checking in missing site/slice privilege steps
diff --git a/planetstack/core/admin.py b/planetstack/core/admin.py
index 4846a28..c9d3172 100644
--- a/planetstack/core/admin.py
+++ b/planetstack/core/admin.py
@@ -404,16 +404,6 @@
def queryset(self, request):
return DeploymentPrivilege.select_by_user(request.user)
-class ControllerPrivilegeInline(PlStackTabularInline):
- model = ControllerPrivilege
- extra = 0
- suit_classes = 'suit-tab suit-tab-admin-only'
- fields = ['backend_status_icon', 'user','role','controller']
- readonly_fields = ('backend_status_icon', )
-
- def queryset(self, request):
- return ControllerPrivilege.select_by_user(request.user)
-
class ControllerSiteInline(PlStackTabularInline):
model = ControllerSite
extra = 0
@@ -1217,7 +1207,7 @@
# that reference specific fields on auth.User.
list_display = ('email', 'firstname', 'lastname', 'site', 'last_login')
list_filter = ('site',)
- inlines = [SlicePrivilegeInline,SitePrivilegeInline,ControllerPrivilegeInline,UserDashboardViewInline]
+ inlines = [SlicePrivilegeInline,SitePrivilegeInline,UserDashboardViewInline]
fieldListLoginDetails = ['backend_status_text', 'email','site','password','is_active','is_readonly','is_admin','public_key']
fieldListContactInfo = ['firstname','lastname','phone','timezone']
diff --git a/planetstack/core/models/__init__.py b/planetstack/core/models/__init__.py
index 79c6611..fcb50be 100644
--- a/planetstack/core/models/__init__.py
+++ b/planetstack/core/models/__init__.py
@@ -5,13 +5,13 @@
from .service import ServiceAttribute
from .tag import Tag
from .role import Role
-from .site import Site, Deployment, DeploymentRole, DeploymentPrivilege, Controller, ControllerRole, ControllerPrivilege, ControllerSite, SiteDeployment
+from .site import Site, Deployment, DeploymentRole, DeploymentPrivilege, Controller, ControllerRole, ControllerSite, SiteDeployment
from .dashboard import DashboardView, ControllerDashboardView
from .user import User, UserDashboardView
from .serviceclass import ServiceClass
from .site import ControllerManager, ControllerDeletionManager, ControllerLinkManager,ControllerLinkDeletionManager
from .slice import Slice, ControllerSlice
-from .controlleruser import ControllerUser
+from .controlleruser import ControllerUser, ControllerSitePrivilege, ControllerSlicePrivilege
from .image import Image, ImageDeployments, ControllerImages
from .node import Node
from .serviceresource import ServiceResource
diff --git a/planetstack/core/models/controlleruser.py b/planetstack/core/models/controlleruser.py
index d0fda11..678ab77 100644
--- a/planetstack/core/models/controlleruser.py
+++ b/planetstack/core/models/controlleruser.py
@@ -24,3 +24,66 @@
users = Users.select_by_user(user)
qs = ControllerUser.objects.filter(user__in=users)
return qs
+
+
+class ControllerSitePrivilege(PlCoreBase):
+ objects = ControllerLinkManager()
+ deleted_objects = ControllerLinkDeletionManager()
+
+ controller = models.ForeignKey('Controller', related_name='controllersiteprivileges')
+ site_privilege = models.ForeignKey('SitePrivilege', related_name='controllersiteprivileges')
+ role_id = models.CharField(null=True, blank=True, max_length=200, db_index=True, help_text="Keystone id")
+
+ def __unicode__(self): return u'%s %s' % (self.controller, self.site_privilege)
+
+ def can_update(self, user):
+ if user.is_readonly:
+ return False
+ if user.is_admin:
+ return True
+ cprivs = ControllerSitePrivilege.objects.filter(site_privilege__user=user)
+ for cpriv in dprivs:
+ if cpriv.site_privilege.role.role == ['admin', 'Admin']:
+ return True
+ return False
+
+ @staticmethod
+ def select_by_user(user):
+ if user.is_admin:
+ qs = ControllerSitePrivilege.objects.all()
+ else:
+ cpriv_ids = [cp.id for cp in ControllerSitePrivilege.objects.filter(site_privilege__user=user)]
+ qs = ControllerSitePrivilege.objects.filter(id__in=cpriv_ids)
+ return qs
+
+
+class ControllerSlicePrivilege(PlCoreBase):
+ objects = ControllerLinkManager()
+ deleted_objects = ControllerLinkDeletionManager()
+
+ controller = models.ForeignKey('Controller', related_name='controllersliceprivileges')
+ slice_privilege = models.ForeignKey('SlicePrivilege', related_name='controllersliceprivileges')
+ role_id = models.CharField(null=True, blank=True, max_length=200, db_index=True, help_text="Keystone id")
+
+ def __unicode__(self): return u'%s %s' % (self.controller, self.slice_privilege)
+
+ def can_update(self, user):
+ if user.is_readonly:
+ return False
+ if user.is_admin:
+ return True
+ cprivs = ControllerSlicePrivilege.objects.filter(slice_privilege__user=user)
+ for cpriv in dprivs:
+ if cpriv.role.role == ['admin', 'Admin']:
+ return True
+ return False
+
+ @staticmethod
+ def select_by_user(user):
+ if user.is_admin:
+ qs = ControllerSlicePrivilege.objects.all()
+ else:
+ cpriv_ids = [cp.id for cp in ControllerSlicePrivilege.objects.filter(slice_privilege__user=user)]
+ qs = ControllerSlicePrivilege.objects.filter(id__in=cpriv_ids)
+ return qs
+
diff --git a/planetstack/core/models/site.py b/planetstack/core/models/site.py
index 1d46f4c..881468a 100644
--- a/planetstack/core/models/site.py
+++ b/planetstack/core/models/site.py
@@ -263,36 +263,6 @@
def __unicode__(self): return u'%s' % (self.role)
-class ControllerPrivilege(PlCoreBase):
- objects = ControllerLinkManager()
- deleted_objects = ControllerLinkDeletionManager()
-
- user = models.ForeignKey('User', related_name='controllerprivileges')
- controller = models.ForeignKey('Controller', related_name='controllerprivileges')
- role = models.ForeignKey('ControllerRole',related_name='controllerprivileges')
-
- def __unicode__(self): return u'%s %s %s' % (self.controller, self.user, self.role)
-
- def can_update(self, user):
- if user.is_readonly:
- return False
- if user.is_admin:
- return True
- cprivs = ControllerPrivilege.objects.filter(user=user)
- for cpriv in dprivs:
- if cpriv.role.role == 'admin':
- return True
- return False
-
- @staticmethod
- def select_by_user(user):
- if user.is_admin:
- qs = ControllerPrivilege.objects.all()
- else:
- cpriv_ids = [cp.id for cp in ControllerPrivilege.objects.filter(user=user)]
- qs = ControllerPrivilege.objects.filter(id__in=cpriv_ids)
- return qs
-
class Controller(PlCoreBase):
objects = ControllerManager()