Commit 9585adae by Őry Máté

acl: add logging

parent fec4de34
import logging
from django.contrib.auth.models import User, Group from django.contrib.auth.models import User, Group
from django.contrib.contenttypes.generic import ( from django.contrib.contenttypes.generic import (
GenericForeignKey, GenericRelation GenericForeignKey, GenericRelation
...@@ -7,6 +9,8 @@ from django.db.models import ( ...@@ -7,6 +9,8 @@ from django.db.models import (
ManyToManyField, ForeignKey, CharField, Model, IntegerField ManyToManyField, ForeignKey, CharField, Model, IntegerField
) )
logger = logging.getLogger(__name__)
class Level(Model): class Level(Model):
...@@ -18,6 +22,9 @@ class Level(Model): ...@@ -18,6 +22,9 @@ class Level(Model):
codename = CharField('codename', max_length=100) codename = CharField('codename', max_length=100)
weight = IntegerField('weight', null=True) weight = IntegerField('weight', null=True)
def __unicode__(self):
return "<%s/%s>" % (unicode(self.content_type), self.name)
class Meta: class Meta:
unique_together = (('content_type', 'codename'), unique_together = (('content_type', 'codename'),
# ('content_type', 'weight'), # ('content_type', 'weight'),
...@@ -35,6 +42,9 @@ class ObjectLevel(Model): ...@@ -35,6 +42,9 @@ class ObjectLevel(Model):
users = ManyToManyField(User) users = ManyToManyField(User)
groups = ManyToManyField(Group) groups = ManyToManyField(Group)
def __unicode__(self):
return "<%s: %s>" % (unicode(self.content_object), unicode(self.level))
class Meta: class Meta:
unique_together = (('content_type', 'object_id', 'level'),) unique_together = (('content_type', 'object_id', 'level'),)
...@@ -57,6 +67,8 @@ class AclBase(Model): ...@@ -57,6 +67,8 @@ class AclBase(Model):
raise AttributeError("Whom must be a User or Group object.") raise AttributeError("Whom must be a User or Group object.")
def set_user_level(self, user, level): def set_user_level(self, user, level):
logger.info('%s.set_user_level(%s, %s) called',
*[unicode(p) for p in [self, user, level]])
if isinstance(level, basestring): if isinstance(level, basestring):
level = self.get_level_object(level) level = self.get_level_object(level)
if not self.object_level_set.filter(level_id=level.pk).exists(): if not self.object_level_set.filter(level_id=level.pk).exists():
...@@ -69,6 +81,8 @@ class AclBase(Model): ...@@ -69,6 +81,8 @@ class AclBase(Model):
i.save() i.save()
def set_group_level(self, group, level): def set_group_level(self, group, level):
logger.info('%s.set_group_level(%s, %s) called',
*[unicode(p) for p in [self, group, level]])
if isinstance(level, basestring): if isinstance(level, basestring):
level = self.get_level_object(level) level = self.get_level_object(level)
#self.object_level_set.get_or_create(level=level, content_object=self) #self.object_level_set.get_or_create(level=level, content_object=self)
...@@ -82,8 +96,11 @@ class AclBase(Model): ...@@ -82,8 +96,11 @@ class AclBase(Model):
i.save() i.save()
def has_level(self, user, level, group_also=True): def has_level(self, user, level, group_also=True):
logger.debug('%s.has_level(%s, %s, %s) called',
*[unicode(p) for p in [self, user, level, group_also]])
if isinstance(level, basestring): if isinstance(level, basestring):
level = self.get_level_object(level) level = self.get_level_object(level)
logger.debug("- level set by str: %s", unicode(level))
object_levels = self.object_level_set.filter( object_levels = self.object_level_set.filter(
level__weight__gte=level.weight).all() level__weight__gte=level.weight).all()
...@@ -102,21 +119,27 @@ class AclBase(Model): ...@@ -102,21 +119,27 @@ class AclBase(Model):
return False return False
def get_users_with_level(self): def get_users_with_level(self):
logger.debug('%s.get_users_with_level() called', unicode(self))
object_levels = (self.object_level_set.select_related( object_levels = (self.object_level_set.select_related(
'users', 'level').all()) 'users', 'level').all())
users = [] users = []
for object_level in object_levels: for object_level in object_levels:
name = object_level.level.codename name = object_level.level.codename
users.extend([(u, name) for u in object_level.users.all()]) olusers = object_level.users.all()
users.extend([(u, name) for u in olusers])
logger.debug('- %s: %s' % (name, [u.username for u in olusers]))
return users return users
def get_groups_with_level(self): def get_groups_with_level(self):
logger.debug('%s.get_groups_with_level() called', unicode(self))
object_levels = (self.object_level_set.select_related( object_levels = (self.object_level_set.select_related(
'groups', 'level').all()) 'groups', 'level').all())
groups = [] groups = []
for object_level in object_levels: for object_level in object_levels:
name = object_level.level.codename name = object_level.level.codename
groups.extend([(g, name) for g in object_level.groups.all()]) olgroups = object_level.groups.all()
groups.extend([(g, name) for g in olgroups])
logger.debug('- %s: %s' % (name, [g.name for g in olgroups]))
return groups return groups
class Meta: class Meta:
......
from os import getenv from os import getenv
import json import json
import logging
import re import re
from django.contrib.auth.models import User, Group from django.contrib.auth.models import User, Group
...@@ -18,6 +19,8 @@ from vm.models import Instance, InstanceTemplate, InterfaceTemplate ...@@ -18,6 +19,8 @@ from vm.models import Instance, InstanceTemplate, InterfaceTemplate
from firewall.models import Vlan from firewall.models import Vlan
from storage.models import Disk from storage.models import Disk
logger = logging.getLogger(__name__)
class IndexView(TemplateView): class IndexView(TemplateView):
template_name = "dashboard/index.html" template_name = "dashboard/index.html"
...@@ -79,6 +82,8 @@ class AclUpdateView(View, SingleObjectMixin): ...@@ -79,6 +82,8 @@ class AclUpdateView(View, SingleObjectMixin):
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
instance = self.get_object() instance = self.get_object()
if not instance.has_level(request.user, "owner"): if not instance.has_level(request.user, "owner"):
logger.warning('Tried to set permissions of %s by non-owner %s.',
unicode(instance), unicode(request.user))
raise PermissionDenied() raise PermissionDenied()
for key, value in request.POST.items(): for key, value in request.POST.items():
m = re.match('perm-([ug])-(\d+)', key) m = re.match('perm-([ug])-(\d+)', key)
...@@ -86,6 +91,9 @@ class AclUpdateView(View, SingleObjectMixin): ...@@ -86,6 +91,9 @@ class AclUpdateView(View, SingleObjectMixin):
type, id = m.groups() type, id = m.groups()
entity = {'u': User, 'g': Group}[type].objects.get(id=id) entity = {'u': User, 'g': Group}[type].objects.get(id=id)
instance.set_level(entity, value) instance.set_level(entity, value)
logger.info("Set %s's acl level for %s to %s by %s.",
unicode(entity), unicode(instance),
value, unicode(request.user))
name = request.POST['perm-new-name'] name = request.POST['perm-new-name']
value = request.POST['perm-new'] value = request.POST['perm-new']
...@@ -96,6 +104,9 @@ class AclUpdateView(View, SingleObjectMixin): ...@@ -96,6 +104,9 @@ class AclUpdateView(View, SingleObjectMixin):
entity = Group.objects.get(name=name) entity = Group.objects.get(name=name)
instance.set_level(entity, value) instance.set_level(entity, value)
return redirect(instance) return redirect(instance)
logger.info("Set %s's new acl level for %s to %s by %s.",
unicode(entity), unicode(instance),
value, unicode(request.user))
class TemplateDetail(DetailView): class TemplateDetail(DetailView):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment