storage: remove disk acl

dac4d7b7 · Bach Dániel · f0530049 · dac4d7b7 · dac4d7b7 · dac4d7b7
Commit dac4d7b7 authored Jul 22, 2014 by Bach Dániel
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 55 deletions

circle/dashboard/forms.py
+2 -4

circle/dashboard/views.py
+13 -29

circle/storage/models.py
+8 -15

circle/vm/models/instance.py
+0 -7

No files found.
--- a/circle/dashboard/forms.py
+++ b/circle/dashboard/forms.py
@@ -44,7 +44,6 @@ from django.core.urlresolvers import reverse_lazy

 from django_sshkey.models import UserKey
 from firewall.models import Vlan, Host
-from storage.models import Disk
 from vm.models import (
    InstanceTemplate, Lease, InterfaceTemplate, Node, Trait, Instance
 )
@@ -78,7 +77,7 @@ class VmCustomizeForm(forms.Form):
    amount = forms.IntegerField(min_value=0, initial=1)

    disks = forms.ModelMultipleChoiceField(
-        queryset=None, required=True)
+        queryset=None, required=False)
    networks = forms.ModelMultipleChoiceField(
        queryset=None, required=False)

@@ -91,8 +90,7 @@ class VmCustomizeForm(forms.Form):
        super(VmCustomizeForm, self).__init__(*args, **kwargs)

        # set displayed disk and network list
-        self.fields['disks'].queryset = Disk.get_objects_with_level(
-            'user', self.user).exclude(type="qcow2-snap")
+        self.fields['disks'].queryset = self.template.disks.all()
        self.fields['networks'].queryset = Vlan.get_objects_with_level(
            'user', self.user)


--- a/circle/dashboard/views.py
+++ b/circle/dashboard/views.py
@@ -1180,36 +1180,22 @@ class AclUpdateView(LoginRequiredMixin, View, SingleObjectMixin):
                entity = Group.objects.get(name=name)
            except Group.DoesNotExist:
                messages.warning(
-                    request, _('User or group "%s" not found.') % name)
+                    self.request, _('User or group "%s" not found.') % name)
                return
-        self.set_level(request, instance, entity, value)
+        self.set_level(entity, value)

    def post(self, request, *args, **kwargs):
-        instance = self.get_object()
-        self.acl_data = (instance.get_users_with_level() +
-                         instance.get_groups_with_level())
-        self.set_or_remove_levels(request, instance)
-        self.add_levels(request, instance)
-        return redirect("%s#access" % instance.get_absolute_url())
+        self.instance = self.get_object()
+        self.acl_data = (self.instance.get_users_with_level() +
+                         self.instance.get_groups_with_level())
+        self.set_or_remove_levels()
+        self.add_levels()
+        return redirect("%s#access" % self.instance.get_absolute_url())


 class TemplateAclUpdateView(AclUpdateView):
    model = InstanceTemplate

-    def post(self, request, *args, **kwargs):
-        retval = super(TemplateAclUpdateView,
-                       self).post(request, *args, **kwargs)
-        template = self.get_object()
-
-        post_for_disk = request.POST.copy()
-        post_for_disk['perm-new'] = 'user'
-        request.POST = post_for_disk
-        for d in template.disks.all():
-            self.set_or_remove_levels(request, d)
-            self.add_levels(request, d)
-
-        return retval
-

 class GroupAclUpdateView(AclUpdateView):
    model = Group
@@ -1818,13 +1804,12 @@ class VmCreate(LoginRequiredMixin, TemplateView):
            }
            networks = [InterfaceTemplate(vlan=l, managed=l.managed)
                        for l in post['networks']]
-            disks = post['disks']

            ikwargs.update({
                'template': template,
                'owner': user,
                'networks': networks,
-                'disks': disks,
+                'disks': list(template.disks.all()),
            })

            amount = post['amount']
@@ -2830,12 +2815,11 @@ class DiskRemoveView(DeleteView):

    def delete(self, request, *args, **kwargs):
        disk = self.get_object()
-        if not disk.has_level(request.user, 'owner'):
-            raise PermissionDenied()
-
-        disk = self.get_object()
        app = disk.get_appliance()

+        if not app.has_level(request.user, 'owner'):
+            raise PermissionDenied()
+
        app.remove_disk(disk=disk, user=request.user)
        disk.destroy()

@@ -2856,7 +2840,7 @@ class DiskRemoveView(DeleteView):
 @require_GET
 def get_disk_download_status(request, pk):
    disk = Disk.objects.get(pk=pk)
-    if not disk.has_level(request.user, 'owner'):
+    if not disk.get_appliance().has_level(request.user, 'owner'):
        raise PermissionDenied()

    return HttpResponse(

--- a/circle/storage/models.py
+++ b/circle/storage/models.py
@@ -31,7 +31,6 @@ from django.utils.translation import ugettext_lazy as _
 from model_utils.models import TimeStampedModel
 from sizefield.models import FileSizeField

-from acl.models import AclBase
 from .tasks import local_tasks, storage_tasks
 from celery.exceptions import TimeoutError
 from common.models import WorkerNotFound
@@ -76,15 +75,10 @@ class DataStore(Model):
                    destroyed__isnull=False) if disk.is_deletable]


-class Disk(AclBase, TimeStampedModel):
+class Disk(TimeStampedModel):

    """A virtual disk.
    """
-    ACL_LEVELS = (
-        ('user', _('user')),          # see all details
-        ('operator', _('operator')),
-        ('owner', _('owner')),        # superuser, can delete, delegate perms
-    )
    TYPES = [('qcow2-norm', 'qcow2 normal'), ('qcow2-snap', 'qcow2 snapshot'),
             ('iso', 'iso'), ('raw-ro', 'raw read-only'), ('raw-rw', 'raw')]
    name = CharField(blank=True, max_length=100, verbose_name=_("name"))
@@ -225,15 +219,14 @@ class Disk(AclBase, TimeStampedModel):
        return any(i.state != 'STOPPED' for i in self.instance_set.all())

    def get_appliance(self):
-        """Return an Instance or InstanceTemplate object where the disk is used
+        """Return the Instance or InstanceTemplate object where the disk
+        is used
        """
-        instance = self.instance_set.all()
-        template = self.template_set.all()
-        app = list(instance) + list(template)
-        if len(app) > 0:
-            return app[0]
-        else:
-            return None
+        from vm.models import Instance
+        try:
+            return self.instance_set.get()
+        except Instance.DoesNotExist:
+            return self.template_set.get()

    def get_exclusive(self):
        """Get an instance of the disk for exclusive usage.

--- a/circle/vm/models/instance.py
+++ b/circle/vm/models/instance.py
@@ -404,13 +404,6 @@ class Instance(AclBase, VirtualMachineDescModel, StatusModel, OperatedMixin,
        """
        disks = template.disks.all() if disks is None else disks

-        for disk in disks:
-            if not disk.has_level(owner, 'user'):
-                raise PermissionDenied()
-            elif (disk.type == 'qcow2-snap'
-                  and not disk.has_level(owner, 'owner')):
-                raise PermissionDenied()
-
        networks = (template.interface_set.all() if networks is None
                    else networks)