views.py 108 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
# Copyright 2014 Budapest University of Technology and Economics (BME IK)
#
# This file is part of CIRCLE Cloud.
#
# CIRCLE is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# CIRCLE is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along
# with CIRCLE.  If not, see <http://www.gnu.org/licenses/>.

18
from __future__ import unicode_literals, absolute_import
19

20
from itertools import chain
21 22
from os import getenv
import json
Őry Máté committed
23
import logging
24
import re
25
import requests
26

27
from django.conf import settings
28
from django.contrib.auth.models import User, Group
Őry Máté committed
29
from django.contrib.auth.views import login, redirect_to_login
30
from django.contrib.messages import warning
31
from django.contrib.messages.views import SuccessMessageMixin
32
from django.core.exceptions import (
33
    PermissionDenied, SuspiciousOperation,
34
)
35 36
from django.core import signing
from django.core.urlresolvers import reverse, reverse_lazy
37
from django.db.models import Count
38
from django.http import HttpResponse, HttpResponseRedirect, Http404
Őry Máté committed
39
from django.shortcuts import redirect, render, get_object_or_404
40
from django.views.decorators.http import require_GET, require_POST
41
from django.views.generic.detail import SingleObjectMixin
42
from django.views.generic import (TemplateView, DetailView, View, DeleteView,
43
                                  UpdateView, CreateView, ListView)
44 45
from django.contrib import messages
from django.utils.translation import ugettext as _
46
from django.utils.translation import ungettext as __
47
from django.template.loader import render_to_string
48
from django.template import RequestContext
49

50
from django.forms.models import inlineformset_factory
51
from django_tables2 import SingleTableView
52 53
from braces.views import (LoginRequiredMixin, SuperuserRequiredMixin,
                          PermissionRequiredMixin)
54
from braces.views._access import AccessMixin
Kálmán Viktor committed
55

56 57
from django_sshkey.models import UserKey

58
from .forms import (
59
    CircleAuthenticationForm, HostForm, LeaseForm, MyProfileForm,
60
    NodeForm, TemplateForm, TraitForm, VmCustomizeForm, GroupCreateForm,
61
    UserCreationForm, GroupProfileUpdateForm, UnsubscribeForm,
62
    VmSaveForm, UserKeyForm,
63
    CirclePasswordChangeForm, VmCreateDiskForm, VmDownloadDiskForm,
64
    TraitsForm, RawDataForm
65
)
66 67 68

from .tables import (
    NodeListTable, NodeVmListTable, TemplateListTable, LeaseListTable,
69
    GroupListTable, UserKeyListTable
70
)
Őry Máté committed
71 72 73 74
from vm.models import (
    Instance, instance_activity, InstanceActivity, InstanceTemplate, Interface,
    InterfaceTemplate, Lease, Node, NodeActivity, Trait,
)
75
from storage.models import Disk
76
from firewall.models import Vlan, Host, Rule
77
from .models import Favourite, Profile, GroupProfile, FutureMember
78

Őry Máté committed
79
logger = logging.getLogger(__name__)
80
saml_available = hasattr(settings, "SAML_CONFIG")
81

82

83 84 85 86
def search_user(keyword):
    try:
        return User.objects.get(username=keyword)
    except User.DoesNotExist:
87 88 89 90
        try:
            return User.objects.get(profile__org_id=keyword)
        except User.DoesNotExist:
            return User.objects.get(email=keyword)
91 92


93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115
class GroupCodeMixin(object):

    @classmethod
    def get_available_group_codes(cls, request):
        newgroups = []
        if saml_available:
            from djangosaml2.cache import StateCache, IdentityCache
            from djangosaml2.conf import get_config
            from djangosaml2.views import _get_subject_id
            from saml2.client import Saml2Client

            state = StateCache(request.session)
            conf = get_config(None, request)
            client = Saml2Client(conf, state_cache=state,
                                 identity_cache=IdentityCache(request.session),
                                 logger=logger)
            subject_id = _get_subject_id(request.session)
            identity = client.users.get_identity(subject_id,
                                                 check_not_on_or_after=False)
            if identity:
                attributes = identity[0]
                owneratrs = getattr(
                    settings, 'SAML_GROUP_OWNER_ATTRIBUTES', [])
116 117
                for group in chain(*[attributes[i]
                                     for i in owneratrs if i in attributes]):
118 119 120 121 122 123 124 125
                    try:
                        GroupProfile.search(group)
                    except Group.DoesNotExist:
                        newgroups.append(group)

        return newgroups


126
class FilterMixin(object):
127

128 129 130 131
    def get_queryset_filters(self):
        filters = {}
        for item in self.allowed_filters:
            if item in self.request.GET:
132 133 134 135 136
                filters[self.allowed_filters[item]] = (
                    self.request.GET[item].split(",")
                    if self.allowed_filters[item].endswith("__in") else
                    self.request.GET[item])

137
        return filters
138

139 140 141
    def get_queryset(self):
        return super(FilterMixin,
                     self).get_queryset().filter(**self.get_queryset_filters())
142 143


144
class IndexView(LoginRequiredMixin, TemplateView):
Kálmán Viktor committed
145
    template_name = "dashboard/index.html"
146

147
    def get_context_data(self, **kwargs):
148
        user = self.request.user
149
        context = super(IndexView, self).get_context_data(**kwargs)
150

151
        # instances
152
        favs = Instance.objects.filter(favourite__user=self.request.user)
153
        instances = Instance.get_objects_with_level(
154
            'user', user, disregard_superuser=True).filter(destroyed_at=None)
155 156 157
        display = list(favs) + list(set(instances) - set(favs))
        for d in display:
            d.fav = True if d in favs else False
158
        context.update({
159
            'instances': display[:5],
160
            'more_instances': instances.count() - len(instances[:5])
161 162
        })

163 164
        running = instances.filter(status='RUNNING')
        stopped = instances.exclude(status__in=('RUNNING', 'NOSTATE'))
165

166
        context.update({
167 168 169
            'running_vms': running[:20],
            'running_vm_num': running.count(),
            'stopped_vm_num': stopped.count()
170
        })
171

172 173 174 175
        # nodes
        if user.is_superuser:
            nodes = Node.objects.all()
            context.update({
176 177
                'nodes': nodes[:5],
                'more_nodes': nodes.count() - len(nodes[:5]),
178 179 180 181 182 183 184 185 186 187
                'sum_node_num': nodes.count(),
                'node_num': {
                    'running': Node.get_state_count(True, True),
                    'missing': Node.get_state_count(False, True),
                    'disabled': Node.get_state_count(True, False),
                    'offline': Node.get_state_count(False, False)
                }
            })

        # groups
188
        if user.has_module_perms('auth'):
189 190
            profiles = GroupProfile.get_objects_with_level('operator', user)
            groups = Group.objects.filter(groupprofile__in=profiles)
191 192 193 194
            context.update({
                'groups': groups[:5],
                'more_groups': groups.count() - len(groups[:5]),
            })
195 196 197 198 199 200

        # template
        if user.has_perm('vm.create_template'):
            context['templates'] = InstanceTemplate.get_objects_with_level(
                'operator', user).all()[:5]

201 202
        return context

203

204
def get_vm_acl_data(obj):
205 206 207 208 209 210 211 212 213
    levels = obj.ACL_LEVELS
    users = obj.get_users_with_level()
    users = [{'user': u, 'level': l} for u, l in users]
    groups = obj.get_groups_with_level()
    groups = [{'group': g, 'level': l} for g, l in groups]
    return {'users': users, 'groups': groups, 'levels': levels,
            'url': reverse('dashboard.views.vm-acl', args=[obj.pk])}


214 215 216 217 218 219 220 221 222 223 224
def get_group_acl_data(obj):
    aclobj = obj.profile
    levels = aclobj.ACL_LEVELS
    users = aclobj.get_users_with_level()
    users = [{'user': u, 'level': l} for u, l in users]
    groups = aclobj.get_groups_with_level()
    groups = [{'group': g, 'level': l} for g, l in groups]
    return {'users': users, 'groups': groups, 'levels': levels,
            'url': reverse('dashboard.views.group-acl', args=[obj.pk])}


225
class CheckedDetailView(LoginRequiredMixin, DetailView):
226 227
    read_level = 'user'

228 229 230
    def get_has_level(self):
        return self.object.has_level

231 232
    def get_context_data(self, **kwargs):
        context = super(CheckedDetailView, self).get_context_data(**kwargs)
233
        if not self.get_has_level()(self.request.user, self.read_level):
234 235 236 237
            raise PermissionDenied()
        return context


238 239 240 241 242 243 244 245 246
class VmDetailVncTokenView(CheckedDetailView):
    template_name = "dashboard/vm-detail.html"
    model = Instance

    def get(self, request, **kwargs):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'operator'):
            raise PermissionDenied()
        if self.object.node:
247 248 249 250 251 252 253 254
            with instance_activity(code_suffix='console-accessed',
                                   instance=self.object, user=request.user,
                                   concurrency_check=False):
                port = self.object.vnc_port
                host = str(self.object.node.host.ipv4)
                value = signing.dumps({'host': host, 'port': port},
                                      key=getenv("PROXY_SECRET", 'asdasd')),
                return HttpResponse('vnc/?d=%s' % value)
255 256 257 258
        else:
            raise Http404()


259
class VmDetailView(CheckedDetailView):
Kálmán Viktor committed
260
    template_name = "dashboard/vm-detail.html"
261
    model = Instance
262 263

    def get_context_data(self, **kwargs):
264
        context = super(VmDetailView, self).get_context_data(**kwargs)
265
        instance = context['instance']
266
        ops = get_operations(instance, self.request.user)
267
        context.update({
Bach Dániel committed
268
            'graphite_enabled': settings.GRAPHITE_URL is not None,
269
            'vnc_url': reverse_lazy("dashboard.views.detail-vnc",
270
                                    kwargs={'pk': self.object.pk}),
271 272
            'ops': ops,
            'op': {i.op: i for i in ops},
273
        })
274 275

        # activity data
276 277
        context['activities'] = self.object.get_merged_activities(
            self.request.user)
278

279
        context['vlans'] = Vlan.get_objects_with_level(
280
            'user', self.request.user
281
        ).exclude(  # exclude already added interfaces
282 283 284
            pk__in=Interface.objects.filter(
                instance=self.get_object()).values_list("vlan", flat=True)
        ).all()
285
        context['acl'] = get_vm_acl_data(instance)
286 287
        context['os_type_icon'] = instance.os_type.replace("unknown",
                                                           "question")
288 289 290
        # ipv6 infos
        context['ipv6_host'] = instance.get_connect_host(use_ipv6=True)
        context['ipv6_port'] = instance.get_connect_port(use_ipv6=True)
291 292 293 294 295

        # resources forms
        if self.request.user.is_superuser:
            context['traits_form'] = TraitsForm(instance=instance)
            context['raw_data_form'] = RawDataForm(instance=instance)
296
        return context
Kálmán Viktor committed
297

298 299 300 301 302
    def post(self, request, *args, **kwargs):
        if (request.POST.get('ram-size') and request.POST.get('cpu-count')
                and request.POST.get('cpu-priority')):
            return self.__set_resources(request)

303 304 305
        options = {
            'change_password': self.__change_password,
            'new_name': self.__set_name,
306
            'new_description': self.__set_description,
307 308
            'new_tag': self.__add_tag,
            'to_remove': self.__remove_tag,
309 310
            'port': self.__add_port,
            'new_network_vlan': self.__new_network,
311
            'abort_operation': self.__abort_operation,
312 313 314 315
        }
        for k, v in options.iteritems():
            if request.POST.get(k) is not None:
                return v(request)
Kálmán Viktor committed
316

317 318 319 320
    def __change_password(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
Kálmán Viktor committed
321

322
        self.object.change_password(user=request.user)
323
        messages.success(request, _("Password changed."))
324
        if request.is_ajax():
325
            return HttpResponse("Success.")
326 327 328
        else:
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.object.pk}))
329

330 331 332 333
    def __set_resources(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
334 335
        if not request.user.has_perm('vm.change_resources'):
            raise PermissionDenied()
336 337 338 339

        resources = {
            'num_cores': request.POST.get('cpu-count'),
            'ram_size': request.POST.get('ram-size'),
340
            'max_ram_size': request.POST.get('ram-size'),  # TODO: max_ram
341 342 343 344
            'priority': request.POST.get('cpu-priority')
        }
        Instance.objects.filter(pk=self.object.pk).update(**resources)

345
        success_message = _("Resources successfully updated.")
346 347 348 349 350 351 352 353 354 355 356
        if request.is_ajax():
            response = {'message': success_message}
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.object.pk}))

357 358
    def __set_name(self, request):
        self.object = self.get_object()
359 360
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
361 362 363 364
        new_name = request.POST.get("new_name")
        Instance.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

365
        success_message = _("VM successfully renamed.")
366 367 368 369 370 371 372 373 374 375 376 377
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
                'vm_pk': self.object.pk
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
378 379 380 381 382 383 384 385 386 387 388
            return redirect(self.object.get_absolute_url())

    def __set_description(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()

        new_description = request.POST.get("new_description")
        Instance.objects.filter(pk=self.object.pk).update(
            **{'description': new_description})

389
        success_message = _("VM description successfully updated.")
390 391 392 393 394 395 396 397 398 399 400 401
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_description': new_description,
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(self.object.get_absolute_url())
402

Kálmán Viktor committed
403 404 405
    def __add_tag(self, request):
        new_tag = request.POST.get('new_tag')
        self.object = self.get_object()
406 407
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()
Kálmán Viktor committed
408 409

        if len(new_tag) < 1:
410
            message = u"Please input something."
Kálmán Viktor committed
411
        elif len(new_tag) > 20:
412
            message = u"Tag name is too long."
Kálmán Viktor committed
413 414 415 416 417 418 419 420 421 422 423 424 425 426 427
        else:
            self.object.tags.add(new_tag)

        try:
            messages.error(request, message)
        except:
            pass

        return redirect(reverse_lazy("dashboard.views.detail",
                                     kwargs={'pk': self.object.pk}))

    def __remove_tag(self, request):
        try:
            to_remove = request.POST.get('to_remove')
            self.object = self.get_object()
428 429
            if not self.object.has_level(request.user, 'owner'):
                raise PermissionDenied()
Kálmán Viktor committed
430 431 432 433 434 435 436 437 438 439 440

            self.object.tags.remove(to_remove)
            message = u"Success"
        except:  # note this won't really happen
            message = u"Not success"

        if request.is_ajax():
            return HttpResponse(
                json.dumps({'message': message}),
                content_type="application=json"
            )
441 442 443
        else:
            return redirect(reverse_lazy("dashboard.views.detail",
                            kwargs={'pk': self.object.pk}))
Kálmán Viktor committed
444

445 446
    def __add_port(self, request):
        object = self.get_object()
447 448
        if (not object.has_level(request.user, 'owner') or
                not request.user.has_perm('vm.config_ports')):
449
            raise PermissionDenied()
450 451 452 453 454 455

        port = request.POST.get("port")
        proto = request.POST.get("proto")

        try:
            error = None
456 457 458
            interfaces = object.interface_set.all()
            host = Host.objects.get(pk=request.POST.get("host_pk"),
                                    interface__in=interfaces)
459
            host.add_port(proto, private=port)
460 461 462 463 464
        except Host.DoesNotExist:
            logger.error('Tried to add port to nonexistent host %d. User: %s. '
                         'Instance: %s', request.POST.get("host_pk"),
                         unicode(request.user), object)
            raise PermissionDenied()
465
        except ValueError:
466
            error = _("There is a problem with your input.")
467
        except Exception as e:
Bach Dániel committed
468 469
            error = _("Unknown error.")
            logger.error(e)
470 471 472 473 474 475 476 477 478

        if request.is_ajax():
            pass
        else:
            if error:
                messages.error(request, error)
            return redirect(reverse_lazy("dashboard.views.detail",
                                         kwargs={'pk': self.get_object().pk}))

479 480 481 482 483
    def __new_network(self, request):
        self.object = self.get_object()
        if not self.object.has_level(request.user, 'owner'):
            raise PermissionDenied()

484
        vlan = get_object_or_404(Vlan, pk=request.POST.get("new_network_vlan"))
485 486
        if not vlan.has_level(request.user, 'user'):
            raise PermissionDenied()
487
        try:
488
            self.object.add_interface(vlan=vlan, user=request.user)
489
            messages.success(request, _("Successfully added new interface."))
490 491 492 493 494 495 496
        except Exception, e:
            error = u' '.join(e.messages)
            messages.error(request, error)

        return redirect("%s#network" % reverse_lazy(
            "dashboard.views.detail", kwargs={'pk': self.object.pk}))

497
    def __abort_operation(self, request):
Kálmán Viktor committed
498 499 500 501
        self.object = self.get_object()

        activity = get_object_or_404(InstanceActivity,
                                     pk=request.POST.get("activity"))
502 503
        if not activity.is_abortable_for(request.user):
            raise PermissionDenied()
Kálmán Viktor committed
504 505 506
        activity.abort()
        return redirect("%s#activity" % self.object.get_absolute_url())

507

508
class VmTraitsUpdate(SuperuserRequiredMixin, UpdateView):
509 510 511 512 513 514 515
    form_class = TraitsForm
    model = Instance

    def get_success_url(self):
        return self.get_object().get_absolute_url() + "#resources"


516
class VmRawDataUpdate(SuperuserRequiredMixin, UpdateView):
517 518 519 520 521 522 523
    form_class = RawDataForm
    model = Instance

    def get_success_url(self):
        return self.get_object().get_absolute_url() + "#resources"


524
class OperationView(DetailView):
525

526
    template_name = 'dashboard/operate.html'
527
    show_in_toolbar = True
528

529 530 531
    @property
    def name(self):
        return self.get_op().name
532

533 534 535
    @property
    def description(self):
        return self.get_op().description
536

537 538 539
    @classmethod
    def get_urlname(cls):
        return 'dashboard.vm.op.%s' % cls.op
540

541 542
    def get_url(self):
        return reverse(self.get_urlname(), args=(self.get_object().pk, ))
543

544 545 546 547 548
    def get_wrapper_template_name(self):
        if self.request.is_ajax():
            return 'dashboard/_modal.html'
        else:
            return 'dashboard/_base.html'
549

550 551 552
    @classmethod
    def get_op_by_object(cls, obj):
        return getattr(obj, cls.op)
553

554 555 556 557
    def get_op(self):
        if not hasattr(self, '_opobj'):
            setattr(self, '_opobj', getattr(self.get_object(), self.op))
        return self._opobj
558

559
    def get_context_data(self, **kwargs):
560
        ctx = super(OperationView, self).get_context_data(**kwargs)
561
        ctx['op'] = self.get_op()
562
        ctx['opview'] = self
563 564
        ctx['url'] = self.request.path
        return ctx
565

566 567 568 569 570 571 572
    def get(self, request, *args, **kwargs):
        self.get_op().check_auth(request.user)
        response = super(OperationView, self).get(request, *args, **kwargs)
        response.render()
        response.content = render_to_string(self.get_wrapper_template_name(),
                                            {'body': response.content})
        return response
573

574
    def post(self, request, extra=None, *args, **kwargs):
575
        self.object = self.get_object()
576 577
        if extra is None:
            extra = {}
578
        try:
579
            self.get_op().async(user=request.user, **extra)
580 581 582
        except Exception as e:
            messages.error(request, _('Could not start operation.'))
            logger.error(e)
583
        return redirect("%s#activity" % self.object.get_absolute_url())
584

585 586 587 588
    @classmethod
    def factory(cls, op, icon='cog'):
        return type(str(cls.__name__ + op),
                    (cls, ), {'op': op, 'icon': icon})
589

590 591 592 593 594 595 596 597 598 599
    @classmethod
    def bind_to_object(cls, instance):
        v = cls()
        v.get_object = lambda: instance
        return v


class VmOperationView(OperationView):

    model = Instance
600
    context_object_name = 'instance'  # much simpler to mock object
601

602 603 604 605 606 607
    def post(self, request, *args, **kwargs):
        resp = super(VmOperationView, self).post(request, *args, **kwargs)
        if request.is_ajax():
            store = messages.get_messages(request)
            store.used = True
            return HttpResponse(
608
                json.dumps({'success': True,
609 610 611 612 613 614
                            'messages': [unicode(m) for m in store]}),
                content_type="application=json"
            )
        else:
            return resp

615

616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633
class FormOperationMixin(object):

    form_class = None

    def get_context_data(self, **kwargs):
        ctx = super(FormOperationMixin, self).get_context_data(**kwargs)
        if self.request.method == 'POST':
            ctx['form'] = self.form_class(self.request.POST)
        else:
            ctx['form'] = self.form_class()
        return ctx

    def post(self, request, extra=None, *args, **kwargs):
        if extra is None:
            extra = {}
        form = self.form_class(self.request.POST)
        if form.is_valid():
            extra.update(form.cleaned_data)
634
            resp = super(FormOperationMixin, self).post(
635
                request, extra, *args, **kwargs)
636 637
            if request.is_ajax():
                return HttpResponse(
638
                    json.dumps({'success': True}),
639 640 641 642
                    content_type="application=json"
                )
            else:
                return resp
643 644 645 646
        else:
            return self.get(request)


647 648 649 650 651 652
class VmCreateDiskView(FormOperationMixin, VmOperationView):

    op = 'create_disk'
    form_class = VmCreateDiskForm
    show_in_toolbar = False
    icon = 'hdd'
653
    is_disk_operation = True
654 655 656 657 658 659 660 661


class VmDownloadDiskView(FormOperationMixin, VmOperationView):

    op = 'download_disk'
    form_class = VmDownloadDiskForm
    show_in_toolbar = False
    icon = 'download'
662
    is_disk_operation = True
663 664


665 666 667 668 669 670 671
class VmMigrateView(VmOperationView):

    op = 'migrate'
    icon = 'truck'
    template_name = 'dashboard/_vm-migrate.html'

    def get_context_data(self, **kwargs):
672
        ctx = super(VmMigrateView, self).get_context_data(**kwargs)
673 674 675 676 677
        ctx['nodes'] = [n for n in Node.objects.filter(enabled=True)
                        if n.state == "ONLINE"]
        return ctx

    def post(self, request, extra=None, *args, **kwargs):
678 679
        if extra is None:
            extra = {}
680 681 682 683 684 685 686
        node = self.request.POST.get("node")
        if node:
            node = get_object_or_404(Node, pk=node)
            extra["to_node"] = node
        return super(VmMigrateView, self).post(request, extra, *args, **kwargs)


687
class VmSaveView(FormOperationMixin, VmOperationView):
688 689 690

    op = 'save_as_template'
    icon = 'save'
691
    form_class = VmSaveForm
692

693 694 695
vm_ops = {
    'reset': VmOperationView.factory(op='reset', icon='bolt'),
    'deploy': VmOperationView.factory(op='deploy', icon='play'),
696
    'migrate': VmMigrateView,
697 698 699
    'reboot': VmOperationView.factory(op='reboot', icon='refresh'),
    'shut_off': VmOperationView.factory(op='shut_off', icon='ban-circle'),
    'shutdown': VmOperationView.factory(op='shutdown', icon='off'),
700
    'save_as_template': VmSaveView,
701 702 703
    'destroy': VmOperationView.factory(op='destroy', icon='remove'),
    'sleep': VmOperationView.factory(op='sleep', icon='moon'),
    'wake_up': VmOperationView.factory(op='wake_up', icon='sun'),
704 705
    'create_disk': VmCreateDiskView,
    'download_disk': VmDownloadDiskView,
706 707 708 709 710 711 712 713 714 715
}


def get_operations(instance, user):
    ops = []
    for k, v in vm_ops.iteritems():
        try:
            op = v.get_op_by_object(instance)
            op.check_auth(user)
            op.check_precond()
716 717 718
        except Exception as e:
            logger.debug('Not showing operation %s for %s: %s',
                         k, instance, unicode(e))
719 720 721
        else:
            ops.append(v.bind_to_object(instance))
    return ops
722

Kálmán Viktor committed
723

724
class NodeDetailView(LoginRequiredMixin, SuperuserRequiredMixin, DetailView):
725 726
    template_name = "dashboard/node-detail.html"
    model = Node
727 728
    form = None
    form_class = TraitForm
729

730 731 732
    def get_context_data(self, form=None, **kwargs):
        if form is None:
            form = self.form_class()
733
        context = super(NodeDetailView, self).get_context_data(**kwargs)
734 735
        instances = Instance.active.filter(node=self.object)
        context['table'] = NodeVmListTable(instances)
736 737 738 739
        na = NodeActivity.objects.filter(
            node=self.object, parent=None
        ).order_by('-started').select_related()
        context['activities'] = na
740
        context['trait_form'] = form
741
        context['graphite_enabled'] = (
Bach Dániel committed
742
            settings.GRAPHITE_URL is not None)
743 744
        return context

745 746 747
    def post(self, request, *args, **kwargs):
        if request.POST.get('new_name'):
            return self.__set_name(request)
748 749
        if request.POST.get('to_remove'):
            return self.__remove_trait(request)
750 751
        return redirect(reverse_lazy("dashboard.views.node-detail",
                                     kwargs={'pk': self.get_object().pk}))
752 753 754 755 756 757 758

    def __set_name(self, request):
        self.object = self.get_object()
        new_name = request.POST.get("new_name")
        Node.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

759
        success_message = _("Node successfully renamed.")
760 761 762 763 764
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
                'node_pk': self.object.pk
765 766 767 768 769 770 771 772 773 774
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.node-detail",
                                         kwargs={'pk': self.object.pk}))

775 776 777 778
    def __remove_trait(self, request):
        try:
            to_remove = request.POST.get('to_remove')
            self.object = self.get_object()
779
            self.object.traits.remove(to_remove)
780 781 782 783 784 785 786
            message = u"Success"
        except:  # note this won't really happen
            message = u"Not success"

        if request.is_ajax():
            return HttpResponse(
                json.dumps({'message': message}),
787
                content_type="application/json"
788
            )
789
        else:
790
            return redirect(self.object.get_absolute_url())
791

792

793
class GroupDetailView(CheckedDetailView):
794 795
    template_name = "dashboard/group-detail.html"
    model = Group
796
    read_level = 'operator'
797 798 799

    def get_has_level(self):
        return self.object.profile.has_level
800 801 802

    def get_context_data(self, **kwargs):
        context = super(GroupDetailView, self).get_context_data(**kwargs)
803 804
        context['group'] = self.object
        context['users'] = self.object.user_set.all()
805 806
        context['future_users'] = FutureMember.objects.filter(
            group=self.object)
807
        context['acl'] = get_group_acl_data(self.object)
808 809
        context['group_profile_form'] = GroupProfileUpdate.get_form_object(
            self.request, self.object.profile)
810 811 812
        return context

    def post(self, request, *args, **kwargs):
813 814 815
        self.object = self.get_object()
        if not self.get_has_level()(request.user, 'operator'):
            raise PermissionDenied()
816 817
        if request.POST.get('new_name'):
            return self.__set_name(request)
818
        if request.POST.get('list-new-name'):
819
            return self.__add_user(request)
820
        if request.POST.get('list-new-namelist'):
821
            return self.__add_list(request)
822 823 824 825
        if (request.POST.get('list-new-name') is not None) and \
                (request.POST.get('list-new-namelist') is not None):
            return redirect(reverse_lazy("dashboard.views.group-detail",
                                         kwargs={'pk': self.get_object().pk}))
826 827

    def __add_user(self, request):
828
        name = request.POST['list-new-name']
829 830 831
        self.__add_username(request, name)
        return redirect(reverse_lazy("dashboard.views.group-detail",
                                     kwargs={'pk': self.object.pk}))
832 833

    def __add_username(self, request, name):
834
        if not name:
835
            return
836 837
        try:
            entity = User.objects.get(username=name)
838
            self.object.user_set.add(entity)
839
        except User.DoesNotExist:
840 841 842 843 844
            if saml_available:
                FutureMember.objects.get_or_create(org_id=name,
                                                   group=self.object)
            else:
                warning(request, _('User "%s" not found.') % name)
845

846
    def __add_list(self, request):
847 848
        if not self.get_has_level()(request.user, 'operator'):
            raise PermissionDenied()
849 850 851
        userlist = request.POST.get('list-new-namelist').split('\r\n')
        for line in userlist:
            self.__add_username(request, line)
852 853
        return redirect(reverse_lazy("dashboard.views.group-detail",
                                     kwargs={'pk': self.object.pk}))
854 855 856 857 858 859

    def __set_name(self, request):
        new_name = request.POST.get("new_name")
        Group.objects.filter(pk=self.object.pk).update(
            **{'name': new_name})

860
        success_message = _("Group successfully renamed.")
861 862 863 864
        if request.is_ajax():
            response = {
                'message': success_message,
                'new_name': new_name,
865
                'group_pk': self.object.pk
866 867 868 869 870 871 872 873 874 875 876
            }
            return HttpResponse(
                json.dumps(response),
                content_type="application/json"
            )
        else:
            messages.success(request, success_message)
            return redirect(reverse_lazy("dashboard.views.group-detail",
                                         kwargs={'pk': self.object.pk}))


877
class AclUpdateView(LoginRequiredMixin, View, SingleObjectMixin):
878

879
    def post(self, request, *args, **kwargs):
880
        instance = self.get_object()
881 882
        if not (instance.has_level(request.user, "owner") or
                getattr(instance, 'owner', None) == request.user):
Őry Máté committed
883 884
            logger.warning('Tried to set permissions of %s by non-owner %s.',
                           unicode(instance), unicode(request.user))
885
            raise PermissionDenied()
886
        self.set_levels(request, instance)
887
        self.remove_levels(request, instance)
888
        self.add_levels(request, instance)
889
        return redirect("%s#access" % instance.get_absolute_url())
890 891

    def set_levels(self, request, instance):
892 893 894
        for key, value in request.POST.items():
            m = re.match('perm-([ug])-(\d+)', key)
            if m:
895 896
                typ, id = m.groups()
                entity = {'u': User, 'g': Group}[typ].objects.get(id=id)
897
                if getattr(instance, "owner", None) == entity:
898 899 900
                    logger.info("Tried to set owner's acl level for %s by %s.",
                                unicode(instance), unicode(request.user))
                    continue
901
                instance.set_level(entity, value)
Őry Máté committed
902 903 904
                logger.info("Set %s's acl level for %s to %s by %s.",
                            unicode(entity), unicode(instance),
                            value, unicode(request.user))
905

906 907 908 909 910 911 912 913 914 915
    def remove_levels(self, request, instance):
        for key, value in request.POST.items():
            if key.startswith("remove"):
                typ = key[7:8]  # len("remove-")
                id = key[9:]  # len("remove-x-")
                entity = {'u': User, 'g': Group}[typ].objects.get(id=id)
                if getattr(instance, "owner", None) == entity:
                    logger.info("Tried to remove owner from %s by %s.",
                                unicode(instance), unicode(request.user))
                    msg = _("The original owner cannot be removed, however "
916
                            "you can transfer ownership.")
917 918 919 920 921 922 923
                    messages.warning(request, msg)
                    continue
                instance.set_level(entity, None)
                logger.info("Revoked %s's access to %s by %s.",
                            unicode(entity), unicode(instance),
                            unicode(request.user))

924
    def add_levels(self, request, instance):
925 926
        name = request.POST['perm-new-name']
        value = request.POST['perm-new']
927 928 929 930 931 932
        if not name:
            return
        try:
            entity = User.objects.get(username=name)
        except User.DoesNotExist:
            entity = None
933 934
            try:
                entity = Group.objects.get(name=name)
935 936 937 938
            except Group.DoesNotExist:
                warning(request, _('User or group "%s" not found.') % name)
                return

939
        instance.set_level(entity, value)
Őry Máté committed
940 941 942
        logger.info("Set %s's new acl level for %s to %s by %s.",
                    unicode(entity), unicode(instance),
                    value, unicode(request.user))
943

Kálmán Viktor committed
944

945 946 947 948 949 950 951 952 953 954
class TemplateAclUpdateView(AclUpdateView):
    model = InstanceTemplate

    def post(self, request, *args, **kwargs):
        template = self.get_object()
        if not (template.has_level(request.user, "owner") or
                getattr(template, 'owner', None) == request.user):
            logger.warning('Tried to set permissions of %s by non-owner %s.',
                           unicode(template), unicode(request.user))
            raise PermissionDenied()
955 956 957 958 959 960 961 962 963

        name = request.POST['perm-new-name']
        if (User.objects.filter(username=name).count() +
                Group.objects.filter(name=name).count() < 1
                and len(name) > 0):
            warning(request, _('User or group "%s" not found.') % name)
        else:
            self.set_levels(request, template)
            self.add_levels(request, template)
964
            self.remove_levels(request, template)
965 966 967 968 969

            post_for_disk = request.POST.copy()
            post_for_disk['perm-new'] = 'user'
            request.POST = post_for_disk
            for d in template.disks.all():
970
                self.set_levels(request, d)
971
                self.add_levels(request, d)
972
                self.remove_levels(request, d)
973

974
        return redirect(template)
975 976


977 978 979 980 981 982 983 984 985 986
class GroupAclUpdateView(AclUpdateView):
    model = Group

    def post(self, request, *args, **kwargs):
        instance = self.get_object().profile
        if not (instance.has_level(request.user, "owner") or
                getattr(instance, 'owner', None) == request.user):
            logger.warning('Tried to set permissions of %s by non-owner %s.',
                           unicode(instance), unicode(request.user))
            raise PermissionDenied()
Kálmán Viktor committed
987 988 989

        self.set_levels(request, instance)
        self.add_levels(request, instance)
990 991 992 993
        return redirect(reverse("dashboard.views.group-detail",
                                kwargs=self.kwargs))


994 995 996 997 998 999 1000 1001 1002 1003
class TemplateChoose(TemplateView):

    def get_template_names(self):
        if self.request.is_ajax():
            return ['dashboard/modal-wrapper.html']
        else:
            return ['dashboard/nojs-wrapper.html']

    def get_context_data(self, *args, **kwargs):
        context = super(TemplateChoose, self).get_context_data(*args, **kwargs)
1004
        templates = InstanceTemplate.get_objects_with_level("user",
1005 1006 1007 1008
                                                            self.request.user)
        context.update({
            'box_title': _('Choose template'),
            'ajax_title': False,
1009
            'template': "dashboard/_template-choose.html",
1010
            'templates': templates.all(),
1011 1012 1013
        })
        return context

1014 1015 1016 1017 1018 1019 1020
    def post(self, request, *args, **kwargs):
        if not request.user.has_perm('vm.create_template'):
            raise PermissionDenied()

        template = request.POST.get("parent")
        if template == "base_vm":
            return redirect(reverse("dashboard.views.template-create"))
1021
        elif template is None:
1022
            messages.warning(request, _("Select an option to proceed."))
1023
            return redirect(reverse("dashboard.views.template-choose"))
1024 1025 1026 1027 1028 1029 1030 1031
        else:
            template = get_object_or_404(InstanceTemplate, pk=template)

        instance = Instance.create_from_template(
            template=template, owner=request.user, is_base=True)

        return redirect(instance.get_absolute_url())

1032

1033 1034 1035 1036
class TemplateCreate(SuccessMessageMixin, CreateView):
    model = InstanceTemplate
    form_class = TemplateForm

1037 1038
    def get_template_names(self):
        if self.request.is_ajax():
1039
            pass
1040 1041 1042 1043 1044 1045 1046
        else:
            return ['dashboard/nojs-wrapper.html']

    def get_context_data(self, *args, **kwargs):
        context = super(TemplateCreate, self).get_context_data(*args, **kwargs)

        context.update({
1047
            'box_title': _("Create a new base VM"),
1048
            'template': "dashboard/_template-create.html",
1049
            'leases': Lease.objects.count()
1050 1051 1052
        })
        return context

1053
    def get(self, *args, **kwargs):
1054 1055
        if not self.request.user.has_perm('vm.create_template'):
            raise PermissionDenied()
1056

1057 1058 1059 1060
        return super(TemplateCreate, self).get(*args, **kwargs)

    def get_form_kwargs(self):
        kwargs = super(TemplateCreate, self).get_form_kwargs()
1061
        kwargs['user'] = self.request.user
1062 1063
        return kwargs

1064 1065 1066
    def post(self, request, *args, **kwargs):
        if not self.request.user.has_perm('vm.create_template'):
            raise PermissionDenied()
1067 1068

        form = self.form_class(request.POST, user=request.user)
1069 1070
        if not form.is_valid():
            return self.get(request, form, *args, **kwargs)
1071
        else:
1072
            post = form.cleaned_data
1073 1074
            networks = self.__create_networks(post.pop("networks"),
                                              request.user)
1075
            post.pop("parent")
1076
            post['max_ram_size'] = post['ram_size']
1077 1078 1079 1080 1081 1082 1083
            req_traits = post.pop("req_traits")
            tags = post.pop("tags")
            post['pw'] = User.objects.make_random_password()
            post['is_base'] = True
            inst = Instance.create(params=post, disks=[],
                                   networks=networks,
                                   tags=tags, req_traits=req_traits)
1084

1085
            return redirect("%s#resources" % inst.get_absolute_url())
1086

1087 1088
        return super(TemplateCreate, self).post(self, request, args, kwargs)

1089
    def __create_networks(self, vlans, user):
1090 1091
        networks = []
        for v in vlans:
1092 1093
            if not v.has_level(user, "user"):
                raise PermissionDenied()
1094 1095 1096
            networks.append(InterfaceTemplate(vlan=v, managed=v.managed))
        return networks

1097 1098 1099 1100
    def get_success_url(self):
        return reverse_lazy("dashboard.views.template-list")


1101
class TemplateDetail(LoginRequiredMixin, SuccessMessageMixin, UpdateView):
1102
    model = InstanceTemplate
1103 1104
    template_name = "dashboard/template-edit.html"
    form_class = TemplateForm
1105
    success_message = _("Successfully modified template.")
1106 1107

    def get(self, request, *args, **kwargs):
1108
        template = self.get_object()
1109
        if not template.has_level(request.user, 'user'):
1110
            raise PermissionDenied()
1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131
        if request.is_ajax():
            template = {
                'num_cores': template.num_cores,
                'ram_size': template.ram_size,
                'priority': template.priority,
                'arch': template.arch,
                'description': template.description,
                'system': template.system,
                'name': template.name,
                'disks': [{'pk': d.pk, 'name': d.name}
                          for d in template.disks.all()],
                'network': [
                    {'vlan_pk': i.vlan.pk, 'vlan': i.vlan.name,
                     'managed': i.managed}
                    for i in InterfaceTemplate.objects.filter(
                        template=self.get_object()).all()
                ]
            }
            return HttpResponse(json.dumps(template),
                                content_type="application/json")
        else:
1132 1133
            return super(TemplateDetail, self).get(request, *args, **kwargs)

1134
    def get_context_data(self, **kwargs):
1135
        obj = self.get_object()
1136
        context = super(TemplateDetail, self).get_context_data(**kwargs)
1137 1138
        context['acl'] = get_vm_acl_data(obj)
        context['disks'] = obj.disks.all()
1139 1140
        return context

1141 1142 1143 1144
    def get_success_url(self):
        return reverse_lazy("dashboard.views.template-detail",
                            kwargs=self.kwargs)

1145 1146 1147 1148 1149 1150 1151
    def post(self, request, *args, **kwargs):
        template = self.get_object()
        if not template.has_level(request.user, 'owner'):
            raise PermissionDenied()
        for disk in self.get_object().disks.all():
            if not disk.has_level(request.user, 'user'):
                raise PermissionDenied()
1152 1153 1154
        for network in self.get_object().interface_set.all():
            if not network.vlan.has_level(request.user, "user"):
                raise PermissionDenied()
1155 1156
        return super(TemplateDetail, self).post(self, request, args, kwargs)

1157 1158 1159 1160 1161
    def get_form_kwargs(self):
        kwargs = super(TemplateDetail, self).get_form_kwargs()
        kwargs['user'] = self.request.user
        return kwargs

1162

1163
class TemplateList(LoginRequiredMixin, SingleTableView):
1164 1165 1166 1167 1168 1169 1170
    template_name = "dashboard/template-list.html"
    model = InstanceTemplate
    table_class = TemplateListTable
    table_pagination = False

    def get_context_data(self, *args, **kwargs):
        context = super(TemplateList, self).get_context_data(*args, **kwargs)
1171 1172
        context['lease_table'] = LeaseListTable(Lease.objects.all(),
                                                request=self.request)
1173
        return context
1174

1175 1176 1177 1178 1179 1180
    def get_queryset(self):
        logger.debug('TemplateList.get_queryset() called. User: %s',
                     unicode(self.request.user))
        return InstanceTemplate.get_objects_with_level(
            'user', self.request.user).all()

1181