907
        for key, value in request.POST.items():
            m = re.match('perm-([ug])-(\d+)', key)
            if m:
908 909
                typ, id = m.groups()
                entity = {'u': User, 'g': Group}[typ].objects.get(id=id)
910
                if getattr(instance, "owner", None) == entity:
911 912 913
                    logger.info("Tried to set owner's acl level for %s by %s.",
                                unicode(instance), unicode(request.user))
                    continue
914
                instance.set_level(entity, value)
Őry Máté committed
915 916 917
                logger.info("Set %s's acl level for %s to %s by %s.",
                            unicode(entity), unicode(instance),
                            value, unicode(request.user))
918

919 920 921 922 923 924 925 926 927 928
    def remove_levels(self, request, instance):
        for key, value in request.POST.items():
            if key.startswith("remove"):
                typ = key[7:8]  # len("remove-")
                id = key[9:]  # len("remove-x-")
                entity = {'u': User, 'g': Group}[typ].objects.get(id=id)
                if getattr(instance, "owner", None) == entity:
                    logger.info("Tried to remove owner from %s by %s.",
                                unicode(instance), unicode(request.user))
                    msg = _("The original owner cannot be removed, however "
929
                            "you can transfer ownership.")
930 931 932 933 934 935 936
                    messages.warning(request, msg)
                    continue
                instance.set_level(entity, None)
                logger.info("Revoked %s's access to %s by %s.",
                            unicode(entity), unicode(instance),
                            unicode(request.user))

937
    def add_levels(self, request, instance):
938 939
        name = request.POST['perm-new-name']
        value = request.POST['perm-new']
940 941 942 943 944 945
        if not name:
            return
        try:
            entity = User.objects.get(username=name)
        except User.DoesNotExist:
            entity = None
946 947
            try:
                entity = Group.objects.get(name=name)
948 949 950 951
            except Group.DoesNotExist:
                warning(request, _('User or group "%s" not found.') % name)
                return

952
        instance.set_level(entity, value)
Őry Máté committed
953 954 955
        logger.info("Set %s's new acl level for %s to %s by %s.",
                    unicode(entity), unicode(instance),
                    value, unicode(request.user))
956

Kálmán Viktor committed
957

958 959 960 961 962 963 964 965 966 967
class TemplateAclUpdateView(AclUpdateView):
    model = InstanceTemplate

    def post(self, request, *args, **kwargs):
        template = self.get_object()
        if not (template.has_level(request.user, "owner") or
                getattr(template, 'owner', None) == request.user):
            logger.warning('Tried to set permissions of %s by non-owner %s.',
                           unicode(template), unicode(request.user))
            raise PermissionDenied()
968 969 970 971 972 973 974 975 976

        name = request.POST['perm-new-name']
        if (User.objects.filter(username=name).count() +
                Group.objects.filter(name=name).count() < 1
                and len(name) > 0):
            warning(request, _('User or group "%s" not found.') % name)
        else:
            self.set_levels(request, template)
            self.add_levels(request, template)
977
            self.remove_levels(request, template)
978 979 980 981 982

            post_for_disk = request.POST.copy()
            post_for_disk['perm-new'] = 'user'
            request.POST = post_for_disk
            for d in template.disks.all():
983
                self.set_levels(request, d)
984
                self.add_levels(request, d)
985
                self.remove_levels(request, d)
986

987
        return redirect(template)
988 989


990 991 992 993 994 995 996 997 998 999
class GroupAclUpdateView(AclUpdateView):
    model = Group

    def post(self, request, *args, **kwargs):
        instance = self.get_object().profile
        if not (instance.has_level(request.user, "owner") or
                getattr(instance, 'owner', None) == request.user):
            logger.warning('Tried to set permissions of %s by non-owner %s.',
                           unicode(instance), unicode(request.user))
            raise PermissionDenied()
Kálmán Viktor committed
1000 1001 1002

        self.set_levels(request, instance)
        self.add_levels(request, instance)
1003 1004 1005 1006
        return redirect(reverse("dashboard.views.group-detail",
                                kwargs=self.kwargs))


1007 1008 1009 1010 1011 1012 1013 1014 1015 1016
class TemplateChoose(TemplateView):

    def get_template_names(self):
        if self.request.is_ajax():
            return ['dashboard/modal-wrapper.html']
        else:
            return ['dashboard/nojs-wrapper.html']

    def get_context_data(self, *args, **kwargs):
        context = super(TemplateChoose, self).get_context_data(*args, **kwargs)
1017
        templates = InstanceTemplate.get_objects_with_level("user",
1018 1019 1020 1021
                                                            self.request.user)
        context.update({
            'box_title': _('Choose template'),
            'ajax_title': False,
1022
            'template': "dashboard/_template-choose.html",
1023
            'templates': templates.all(),
1024 1025 1026
        })
        return context

1027 1028 1029 1030 1031 1032 1033
    def post(self, request, *args, **kwargs):
        if not request.user.has_perm('vm.create_template'):
            raise PermissionDenied()

        template = request.POST.get("parent")
        if template == "base_vm":
            return redirect(reverse("dashboard.views.template-create"))
1034
        elif template is None:
1035
            messages.warning(request, _("Select an option to proceed."))
1036
            return redirect(reverse("dashboard.views.template-choose"))
1037 1038 1039 1040 1041 1042 1043 1044
        else:
            template = get_object_or_404(InstanceTemplate, pk=template)

        instance = Instance.create_from_template(
            template=template, owner=request.user, is_base=True)

        return redirect(instance.get_absolute_url())

1045

1046 1047 1048 1049
class TemplateCreate(SuccessMessageMixin, CreateView):
    model = InstanceTemplate
    form_class = TemplateForm

1050 1051
    def get_template_names(self):
        if self.request.is_ajax():
1052
            pass
1053 1054 1055 1056 1057 1058 1059
        else:
            return ['dashboard/nojs-wrapper.html']

    def get_context_data(self, *args, **kwargs):
        context = super(TemplateCreate, self).get_context_data(*args, **kwargs)

        context.update({
1060
            'box_title': _("Create a new base VM"),
1061
            'template': "dashboard/_template-create.html",
1062
            'leases': Lease.objects.count()
1063 1064 1065
        })
        return context

1066
    def get(self, *args, **kwargs):
1067 1068
        if not self.request.user.has_perm('vm.create_template'):
            raise PermissionDenied()
1069

1070 1071 1072 1073
        return super(TemplateCreate, self).get(*args, **kwargs)

    def get_form_kwargs(self):
        kwargs = super(TemplateCreate, self).get_form_kwargs()
1074
        kwargs['user'] = self.request.user
1075 1076
        return kwargs

1077 1078 1079
    def post(self, request, *args, **kwargs):
        if not self.request.user.has_perm('vm.create_template'):
            raise PermissionDenied()
1080 1081

        form = self.form_class(request.POST, user=request.user)
1082 1083
        if not form.is_valid():
            return self.get(request, form, *args, **kwargs)
1084
        else:
1085
            post = form.cleaned_data
1086 1087
            networks = self.__create_networks(post.pop("networks"),
                                              request.user)
1088
            post.pop("parent")
1089
            post['max_ram_size'] = post['ram_size']
1090 1091 1092 1093 1094 1095 1096
            req_traits = post.pop("req_traits")
            tags = post.pop("tags")
            post['pw'] = User.objects.make_random_password()
            post['is_base'] = True
            inst = Instance.create(params=post, disks=[],
                                   networks=networks,
                                   tags=tags, req_traits=req_traits)
1097

1098
            return redirect("%s#resources" % inst.get_absolute_url())
1099

1100 1101
        return super(TemplateCreate, self).post(self, request, args, kwargs)

1102
    def __create_networks(self, vlans, user):
1103 1104
        networks = []
        for v in vlans:
1105 1106
            if not v.has_level(user, "user"):
                raise PermissionDenied()
1107 1108 1109
            networks.append(InterfaceTemplate(vlan=v, managed=v.managed))
        return networks

1110 1111 1112 1113
    def get_success_url(self):
        return reverse_lazy("dashboard.views.template-list")


1114
class TemplateDetail(LoginRequiredMixin, SuccessMessageMixin, UpdateView):
1115
    model = InstanceTemplate
1116 1117
    template_name = "dashboard/template-edit.html"
    form_class = TemplateForm
1118
    success_message = _("Successfully modified template.")
1119 1120

    def get(self, request, *args, **kwargs):
1121
        template = self.get_object()
1122
        if not template.has_level(request.user, 'user'):
1123
            raise PermissionDenied()
1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144
        if request.is_ajax():
            template = {
                'num_cores': template.num_cores,
                'ram_size': template.ram_size,
                'priority': template.priority,
                'arch': template.arch,
                'description': template.description,
                'system': template.system,
                'name': template.name,
                'disks': [{'pk': d.pk, 'name': d.name}
                          for d in template.disks.all()],
                'network': [
                    {'vlan_pk': i.vlan.pk, 'vlan': i.vlan.name,
                     'managed': i.managed}
                    for i in InterfaceTemplate.objects.filter(
                        template=self.get_object()).all()
                ]
            }
            return HttpResponse(json.dumps(template),
                                content_type="application/json")
        else:
1145 1146
            return super(TemplateDetail, self).get(request, *args, **kwargs)

1147
    def get_context_data(self, **kwargs):
1148
        obj = self.get_object()
1149
        context = super(TemplateDetail, self).get_context_data(**kwargs)
1150 1151
        context['acl'] = get_vm_acl_data(obj)
        context['disks'] = obj.disks.all()
1152