role based filtering for keys
diff --git a/plstackapi/core/admin.py b/plstackapi/core/admin.py
index 2365225..2ddc73b 100644
--- a/plstackapi/core/admin.py
+++ b/plstackapi/core/admin.py
@@ -181,13 +181,13 @@
]
list_display = ['key', 'type', 'blacklisted', 'user']
- def get_queryset(self, request):
- # get keys user is allowed to see
- qs = super(KeyAdmin, self).get_queryset(request)
- if request.user.is_superuser:
- return qs
- # users can only see their own keys
- return qs.filter(user=request.user)
+ def queryset(self, request):
+ # admins can see all keys. Users can only see their own key.
+ if request.user.is_admin:
+ qs = super(KeyAdmin, self).queryset(request)
+ else:
+ qs = Key.objects.filter(user=request.user)
+ return qs
class SliceAdmin(OSModelAdmin):
fields = ['name', 'site', 'serviceClass', 'description', 'slice_url']
diff --git a/plstackapi/core/models/pluser.py b/plstackapi/core/models/pluser.py
index 6688cfe..d51572b 100644
--- a/plstackapi/core/models/pluser.py
+++ b/plstackapi/core/models/pluser.py
@@ -1,5 +1,6 @@
import os
import datetime
+from collections import defaultdict
from django.db import models
from plstackapi.core.models import PlCoreBase
from plstackapi.core.models import Site
@@ -93,6 +94,19 @@
# Simplest possible answer: Yes, always
return True
+ def get_roles(self):
+ from plstackapi.core.models.site import SitePrivilege
+ from plstackapi.core.models.slice import SliceMembership
+
+ site_privileges = SitePrivilege.objects.filter(user=self)
+ slice_memberships = SliceMembership.objects.filter(user=self)
+ roles = defaultdict(list)
+ for site_privilege in site_privileges:
+ roles[site_privilege.site.login_base].append(site_privilege.role.role_type)
+ for slice_membership in slice_memberships:
+ roles[slice_membership.slice.name].append(slice_membership.role.role_type)
+ return roles
+
def save(self, *args, **kwds):
if not hasattr(self, 'os_manager'):
setattr(self, 'os_manager', OpenStackManager())