can_edit pour machines.models

f37958fd · Maël Kervella · root · 50ea71d8 · f37958fd · f37958fd
Commit f37958fd authored Nov 29, 2017 by Maël Kervella Committed by root Jan 06, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 282 additions and 95 deletions

machines/models.py machines/models.py +143 -2

machines/views.py machines/views.py +139 -93

No files found.
--- a/machines/models.py
+++ b/machines/models.py
@@ -72,6 +72,9 @@ class Machine(models.Model):
                        % max_lambdauser_interfaces
        return True, None

+    def can_edit(user_request, machineid):
+        return True, None
+
    def __str__(self):
        return str(self.user) + ' - ' + str(self.id) + ' - ' + str(self.name)

@@ -97,6 +100,15 @@ class MachineType(models.Model):
        return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
                de créer un type de machine"

+    def can_edit(user_request, machinetypeid):
+        if not user_request.has_perms(('infra',)):
+            return False, u"Vous n'avez pas le droit d'éditer des types de machine"
+        try:
+            machinetype_instance = MachineType.objects.get(pk=machinetypeid)
+        except MachineType.DoesNotExist:
+            return False, u"Type de machine inexistant"
+        return True, None
+
    def __str__(self):
        return self.type

@@ -211,6 +223,15 @@ class IpType(models.Model):
        return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
                de créer un type d'ip"

+    def can_edit(user_request, iptypeid):
+        if not user_request.has_perms(('infra',)):
+            return False, u"Vous n'avez pas le droit d'éditer des types d'ip"
+        try:
+            iptype_instance = IpType.objects.get(pk=iptypeid)
+        except IpType.DoesNotExist:
+            return False, u"Type d'ip inexistant"
+        return True, None
+
    def __str__(self):
        return self.type

@@ -228,6 +249,15 @@ class Vlan(models.Model):
        return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
                de créer un vlan"

+    def can_edit(user_request, vlanid):
+        if not user_request.has_perms(('infra',)):
+            return False, u"Vous n'avez pas le droit d'éditer des vlans"
+        try:
+            vlan_instance = Vlan.objects.get(pk=vlanid)
+        except Vlan.DoesNotExist:
+            return False, u"Vlan inexistant"
+        return True, None
+
    def __str__(self):
        return self.name

@@ -266,6 +296,15 @@ class Nas(models.Model):
        return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
                de créer un nas"

+    def can_edit(user_request, nasid):
+        if not user_request.has_perms(('infra',)):
+            return False, u"Vous n'avez pas le droit d'éditer des nas"
+        try:
+            nas_instance = Nas.objects.get(pk=nasid)
+        except Nas.DoesNotExist:
+            return False, u"Nas inexistant"
+        return True, None
+
    def __str__(self):
        return self.name

@@ -306,6 +345,15 @@ class SOA(models.Model):
        return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
                de créer un enregistrement SOA"

+    def can_edit(user_request, soaid):
+        if not user_request.has_perms(('infra',)):
+            return False, u"Vous n'avez pas le droit d'éditer des enregistrements SOA"
+        try:
+            soa_instance = SOA.objects.get(pk=soaid)
+        except SOA.DoesNotExist:
+            return False, u"Enregistrement SOA inexistant"
+        return True, None
+
    def __str__(self):
        return str(self.name)

@@ -392,6 +440,15 @@ class Extension(models.Model):
        return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
                de créer une extension"

+    def can_edit(user_request, extensionid):
+        if not user_request.has_perms(('infra',)):
+            return False, u"Vous n'avez pas le droit d'éditer des extensions"
+        try:
+            extension_instance = Extension.objects.get(pk=extensionid)
+        except Extension.DoesNotExist:
+            return False, u"Extension inexistante"
+        return True, None
+
    def __str__(self):
        return self.name

@@ -421,6 +478,15 @@ class Mx(models.Model):
        return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
                de créer un enregistrement MX"

+    def can_edit(user_request, mxid):
+        if not user_request.has_perms(('infra',)):
+            return False, u"Vous n'avez pas le droit d'éditer des enregstrements MX"
+        try:
+            mx_instance = Mx.objects.get(pk=mxid)
+        except Mx.DoesNotExist:
+            return False, u"Enregistremet MX inexistant"
+        return True, None
+
    def __str__(self):
        return str(self.zone) + ' ' + str(self.priority) + ' ' + str(self.name)

@@ -441,6 +507,15 @@ class Ns(models.Model):
        return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
                de créer un enregistrement NS"

+    def can_edit(user_request, nsid):
+        if not user_request.has_perms(('infra',)):
+            return False, u"Vous n'avez pas le droit d'éditer des enregistrements NS"
+        try:
+            ns_instance = Ns.objects.get(pk=nsid)
+        except Ns.DoesNotExist:
+            return False, u"Enregistrement NS inexistant"
+        return True, None
+
    def __str__(self):
        return str(self.zone) + ' ' + str(self.ns)

@@ -457,6 +532,15 @@ class Txt(models.Model):
        return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
                de créer un enregistrement TXT"

+    def can_edit(user_request, txtid):
+        if not user_request.has_perms(('infra',)):
+            return False, u"Vous n'avez pas le droit d'éditer des enregistrement TXT"
+        try:
+            txt_instance = Txt.objects.get(pk=txtid)
+        except Txt.DoesNotExist:
+            return False, u"Enregistrement TXT inexistant"
+        return True, None
+
    def __str__(self):
        return str(self.zone) + " : " + str(self.field1) + " " +\
            str(self.field2)
@@ -514,6 +598,15 @@ class Srv(models.Model):
        return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
                de créer un enregistrement SRV"

+    def can_edit(user_request, srvid):
+        if not user_request.has_perms(('infra',)):
+            return False, u"Vous n'avez pas le droit d'éditer des enregistrements SRV"
+        try:
+            srv_instance = Srv.objects.get(pk=srvid)
+        except Srv.DoesNotExist:
+            return False, u"Enregistrement SRV inexistant"
+        return True, None
+
    def __str__(self):
        return str(self.service) + ' ' + str(self.protocole) + ' ' +\
            str(self.extension) + ' ' + str(self.priority) +\
@@ -648,6 +741,17 @@ class Interface(models.Model):
                        % max_lambdauser_interfaces
        return True, None

+    def can_edit(user_request, interfaceid):
+        try:
+            interface = Interface.objects.get(pk=interfaceid)
+        except Interface.DoesNotExist:
+            return False, u"Interface inexistante"
+        if not user_request.has_perms(('infra',)):
+            if not user_request.has_perms(('cableur',)) and interface.machine.user != user_request:
+                return False, u"Vous ne pouvez pas éditer une machine\
+                        d'un autre user que vous sans droit"
+        return True, None
+
    def __str__(self):
        try:
            domain = self.domain
@@ -768,6 +872,16 @@ class Domain(models.Model):
                        % max_lambdauser_aliases
        return True, None

+    def can_edit(user_request, domainid):
+        try:
+            alias_instance = Domain.objects.get(pk=domainid)
+        except Domain.DoesNotExist:
+            return False, u"Alias inexistant"
+        if not user_request.has_perms(('cableur',)) and (alias_instance.cname is None or alias_instance.cname.interface_parent.machine.user != user_request):
+            return False, u"Vous ne pouvez pas ajouter un alias à une machine\
+                    d'un autre user que vous sans droit"
+        return True, None
+
    def __str__(self):
        return str(self.name) + str(self.extension)

@@ -798,6 +912,9 @@ class IpList(models.Model):
    def can_create(user_request):
        return True, None

+    def can_edit(user_request, iplistid):
+        return True, None
+
    def __str__(self):
        return self.ipv4

@@ -842,6 +959,15 @@ class Service(models.Model):
        return user_request.has_perms(('infra',)) , u"Vous n'avez pas le droit\
                de créer un service"

+    def can_edit(user_request, serviceid):
+        if not user_request.has_perms(('infra',)):
+            return False, u"Vous n'avez pas le droit d'éditer des services"
+        try:
+            service_instance = Service.objects.get(pk=serviceid)
+        except Service.DoesNotExist:
+            return False, u"Service inexistant"
+        return True, None
+
    def __str__(self):
        return str(self.service_type)

@@ -885,6 +1011,9 @@ class Service_link(models.Model):
    def can_create(user_request):
        return True, None

+    def can_edit(user_request, service_linkid):
+        return True, None
+
    def __str__(self):
        return str(self.server) + " " + str(self.service)

@@ -899,6 +1028,16 @@ class OuverturePortList(models.Model):
    )

    def can_create(user_request):
+        return user_request.has_perms(('bureau',)) , u"Vous n'avez pas le droit\
+                d'ouvrir un port"
+
+    def can_edit(user_request, ouvertureportlistpk):
+        if not user_request.has_perms(('bureau',)):
+            return False, u"Vous n'avez pas le droit d'éditer des ouvertures de port"
+        try:
+            port_list_instance = OuverturePortList.objects.get(pk=ouvertureportlistpk)
+        except OuverturePortList.DoesNotExist:
+            return False, u"Ouverture de port inexistante"
        return True, None

    def __str__(self):
@@ -972,8 +1111,10 @@ class OuverturePort(models.Model):
    )

    def can_create(user_request):
-        return user_request.has_perms(('bureau',)) , u"Vous n'avez pas le droit\
-                d'ouvrir un port"
+        return True, None
+
+    def can_edit(user_request, ouvertureportid):
+        return True, None

    def __str__(self):
        if self.begin == self.end:

--- a/machines/views.py
+++ b/machines/views.py
@@ -273,18 +273,17 @@ def new_machine(request, userid):
 def edit_interface(request, interfaceid):
    """ Edition d'une interface. Distingue suivant les droits les valeurs de interfaces et machines que l'user peut modifier
    infra permet de modifier le propriétaire"""
-    try:
-        interface = Interface.objects.get(pk=interfaceid)
-    except Interface.DoesNotExist:
-        messages.error(request, u"Interface inexistante" )
-        return redirect(reverse('machines:index'))
+
+    can, reason = Interface.can_edit(request.user, interfaceid)
+    if not can:
+        messages.error(request, reason)
+        return redirect(reverse(
+            'users:profil',
+            kwargs={'userid':str(request.user.id)}
+        ))
+
+    interface = Interface.objects.get(pk=interfaceid)
    if not request.user.has_perms(('infra',)):
-        if not request.user.has_perms(('cableur',)) and interface.machine.user != request.user:
-            messages.error(request, "Vous ne pouvez pas éditer une machine d'un autre user que vous sans droit")
-            return redirect(reverse(
-                'users:profil',
-                kwargs={'userid':str(request.user.id)}
-                ))
        machine_form = BaseEditMachineForm(request.POST or None, instance=interface.machine)
        interface_form = BaseEditInterfaceForm(request.POST or None, instance=interface, infra=False)
    else:
@@ -432,14 +431,18 @@ def add_iptype(request):
    return form({'iptypeform': iptype}, 'machines/machine.html', request)

 @login_required
-@permission_required('infra')
 def edit_iptype(request, iptypeid):
    """ Edition d'un range. Ne permet pas de le redimensionner pour éviter l'incohérence"""
-    try:
-        iptype_instance = IpType.objects.get(pk=iptypeid)
-    except IpType.DoesNotExist:
-        messages.error(request, u"Entrée inexistante" )
-        return redirect(reverse('machines:index-iptype'))
+    
+    can, reason = IpType.can_edit(request.user, iptypeid)
+    if not can:
+        messages.error(request, reason)
+        return redirect(reverse(
+            'users:profil',
+            kwargs={'userid':str(request.user.id)}
+        ))
+
+    iptype_instance = IpType.objects.get(pk=iptypeid)
    iptype = EditIpTypeForm(request.POST or None, instance=iptype_instance)
    if iptype.is_valid():
        with transaction.atomic(), reversion.create_revision():
@@ -490,13 +493,17 @@ def add_machinetype(request):
    return form({'machinetypeform': machinetype}, 'machines/machine.html', request)

 @login_required
-@permission_required('infra')
 def edit_machinetype(request, machinetypeid):
-    try:
-        machinetype_instance = MachineType.objects.get(pk=machinetypeid)
-    except MachineType.DoesNotExist:
-        messages.error(request, u"Entrée inexistante" )
-        return redirect(reverse('machines:index-machinetype'))
+
+    can, reason = MachineType.can_edit(request.user, machinetypeid)
+    if not can:
+        messages.error(request, reason)
+        return redirect(reverse(
+            'users:profil',
+            kwargs={'userid':str(request.user.id)}
+        ))
+
+    machinetype_instance = MachineType.objects.get(pk=machinetypeid)
    machinetype = MachineTypeForm(request.POST or None, instance=machinetype_instance)
    if machinetype.is_valid():
        with transaction.atomic(), reversion.create_revision():
@@ -546,20 +553,24 @@ def add_extension(request):
    return form({'extensionform': extension}, 'machines/machine.html', request)

 @login_required
-@permission_required('infra')
 def edit_extension(request, extensionid):
-    try:
-        extension_instance = Extension.objects.get(pk=extensionid)
-    except Extension.DoesNotExist:
-        messages.error(request, u"Entrée inexistante" )
-        return redirect(reverse('machines:index-extension'))
+
+    can, reason = Extension.can_edit(request.user, extensionid)
+    if not can:
+        messages.error(request, reason)
+        return redirect(reverse(
+            'users:profil',
+            kwargs={'userid':str(request.user.id)}
+        ))
+
+    extension_instance = Extension.objects.get(pk=extensionid)
    extension = ExtensionForm(request.POST or None, instance=extension_instance)
    if extension.is_valid():
        with transaction.atomic(), reversion.create_revision():
            extension.save()
            reversion.set_user(request.user)
            reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in extension.changed_data))
-        messages.success(request, "Extension modifiée")
+        mssages.success(request, "Extension modifiée")
        return redirect(reverse('machines:index-extension'))
    return form({'extensionform': extension}, 'machines/machine.html', request)

@@ -602,13 +613,17 @@ def add_soa(request):
    return form({'soaform': soa}, 'machines/machine.html', request)

 @login_required
-@permission_required('infra')
 def edit_soa(request, soaid):
-    try:
-        soa_instance = SOA.objects.get(pk=soaid)
-    except SOA.DoesNotExist:
-        messages.error(request, u"Entrée inexistante" )
-        return redirect(reverse('machines:index-extension'))
+
+    can, reason = SOA.can_edit(request.user, soaid)
+    if not can:
+        messages.error(request, reason)
+        return redirect(reverse(
+            'users:profil',
+            kwargs={'userid':str(request.user.id)}
+        ))
+
+    soa_instance = SOA.objects.get(pk=soaid)
    soa = SOAForm(request.POST or None, instance=soa_instance)
    if soa.is_valid():
        with transaction.atomic(), reversion.create_revision():
@@ -658,13 +673,17 @@ def add_mx(request):
    return form({'mxform': mx}, 'machines/machine.html', request)

 @login_required
-@permission_required('infra')
 def edit_mx(request, mxid):
-    try:
-        mx_instance = Mx.objects.get(pk=mxid)
-    except Mx.DoesNotExist:
-        messages.error(request, u"Entrée inexistante" )
-        return redirect(reverse('machines:index-extension'))
+    
+    can, reason = Mx.can_edit(request.user, mxid)
+    if not can:
+        messages.error(request, reason)
+        return redirect(reverse(
+            'users:profil',
+            kwargs={'userid':str(request.user.id)}
+        ))
+    
+    mx_instance = Mx.objects.get(pk=mxid)
    mx = MxForm(request.POST or None, instance=mx_instance)
    if mx.is_valid():
        with transaction.atomic(), reversion.create_revision():
@@ -714,13 +733,17 @@ def add_ns(request):
    return form({'nsform': ns}, 'machines/machine.html', request)

 @login_required
-@permission_required('infra')
 def edit_ns(request, nsid):
-    try:
-        ns_instance = Ns.objects.get(pk=nsid)
-    except Ns.DoesNotExist:
-        messages.error(request, u"Entrée inexistante" )
-        return redirect(reverse('machines:index-extension'))
+
+    can, reason = Ns.can_edit(request.user, nsid)
+    if not can:
+        messages.error(request, reason)
+        return redirect(reverse(
+            'users:profil',
+            kwargs={'userid':str(request.user.id)}
+        ))
+
+    ns_instance = Ns.objects.get(pk=nsid)
    ns = NsForm(request.POST or None, instance=ns_instance)
    if ns.is_valid():
        with transaction.atomic(), reversion.create_revision():
@@ -770,13 +793,17 @@ def add_txt(request):
    return form({'txtform': txt}, 'machines/machine.html', request)

 @login_required
-@permission_required('infra')
 def edit_txt(request, txtid):
-    try:
-        txt_instance = Txt.objects.get(pk=txtid)
-    except Txt.DoesNotExist:
-        messages.error(request, u"Entrée inexistante" )
-        return redirect(reverse('machines:index-extension'))
+
+    can, reason = Txt.can_edit(request.user, txtid)
+    if not can:
+        messages.error(request, reason)
+        return redirect(reverse(
+            'users:profil',
+            kwargs={'userid':str(request.user.id)}
+        ))
+
+    txt_instance = Txt.objects.get(pk=txtid)
    txt = TxtForm(request.POST or None, instance=txt_instance)
    if txt.is_valid():
        with transaction.atomic(), reversion.create_revision():
@@ -826,13 +853,17 @@ def add_srv(request):
    return form({'srvform': srv}, 'machines/machine.html', request)

 @login_required
-@permission_required('infra')
 def edit_srv(request, srvid):
-    try:
-        srv_instance = Srv.objects.get(pk=srvid)
-    except Srv.DoesNotExist:
-        messages.error(request, u"Entrée inexistante" )
-        return redirect(reverse('machines:index-extension'))
+
+    can, reason = Srv.can_edit(request.user, srvid)
+    if not can:
+        messages.error(request, reason)
+        return redirect(reverse(
+            'users:profil',
+            kwargs={'userid':str(request.user.id)}
+        ))
+
+    srv_instance = Srv.objects.get(pk=srvid)
    srv = SrvForm(request.POST or None, instance=srv_instance)
    if srv.is_valid():
        with transaction.atomic(), reversion.create_revision():
@@ -890,17 +921,16 @@ def add_alias(request, interfaceid):

 @login_required
 def edit_alias(request, aliasid):
-    try:
-        alias_instance = Domain.objects.get(pk=aliasid)
-    except Domain.DoesNotExist:
-        messages.error(request, u"Entrée inexistante" )
-        return redirect(reverse('machines:index-extension'))
-    if not request.user.has_perms(('cableur',)) and alias_instance.cname.interface_parent.machine.user != request.user:
-        messages.error(request, "Vous ne pouvez pas ajouter un alias à une machine d'un autre user que vous sans droit")
+
+    can, reason = Domain.can_edit(request.user, aliasid)
+    if not can:
+        messages.error(request, reason)
        return redirect(reverse(
            'users:profil',
            kwargs={'userid':str(request.user.id)}
-            ))
+        ))
+                            
+    alias_instance = Domain.objects.get(pk=aliasid)
    alias = AliasForm(request.POST or None, instance=alias_instance, infra=request.user.has_perms(('infra',)))
    if alias.is_valid():
        with transaction.atomic(), reversion.create_revision():
@@ -967,13 +997,17 @@ def add_service(request):
    return form({'serviceform': service}, 'machines/machine.html', request)

 @login_required
-@permission_required('infra')
 def edit_service(request, serviceid):
-    try:
-        service_instance = Service.objects.get(pk=serviceid)
-    except Ns.DoesNotExist:
-        messages.error(request, u"Entrée inexistante" )
-        return redirect(reverse('machines:index-extension'))
+
+    can, reason = Service.can_edit(request.user, serviceid)
+    if not can:
+        messages.error(request, reason)
+        return redirect(reverse(
+            'users:profil',
+            kwargs={'userid':str(request.user.id)}
+        ))
+                                
+    service_instance = Service.objects.get(pk=serviceid)
    service = ServiceForm(request.POST or None, instance=service_instance)
    if service.is_valid():
        with transaction.atomic(), reversion.create_revision():
@@ -1023,13 +1057,17 @@ def add_vlan(request):
    return form({'vlanform': vlan}, 'machines/machine.html', request)

 @login_required
-@permission_required('infra')
 def edit_vlan(request, vlanid):
-    try:
-        vlan_instance = Vlan.objects.get(pk=vlanid)
-    except Vlan.DoesNotExist:
-        messages.error(request, u"Entrée inexistante" )
-        return redirect(reverse('machines:index-vlan'))
+
+    can, reason = Vlan.can_edit(request.user, vlanid)
+    if not can:
+        messages.error(request, reason)
+        return redirect(reverse(
+            'users:profil',
+            kwargs={'userid':str(request.user.id)}
+        ))
+
+    vlan_instance = Vlan.objects.get(pk=vlanid)
    vlan = VlanForm(request.POST or None, instance=vlan_instance)
    if vlan.is_valid():
        with transaction.atomic(), reversion.create_revision():
@@ -1079,13 +1117,17 @@ def add_nas(request):
    return form({'nasform': nas}, 'machines/machine.html', request)

 @login_required
-@permission_required('infra')
 def edit_nas(request, nasid):
-    try:
-        nas_instance = Nas.objects.get(pk=nasid)
-    except Nas.DoesNotExist:
-        messages.error(request, u"Entrée inexistante" )
-        return redirect(reverse('machines:index-nas'))
+
+    can, reason = Nas.can_edit(request.user, nasid)
+    if not can:
+        messages.error(request, reason)
+        return redirect(reverse(
+            'users:profil',
+            kwargs={'userid':str(request.user.id)}
+        ))
+
+    nas_instance = Nas.objects.get(pk=nasid)
    nas = NasForm(request.POST or None, instance=nas_instance)
    if nas.is_valid():
        with transaction.atomic(), reversion.create_revision():
@@ -1327,13 +1369,17 @@ def index_portlist(request):
    return render(request, "machines/index_portlist.html", {'port_list':port_list})

 @login_required
-@permission_required('bureau')
 def edit_portlist(request, pk):
-    try:
-        port_list_instance = OuverturePortList.objects.get(pk=pk)
-    except OuverturePortList.DoesNotExist:
-        messages.error(request, "Liste de ports inexistante")
-        return redirect(reverse('machines:index-portlist'))
+
+    can, reason = OuverturePortList.can_edit(request.user, pk)
+    if not can:
+        messages.error(request, reason)
+        return redirect(reverse(
+            'users:profil',
+            kwargs={'userid':str(request.user.id)}
+        ))
+
+    port_list_instance = OuverturePortList.objects.get(pk=pk)
    port_list = EditOuverturePortListForm(request.POST or None, instance=port_list_instance)
    port_formset = modelformset_factory(
            OuverturePort,
@@ -1373,7 +1419,7 @@ def del_portlist(request, pk):
 @login_required
 def add_portlist(request):

-    can, reason = OuverturePort.can_create(request.user)
+    can, reason = OuverturePortList.can_create(request.user)
    if not can:
        messages.error(request, reason)
        return redirect(reverse(