common: add Operation.superuser_required

abfd7a2b · Őry Máté · 9b8d6f51 · abfd7a2b · abfd7a2b
Commit abfd7a2b authored Aug 28, 2014 by Őry Máté
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 15 deletions

circle/common/operations.py
+6 -2

circle/vm/operations.py
+2 -13

No files found.
--- a/circle/common/operations.py
+++ b/circle/common/operations.py
@@ -18,10 +18,10 @@
 from inspect import getargspec
 from logging import getLogger

-from .models import activity_context, has_suffix
-
 from django.core.exceptions import PermissionDenied, ImproperlyConfigured
+from django.utils.translation import ugettext_noop

+from .models import activity_context, has_suffix, humanize_exception

 logger = getLogger(__name__)

@@ -31,6 +31,7 @@ class Operation(object):
    """
    async_queue = 'localhost.man'
    required_perms = None
+    superuser_required = False
    do_not_call_in_templates = True
    abortable = False
    has_percentage = False
@@ -154,6 +155,9 @@ class Operation(object):
        if not user.has_perms(cls.required_perms):
            raise PermissionDenied("%s doesn't have the required permissions."
                                   % user)
+        if cls.superuser_required and not user.is_superuser:
+            raise humanize_exception(ugettext_noop(
+                "Superuser privileges are required."), PermissionDenied())

    def check_auth(self, user):
        """Check if user is permitted to run this operation on this instance

--- a/circle/vm/operations.py
+++ b/circle/vm/operations.py
@@ -366,6 +366,7 @@ class MigrateOperation(InstanceOperation):
    description = _("Move virtual machine to an other worker node with a few "
                    "seconds of interruption (live migration).")
    required_perms = ()
+    superuser_required = True
    accept_states = ('RUNNING', )

    def rollback(self, activity):
@@ -374,12 +375,6 @@ class MigrateOperation(InstanceOperation):
                "redeploy network (rollback)")):
            self.instance.deploy_net()

-    def check_auth(self, user):
-        if not user.is_superuser:
-            raise PermissionDenied()
-
-        super(MigrateOperation, self).check_auth(user=user)
-
    def _operation(self, activity, to_node=None, timeout=120):
        if not to_node:
            with activity.sub_activity('scheduling',
@@ -843,6 +838,7 @@ class FlushOperation(NodeOperation):
    name = _("flush")
    description = _("Disable node and move all instances to other ones.")
    required_perms = ()
+    superuser_required = True

    def on_abort(self, activity, error):
        from manager.scheduler import TraitsUnsatisfiableException
@@ -850,13 +846,6 @@ class FlushOperation(NodeOperation):
            if self.node_enabled:
                self.node.enable(activity.user, activity)

-    def check_auth(self, user):
-        if not user.is_superuser:
-            raise humanize_exception(ugettext_noop(
-                "Superuser privileges are required."), PermissionDenied())
-
-        super(FlushOperation, self).check_auth(user=user)
-
    def _operation(self, activity, user):
        self.node_enabled = self.node.enabled
        self.node.disable(user, activity)