views.py 103 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
# Copyright 2014 Budapest University of Technology and Economics (BME IK)
#
# This file is part of CIRCLE Cloud.
#
# CIRCLE is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# CIRCLE is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along
# with CIRCLE.  If not, see <http://www.gnu.org/licenses/>.

18
from __future__ import unicode_literals, absolute_import
19

20
from itertools import chain
21 22
from os import getenv
import json
Őry Máté committed
23
import logging
24
import re
25
from hashlib import md5
26
import requests
27

28
from django.conf import settings
29
from django.contrib.auth.models import User, Group
Őry Máté committed
30
from django.contrib.auth.views import login, redirect_to_login
31
from django.contrib.messages import warning
32
from django.contrib.messages.views import SuccessMessageMixin
33
from django.core.exceptions import (
34
    PermissionDenied, SuspiciousOperation,
35
)
36 37
from django.core import signing
from django.core.urlresolvers import reverse, reverse_lazy
38
from django.db.models import Count
39
from django.http import HttpResponse, HttpResponseRedirect, Http404
Őry Máté committed
40
from django.shortcuts import redirect, render, get_object_or_404
41
from django.views.decorators.http import require_GET, require_POST
42
from django.views.generic.detail import SingleObjectMixin
43
from django.views.generic import (TemplateView, DetailView, View, DeleteView,
44
                                  UpdateView, CreateView, ListView)
45 46
from django.contrib import messages
from django.utils.translation import ugettext as _
47
from django.utils.translation import ungettext as __
48
from django.template.defaultfilters import title as title_filter
49
from django.template.loader import render_to_string
50
from django.template import RequestContext
51
from django.templatetags.static import static
52

53
from django.forms.models import inlineformset_factory
54
from django_tables2 import SingleTableView
55 56
from braces.views import (LoginRequiredMixin, SuperuserRequiredMixin,
                          PermissionRequiredMixin)
57
from braces.views._access import AccessMixin
Kálmán Viktor committed
58

59
from .forms import (
60
    CircleAuthenticationForm, DiskAddForm, HostForm, LeaseForm, MyProfileForm,
61
    NodeForm, TemplateForm, TraitForm, VmCustomizeForm, GroupCreateForm,
62
    UserCreationForm, GroupProfileUpdateForm,
63
    CirclePasswordChangeForm, VmSaveForm,
64
)
65 66 67 68

from .tables import (
    NodeListTable, NodeVmListTable, TemplateListTable, LeaseListTable,
    GroupListTable,
69
)
Őry Máté committed
70 71 72 73
from vm.models import (
    Instance, instance_activity, InstanceActivity, InstanceTemplate, Interface,
    InterfaceTemplate, Lease, Node, NodeActivity, Trait,
)
74
from storage.models import Disk
75
from firewall.models import Vlan, Host, Rule
76
from .models import Favourite, Profile, GroupProfile
77

Őry Máté committed
78
logger = logging.getLogger(__name__)
79
saml_available = hasattr(settings, "SAML_CONFIG")
80

81

82 83 84 85
def search_user(keyword):
    try:
        return User.objects.get(username=keyword)
    except User.DoesNotExist:
86 87 88 89
        try:
            return User.objects.get(profile__org_id=keyword)
        except User.DoesNotExist:
            return User.objects.get(email=keyword)
90 91


92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114
class GroupCodeMixin(object):

    @classmethod
    def get_available_group_codes(cls, request):
        newgroups = []
        if saml_available:
            from djangosaml2.cache import StateCache, IdentityCache
            from djangosaml2.conf import get_config
            from djangosaml2.views import _get_subject_id
            from saml2.client import Saml2Client

            state = StateCache(request.session)
            conf = get_config(None, request)
            client = Saml2Client(conf, state_cache=state,
                                 identity_cache=IdentityCache(request.session),
                                 logger=logger)
            subject_id = _get_subject_id(request.session)
            identity = client.users.get_identity(subject_id,
                                                 check_not_on_or_after=False)
            if identity:
                attributes = identity[0]
                owneratrs = getattr(
                    settings, 'SAML_GROUP_OWNER_ATTRIBUTES', [])
115 116
                for group in chain(*[attributes[i]
                                     for i in owneratrs if i in attributes]):
117 118 119 120 121 122 123 124
                    try:
                        GroupProfile.search(group)
                    except Group.DoesNotExist:
                        newgroups.append(group)

        return newgroups


125
class FilterMixin(object):
126

127 128 129 130 131 132
    def get_queryset_filters(self):
        filters = {}
        for item in self.allowed_filters:
            if item in self.request.GET:
                filters[self.allowed_filters[item]] = self.request.GET[item]
        return filters
133

134 135 136
    def get_queryset(self):
        return super(FilterMixin,
                     self).get_queryset().filter(**self.get_queryset_filters())
137 138


139
class IndexView(LoginRequiredMixin, TemplateView):
Kálmán Viktor committed
140
    template_name = "dashboard/index.html"
141

142
    def get_context_data(self, **kwargs):
143
        user = self.request.user
144
        context = super(IndexView, self).get_context_data(**kwargs)
145

146
        # instances
147
        favs = Instance.objects.filter(favourite__user=self.request.user)
148
        instances = Instance.get_objects_with_level(
149
            'user', user, disregard_superuser=True).filter(destroyed_at=None)
150 151 152
        display = list(favs) + list(set(instances) - set(favs))
        for d in display:
            d.fav = True if d in favs else False
153
        context.update({
154
            'instances': display[:5],
155
            'more_instances': instances.count() - len(instances[:5])
156 157
        })

158 159
        running = instances.filter(status='RUNNING')
        stopped = instances.exclude(status__in=('RUNNING', 'NOSTATE'))
160

161
        context.update({
162 163 164
            'running_vms': running[:20],
            'running_vm_num': running.count(),
            'stopped_vm_num': stopped.count()
165
        })
166

167 168 169 170
        # nodes
        if user.is_superuser:
            nodes = Node.objects.all()
            context.update({
171 172
                'nodes': nodes[:5],
                'more_nodes': nodes.count() - len(nodes[:5]),
173 174 175 176 177 178 179 180 181 182
                'sum_node_num': nodes.count(),
                'node_num': {
                    'running': Node.get_state_count(True, True),
                    'missing': Node.get_state_count(False, True),
                    'disabled': Node.get_state_count(True, False),
                    'offline': Node.get_state_count(False, False)
                }
            })

        # groups
183
        if user.has_module_perms('auth'):
184 185
            profiles = GroupProfile.get_objects_with_level('operator', user)
            groups = Group.objects.filter(groupprofile__in=profiles)
186 187 188 189
            context.update({
                'groups': groups[:5],
                'more_groups': groups.count() - len(groups[:5]),
            })
190 191 192 193 194 195

        # template
        if user.has_perm('vm.create_template'):
            context['templates'] = InstanceTemplate.get_objects_with_level(
                'operator', user).all()[:5]

196 197
        return context

198

199
def get_vm_acl_data(obj):
200 201 202 203 204 205 206 207 208
    levels = obj.ACL_LEVELS
    users = obj.get_users_with_level()
    users = [{'user': u, 'level': l} for u, l in users]
    groups = obj.get_groups_with_level()
    groups = [{'group': g, 'level': l} for g, l in groups]
    return {'users': users, 'groups': groups, 'levels': levels,
            'url': reverse('dashboard.views.vm-acl', args=[obj.pk])}


209 210 211 212 213 214 215 216 217 218 219
def get_group_acl_data(obj):
    aclobj = obj.profile
    levels = aclobj.ACL_LEVELS
    users = aclobj.get_users_with_level()
    users = [{'user': u, 'level': l} for u, l in users]
    groups = aclobj.get_groups_with_level()
    groups = [{'group': g, 'level': l} for g, l in groups]
    return {'users': users, 'groups': groups, 'levels': levels,
            'url': reverse('dashboard.views.group-acl', args=[obj.pk])}


220
class CheckedDetailView(LoginRequiredMixin, DetailView):
221 222
    read_level = 'user'

223 224 225
    def get_has_level(self):
        return self.object.has_level

226 227
    def get_context_data(self, **kwargs):
        context = super(CheckedDetailView, self).get_context_data(**kwargs)
228
        if not self.get_has_level()(self.request.user, self.read_level):
229 230 231 232
            raise PermissionDenied()
        return context


233 234 235 236 237 238 239 240 241
class VmDetailVncTokenView(CheckedDetailView):
    template_name = "dashboard/vm-detail.html"
    model = Instance

    def get(self, request, **kwargs):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'operator'):
            raise PermissionDenied()
        if self.object.node:
242 243 244 245 246 247 248 249
            with instance_activity(code_suffix='console-accessed',
                                   instance=self.object, user=request.user,
                                   concurrency_check=False):
                port = self.object.vnc_port
                host = str(self.object.node.host.ipv4)
                value = signing.dumps({'host': host, 'port': port},
                                      key=getenv("PROXY_SECRET", 'asdasd')),
                return HttpResponse('vnc/?d=%s' % value)
250 251 252 253
        else:
            raise Http404()


254
class VmDetailView(CheckedDetailView):
Kálmán Viktor committed
255
    template_name = "dashboard/vm-detail.html"
256
    model = Instance
257 258

    def get_context_data(self, **kwargs):
259
        context = super(VmDetailView, self).get_context_data(**kwargs)
260
        instance = context['instance']
261
        ops = get_operations(instance, self.request.user)
262 263 264
        context.update({
            'graphite_enabled': VmGraphView.get_graphite_url() is not None,
            'vnc_url': reverse_lazy("dashboard.views.detail-vnc",
265
                                    kwargs={'pk': self.object.pk}),
266 267
            'ops': ops,
            'op': {i.op: i for i in ops},
268
        })
269 270

        # activity data
271
        context['activities'] = self.object.get_activities(self.request.user)
272

273
        context['vlans'] = Vlan.get_objects_with_level(
274
            'user', self.request.user
275
        ).exclude(  # exclude already added interfaces
276 277 278
            pk__in=Interface.objects.filter(
                instance=self.get_object()).values_list("vlan", flat=True)
        ).all()
279
        context['acl'] = get_vm_acl_data(instance)
280
        context['forms'] = {
281
            'disk_add_form': DiskAddForm(
282
                user=self.request.user,
283
                is_template=False, object_pk=self.get_object().pk,
284
                prefix="disk"),
285
        }
286 287
        context['os_type_icon'] = instance.os_type.replace("unknown",
                                                           "question")
288 289 290
        # ipv6 infos
        context['ipv6_host'] = instance.get_connect_host(use_ipv6=True)
        context['ipv6_port'] = instance.get_connect_port(use_ipv6=True)
291
        return context
Kálmán Viktor committed
292

293 294 295 296 297
    def post(self, request, *args, **kwargs):
        if (request.POST.get('ram-size') and request.POST.get('cpu-count')
                and request.POST.get('cpu-priority')):
            return self.__set_resources(request)

298 299 300
        options = {
            'change_password': self.__change_password,
            'new_name': self.__set_name,
301
            'new_description': self.__set_description,
302 303
            'new_tag': self.__add_tag,
            'to_remove': self.__remove_tag,
304 305
            'port': self.__add_port,
            'new_network_vlan': self.__new_network,
306
            'abort_operation': self.__abort_operation,
307 308 309 310
        }
        for k, v in options.iteritems():
            if request.POST.get(k) is not None:
                return v(request)
Kálmán Viktor committed
311

312 313 314 315
    def __change_password(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
Kálmán Viktor committed
316

317
        self.object.change_password(user=request.user)
318
        messages.success(request, _("Password changed."))
319
        if request.is_ajax():
320
            return HttpResponse("Success.")
321 322 323
        else:
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.object.pk}))
324

325 326 327 328
    def __set_resources(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
329 330
        if not request.user.has_perm('vm.change_resources'):
            raise PermissionDenied()
331 332 333 334

        resources = {
            'num_cores': request.POST.get('cpu-count'),
            'ram_size': request.POST.get('ram-size'),
335
            'max_ram_size': request.POST.get('ram-size'),  # TODO: max_ram
336 337 338 339
            'priority': request.POST.get('cpu-priority')
        }
        Instance.objects.filter(pk=self.object.pk).update(**resources)

340
        success_message = _("Resources successfully updated.")
341 342 343 344 345 346 347 348 349 350 351
        if request.is_ajax():
            response = {'message': success_message}
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.object.pk}))

352 353
    def __set_name(self, request):
        self.object = self.get_object()
354 355
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
356 357 358 359
        new_name = request.POST.get("new_name")
        Instance.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

360
        success_message = _("VM successfully renamed.")
361 362 363 364 365 366 367 368 369 370 371 372
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
                'vm_pk': self.object.pk
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
373 374 375 376 377 378 379 380 381 382 383
            return redirect(self.object.get_absolute_url())

    def __set_description(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()

        new_description = request.POST.get("new_description")
        Instance.objects.filter(pk=self.object.pk).update(
            **{'description': new_description})

384
        success_message = _("VM description successfully updated.")
385 386 387 388 389 390 391 392 393 394 395 396
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_description': new_description,
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(self.object.get_absolute_url())
397

Kálmán Viktor committed
398 399 400
    def __add_tag(self, request):
        new_tag = request.POST.get('new_tag')
        self.object = self.get_object()
401 402
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
Kálmán Viktor committed
403 404

        if len(new_tag) < 1:
405
            message = u"Please input something."
Kálmán Viktor committed
406
        elif len(new_tag) > 20:
407
            message = u"Tag name is too long."
Kálmán Viktor committed
408 409 410 411 412 413 414 415 416 417 418 419 420 421 422
        else:
            self.object.tags.add(new_tag)

        try:
            messages.error(request, message)
        except:
            pass

        return redirect(reverse_lazy("dashboard.views.detail",
                                     kwargs={'pk': self.object.pk}))

    def __remove_tag(self, request):
        try:
            to_remove = request.POST.get('to_remove')
            self.object = self.get_object()
423 424
            if not self.object.has_level(request.user, 'owner'):
                raise PermissionDenied()
Kálmán Viktor committed
425 426 427 428 429 430 431 432 433 434 435

            self.object.tags.remove(to_remove)
            message = u"Success"
        except:  # note this won't really happen
            message = u"Not success"

        if request.is_ajax():
            return HttpResponse(
                json.dumps({'message': message}),
                content_type="application=json"
            )
436 437 438
        else:
            return redirect(reverse_lazy("dashboard.views.detail",
                            kwargs={'pk': self.object.pk}))
Kálmán Viktor committed
439

440 441
    def __add_port(self, request):
        object = self.get_object()
442 443
        if (not object.has_level(request.user, 'owner') or
                not request.user.has_perm('vm.config_ports')):
444
            raise PermissionDenied()
445 446 447 448 449 450

        port = request.POST.get("port")
        proto = request.POST.get("proto")

        try:
            error = None
451 452 453
            interfaces = object.interface_set.all()
            host = Host.objects.get(pk=request.POST.get("host_pk"),
                                    interface__in=interfaces)
454
            host.add_port(proto, private=port)
455 456 457 458 459
        except Host.DoesNotExist:
            logger.error('Tried to add port to nonexistent host %d. User: %s. '
                         'Instance: %s', request.POST.get("host_pk"),
                         unicode(request.user), object)
            raise PermissionDenied()
460
        except ValueError:
461
            error = _("There is a problem with your input.")
462
        except Exception as e:
Bach Dániel committed
463 464
            error = _("Unknown error.")
            logger.error(e)
465 466 467 468 469 470 471 472 473

        if request.is_ajax():
            pass
        else:
            if error:
                messages.error(request, error)
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.get_object().pk}))

474 475 476 477 478
    def __new_network(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()

479
        vlan = get_object_or_404(Vlan, pk=request.POST.get("new_network_vlan"))
480 481
        if not vlan.has_level(request.user, 'user'):
            raise PermissionDenied()
482
        try:
483
            self.object.add_interface(vlan=vlan, user=request.user)
484
            messages.success(request, _("Successfully added new interface."))
485 486 487 488 489 490 491
        except Exception, e:
            error = u' '.join(e.messages)
            messages.error(request, error)

        return redirect("%s#network" % reverse_lazy(
            "dashboard.views.detail", kwargs={'pk': self.object.pk}))

492
    def __abort_operation(self, request):
Kálmán Viktor committed
493 494 495 496
        self.object = self.get_object()

        activity = get_object_or_404(InstanceActivity,
                                     pk=request.POST.get("activity"))
497 498
        if not activity.is_abortable_for(request.user):
            raise PermissionDenied()
Kálmán Viktor committed
499 500 501
        activity.abort()
        return redirect("%s#activity" % self.object.get_absolute_url())

502

503
class OperationView(DetailView):
504

505
    template_name = 'dashboard/operate.html'
506
    show_in_toolbar = True
507

508 509 510
    @property
    def name(self):
        return self.get_op().name
511

512 513 514
    @property
    def description(self):
        return self.get_op().description
515

516 517 518
    @classmethod
    def get_urlname(cls):
        return 'dashboard.vm.op.%s' % cls.op
519

520 521
    def get_url(self):
        return reverse(self.get_urlname(), args=(self.get_object().pk, ))
522

523 524 525 526 527
    def get_wrapper_template_name(self):
        if self.request.is_ajax():
            return 'dashboard/_modal.html'
        else:
            return 'dashboard/_base.html'
528

529 530 531
    @classmethod
    def get_op_by_object(cls, obj):
        return getattr(obj, cls.op)
532

533 534 535 536
    def get_op(self):
        if not hasattr(self, '_opobj'):
            setattr(self, '_opobj', getattr(self.get_object(), self.op))
        return self._opobj
537

538
    def get_context_data(self, **kwargs):
539
        ctx = super(OperationView, self).get_context_data(**kwargs)
540 541 542
        ctx['op'] = self.get_op()
        ctx['url'] = self.request.path
        return ctx
543

544 545 546 547 548 549 550
    def get(self, request, *args, **kwargs):
        self.get_op().check_auth(request.user)
        response = super(OperationView, self).get(request, *args, **kwargs)
        response.render()
        response.content = render_to_string(self.get_wrapper_template_name(),
                                            {'body': response.content})
        return response
551

552
    def post(self, request, extra=None, *args, **kwargs):
553
        self.object = self.get_object()
554 555
        if extra is None:
            extra = {}
556
        try:
557
            self.get_op().async(user=request.user, **extra)
558 559 560
        except Exception as e:
            messages.error(request, _('Could not start operation.'))
            logger.error(e)
561
        return redirect("%s#activity" % self.object.get_absolute_url())
562

563 564 565 566
    @classmethod
    def factory(cls, op, icon='cog'):
        return type(str(cls.__name__ + op),
                    (cls, ), {'op': op, 'icon': icon})
567

568 569 570 571 572 573 574 575 576 577
    @classmethod
    def bind_to_object(cls, instance):
        v = cls()
        v.get_object = lambda: instance
        return v


class VmOperationView(OperationView):

    model = Instance
578
    context_object_name = 'instance'  # much simpler to mock object
579

580

581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604
class FormOperationMixin(object):

    form_class = None

    def get_context_data(self, **kwargs):
        ctx = super(FormOperationMixin, self).get_context_data(**kwargs)
        if self.request.method == 'POST':
            ctx['form'] = self.form_class(self.request.POST)
        else:
            ctx['form'] = self.form_class()
        return ctx

    def post(self, request, extra=None, *args, **kwargs):
        if extra is None:
            extra = {}
        form = self.form_class(self.request.POST)
        if form.is_valid():
            extra.update(form.cleaned_data)
            return super(FormOperationMixin, self).post(
                request, extra, *args, **kwargs)
        else:
            return self.get(request)


605 606 607 608 609 610 611
class VmMigrateView(VmOperationView):

    op = 'migrate'
    icon = 'truck'
    template_name = 'dashboard/_vm-migrate.html'

    def get_context_data(self, **kwargs):
612
        ctx = super(VmMigrateView, self).get_context_data(**kwargs)
613 614 615 616 617
        ctx['nodes'] = [n for n in Node.objects.filter(enabled=True)
                        if n.state == "ONLINE"]
        return ctx

    def post(self, request, extra=None, *args, **kwargs):
618 619
        if extra is None:
            extra = {}
620 621 622 623 624 625 626
        node = self.request.POST.get("node")
        if node:
            node = get_object_or_404(Node, pk=node)
            extra["to_node"] = node
        return super(VmMigrateView, self).post(request, extra, *args, **kwargs)


627
class VmSaveView(FormOperationMixin, VmOperationView):
628 629 630

    op = 'save_as_template'
    icon = 'save'
631
    form_class = VmSaveForm
632

633 634 635
vm_ops = {
    'reset': VmOperationView.factory(op='reset', icon='bolt'),
    'deploy': VmOperationView.factory(op='deploy', icon='play'),
636
    'migrate': VmMigrateView,
637 638 639
    'reboot': VmOperationView.factory(op='reboot', icon='refresh'),
    'shut_off': VmOperationView.factory(op='shut_off', icon='ban-circle'),
    'shutdown': VmOperationView.factory(op='shutdown', icon='off'),
640
    'save_as_template': VmSaveView,
641 642 643 644 645 646 647 648 649 650 651 652 653
    'destroy': VmOperationView.factory(op='destroy', icon='remove'),
    'sleep': VmOperationView.factory(op='sleep', icon='moon'),
    'wake_up': VmOperationView.factory(op='wake_up', icon='sun'),
}


def get_operations(instance, user):
    ops = []
    for k, v in vm_ops.iteritems():
        try:
            op = v.get_op_by_object(instance)
            op.check_auth(user)
            op.check_precond()
654 655 656
        except Exception as e:
            logger.debug('Not showing operation %s for %s: %s',
                         k, instance, unicode(e))
657 658 659
        else:
            ops.append(v.bind_to_object(instance))
    return ops
660

Kálmán Viktor committed
661

662
class NodeDetailView(LoginRequiredMixin, SuperuserRequiredMixin, DetailView):
663 664
    template_name = "dashboard/node-detail.html"
    model = Node
665 666
    form = None
    form_class = TraitForm
667

668 669 670
    def get_context_data(self, form=None, **kwargs):
        if form is None:
            form = self.form_class()
671
        context = super(NodeDetailView, self).get_context_data(**kwargs)
672 673
        instances = Instance.active.filter(node=self.object)
        context['table'] = NodeVmListTable(instances)
674 675 676 677
        na = NodeActivity.objects.filter(
            node=self.object, parent=None
        ).order_by('-started').select_related()
        context['activities'] = na
678
        context['trait_form'] = form
679 680
        context['graphite_enabled'] = (
            NodeGraphView.get_graphite_url() is not None)
681 682
        return context

683 684 685
    def post(self, request, *args, **kwargs):
        if request.POST.get('new_name'):
            return self.__set_name(request)
686 687
        if request.POST.get('to_remove'):
            return self.__remove_trait(request)
688 689
        return redirect(reverse_lazy("dashboard.views.node-detail",
                                     kwargs={'pk': self.get_object().pk}))
690 691 692 693 694 695 696

    def __set_name(self, request):
        self.object = self.get_object()
        new_name = request.POST.get("new_name")
        Node.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

697
        success_message = _("Node successfully renamed.")
698 699 700 701 702
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
                'node_pk': self.object.pk
703 704 705 706 707 708 709 710 711 712
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.node-detail",
                                         kwargs={'pk': self.object.pk}))

713 714 715 716
    def __remove_trait(self, request):
        try:
            to_remove = request.POST.get('to_remove')
            self.object = self.get_object()
717
            self.object.traits.remove(to_remove)
718 719 720 721 722 723 724
            message = u"Success"
        except:  # note this won't really happen
            message = u"Not success"

        if request.is_ajax():
            return HttpResponse(
                json.dumps({'message': message}),
725
                content_type="application/json"
726
            )
727
        else:
728
            return redirect(self.object.get_absolute_url())
729

730

731
class GroupDetailView(CheckedDetailView):
732 733
    template_name = "dashboard/group-detail.html"
    model = Group
734
    read_level = 'operator'
735 736 737

    def get_has_level(self):
        return self.object.profile.has_level
738 739 740

    def get_context_data(self, **kwargs):
        context = super(GroupDetailView, self).get_context_data(**kwargs)
741 742 743
        context['group'] = self.object
        context['users'] = self.object.user_set.all()
        context['acl'] = get_group_acl_data(self.object)
744 745
        context['group_profile_form'] = GroupProfileUpdate.get_form_object(
            self.request, self.object.profile)
746 747 748
        return context

    def post(self, request, *args, **kwargs):
749 750 751
        self.object = self.get_object()
        if not self.get_has_level()(request.user, 'operator'):
            raise PermissionDenied()
752 753
        if request.POST.get('new_name'):
            return self.__set_name(request)
754
        if request.POST.get('list-new-name'):
755
            return self.__add_user(request)
756
        if request.POST.get('list-new-namelist'):
757
            return self.__add_list(request)
758 759 760 761
        if (request.POST.get('list-new-name') is not None) and \
                (request.POST.get('list-new-namelist') is not None):
            return redirect(reverse_lazy("dashboard.views.group-detail",
                                         kwargs={'pk': self.get_object().pk}))
762 763

    def __add_user(self, request):
764
        name = request.POST['list-new-name']
765 766 767
        self.__add_username(request, name)
        return redirect(reverse_lazy("dashboard.views.group-detail",
                                     kwargs={'pk': self.object.pk}))
768 769

    def __add_username(self, request, name):
770
        if not name:
771
            return
772 773
        try:
            entity = User.objects.get(username=name)
774
            self.object.user_set.add(entity)
775 776
        except User.DoesNotExist:
            warning(request, _('User "%s" not found.') % name)
777

778
    def __add_list(self, request):
779 780
        if not self.get_has_level()(request.user, 'operator'):
            raise PermissionDenied()
781 782 783
        userlist = request.POST.get('list-new-namelist').split('\r\n')
        for line in userlist:
            self.__add_username(request, line)
784 785
        return redirect(reverse_lazy("dashboard.views.group-detail",
                                     kwargs={'pk': self.object.pk}))
786 787 788 789 790 791

    def __set_name(self, request):
        new_name = request.POST.get("new_name")
        Group.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

792
        success_message = _("Group successfully renamed.")
793 794 795 796
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
797
                'group_pk': self.object.pk
798 799 800 801 802 803 804 805 806 807 808
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.group-detail",
                                         kwargs={'pk': self.object.pk}))


809
class AclUpdateView(LoginRequiredMixin, View, SingleObjectMixin):
810

811
    def post(self, request, *args, **kwargs):
812
        instance = self.get_object()
813 814
        if not (instance.has_level(request.user, "owner") or
                getattr(instance, 'owner', None) == request.user):
Őry Máté committed
815 816
            logger.warning('Tried to set permissions of %s by non-owner %s.',
                           unicode(instance), unicode(request.user))
817
            raise PermissionDenied()
818
        self.set_levels(request, instance)
819
        self.remove_levels(request, instance)
820
        self.add_levels(request, instance)
821
        return redirect("%s#access" % instance.get_absolute_url())
822 823

    def set_levels(self, request, instance):
824 825 826
        for key, value in request.POST.items():
            m = re.match('perm-([ug])-(\d+)', key)
            if m:
827 828
                typ, id = m.groups()
                entity = {'u': User, 'g': Group}[typ].objects.get(id=id)
829
                if getattr(instance, "owner", None) == entity:
830 831 832
                    logger.info("Tried to set owner's acl level for %s by %s.",
                                unicode(instance), unicode(request.user))
                    continue
833
                instance.set_level(entity, value)
Őry Máté committed
834 835 836
                logger.info("Set %s's acl level for %s to %s by %s.",
                            unicode(entity), unicode(instance),
                            value, unicode(request.user))
837

838 839 840 841 842 843 844 845 846 847
    def remove_levels(self, request, instance):
        for key, value in request.POST.items():
            if key.startswith("remove"):
                typ = key[7:8]  # len("remove-")
                id = key[9:]  # len("remove-x-")
                entity = {'u': User, 'g': Group}[typ].objects.get(id=id)
                if getattr(instance, "owner", None) == entity:
                    logger.info("Tried to remove owner from %s by %s.",
                                unicode(instance), unicode(request.user))
                    msg = _("The original owner cannot be removed, however "
848
                            "you can transfer ownership.")
849 850 851 852 853 854 855
                    messages.warning(request, msg)
                    continue
                instance.set_level(entity, None)
                logger.info("Revoked %s's access to %s by %s.",
                            unicode(entity), unicode(instance),
                            unicode(request.user))

856
    def add_levels(self, request, instance):
857 858
        name = request.POST['perm-new-name']
        value = request.POST['perm-new']
859 860 861 862 863 864
        if not name:
            return
        try:
            entity = User.objects.get(username=name)
        except User.DoesNotExist:
            entity = None
865 866
            try:
                entity = Group.objects.get(name=name)
867 868 869 870
            except Group.DoesNotExist:
                warning(request, _('User or group "%s" not found.') % name)
                return

871
        instance.set_level(entity, value)
Őry Máté committed
872 873 874
        logger.info("Set %s's new acl level for %s to %s by %s.",
                    unicode(entity), unicode(instance),
                    value, unicode(request.user))
875

Kálmán Viktor committed
876

877 878 879 880 881 882 883 884 885 886
class TemplateAclUpdateView(AclUpdateView):
    model = InstanceTemplate

    def post(self, request, *args, **kwargs):
        template = self.get_object()
        if not (template.has_level(request.user, "owner") or
                getattr(template, 'owner', None) == request.user):
            logger.warning('Tried to set permissions of %s by non-owner %s.',
                           unicode(template), unicode(request.user))
            raise PermissionDenied()
887 888 889 890 891 892 893 894 895

        name = request.POST['perm-new-name']
        if (User.objects.filter(username=name).count() +
                Group.objects.filter(name=name).count() < 1
                and len(name) > 0):
            warning(request, _('User or group "%s" not found.') % name)
        else:
            self.set_levels(request, template)
            self.add_levels(request, template)
896
            self.remove_levels(request, template)
897 898 899 900 901 902

            post_for_disk = request.POST.copy()
            post_for_disk['perm-new'] = 'user'
            request.POST = post_for_disk
            for d in template.disks.all():
                self.add_levels(request, d)
903

904
        return redirect(template)
905 906


907 908 909 910 911 912 913 914 915 916
class GroupAclUpdateView(AclUpdateView):
    model = Group

    def post(self, request, *args, **kwargs):
        instance = self.get_object().profile
        if not (instance.has_level(request.user, "owner") or
                getattr(instance, 'owner', None) == request.user):
            logger.warning('Tried to set permissions of %s by non-owner %s.',
                           unicode(instance), unicode(request.user))
            raise PermissionDenied()
Kálmán Viktor committed
917 918 919

        self.set_levels(request, instance)
        self.add_levels(request, instance)
920 921 922 923
        return redirect(reverse("dashboard.views.group-detail",
                                kwargs=self.kwargs))


924 925 926 927 928 929 930 931 932 933
class TemplateChoose(TemplateView):

    def get_template_names(self):
        if self.request.is_ajax():
            return ['dashboard/modal-wrapper.html']
        else:
            return ['dashboard/nojs-wrapper.html']

    def get_context_data(self, *args, **kwargs):
        context = super(TemplateChoose, self).get_context_data(*args, **kwargs)
934
        templates = InstanceTemplate.get_objects_with_level("user",
935 936 937 938
                                                            self.request.user)
        context.update({
            'box_title': _('Choose template'),
            'ajax_title': False,
939
            'template': "dashboard/_template-choose.html",
940
            'templates': templates.all(),
941 942 943
        })
        return context

944 945 946 947 948 949 950
    def post(self, request, *args, **kwargs):
        if not request.user.has_perm('vm.create_template'):
            raise PermissionDenied()

        template = request.POST.get("parent")
        if template == "base_vm":
            return redirect(reverse("dashboard.views.template-create"))
951
        elif template is None:
952
            messages.warning(request, _("Select an option to proceed."))
953
            return redirect(reverse("dashboard.views.template-choose"))
954 955 956 957 958 959 960 961
        else:
            template = get_object_or_404(InstanceTemplate, pk=template)

        instance = Instance.create_from_template(
            template=template, owner=request.user, is_base=True)

        return redirect(instance.get_absolute_url())

962

963 964 965 966
class TemplateCreate(SuccessMessageMixin, CreateView):
    model = InstanceTemplate
    form_class = TemplateForm

967 968
    def get_template_names(self):
        if self.request.is_ajax():
969
            pass
970 971 972 973 974 975 976
        else:
            return ['dashboard/nojs-wrapper.html']

    def get_context_data(self, *args, **kwargs):
        context = super(TemplateCreate, self).get_context_data(*args, **kwargs)

        context.update({
977
            'box_title': _("Create a new base VM"),
978
            'template': "dashboard/_template-create.html",
979
            'leases': Lease.objects.count()
980 981 982
        })
        return context

983
    def get(self, *args, **kwargs):
984 985
        if not self.request.user.has_perm('vm.create_template'):
            raise PermissionDenied()
986

987 988 989 990
        return super(TemplateCreate, self).get(*args, **kwargs)

    def get_form_kwargs(self):
        kwargs = super(TemplateCreate, self).get_form_kwargs()
991
        kwargs['user'] = self.request.user
992 993
        return kwargs

994 995 996
    def post(self, request, *args, **kwargs):
        if not self.request.user.has_perm('vm.create_template'):
            raise PermissionDenied()
997 998

        form = self.form_class(request.POST, user=request.user)
999 1000
        if not form.is_valid():
            return self.get(request, form, *args, **kwargs)
1001
        else:
1002
            post = form.cleaned_data
1003 1004
            networks = self.__create_networks(post.pop("networks"),
                                              request.user)
1005
            post.pop("parent")
1006
            post['max_ram_size'] = post['ram_size']
1007 1008 1009 1010 1011 1012 1013
            req_traits = post.pop("req_traits")
            tags = post.pop("tags")
            post['pw'] = User.objects.make_random_password()
            post['is_base'] = True
            inst = Instance.create(params=post, disks=[],
                                   networks=networks,
                                   tags=tags, req_traits=req_traits)
1014

1015
            return redirect("%s#resources" % inst.get_absolute_url())
1016

1017 1018
        return super(TemplateCreate, self).post(self, request, args, kwargs)

1019
    def __create_networks(self, vlans, user):
1020 1021
        networks = []
        for v in vlans:
1022 1023
            if not v.has_level(user, "user"):
                raise PermissionDenied()
1024 1025 1026
            networks.append(InterfaceTemplate(vlan=v, managed=v.managed))
        return networks

1027 1028 1029 1030
    def get_success_url(self):
        return reverse_lazy("dashboard.views.template-list")


1031
class TemplateDetail(LoginRequiredMixin, SuccessMessageMixin, UpdateView):
1032
    model = InstanceTemplate
1033 1034
    template_name = "dashboard/template-edit.html"
    form_class = TemplateForm
1035
    success_message = _("Successfully modified template.")
1036 1037

    def get(self, request, *args, **kwargs):
1038
        template = self.get_object()
1039
        if not template.has_level(request.user, 'user'):
1040
            raise PermissionDenied()
1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061
        if request.is_ajax():
            template = {
                'num_cores': template.num_cores,
                'ram_size': template.ram_size,
                'priority': template.priority,
                'arch': template.arch,
                'description': template.description,
                'system': template.system,
                'name': template.name,
                'disks': [{'pk': d.pk, 'name': d.name}
                          for d in template.disks.all()],
                'network': [
                    {'vlan_pk': i.vlan.pk, 'vlan': i.vlan.name,
                     'managed': i.managed}
                    for i in InterfaceTemplate.objects.filter(
                        template=self.get_object()).all()
                ]
            }
            return HttpResponse(json.dumps(template),
                                content_type="application/json")
        else:
1062 1063
            return super(TemplateDetail, self).get(request, *args, **kwargs)

1064
    def get_context_data(self, **kwargs):
1065
        obj = self.get_object()
1066
        context = super(TemplateDetail, self).get_context_data(**kwargs)
1067 1068
        context['acl'] = get_vm_acl_data(obj)
        context['disks'] = obj.disks.all()
1069
        context['disk_add_form'] = DiskAddForm(
1070
            user=self.request.user,
1071
            is_template=True,
1072
            object_pk=obj.pk,
1073 1074
            prefix="disk",
        )
1075 1076
        return context

1077 1078 1079 1080
    def get_success_url(self):
        return reverse_lazy("dashboard.views.template-detail",
                            kwargs=self.kwargs)

1081 1082 1083 1084 1085 1086 1087
    def post(self, request, *args, **kwargs):
        template = self.get_object()
        if not template.has_level(request.user, 'owner'):
            raise PermissionDenied()
        for disk in self.get_object().disks.all():
            if not disk.has_level(request.user, 'user'):
                raise PermissionDenied()
1088 1089 1090
        for network in self.get_object().interface_set.all():
            if not network.vlan.has_level(request.user, "user"):
                raise PermissionDenied()
1091 1092
        return super(TemplateDetail, self).post(self, request, args, kwargs)

1093 1094 1095 1096 1097
    def get_form_kwargs(self):
        kwargs = super(TemplateDetail, self).get_form_kwargs()
        kwargs['user'] = self.request.user
        return kwargs

1098

1099
class TemplateList(LoginRequiredMixin, SingleTableView):
1100 1101 1102 1103 1104 1105 1106
    template_name = "dashboard/template-list.html"
    model = InstanceTemplate
    table_class = TemplateListTable
    table_pagination = False

    def get_context_data(self, *args, **kwargs):
        context = super(TemplateList, self).get_context_data(*args, **kwargs)
1107 1108
        context['lease_table'] = LeaseListTable(Lease.objects.all(),
                                                request=self.request)
1109
        return context
1110

1111 1112 1113 1114 1115 1116
    def get_queryset(self):
        logger.debug('TemplateList.get_queryset() called. User: %s',
                     unicode(self.request.user))
        return InstanceTemplate.get_objects_with_level(
            'user', self.request.user).all()

1117

1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136
class TemplateDelete(LoginRequiredMixin, DeleteView):
    model = InstanceTemplate

    def get_success_url(self):
        return reverse("dashboard.views.template-list")

    def get_template_names(self):
        if self.request.is_ajax():
            return ['dashboard/confirm/ajax-delete.html']
        else:
            return ['dashboard/confirm/base-delete.html']

    def delete(self, request, *args, **kwargs):
        object = self.get_object()
        if not object.has_level(request.user, 'owner'):
            raise PermissionDenied()

        object.delete()
        success_url = self.get_success_url()
1137
        success_message = _("Template successfully deleted.")
1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148

        if request.is_ajax():
            return HttpResponse(
                json.dumps({'message': success_message}),
                content_type="application/json",
            )
        else:
            messages.success(request, success_message)
            return HttpResponseRedirect(success_url)


1149
class VmList(LoginRequiredMixin, FilterMixin, ListView):
Kálmán Viktor committed
1150
    template_name = "dashboard/vm-list.html"
1151 1152 1153 1154 1155
    allowed_filters = {
        'name': "name__icontains",
        'node': "node__name__icontains",
        'status': "status__iexact",
        'tags': "tags__name__in",  # note: use it as ?tags[]=a,b
Kálmán Viktor committed
1156
        'owner': "owner__username",
1157
    }
1158

1159 1160
    def get(self, *args, **kwargs):
        if self.request.is_ajax():
1161 1162 1163 1164
            favs = Instance.objects.filter(
                favourite__user=self.request.user).values_list('pk', flat=True)
            instances = Instance.get_objects_with_level(
                'user', self.request.user).filter(
1165
                destroyed_at=None).all()
1166 1167 1168
            instances = [{
                'pk': i.pk,
                'name': i.name,
1169 1170 1171
                'icon': i.get_status_icon(),
                'host': "" if not i.primary_host else i.primary_host.hostname,
                'status': i.get_status_display(),
1172
                'fav': i.pk in favs} for i in instances]
1173
            return HttpResponse(
1174
                json.dumps(list(instances)),  # instances is ValuesQuerySet
1175 1176 1177 1178 1179
                content_type="application/json",
            )
        else:
            return super(VmList, self).get(*args, **kwargs)

1180
    def get_queryset(self):
1181
        logger.debug('VmList.get_queryset() called. User: %s',
1182
                     unicode(self.request.user))
1183
        queryset = Instance.get_objects_with_level(