commit c18f52b5c87c7bb3f05580e271338e8b58d36e27
author Scott Baker <smbaker@gmail.com> Tue Jan 20 17:02:53 2015 -0800
committer Scott Baker <smbaker@gmail.com> Tue Jan 20 17:02:53 2015 -0800
tree dc65ba945048b1e368e534c4c5626f08df05de30
parent d7269eff92dae385eeac8da032719a20cb155857

tenant view only shows sites the user should be able to see

planetstack/core/xoslib/methods/sliceplus.py

diff --git a/planetstack/core/xoslib/methods/sliceplus.py b/planetstack/core/xoslib/methods/sliceplus.py
index 4d15d41..9e93e6d 100644
--- a/planetstack/core/xoslib/methods/sliceplus.py
+++ b/planetstack/core/xoslib/methods/sliceplus.py
@@ -45,6 +45,14 @@
         site_allocation = DictionaryField(required=False)

         users = ListField(required=False)

         user_names = ListField(required=False) # readonly = True ?

+        current_user_can_see = serializers.SerializerMethodField("getCurrentUserCanSee")

+

+        def getCurrentUserCanSee(self, slice):

+            # user can 'see' the slice if he is the creator or he has a role

+            current_user = self.context['request'].user

+            if (slice.creator and slice.creator==current_user):

+                return True;

+            return (len(slice.getSliceInfo(current_user)["roles"]) > 0)

 

         def getSliceInfo(self, slice):

             return slice.getSliceInfo(user=self.context['request'].user)

@@ -58,9 +66,9 @@
             model = SlicePlus

             fields = ('humanReadableName', 'id','created','updated','enacted','name','enabled','omf_friendly','description','slice_url','site','max_slivers','service','network','mount_data_sets',
                       'default_image', 'default_flavor',
-                      'serviceClass','creator','networks','sliceInfo','network_ports','backendIcon','backendHtml','site_allocation','users',"user_names")
+                      'serviceClass','creator','networks','sliceInfo','network_ports','backendIcon','backendHtml','site_allocation','users',"user_names","current_user_can_see")
 
-class SlicePlusList(PlusListCreateAPIView): #generics.ListCreateAPIView):
+class SlicePlusList(PlusListCreateAPIView):
     queryset = SlicePlus.objects.select_related().all()
     serializer_class = SlicePlusIdSerializer
 
@@ -68,7 +76,22 @@
     method_name = "slicesplus"
 
     def get_queryset(self):
-        return SlicePlus.select_by_user(self.request.user)
+        current_user_can_see = self.request.QUERY_PARAMS.get('current_user_can_see', False)
+
+        slices = SlicePlus.select_by_user(self.request.user)
+
+        # If current_user_can_see is set, then filter the queryset to return
+        # only those slices that the user is either creator or has privilege
+        # on.
+        if (current_user_can_see):
+            slice_ids = []
+            for slice in slices:
+                if (self.request.user == slice.creator) or (len(slice.getSliceInfo(self.request.user)["roles"]) > 0):
+                    slice_ids.append(slice.id)
+
+            slices = SlicePlus.objects.filter(id__in=slice_ids)
+
+        return slices
 
 class SlicePlusDetail(PlusRetrieveUpdateDestroyAPIView):
     queryset = SlicePlus.objects.select_related().all()