add get_service_objects_by_user and get_tenant_objects_by_user, make cord admins check users privileges
diff --git a/xos/cord/admin.py b/xos/cord/admin.py
index 42416db..b84ee22 100644
--- a/xos/cord/admin.py
+++ b/xos/cord/admin.py
@@ -47,7 +47,7 @@
) #('hpctools.html', 'top', 'tools') )
def queryset(self, request):
- return VOLTService.get_service_objects()
+ return VOLTService.get_service_objects_by_user(request.user)
class VOLTTenantForm(forms.ModelForm):
vlan_id = forms.CharField()
@@ -83,7 +83,7 @@
suit_form_tabs = (('general','Details'),)
def queryset(self, request):
- return VOLTTenant.get_tenant_objects()
+ return VOLTTenant.get_tenant_objects_by_user(request.user)
#-----------------------------------------------------------------------------
# vCPE
@@ -147,7 +147,7 @@
) #('hpctools.html', 'top', 'tools') )
def queryset(self, request):
- return VCPEService.get_service_objects()
+ return VCPEService.get_service_objects_by_user(request.user)
class VCPETenantForm(forms.ModelForm):
bbs_account = forms.CharField(required=False)
@@ -188,7 +188,7 @@
suit_form_tabs = (('general','Details'),)
def queryset(self, request):
- return VCPETenant.get_tenant_objects()
+ return VCPETenant.get_tenant_objects_by_user(request.user)
#-----------------------------------------------------------------------------
# vBNG
@@ -238,7 +238,7 @@
) #('hpctools.html', 'top', 'tools') )
def queryset(self, request):
- return VBNGService.get_service_objects()
+ return VBNGService.get_service_objects_by_user(request.user)
class VBNGTenantForm(forms.ModelForm):
routeable_subnet = forms.CharField(required=False)
@@ -280,7 +280,7 @@
suit_form_tabs = (('general','Details'),)
def queryset(self, request):
- return VBNGTenant.get_tenant_objects()
+ return VBNGTenant.get_tenant_objects_by_user(request.user)
#-----------------------------------------------------------------------------
# CordSubscriberRoot
@@ -338,7 +338,7 @@
)
def queryset(self, request):
- return CordSubscriberRoot.get_tenant_objects()
+ return CordSubscriberRoot.get_tenant_objects_by_user(request.user)
admin.site.register(VOLTService, VOLTServiceAdmin)
admin.site.register(VOLTTenant, VOLTTenantAdmin)
diff --git a/xos/core/models/service.py b/xos/core/models/service.py
index 2067a39..54160aa 100644
--- a/xos/core/models/service.py
+++ b/xos/core/models/service.py
@@ -64,6 +64,18 @@
def get_service_objects(cls):
return cls.objects.filter(kind = cls.KIND)
+ @classmethod
+ def get_service_objects_by_user(cls, user):
+ return cls.select_by_user(user).filter(kind = cls.KIND)
+
+ @classmethod
+ def select_by_user(cls, user):
+ if user.is_admin:
+ return cls.objects.all()
+ else:
+ service_ids = [sp.slice.id for sp in ServicePrivilege.objects.filter(user=user)]
+ return cls.objects.filter(id__in=service_ids)
+
def __unicode__(self): return u'%s' % (self.name)
def can_update(self, user):
@@ -178,12 +190,12 @@
raise PermissionDenied, "Cannot modify permission(s) of a disabled service"
super(ServicePrivilege, self).delete(*args, **kwds)
- @staticmethod
- def select_by_user(user):
+ @classmethod
+ def select_by_user(cls, user):
if user.is_admin:
- qs = ServicePrivilege.objects.all()
+ qs = cls.objects.all()
else:
- qs = SitePrivilege.objects.filter(user=user)
+ qs = cls.objects.filter(user=user)
return qs
class TenantRoot(PlCoreBase, AttributeMixin):
@@ -226,6 +238,18 @@
def get_tenant_objects(cls):
return cls.objects.filter(kind = cls.KIND)
+ @classmethod
+ def get_tenant_objects_by_user(cls, user):
+ return cls.select_by_user(user).filter(kind = cls.KIND)
+
+ @classmethod
+ def select_by_user(cls, user):
+ if user.is_admin:
+ return cls.objects.all()
+ else:
+ tr_ids = [trp.tenant_root.id for trp in TenantRootPrivilege.objects.filter(user=user)]
+ return cls.objects.filter(id__in=tr_ids)
+
class Tenant(PlCoreBase, AttributeMixin):
""" A tenant is a relationship between two entities, a subscriber and a
provider. This object represents an edge.
@@ -272,6 +296,10 @@
return cls.objects.filter(kind = cls.KIND)
@classmethod
+ def get_tenant_objects_by_user(cls, user):
+ return cls.select_by_user(user).filter(kind = cls.KIND)
+
+ @classmethod
def get_deleted_tenant_objects(cls):
return cls.deleted_objects.filter(kind = cls.KIND)
@@ -359,11 +387,11 @@
def can_update(self, user):
return user.can_update_tenant_root_privilege(self)
- @staticmethod
- def select_by_user(user):
+ @classmethod
+ def select_by_user(cls, user):
if user.is_admin:
- qs = TenantRootPrivilege.objects.all()
+ qs = cls.objects.all()
else:
- qs = TenantRootPrivilege.objects.filter(user=user)
+ qs = cls.objects.filter(user=user)
return qs