views.py 103 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
# Copyright 2014 Budapest University of Technology and Economics (BME IK)
#
# This file is part of CIRCLE Cloud.
#
# CIRCLE is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# CIRCLE is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along
# with CIRCLE.  If not, see <http://www.gnu.org/licenses/>.

18
from __future__ import unicode_literals, absolute_import
19

20
from itertools import chain
21 22
from os import getenv
import json
Őry Máté committed
23
import logging
24
import re
25
from hashlib import md5
26
import requests
27

28
from django.conf import settings
29
from django.contrib.auth.models import User, Group
Őry Máté committed
30
from django.contrib.auth.views import login, redirect_to_login
31
from django.contrib.messages import warning
32
from django.contrib.messages.views import SuccessMessageMixin
33
from django.core.exceptions import (
34
    PermissionDenied, SuspiciousOperation,
35
)
36 37
from django.core import signing
from django.core.urlresolvers import reverse, reverse_lazy
38
from django.db.models import Count
39
from django.http import HttpResponse, HttpResponseRedirect, Http404
Őry Máté committed
40
from django.shortcuts import redirect, render, get_object_or_404
41
from django.views.decorators.http import require_GET, require_POST
42
from django.views.generic.detail import SingleObjectMixin
43
from django.views.generic import (TemplateView, DetailView, View, DeleteView,
44
                                  UpdateView, CreateView, ListView)
45 46
from django.contrib import messages
from django.utils.translation import ugettext as _
47
from django.utils.translation import ungettext as __
48
from django.template.loader import render_to_string
49
from django.template import RequestContext
50
from django.templatetags.static import static
51

52
from django.forms.models import inlineformset_factory
53
from django_tables2 import SingleTableView
54 55
from braces.views import (LoginRequiredMixin, SuperuserRequiredMixin,
                          PermissionRequiredMixin)
56
from braces.views._access import AccessMixin
Kálmán Viktor committed
57

58
from .forms import (
59
    CircleAuthenticationForm, HostForm, LeaseForm, MyProfileForm,
60
    NodeForm, TemplateForm, TraitForm, VmCustomizeForm, GroupCreateForm,
61
    UserCreationForm, GroupProfileUpdateForm, UnsubscribeForm,
62
    CirclePasswordChangeForm, VmSaveForm,
63
)
64 65 66 67

from .tables import (
    NodeListTable, NodeVmListTable, TemplateListTable, LeaseListTable,
    GroupListTable,
68
)
Őry Máté committed
69 70 71 72
from vm.models import (
    Instance, instance_activity, InstanceActivity, InstanceTemplate, Interface,
    InterfaceTemplate, Lease, Node, NodeActivity, Trait,
)
73
from storage.models import Disk
74
from firewall.models import Vlan, Host, Rule
75
from .models import Favourite, Profile, GroupProfile
76

Őry Máté committed
77
logger = logging.getLogger(__name__)
78
saml_available = hasattr(settings, "SAML_CONFIG")
79

80

81 82 83 84
def search_user(keyword):
    try:
        return User.objects.get(username=keyword)
    except User.DoesNotExist:
85 86 87 88
        try:
            return User.objects.get(profile__org_id=keyword)
        except User.DoesNotExist:
            return User.objects.get(email=keyword)
89 90


91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113
class GroupCodeMixin(object):

    @classmethod
    def get_available_group_codes(cls, request):
        newgroups = []
        if saml_available:
            from djangosaml2.cache import StateCache, IdentityCache
            from djangosaml2.conf import get_config
            from djangosaml2.views import _get_subject_id
            from saml2.client import Saml2Client

            state = StateCache(request.session)
            conf = get_config(None, request)
            client = Saml2Client(conf, state_cache=state,
                                 identity_cache=IdentityCache(request.session),
                                 logger=logger)
            subject_id = _get_subject_id(request.session)
            identity = client.users.get_identity(subject_id,
                                                 check_not_on_or_after=False)
            if identity:
                attributes = identity[0]
                owneratrs = getattr(
                    settings, 'SAML_GROUP_OWNER_ATTRIBUTES', [])
114 115
                for group in chain(*[attributes[i]
                                     for i in owneratrs if i in attributes]):
116 117 118 119 120 121 122 123
                    try:
                        GroupProfile.search(group)
                    except Group.DoesNotExist:
                        newgroups.append(group)

        return newgroups


124
class FilterMixin(object):
125

126 127 128 129 130 131
    def get_queryset_filters(self):
        filters = {}
        for item in self.allowed_filters:
            if item in self.request.GET:
                filters[self.allowed_filters[item]] = self.request.GET[item]
        return filters
132

133 134 135
    def get_queryset(self):
        return super(FilterMixin,
                     self).get_queryset().filter(**self.get_queryset_filters())
136 137


138
class IndexView(LoginRequiredMixin, TemplateView):
Kálmán Viktor committed
139
    template_name = "dashboard/index.html"
140

141
    def get_context_data(self, **kwargs):
142
        user = self.request.user
143
        context = super(IndexView, self).get_context_data(**kwargs)
144

145
        # instances
146
        favs = Instance.objects.filter(favourite__user=self.request.user)
147
        instances = Instance.get_objects_with_level(
148
            'user', user, disregard_superuser=True).filter(destroyed_at=None)
149 150 151
        display = list(favs) + list(set(instances) - set(favs))
        for d in display:
            d.fav = True if d in favs else False
152
        context.update({
153
            'instances': display[:5],
154
            'more_instances': instances.count() - len(instances[:5])
155 156
        })

157 158
        running = instances.filter(status='RUNNING')
        stopped = instances.exclude(status__in=('RUNNING', 'NOSTATE'))
159

160
        context.update({
161 162 163
            'running_vms': running[:20],
            'running_vm_num': running.count(),
            'stopped_vm_num': stopped.count()
164
        })
165

166 167 168 169
        # nodes
        if user.is_superuser:
            nodes = Node.objects.all()
            context.update({
170 171
                'nodes': nodes[:5],
                'more_nodes': nodes.count() - len(nodes[:5]),
172 173 174 175 176 177 178 179 180 181
                'sum_node_num': nodes.count(),
                'node_num': {
                    'running': Node.get_state_count(True, True),
                    'missing': Node.get_state_count(False, True),
                    'disabled': Node.get_state_count(True, False),
                    'offline': Node.get_state_count(False, False)
                }
            })

        # groups
182
        if user.has_module_perms('auth'):
183 184
            profiles = GroupProfile.get_objects_with_level('operator', user)
            groups = Group.objects.filter(groupprofile__in=profiles)
185 186 187 188
            context.update({
                'groups': groups[:5],
                'more_groups': groups.count() - len(groups[:5]),
            })
189 190 191 192 193 194

        # template
        if user.has_perm('vm.create_template'):
            context['templates'] = InstanceTemplate.get_objects_with_level(
                'operator', user).all()[:5]

195 196
        return context

197

198
def get_vm_acl_data(obj):
199 200 201 202 203 204 205 206 207
    levels = obj.ACL_LEVELS
    users = obj.get_users_with_level()
    users = [{'user': u, 'level': l} for u, l in users]
    groups = obj.get_groups_with_level()
    groups = [{'group': g, 'level': l} for g, l in groups]
    return {'users': users, 'groups': groups, 'levels': levels,
            'url': reverse('dashboard.views.vm-acl', args=[obj.pk])}


208 209 210 211 212 213 214 215 216 217 218
def get_group_acl_data(obj):
    aclobj = obj.profile
    levels = aclobj.ACL_LEVELS
    users = aclobj.get_users_with_level()
    users = [{'user': u, 'level': l} for u, l in users]
    groups = aclobj.get_groups_with_level()
    groups = [{'group': g, 'level': l} for g, l in groups]
    return {'users': users, 'groups': groups, 'levels': levels,
            'url': reverse('dashboard.views.group-acl', args=[obj.pk])}


219
class CheckedDetailView(LoginRequiredMixin, DetailView):
220 221
    read_level = 'user'

222 223 224
    def get_has_level(self):
        return self.object.has_level

225 226
    def get_context_data(self, **kwargs):
        context = super(CheckedDetailView, self).get_context_data(**kwargs)
227
        if not self.get_has_level()(self.request.user, self.read_level):
228 229 230 231
            raise PermissionDenied()
        return context


232 233 234 235 236 237 238 239 240
class VmDetailVncTokenView(CheckedDetailView):
    template_name = "dashboard/vm-detail.html"
    model = Instance

    def get(self, request, **kwargs):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'operator'):
            raise PermissionDenied()
        if self.object.node:
241 242 243 244 245 246 247 248
            with instance_activity(code_suffix='console-accessed',
                                   instance=self.object, user=request.user,
                                   concurrency_check=False):
                port = self.object.vnc_port
                host = str(self.object.node.host.ipv4)
                value = signing.dumps({'host': host, 'port': port},
                                      key=getenv("PROXY_SECRET", 'asdasd')),
                return HttpResponse('vnc/?d=%s' % value)
249 250 251 252
        else:
            raise Http404()


253
class VmDetailView(CheckedDetailView):
Kálmán Viktor committed
254
    template_name = "dashboard/vm-detail.html"
255
    model = Instance
256 257

    def get_context_data(self, **kwargs):
258
        context = super(VmDetailView, self).get_context_data(**kwargs)
259
        instance = context['instance']
260
        ops = get_operations(instance, self.request.user)
261 262 263
        context.update({
            'graphite_enabled': VmGraphView.get_graphite_url() is not None,
            'vnc_url': reverse_lazy("dashboard.views.detail-vnc",
264
                                    kwargs={'pk': self.object.pk}),
265 266
            'ops': ops,
            'op': {i.op: i for i in ops},
267
        })
268 269

        # activity data
270
        context['activities'] = self.object.get_activities(self.request.user)
271

272
        context['vlans'] = Vlan.get_objects_with_level(
273
            'user', self.request.user
274
        ).exclude(  # exclude already added interfaces
275 276 277
            pk__in=Interface.objects.filter(
                instance=self.get_object()).values_list("vlan", flat=True)
        ).all()
278
        context['acl'] = get_vm_acl_data(instance)
279 280
        context['os_type_icon'] = instance.os_type.replace("unknown",
                                                           "question")
281 282 283
        # ipv6 infos
        context['ipv6_host'] = instance.get_connect_host(use_ipv6=True)
        context['ipv6_port'] = instance.get_connect_port(use_ipv6=True)
284
        return context
Kálmán Viktor committed
285

286 287 288 289 290
    def post(self, request, *args, **kwargs):
        if (request.POST.get('ram-size') and request.POST.get('cpu-count')
                and request.POST.get('cpu-priority')):
            return self.__set_resources(request)

291 292 293
        options = {
            'change_password': self.__change_password,
            'new_name': self.__set_name,
294
            'new_description': self.__set_description,
295 296
            'new_tag': self.__add_tag,
            'to_remove': self.__remove_tag,
297 298
            'port': self.__add_port,
            'new_network_vlan': self.__new_network,
299
            'abort_operation': self.__abort_operation,
300 301 302 303
        }
        for k, v in options.iteritems():
            if request.POST.get(k) is not None:
                return v(request)
Kálmán Viktor committed
304

305 306 307 308
    def __change_password(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
Kálmán Viktor committed
309

310
        self.object.change_password(user=request.user)
311
        messages.success(request, _("Password changed."))
312
        if request.is_ajax():
313
            return HttpResponse("Success.")
314 315 316
        else:
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.object.pk}))
317

318 319 320 321
    def __set_resources(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
322 323
        if not request.user.has_perm('vm.change_resources'):
            raise PermissionDenied()
324 325 326 327

        resources = {
            'num_cores': request.POST.get('cpu-count'),
            'ram_size': request.POST.get('ram-size'),
328
            'max_ram_size': request.POST.get('ram-size'),  # TODO: max_ram
329 330 331 332
            'priority': request.POST.get('cpu-priority')
        }
        Instance.objects.filter(pk=self.object.pk).update(**resources)

333
        success_message = _("Resources successfully updated.")
334 335 336 337 338 339 340 341 342 343 344
        if request.is_ajax():
            response = {'message': success_message}
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.object.pk}))

345 346
    def __set_name(self, request):
        self.object = self.get_object()
347 348
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
349 350 351 352
        new_name = request.POST.get("new_name")
        Instance.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

353
        success_message = _("VM successfully renamed.")
354 355 356 357 358 359 360 361 362 363 364 365
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
                'vm_pk': self.object.pk
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
366 367 368 369 370 371 372 373 374 375 376
            return redirect(self.object.get_absolute_url())

    def __set_description(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()

        new_description = request.POST.get("new_description")
        Instance.objects.filter(pk=self.object.pk).update(
            **{'description': new_description})

377
        success_message = _("VM description successfully updated.")
378 379 380 381 382 383 384 385 386 387 388 389
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_description': new_description,
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(self.object.get_absolute_url())
390

Kálmán Viktor committed
391 392 393
    def __add_tag(self, request):
        new_tag = request.POST.get('new_tag')
        self.object = self.get_object()
394 395
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
Kálmán Viktor committed
396 397

        if len(new_tag) < 1:
398
            message = u"Please input something."
Kálmán Viktor committed
399
        elif len(new_tag) > 20:
400
            message = u"Tag name is too long."
Kálmán Viktor committed
401 402 403 404 405 406 407 408 409 410 411 412 413 414 415
        else:
            self.object.tags.add(new_tag)

        try:
            messages.error(request, message)
        except:
            pass

        return redirect(reverse_lazy("dashboard.views.detail",
                                     kwargs={'pk': self.object.pk}))

    def __remove_tag(self, request):
        try:
            to_remove = request.POST.get('to_remove')
            self.object = self.get_object()
416 417
            if not self.object.has_level(request.user, 'owner'):
                raise PermissionDenied()
Kálmán Viktor committed
418 419 420 421 422 423 424 425 426 427 428

            self.object.tags.remove(to_remove)
            message = u"Success"
        except:  # note this won't really happen
            message = u"Not success"

        if request.is_ajax():
            return HttpResponse(
                json.dumps({'message': message}),
                content_type="application=json"
            )
429 430 431
        else:
            return redirect(reverse_lazy("dashboard.views.detail",
                            kwargs={'pk': self.object.pk}))
Kálmán Viktor committed
432

433 434
    def __add_port(self, request):
        object = self.get_object()
435 436
        if (not object.has_level(request.user, 'owner') or
                not request.user.has_perm('vm.config_ports')):
437
            raise PermissionDenied()
438 439 440 441 442 443

        port = request.POST.get("port")
        proto = request.POST.get("proto")

        try:
            error = None
444 445 446
            interfaces = object.interface_set.all()
            host = Host.objects.get(pk=request.POST.get("host_pk"),
                                    interface__in=interfaces)
447
            host.add_port(proto, private=port)
448 449 450 451 452
        except Host.DoesNotExist:
            logger.error('Tried to add port to nonexistent host %d. User: %s. '
                         'Instance: %s', request.POST.get("host_pk"),
                         unicode(request.user), object)
            raise PermissionDenied()
453
        except ValueError:
454
            error = _("There is a problem with your input.")
455
        except Exception as e:
Bach Dániel committed
456 457
            error = _("Unknown error.")
            logger.error(e)
458 459 460 461 462 463 464 465 466

        if request.is_ajax():
            pass
        else:
            if error:
                messages.error(request, error)
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.get_object().pk}))

467 468 469 470 471
    def __new_network(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()

472
        vlan = get_object_or_404(Vlan, pk=request.POST.get("new_network_vlan"))
473 474
        if not vlan.has_level(request.user, 'user'):
            raise PermissionDenied()
475
        try:
476
            self.object.add_interface(vlan=vlan, user=request.user)
477
            messages.success(request, _("Successfully added new interface."))
478 479 480 481 482 483 484
        except Exception, e:
            error = u' '.join(e.messages)
            messages.error(request, error)

        return redirect("%s#network" % reverse_lazy(
            "dashboard.views.detail", kwargs={'pk': self.object.pk}))

485
    def __abort_operation(self, request):
Kálmán Viktor committed
486 487 488 489
        self.object = self.get_object()

        activity = get_object_or_404(InstanceActivity,
                                     pk=request.POST.get("activity"))
490 491
        if not activity.is_abortable_for(request.user):
            raise PermissionDenied()
Kálmán Viktor committed
492 493 494
        activity.abort()
        return redirect("%s#activity" % self.object.get_absolute_url())

495

496
class OperationView(DetailView):
497

498
    template_name = 'dashboard/operate.html'
499
    show_in_toolbar = True
500

501 502 503
    @property
    def name(self):
        return self.get_op().name
504

505 506 507
    @property
    def description(self):
        return self.get_op().description
508

509 510 511
    @classmethod
    def get_urlname(cls):
        return 'dashboard.vm.op.%s' % cls.op
512

513 514
    def get_url(self):
        return reverse(self.get_urlname(), args=(self.get_object().pk, ))
515

516 517 518 519 520
    def get_wrapper_template_name(self):
        if self.request.is_ajax():
            return 'dashboard/_modal.html'
        else:
            return 'dashboard/_base.html'
521

522 523 524
    @classmethod
    def get_op_by_object(cls, obj):
        return getattr(obj, cls.op)
525

526 527 528 529
    def get_op(self):
        if not hasattr(self, '_opobj'):
            setattr(self, '_opobj', getattr(self.get_object(), self.op))
        return self._opobj
530

531
    def get_context_data(self, **kwargs):
532
        ctx = super(OperationView, self).get_context_data(**kwargs)
533 534 535
        ctx['op'] = self.get_op()
        ctx['url'] = self.request.path
        return ctx
536

537 538 539 540 541 542 543
    def get(self, request, *args, **kwargs):
        self.get_op().check_auth(request.user)
        response = super(OperationView, self).get(request, *args, **kwargs)
        response.render()
        response.content = render_to_string(self.get_wrapper_template_name(),
                                            {'body': response.content})
        return response
544

545
    def post(self, request, extra=None, *args, **kwargs):
546
        self.object = self.get_object()
547 548
        if extra is None:
            extra = {}
549
        try:
550
            self.get_op().async(user=request.user, **extra)
551 552 553
        except Exception as e:
            messages.error(request, _('Could not start operation.'))
            logger.error(e)
554
        return redirect("%s#activity" % self.object.get_absolute_url())
555

556 557 558 559
    @classmethod
    def factory(cls, op, icon='cog'):
        return type(str(cls.__name__ + op),
                    (cls, ), {'op': op, 'icon': icon})
560

561 562 563 564 565 566 567 568 569 570
    @classmethod
    def bind_to_object(cls, instance):
        v = cls()
        v.get_object = lambda: instance
        return v


class VmOperationView(OperationView):

    model = Instance
571
    context_object_name = 'instance'  # much simpler to mock object
572

573

574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597
class FormOperationMixin(object):

    form_class = None

    def get_context_data(self, **kwargs):
        ctx = super(FormOperationMixin, self).get_context_data(**kwargs)
        if self.request.method == 'POST':
            ctx['form'] = self.form_class(self.request.POST)
        else:
            ctx['form'] = self.form_class()
        return ctx

    def post(self, request, extra=None, *args, **kwargs):
        if extra is None:
            extra = {}
        form = self.form_class(self.request.POST)
        if form.is_valid():
            extra.update(form.cleaned_data)
            return super(FormOperationMixin, self).post(
                request, extra, *args, **kwargs)
        else:
            return self.get(request)


598 599 600 601 602 603 604
class VmMigrateView(VmOperationView):

    op = 'migrate'
    icon = 'truck'
    template_name = 'dashboard/_vm-migrate.html'

    def get_context_data(self, **kwargs):
605
        ctx = super(VmMigrateView, self).get_context_data(**kwargs)
606 607 608 609 610
        ctx['nodes'] = [n for n in Node.objects.filter(enabled=True)
                        if n.state == "ONLINE"]
        return ctx

    def post(self, request, extra=None, *args, **kwargs):
611 612
        if extra is None:
            extra = {}
613 614 615 616 617 618 619
        node = self.request.POST.get("node")
        if node:
            node = get_object_or_404(Node, pk=node)
            extra["to_node"] = node
        return super(VmMigrateView, self).post(request, extra, *args, **kwargs)


620
class VmSaveView(FormOperationMixin, VmOperationView):
621 622 623

    op = 'save_as_template'
    icon = 'save'
624
    form_class = VmSaveForm
625

626 627 628
vm_ops = {
    'reset': VmOperationView.factory(op='reset', icon='bolt'),
    'deploy': VmOperationView.factory(op='deploy', icon='play'),
629
    'migrate': VmMigrateView,
630 631 632
    'reboot': VmOperationView.factory(op='reboot', icon='refresh'),
    'shut_off': VmOperationView.factory(op='shut_off', icon='ban-circle'),
    'shutdown': VmOperationView.factory(op='shutdown', icon='off'),
633
    'save_as_template': VmSaveView,
634 635 636 637 638 639 640 641 642 643 644 645 646
    'destroy': VmOperationView.factory(op='destroy', icon='remove'),
    'sleep': VmOperationView.factory(op='sleep', icon='moon'),
    'wake_up': VmOperationView.factory(op='wake_up', icon='sun'),
}


def get_operations(instance, user):
    ops = []
    for k, v in vm_ops.iteritems():
        try:
            op = v.get_op_by_object(instance)
            op.check_auth(user)
            op.check_precond()
647 648 649
        except Exception as e:
            logger.debug('Not showing operation %s for %s: %s',
                         k, instance, unicode(e))
650 651 652
        else:
            ops.append(v.bind_to_object(instance))
    return ops
653

Kálmán Viktor committed
654

655
class NodeDetailView(LoginRequiredMixin, SuperuserRequiredMixin, DetailView):
656 657
    template_name = "dashboard/node-detail.html"
    model = Node
658 659
    form = None
    form_class = TraitForm
660

661 662 663
    def get_context_data(self, form=None, **kwargs):
        if form is None:
            form = self.form_class()
664
        context = super(NodeDetailView, self).get_context_data(**kwargs)
665 666
        instances = Instance.active.filter(node=self.object)
        context['table'] = NodeVmListTable(instances)
667 668 669 670
        na = NodeActivity.objects.filter(
            node=self.object, parent=None
        ).order_by('-started').select_related()
        context['activities'] = na
671
        context['trait_form'] = form
672 673
        context['graphite_enabled'] = (
            NodeGraphView.get_graphite_url() is not None)
674 675
        return context

676 677 678
    def post(self, request, *args, **kwargs):
        if request.POST.get('new_name'):
            return self.__set_name(request)
679 680
        if request.POST.get('to_remove'):
            return self.__remove_trait(request)
681 682
        return redirect(reverse_lazy("dashboard.views.node-detail",
                                     kwargs={'pk': self.get_object().pk}))
683 684 685 686 687 688 689

    def __set_name(self, request):
        self.object = self.get_object()
        new_name = request.POST.get("new_name")
        Node.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

690
        success_message = _("Node successfully renamed.")
691 692 693 694 695
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
                'node_pk': self.object.pk
696 697 698 699 700 701 702 703 704 705
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.node-detail",
                                         kwargs={'pk': self.object.pk}))

706 707 708 709
    def __remove_trait(self, request):
        try:
            to_remove = request.POST.get('to_remove')
            self.object = self.get_object()
710
            self.object.traits.remove(to_remove)
711 712 713 714 715 716 717
            message = u"Success"
        except:  # note this won't really happen
            message = u"Not success"

        if request.is_ajax():
            return HttpResponse(
                json.dumps({'message': message}),
718
                content_type="application/json"
719
            )
720
        else:
721
            return redirect(self.object.get_absolute_url())
722

723

724
class GroupDetailView(CheckedDetailView):
725 726
    template_name = "dashboard/group-detail.html"
    model = Group
727
    read_level = 'operator'
728 729 730

    def get_has_level(self):
        return self.object.profile.has_level
731 732 733

    def get_context_data(self, **kwargs):
        context = super(GroupDetailView, self).get_context_data(**kwargs)
734 735 736
        context['group'] = self.object
        context['users'] = self.object.user_set.all()
        context['acl'] = get_group_acl_data(self.object)
737 738
        context['group_profile_form'] = GroupProfileUpdate.get_form_object(
            self.request, self.object.profile)
739 740 741
        return context

    def post(self, request, *args, **kwargs):
742 743 744
        self.object = self.get_object()
        if not self.get_has_level()(request.user, 'operator'):
            raise PermissionDenied()
745 746
        if request.POST.get('new_name'):
            return self.__set_name(request)
747
        if request.POST.get('list-new-name'):
748
            return self.__add_user(request)
749
        if request.POST.get('list-new-namelist'):
750
            return self.__add_list(request)
751 752 753 754
        if (request.POST.get('list-new-name') is not None) and \
                (request.POST.get('list-new-namelist') is not None):
            return redirect(reverse_lazy("dashboard.views.group-detail",
                                         kwargs={'pk': self.get_object().pk}))
755 756

    def __add_user(self, request):
757
        name = request.POST['list-new-name']
758 759 760
        self.__add_username(request, name)
        return redirect(reverse_lazy("dashboard.views.group-detail",
                                     kwargs={'pk': self.object.pk}))
761 762

    def __add_username(self, request, name):
763
        if not name:
764
            return
765 766
        try:
            entity = User.objects.get(username=name)
767
            self.object.user_set.add(entity)
768 769
        except User.DoesNotExist:
            warning(request, _('User "%s" not found.') % name)
770

771
    def __add_list(self, request):
772 773
        if not self.get_has_level()(request.user, 'operator'):
            raise PermissionDenied()
774 775 776
        userlist = request.POST.get('list-new-namelist').split('\r\n')
        for line in userlist:
            self.__add_username(request, line)
777 778
        return redirect(reverse_lazy("dashboard.views.group-detail",
                                     kwargs={'pk': self.object.pk}))
779 780 781 782 783 784

    def __set_name(self, request):
        new_name = request.POST.get("new_name")
        Group.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

785
        success_message = _("Group successfully renamed.")
786 787 788 789
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
790
                'group_pk': self.object.pk
791 792 793 794 795 796 797 798 799 800 801
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.group-detail",
                                         kwargs={'pk': self.object.pk}))


802
class AclUpdateView(LoginRequiredMixin, View, SingleObjectMixin):
803

804
    def post(self, request, *args, **kwargs):
805
        instance = self.get_object()
806 807
        if not (instance.has_level(request.user, "owner") or
                getattr(instance, 'owner', None) == request.user):
Őry Máté committed
808 809
            logger.warning('Tried to set permissions of %s by non-owner %s.',
                           unicode(instance), unicode(request.user))
810
            raise PermissionDenied()
811
        self.set_levels(request, instance)
812
        self.remove_levels(request, instance)
813
        self.add_levels(request, instance)
814
        return redirect("%s#access" % instance.get_absolute_url())
815 816

    def set_levels(self, request, instance):
817 818 819
        for key, value in request.POST.items():
            m = re.match('perm-([ug])-(\d+)', key)
            if m:
820 821
                typ, id = m.groups()
                entity = {'u': User, 'g': Group}[typ].objects.get(id=id)
822
                if getattr(instance, "owner", None) == entity:
823 824 825
                    logger.info("Tried to set owner's acl level for %s by %s.",
                                unicode(instance), unicode(request.user))
                    continue
826
                instance.set_level(entity, value)
Őry Máté committed
827 828 829
                logger.info("Set %s's acl level for %s to %s by %s.",
                            unicode(entity), unicode(instance),
                            value, unicode(request.user))
830

831 832 833 834 835 836 837 838 839 840
    def remove_levels(self, request, instance):
        for key, value in request.POST.items():
            if key.startswith("remove"):
                typ = key[7:8]  # len("remove-")
                id = key[9:]  # len("remove-x-")
                entity = {'u': User, 'g': Group}[typ].objects.get(id=id)
                if getattr(instance, "owner", None) == entity:
                    logger.info("Tried to remove owner from %s by %s.",
                                unicode(instance), unicode(request.user))
                    msg = _("The original owner cannot be removed, however "
841
                            "you can transfer ownership.")
842 843 844 845 846 847 848
                    messages.warning(request, msg)
                    continue
                instance.set_level(entity, None)
                logger.info("Revoked %s's access to %s by %s.",
                            unicode(entity), unicode(instance),
                            unicode(request.user))

849
    def add_levels(self, request, instance):
850 851
        name = request.POST['perm-new-name']
        value = request.POST['perm-new']
852 853 854 855 856 857
        if not name:
            return
        try:
            entity = User.objects.get(username=name)
        except User.DoesNotExist:
            entity = None
858 859
            try:
                entity = Group.objects.get(name=name)
860 861 862 863
            except Group.DoesNotExist:
                warning(request, _('User or group "%s" not found.') % name)
                return

864
        instance.set_level(entity, value)
Őry Máté committed
865 866 867
        logger.info("Set %s's new acl level for %s to %s by %s.",
                    unicode(entity), unicode(instance),
                    value, unicode(request.user))
868

Kálmán Viktor committed
869

870 871 872 873 874 875 876 877 878 879
class TemplateAclUpdateView(AclUpdateView):
    model = InstanceTemplate

    def post(self, request, *args, **kwargs):
        template = self.get_object()
        if not (template.has_level(request.user, "owner") or
                getattr(template, 'owner', None) == request.user):
            logger.warning('Tried to set permissions of %s by non-owner %s.',
                           unicode(template), unicode(request.user))
            raise PermissionDenied()
880 881 882 883 884 885 886 887 888

        name = request.POST['perm-new-name']
        if (User.objects.filter(username=name).count() +
                Group.objects.filter(name=name).count() < 1
                and len(name) > 0):
            warning(request, _('User or group "%s" not found.') % name)
        else:
            self.set_levels(request, template)
            self.add_levels(request, template)
889
            self.remove_levels(request, template)
890 891 892 893 894 895

            post_for_disk = request.POST.copy()
            post_for_disk['perm-new'] = 'user'
            request.POST = post_for_disk
            for d in template.disks.all():
                self.add_levels(request, d)
896

897
        return redirect(template)
898 899


900 901 902 903 904 905 906 907 908 909
class GroupAclUpdateView(AclUpdateView):
    model = Group

    def post(self, request, *args, **kwargs):
        instance = self.get_object().profile
        if not (instance.has_level(request.user, "owner") or
                getattr(instance, 'owner', None) == request.user):
            logger.warning('Tried to set permissions of %s by non-owner %s.',
                           unicode(instance), unicode(request.user))
            raise PermissionDenied()
Kálmán Viktor committed
910 911 912

        self.set_levels(request, instance)
        self.add_levels(request, instance)
913 914 915 916
        return redirect(reverse("dashboard.views.group-detail",
                                kwargs=self.kwargs))


917 918 919 920 921 922 923 924 925 926
class TemplateChoose(TemplateView):

    def get_template_names(self):
        if self.request.is_ajax():
            return ['dashboard/modal-wrapper.html']
        else:
            return ['dashboard/nojs-wrapper.html']

    def get_context_data(self, *args, **kwargs):
        context = super(TemplateChoose, self).get_context_data(*args, **kwargs)
927
        templates = InstanceTemplate.get_objects_with_level("user",
928 929 930 931
                                                            self.request.user)
        context.update({
            'box_title': _('Choose template'),
            'ajax_title': False,
932
            'template': "dashboard/_template-choose.html",
933
            'templates': templates.all(),
934 935 936
        })
        return context

937 938 939 940 941 942 943
    def post(self, request, *args, **kwargs):
        if not request.user.has_perm('vm.create_template'):
            raise PermissionDenied()

        template = request.POST.get("parent")
        if template == "base_vm":
            return redirect(reverse("dashboard.views.template-create"))
944
        elif template is None:
945
            messages.warning(request, _("Select an option to proceed."))
946
            return redirect(reverse("dashboard.views.template-choose"))
947 948 949 950 951 952 953 954
        else:
            template = get_object_or_404(InstanceTemplate, pk=template)

        instance = Instance.create_from_template(
            template=template, owner=request.user, is_base=True)

        return redirect(instance.get_absolute_url())

955

956 957 958 959
class TemplateCreate(SuccessMessageMixin, CreateView):
    model = InstanceTemplate
    form_class = TemplateForm

960 961
    def get_template_names(self):
        if self.request.is_ajax():
962
            pass
963 964 965 966 967 968 969
        else:
            return ['dashboard/nojs-wrapper.html']

    def get_context_data(self, *args, **kwargs):
        context = super(TemplateCreate, self).get_context_data(*args, **kwargs)

        context.update({
970
            'box_title': _("Create a new base VM"),
971
            'template': "dashboard/_template-create.html",
972
            'leases': Lease.objects.count()
973 974 975
        })
        return context

976
    def get(self, *args, **kwargs):
977 978
        if not self.request.user.has_perm('vm.create_template'):
            raise PermissionDenied()
979

980 981 982 983
        return super(TemplateCreate, self).get(*args, **kwargs)

    def get_form_kwargs(self):
        kwargs = super(TemplateCreate, self).get_form_kwargs()
984
        kwargs['user'] = self.request.user
985 986
        return kwargs

987 988 989
    def post(self, request, *args, **kwargs):
        if not self.request.user.has_perm('vm.create_template'):
            raise PermissionDenied()
990 991

        form = self.form_class(request.POST, user=request.user)
992 993
        if not form.is_valid():
            return self.get(request, form, *args, **kwargs)
994
        else:
995
            post = form.cleaned_data
996 997
            networks = self.__create_networks(post.pop("networks"),
                                              request.user)
998
            post.pop("parent")
999
            post['max_ram_size'] = post['ram_size']
1000 1001 1002 1003 1004 1005 1006
            req_traits = post.pop("req_traits")
            tags = post.pop("tags")
            post['pw'] = User.objects.make_random_password()
            post['is_base'] = True
            inst = Instance.create(params=post, disks=[],
                                   networks=networks,
                                   tags=tags, req_traits=req_traits)
1007

1008
            return redirect("%s#resources" % inst.get_absolute_url())
1009

1010 1011
        return super(TemplateCreate, self).post(self, request, args, kwargs)

1012
    def __create_networks(self, vlans, user):
1013 1014
        networks = []
        for v in vlans:
1015 1016
            if not v.has_level(user, "user"):
                raise PermissionDenied()
1017 1018 1019
            networks.append(InterfaceTemplate(vlan=v, managed=v.managed))
        return networks

1020 1021 1022 1023
    def get_success_url(self):
        return reverse_lazy("dashboard.views.template-list")


1024
class TemplateDetail(LoginRequiredMixin, SuccessMessageMixin, UpdateView):
1025
    model = InstanceTemplate
1026 1027
    template_name = "dashboard/template-edit.html"
    form_class = TemplateForm
1028
    success_message = _("Successfully modified template.")
1029 1030

    def get(self, request, *args, **kwargs):
1031
        template = self.get_object()
1032
        if not template.has_level(request.user, 'user'):
1033
            raise PermissionDenied()
1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054
        if request.is_ajax():
            template = {
                'num_cores': template.num_cores,
                'ram_size': template.ram_size,
                'priority': template.priority,
                'arch': template.arch,
                'description': template.description,
                'system': template.system,
                'name': template.name,
                'disks': [{'pk': d.pk, 'name': d.name}
                          for d in template.disks.all()],
                'network': [
                    {'vlan_pk': i.vlan.pk, 'vlan': i.vlan.name,
                     'managed': i.managed}
                    for i in InterfaceTemplate.objects.filter(
                        template=self.get_object()).all()
                ]
            }
            return HttpResponse(json.dumps(template),
                                content_type="application/json")
        else:
1055 1056
            return super(TemplateDetail, self).get(request, *args, **kwargs)

1057
    def get_context_data(self, **kwargs):
1058
        obj = self.get_object()
1059
        context = super(TemplateDetail, self).get_context_data(**kwargs)
1060 1061
        context['acl'] = get_vm_acl_data(obj)
        context['disks'] = obj.disks.all()
1062 1063
        return context

1064 1065 1066 1067
    def get_success_url(self):
        return reverse_lazy("dashboard.views.template-detail",
                            kwargs=self.kwargs)

1068 1069 1070 1071 1072 1073 1074
    def post(self, request, *args, **kwargs):
        template = self.get_object()
        if not template.has_level(request.user, 'owner'):
            raise PermissionDenied()
        for disk in self.get_object().disks.all():
            if not disk.has_level(request.user, 'user'):
                raise PermissionDenied()
1075 1076 1077
        for network in self.get_object().interface_set.all():
            if not network.vlan.has_level(request.user, "user"):
                raise PermissionDenied()
1078 1079
        return super(TemplateDetail, self).post(self, request, args, kwargs)

1080 1081 1082 1083 1084
    def get_form_kwargs(self):
        kwargs = super(TemplateDetail, self).get_form_kwargs()
        kwargs['user'] = self.request.user
        return kwargs

1085

1086
class TemplateList(LoginRequiredMixin, SingleTableView):
1087 1088 1089 1090 1091 1092 1093
    template_name = "dashboard/template-list.html"
    model = InstanceTemplate
    table_class = TemplateListTable
    table_pagination = False

    def get_context_data(self, *args, **kwargs):
        context = super(TemplateList, self).get_context_data(*args, **kwargs)
1094 1095
        context['lease_table'] = LeaseListTable(Lease.objects.all(),
                                                request=self.request)
1096
        return context
1097

1098 1099 1100 1101 1102 1103
    def get_queryset(self):
        logger.debug('TemplateList.get_queryset() called. User: %s',
                     unicode(self.request.user))
        return InstanceTemplate.get_objects_with_level(
            'user', self.request.user).all()

1104

1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123
class TemplateDelete(LoginRequiredMixin, DeleteView):
    model = InstanceTemplate

    def get_success_url(self):
        return reverse("dashboard.views.template-list")

    def get_template_names(self):
        if self.request.is_ajax():
            return ['dashboard/confirm/ajax-delete.html']
        else:
            return ['dashboard/confirm/base-delete.html']

    def delete(self, request, *args, **kwargs):
        object = self.get_object()
        if not object.has_level(request.user, 'owner'):
            raise PermissionDenied()

        object.delete()
        success_url = self.get_success_url()
1124
        success_message = _("Template successfully deleted.")
1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135

        if request.is_ajax():
            return HttpResponse(
                json.dumps({'message': success_message}),
                content_type="application/json",
            )
        else:
            messages.success(request, success_message)
            return HttpResponseRedirect(success_url)


1136
class VmList(LoginRequiredMixin, FilterMixin, ListView):
Kálmán Viktor committed
1137
    template_name = "dashboard/vm-list.html"
1138 1139 1140 1141 1142
    allowed_filters = {
        'name': "name__icontains",
        'node': "node__name__icontains",
        'status': "status__iexact",
        'tags': "tags__name__in",  # note: use it as ?tags[]=a,b
Kálmán Viktor committed
1143
        'owner': "owner__username",
1144
    }
1145

1146 1147
    def get(self, *args, **kwargs):
        if self.request.is_ajax():
1148 1149 1150 1151
            favs = Instance.objects.filter(
                favourite__user=self.request.user).values_list('pk', flat=True)
            instances = Instance.get_objects_with_level(
                'user', self.request.user).filter(
1152
                destroyed_at=None).all()
1153 1154 1155
            instances = [{
                'pk': i.pk,
                'name': i.name,
1156 1157 1158
                'icon': i.get_status_icon(),
                'host': "" if not i.primary_host else i.primary_host.hostname,
                'status': i.get_status_display(),
1159
                'fav': i.pk in favs} for i in instances]
1160
            return HttpResponse(
1161
                json.dumps(list(instances)),  # instances is ValuesQuerySet
1162 1163 1164 1165 1166
                content_type="application/json",
            )
        else:
            return super(VmList, self).get(*args, **kwargs)

1167
    def get_queryset(self):
1168
        logger.debug('VmList.get_queryset() called. User: %s',
1169
                     unicode(self.request.user))
1170
        queryset = Instance.get_objects_with_level(
1171
            'user', self.request.user).filter(destroyed_at=None)
1172

1173
        self.create_fake_get()
1174 1175 1176 1177
        sort = self.request.GET.get("sort")
        # remove "-" that means descending order
        # also check if the column name is valid
        if (sort and
1178
            (sort[1:] if sort[0] == "-" else sort)
1179
                in [i.name for i in Instance._meta.fields] + ["pk"]):
1180
            queryset = queryset.order_by(sort)
1181 1182
        return queryset.filter(**self.get_queryset_filters()
                               ).select_related('owner', 'node')
1183

1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196
    def create_fake_get(self):
        """
        Updates the request's GET dict to filter the vm list
        For example: "name:xy node:1" updates the GET dict
                     to resemble this URL ?name=xy&node=1