Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
Gutyán Gábor
/
circlestack
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Snippets
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
dac4d7b7
authored
Jul 22, 2014
by
Bach Dániel
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
storage: remove disk acl
parent
f0530049
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
23 additions
and
55 deletions
+23
-55
circle/dashboard/forms.py
+2
-4
circle/dashboard/views.py
+13
-29
circle/storage/models.py
+8
-15
circle/vm/models/instance.py
+0
-7
No files found.
circle/dashboard/forms.py
View file @
dac4d7b7
...
...
@@ -44,7 +44,6 @@ from django.core.urlresolvers import reverse_lazy
from
django_sshkey.models
import
UserKey
from
firewall.models
import
Vlan
,
Host
from
storage.models
import
Disk
from
vm.models
import
(
InstanceTemplate
,
Lease
,
InterfaceTemplate
,
Node
,
Trait
,
Instance
)
...
...
@@ -78,7 +77,7 @@ class VmCustomizeForm(forms.Form):
amount
=
forms
.
IntegerField
(
min_value
=
0
,
initial
=
1
)
disks
=
forms
.
ModelMultipleChoiceField
(
queryset
=
None
,
required
=
Tru
e
)
queryset
=
None
,
required
=
Fals
e
)
networks
=
forms
.
ModelMultipleChoiceField
(
queryset
=
None
,
required
=
False
)
...
...
@@ -91,8 +90,7 @@ class VmCustomizeForm(forms.Form):
super
(
VmCustomizeForm
,
self
)
.
__init__
(
*
args
,
**
kwargs
)
# set displayed disk and network list
self
.
fields
[
'disks'
]
.
queryset
=
Disk
.
get_objects_with_level
(
'user'
,
self
.
user
)
.
exclude
(
type
=
"qcow2-snap"
)
self
.
fields
[
'disks'
]
.
queryset
=
self
.
template
.
disks
.
all
()
self
.
fields
[
'networks'
]
.
queryset
=
Vlan
.
get_objects_with_level
(
'user'
,
self
.
user
)
...
...
circle/dashboard/views.py
View file @
dac4d7b7
...
...
@@ -1180,36 +1180,22 @@ class AclUpdateView(LoginRequiredMixin, View, SingleObjectMixin):
entity
=
Group
.
objects
.
get
(
name
=
name
)
except
Group
.
DoesNotExist
:
messages
.
warning
(
request
,
_
(
'User or group "
%
s" not found.'
)
%
name
)
self
.
request
,
_
(
'User or group "
%
s" not found.'
)
%
name
)
return
self
.
set_level
(
request
,
instance
,
entity
,
value
)
self
.
set_level
(
entity
,
value
)
def
post
(
self
,
request
,
*
args
,
**
kwargs
):
instance
=
self
.
get_object
()
self
.
acl_data
=
(
instance
.
get_users_with_level
()
+
instance
.
get_groups_with_level
())
self
.
set_or_remove_levels
(
request
,
instance
)
self
.
add_levels
(
request
,
instance
)
return
redirect
(
"
%
s#access"
%
instance
.
get_absolute_url
())
self
.
instance
=
self
.
get_object
()
self
.
acl_data
=
(
self
.
instance
.
get_users_with_level
()
+
self
.
instance
.
get_groups_with_level
())
self
.
set_or_remove_levels
()
self
.
add_levels
()
return
redirect
(
"
%
s#access"
%
self
.
instance
.
get_absolute_url
())
class
TemplateAclUpdateView
(
AclUpdateView
):
model
=
InstanceTemplate
def
post
(
self
,
request
,
*
args
,
**
kwargs
):
retval
=
super
(
TemplateAclUpdateView
,
self
)
.
post
(
request
,
*
args
,
**
kwargs
)
template
=
self
.
get_object
()
post_for_disk
=
request
.
POST
.
copy
()
post_for_disk
[
'perm-new'
]
=
'user'
request
.
POST
=
post_for_disk
for
d
in
template
.
disks
.
all
():
self
.
set_or_remove_levels
(
request
,
d
)
self
.
add_levels
(
request
,
d
)
return
retval
class
GroupAclUpdateView
(
AclUpdateView
):
model
=
Group
...
...
@@ -1818,13 +1804,12 @@ class VmCreate(LoginRequiredMixin, TemplateView):
}
networks
=
[
InterfaceTemplate
(
vlan
=
l
,
managed
=
l
.
managed
)
for
l
in
post
[
'networks'
]]
disks
=
post
[
'disks'
]
ikwargs
.
update
({
'template'
:
template
,
'owner'
:
user
,
'networks'
:
networks
,
'disks'
:
disks
,
'disks'
:
list
(
template
.
disks
.
all
())
,
})
amount
=
post
[
'amount'
]
...
...
@@ -2830,12 +2815,11 @@ class DiskRemoveView(DeleteView):
def
delete
(
self
,
request
,
*
args
,
**
kwargs
):
disk
=
self
.
get_object
()
if
not
disk
.
has_level
(
request
.
user
,
'owner'
):
raise
PermissionDenied
()
disk
=
self
.
get_object
()
app
=
disk
.
get_appliance
()
if
not
app
.
has_level
(
request
.
user
,
'owner'
):
raise
PermissionDenied
()
app
.
remove_disk
(
disk
=
disk
,
user
=
request
.
user
)
disk
.
destroy
()
...
...
@@ -2856,7 +2840,7 @@ class DiskRemoveView(DeleteView):
@require_GET
def
get_disk_download_status
(
request
,
pk
):
disk
=
Disk
.
objects
.
get
(
pk
=
pk
)
if
not
disk
.
has_level
(
request
.
user
,
'owner'
):
if
not
disk
.
get_appliance
()
.
has_level
(
request
.
user
,
'owner'
):
raise
PermissionDenied
()
return
HttpResponse
(
...
...
circle/storage/models.py
View file @
dac4d7b7
...
...
@@ -31,7 +31,6 @@ from django.utils.translation import ugettext_lazy as _
from
model_utils.models
import
TimeStampedModel
from
sizefield.models
import
FileSizeField
from
acl.models
import
AclBase
from
.tasks
import
local_tasks
,
storage_tasks
from
celery.exceptions
import
TimeoutError
from
common.models
import
WorkerNotFound
...
...
@@ -76,15 +75,10 @@ class DataStore(Model):
destroyed__isnull
=
False
)
if
disk
.
is_deletable
]
class
Disk
(
AclBase
,
TimeStampedModel
):
class
Disk
(
TimeStampedModel
):
"""A virtual disk.
"""
ACL_LEVELS
=
(
(
'user'
,
_
(
'user'
)),
# see all details
(
'operator'
,
_
(
'operator'
)),
(
'owner'
,
_
(
'owner'
)),
# superuser, can delete, delegate perms
)
TYPES
=
[(
'qcow2-norm'
,
'qcow2 normal'
),
(
'qcow2-snap'
,
'qcow2 snapshot'
),
(
'iso'
,
'iso'
),
(
'raw-ro'
,
'raw read-only'
),
(
'raw-rw'
,
'raw'
)]
name
=
CharField
(
blank
=
True
,
max_length
=
100
,
verbose_name
=
_
(
"name"
))
...
...
@@ -225,15 +219,14 @@ class Disk(AclBase, TimeStampedModel):
return
any
(
i
.
state
!=
'STOPPED'
for
i
in
self
.
instance_set
.
all
())
def
get_appliance
(
self
):
"""Return an Instance or InstanceTemplate object where the disk is used
"""Return the Instance or InstanceTemplate object where the disk
is used
"""
instance
=
self
.
instance_set
.
all
()
template
=
self
.
template_set
.
all
()
app
=
list
(
instance
)
+
list
(
template
)
if
len
(
app
)
>
0
:
return
app
[
0
]
else
:
return
None
from
vm.models
import
Instance
try
:
return
self
.
instance_set
.
get
()
except
Instance
.
DoesNotExist
:
return
self
.
template_set
.
get
()
def
get_exclusive
(
self
):
"""Get an instance of the disk for exclusive usage.
...
...
circle/vm/models/instance.py
View file @
dac4d7b7
...
...
@@ -404,13 +404,6 @@ class Instance(AclBase, VirtualMachineDescModel, StatusModel, OperatedMixin,
"""
disks
=
template
.
disks
.
all
()
if
disks
is
None
else
disks
for
disk
in
disks
:
if
not
disk
.
has_level
(
owner
,
'user'
):
raise
PermissionDenied
()
elif
(
disk
.
type
==
'qcow2-snap'
and
not
disk
.
has_level
(
owner
,
'owner'
)):
raise
PermissionDenied
()
networks
=
(
template
.
interface_set
.
all
()
if
networks
is
None
else
networks
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment