resolve merge conflict
diff --git a/xos/core/models/service.py b/xos/core/models/service.py
index 8a10f37..0b75ce3 100644
--- a/xos/core/models/service.py
+++ b/xos/core/models/service.py
@@ -29,6 +29,9 @@
def __unicode__(self): return u'%s' % (self.name)
+ def can_update(self, user):
+ return user.can_update_service(self, allow=['admin'])
+
def get_scalable_nodes(self, slice, max_per_node=None, exclusive_slices=[]):
"""
Get a list of nodes that can be used to scale up a slice.
@@ -101,12 +104,52 @@
s.save()
# print "add sliver", s
+>>>>>>> origin/master
class ServiceAttribute(PlCoreBase):
name = models.SlugField(help_text="Attribute Name", max_length=128)
value = StrippedCharField(help_text="Attribute Value", max_length=1024)
service = models.ForeignKey(Service, related_name='serviceattributes', help_text="The Service this attribute is associated with")
+class ServiceRole(PlCoreBase):
+ ROLE_CHOICES = (('admin','Admin'),)
+ role = StrippedCharField(choices=ROLE_CHOICES, unique=True, max_length=30)
+
+ def __unicode__(self): return u'%s' % (self.role)
+
+class ServicePrivilege(PlCoreBase):
+ user = models.ForeignKey('User', related_name='serviceprivileges')
+ service = models.ForeignKey('Service', related_name='serviceprivileges')
+ role = models.ForeignKey('ServiceRole',related_name='serviceprivileges')
+
+ class Meta:
+ unique_toggether = ('user', 'service', 'role')
+
+ def __unicode__(self): return u'%s %s %s' % (self.service, self.user, self.role)
+
+ def can_update(self, user):
+ if not self.service.enabled:
+ raise PermissionDenied, "Cannot modify permission(s) of a disabled service"
+ return self.service.can_update(user)
+
+ def save(self, *args, **kwds):
+ if not self.service.enabled:
+ raise PermissionDenied, "Cannot modify permission(s) of a disabled service"
+ super(ServicePrivilege, self).save(*args, **kwds)
+
+ def delete(self, *args, **kwds):
+ if not self.service.enabled:
+ raise PermissionDenied, "Cannot modify permission(s) of a disabled service"
+ super(ServicePrivilege, self).delete(*args, **kwds)
+
+ @staticmethod
+ def select_by_user(user):
+ if user.is_admin:
+ qs = ServicePrivilege.objects.all()
+ else:
+ qs = SitePrivilege.objects.filter(user=user)
+ return qs
+
class Tenant(PlCoreBase):
""" A tenant is a relationship between two entities, a subscriber and a
provider.
diff --git a/xos/core/models/user.py b/xos/core/models/user.py
index e34abdb..e62d6db 100644
--- a/xos/core/models/user.py
+++ b/xos/core/models/user.py
@@ -314,6 +314,15 @@
return True
return False
+ def can_update_service(self, service, allow=[]):
+ from core.models.service import ServicePrivilege
+ if self.can_update_root():
+ return True
+ if ServicePrivilege.objects.filter(
+ service=service, user=self, role__role__in=['admin', 'Admin']+allow):
+ return True
+ return False
+
@staticmethod
def select_by_user(user):
if user.is_admin: