Merge branch 'feature-vlan-acl' into 'master'

Feature Vlan Acl Closes #169

Merge branch 'feature-vlan-acl' into 'master'
Feature Vlan Acl Closes #169
7e278a2c · Bach Dániel · 9ae9f624 · 3ce59795 · 7e278a2c · 7e278a2c
Commit 7e278a2c authored Jun 13, 2014 by Bach Dániel
9 changed files
--- a/circle/network/static/js/network.js
+++ b/circle/network/static/js/network.js
@@ -27,3 +27,7 @@ function getURLParameter(name) {
        (RegExp(name + '=' + '(.+?)(&|$)').exec(location.search)||[,null])[1]
    );
 }
+
+$(function() {
+  $("[title]").tooltip();
+});
--- a/circle/network/static/network/network.css
+++ b/circle/network/static/network/network.css
+.table-with-form-fields tbody tr td {
+  line-height: 34px;
+}
+
+#vlan-access-table th:last-child, #vlan-access-table td:last-child {
+  text-align: center;
+}
+
--- a/circle/network/templates/network/base.html
+++ b/circle/network/templates/network/base.html
@@ -12,6 +12,7 @@
    <link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.min.css">
    <link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap-theme.min.css">
    <link href="//netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css" rel="stylesheet" />
+    <link href="{% static "network/network.css" %}" rel="stylesheet">
    <style type="text/css">
    body {
      padding-top:40px;
@@ -35,7 +36,6 @@
    <!--[if lt IE 9]>
      <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
    <![endif]-->
-    <!--<link href="{% static "css/network.css" %}" rel="stylesheet">-->
    {% block extra_css %}{% endblock %}
  </head>
  <body>

--- a/circle/network/templates/network/vlan-edit.html
+++ b/circle/network/templates/network/vlan-edit.html
@@ -12,11 +12,72 @@
 </div>

 <div class="row">
-    <div class="col-sm-8">
-        {% crispy form %}
+  <div class="col-sm-6">
+    {% crispy form %}
+  </div>
+  <div class="col-sm-6">
+    <div class="page-header">
+      <h3>{% trans "Host list" %}</h3>
    </div>
-    <div class="col-sm-4">
-        {% render_table host_list %}
+    {% render_table host_list %}
+    <div class="page-header">
+      <h3>{% trans "Manage access" %}</h3>
    </div>
+    <form action="{% url "network.vlan-acl" vid=vlan_vid %}" method="post">{% csrf_token %}
+      <table class="table table-striped table-with-form-fields" id="vlan-access-table">
+        <thead>
+          <tr>
+            <th></th>
+            <th>{% trans "Who" %}</th>
+            <th>{% trans "What" %}</th>
+            <th><i class="icon-remove"></i></th>
+        </tr></thead>
+        <tbody>
+            {% for i in acl.users %}
+            <tr>
+              <td><i class="icon-user"></i></td><td>{{i.user}}</td>
+              <td>
+                <select class="form-control" name="perm-u-{{i.user.id}}">
+                  {% for id, name in acl.levels %}
+                  <option{%if id = i.level%} selected="selected"{%endif%} value="{{id}}">{{name}}</option>
+                  {% endfor %}
+                </select>
+              </td>
+              <td>
+                <input type="checkbox" name="remove-u-{{i.user.id}}" title="{% trans "Remove" %}"/>
+              </td>
+            </tr>
+            {% endfor %}
+            {% for i in acl.groups %}
+            <tr>
+              <td><i class="icon-group"></i></td><td>{{i.group}}</td>
+              <td>
+                <select class="form-control" name="perm-g-{{i.group.id}}">
+                  {% for id, name in acl.levels %}
+                  <option{%if id = i.level%} selected="selected"{%endif%} value="{{id}}">{{name}}</option>
+                  {% endfor %}
+                </select>
+              </td>
+              <td>
+                <input type="checkbox" name="remove-g-{{i.group.id}}" title="{% trans "Remove" %}"/>
+              </td>
+            </tr>
+            {% endfor %}
+            <tr><td><i class="icon-plus"></i></td>
+                <td><input type="text" class="form-control" name="perm-new-name"
+                    placeholder="{% trans "Name of group or user" %}"></td>
+                <td><select class="form-control" name="perm-new">
+                        {% for id, name in acl.levels %}
+                        <option value="{{id}}">{{name}}</option>
+                        {% endfor %}
+                </select></td><td></td>
+            </tr>
+      </tbody>
+      </table>
+      <div class="form-actions">
+        <button type="submit" class="btn btn-success">{% trans "Save" %}</button>
+      </div>
+    </form>
+  </div>
 </div>
 {% endblock %}
--- a/circle/network/tests.py
+++ b/circle/network/tests.py
-# Copyright 2014 Budapest University of Technology and Economics (BME IK)
-#
-# This file is part of CIRCLE Cloud.
-#
-# CIRCLE is free software: you can redistribute it and/or modify it under
-# the terms of the GNU General Public License as published by the Free
-# Software Foundation, either version 3 of the License, or (at your option)
-# any later version.
-#
-# CIRCLE is distributed in the hope that it will be useful, but WITHOUT ANY
-# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-# details.
-#
-# You should have received a copy of the GNU General Public License along
-# with CIRCLE.  If not, see <http://www.gnu.org/licenses/>.
-
-"""
-This file demonstrates writing tests using the unittest module. These will pass
-when you run "manage.py test".
-
-Replace this with more appropriate tests for your application.
-"""
-
-from django.test import TestCase
-
-
-class SimpleTest(TestCase):
-    def test_basic_addition(self):
-        """
-        Tests that 1 + 1 always equals 2.
-        """
-        self.assertEqual(1 + 1, 2)
--- a/circle/network/tests/__init__.py
+++ b/circle/network/tests/__init__.py
--- a/circle/network/tests/test_views.py
+++ b/circle/network/tests/test_views.py
+# Copyright 2014 Budapest University of Technology and Economics (BME IK)
+#
+# This file is part of CIRCLE Cloud.
+#
+# CIRCLE is free software: you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free
+# Software Foundation, either version 3 of the License, or (at your option)
+# any later version.
+#
+# CIRCLE is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along
+# with CIRCLE.  If not, see <http://www.gnu.org/licenses/>.
+
+from django.test import TestCase
+from django.test.client import Client
+from django.contrib.auth.models import User, Group
+from mock import Mock
+
+from dashboard.tests.test_views import LoginMixin
+
+from vm.models import Instance
+from firewall.models import Vlan, VlanGroup
+
+import django.conf
+settings = django.conf.settings.FIREWALL_SETTINGS
+
+
+class VlanAclTest(LoginMixin, TestCase):
+    fixtures = ['test-vm-fixture.json', 'node.json']
+
+    def setUp(self):
+        Instance.get_remote_queue_name = Mock(return_value='test')
+        self.u1 = User.objects.create(username='user1')
+        self.u1.set_password('password')
+        self.u1.save()
+        self.u2 = User.objects.create(username='user2', is_staff=True)
+        self.u2.set_password('password')
+        self.u2.save()
+        self.us = User.objects.create(username='superuser', is_superuser=True)
+        self.us.set_password('password')
+        self.us.save()
+        self.g1 = Group.objects.create(name='group1')
+        self.g1.user_set.add(self.u1)
+        self.g1.user_set.add(self.u2)
+        self.g1.save()
+        settings["default_vlangroup"] = 'public'
+        VlanGroup.objects.create(name='public')
+
+    def tearDown(self):
+        super(VlanAclTest, self).tearDown()
+        self.u1.delete()
+        self.u2.delete()
+        self.us.delete()
+        self.g1.delete()
+
+    def test_add_new_user_permission(self):
+        c = Client()
+        self.login(c, "superuser")
+        vlan = Vlan.objects.get(vid=1)
+        self.assertEqual([], vlan.get_users_with_level())
+
+        resp = c.post("/network/vlans/1/acl/", {
+            'perm-new-name': "user1",
+            'perm-new': "user",
+        })
+
+        vlan = Vlan.objects.get(vid=1)
+        self.assertTrue((self.u1, "user") in vlan.get_users_with_level())
+        self.assertEqual(resp.status_code, 302)
+
+    def test_make_user_operator(self):
+        c = Client()
+        self.login(c, "superuser")
+        vlan = Vlan.objects.get(vid=1)
+
+        vlan.set_level(self.u1, "user")
+        self.assertTrue((self.u1, "user") in vlan.get_users_with_level())
+
+        resp = c.post("/network/vlans/1/acl/", {
+            'perm-u-%d' % self.u1.pk: "operator",
+            'perm-new': "",
+            'perm-new-name': "",
+        })
+
+        self.assertTrue((self.u1, "operator") in vlan.get_users_with_level())
+        self.assertEqual(resp.status_code, 302)
+
+    def test_remove_user_permission(self):
+        c = Client()
+        self.login(c, "superuser")
+        vlan = Vlan.objects.get(vid=1)
+
+        vlan.set_level(self.u1, "user")
+        self.assertTrue((self.u1, "user") in vlan.get_users_with_level())
+
+        resp = c.post("/network/vlans/1/acl/", {
+            'remove-u-%d' % self.u1.pk: "",
+            'perm-new': "",
+            'perm-new-name': "",
+        })
+
+        self.assertTrue((self.u1, "user") not in vlan.get_users_with_level())
+        self.assertEqual(resp.status_code, 302)
--- a/circle/network/urls.py
+++ b/circle/network/urls.py
@@ -30,7 +30,8 @@ from .views import (IndexView,
                    VlanGroupList, VlanGroupDetail, VlanGroupDelete,
                    VlanGroupCreate,
                    remove_host_group, add_host_group,
-                    remove_switch_port_device, add_switch_port_device)
+                    remove_switch_port_device, add_switch_port_device,
+                    VlanAclUpdateView)

 urlpatterns = patterns(
    '',
@@ -83,6 +84,8 @@ urlpatterns = patterns(
    url('^vlans/$', VlanList.as_view(), name='network.vlan_list'),
    url('^vlans/create$', VlanCreate.as_view(), name='network.vlan_create'),
    url('^vlans/(?P<vid>\d+)/$', VlanDetail.as_view(), name='network.vlan'),
+    url('^vlans/(?P<vid>\d+)/acl/$', VlanAclUpdateView.as_view(),
+        name='network.vlan-acl'),
    url('^vlans/delete/(?P<vid>\d+)/$', VlanDelete.as_view(),
        name="network.vlan_delete"),
    url('^vlangroups/$', VlanGroupList.as_view(),

--- a/circle/network/views.py
+++ b/circle/network/views.py
@@ -41,6 +41,7 @@ from braces.views import LoginRequiredMixin, SuperuserRequiredMixin
 from operator import itemgetter
 from itertools import chain
 import json
+from dashboard.views import AclUpdateView


 class SuccessMessageMixin(FormMixin):
@@ -628,6 +629,21 @@ class VlanList(LoginRequiredMixin, SuperuserRequiredMixin, SingleTableView):
    table_pagination = False


+def get_vlan_acl_data(obj):
+    levels = obj.ACL_LEVELS
+    users = obj.get_users_with_level()
+    users = [{'user': u, 'level': l} for u, l in users]
+    groups = obj.get_groups_with_level()
+    groups = [{'group': g, 'level': l} for g, l in groups]
+    return {'users': users, 'groups': groups, 'levels': levels}
+
+
+class VlanAclUpdateView(AclUpdateView):
+    model = Vlan
+    slug_field = "vid"
+    slug_url_kwarg = "vid"
+
+
 class VlanDetail(LoginRequiredMixin, SuperuserRequiredMixin,
                 SuccessMessageMixin, UpdateView):
    model = Vlan
@@ -646,6 +662,7 @@ class VlanDetail(LoginRequiredMixin, SuperuserRequiredMixin,

        context['host_list'] = SmallHostTable(q)
        context['vlan_vid'] = self.kwargs.get('vid')
+        context['acl'] = get_vlan_acl_data(self.get_object())
        return context

    success_url = reverse_lazy('network.vlan_list')