Skip to content
Snippets Groups Projects
Commit d50fd7b6 authored by Leonidas Poulopoulos's avatar Leonidas Poulopoulos
Browse files

Added admin deactivate action with user rights prevention

parent a387277a
No related branches found
No related tags found
No related merge requests found
...@@ -2,31 +2,36 @@ from django.contrib import admin ...@@ -2,31 +2,36 @@ from django.contrib import admin
from flowspy.flowspec.models import * from flowspy.flowspec.models import *
from flowspy.accounts.models import * from flowspy.accounts.models import *
from utils import proxy as PR from utils import proxy as PR
from flowspec.tasks import *
from django.contrib.auth.models import User
from django.contrib.auth.admin import UserAdmin
from accounts.models import UserProfile
#class RouteAdmin(admin.ModelAdmin):
# class RouteAdmin(admin.ModelAdmin):
# actions = ['deactivate']
# actions = ['deactivate']
# def deactivate(self, request, queryset):
# applier = PR.Applier(route_objects=queryset) def deactivate(self, request, queryset):
# commit, response = applier.apply(configuration=applier.delete_routes()) response = batch_delete.delay(queryset, reason="ADMININACTIVE")
# if commit: self.message_user(request, "Added request %s to job que. Check in a while for result" % response)
# rows = queryset.update(is_online=False, is_active=False) deactivate.short_description = "Remove selected routes from network"
# queryset.update(response="Successfully removed route from network")
# self.message_user(request, "Successfully removed %s routes from network" % rows) list_display = ('name', 'status', 'applier' , 'applier_peer', 'get_match', 'get_then', 'response')
# else: fieldsets = [
# self.message_user(request, "Could not remove routes from network") (None, {'fields': ['name','applier']}),
# deactivate.short_description = "Deactivate selected routes from network" ("Match", {'fields': ['source', 'sourceport', 'destination', 'destinationport', 'port']}),
# ('Advanced Match Statements', {'fields': ['dscp', 'fragmenttype', 'icmpcode', 'icmptype', 'packetlength', 'protocol', 'tcpflag'], 'classes': ['collapse']}),
# list_display = ('name', 'is_online', 'applier', 'get_match', 'get_then', 'response') ("Then", {'fields': ['then' ]}),
# fieldsets = [ (None, {'fields': ['comments',]}),
# (None, {'fields': ['name','applier']}),
# ("Match", {'fields': ['source', 'sourceport', 'destination', 'destinationport', 'port']}), ]
# ('Advanced Match Statements', {'fields': ['dscp', 'fragmenttype', 'icmpcode', 'icmptype', 'packetlength', 'protocol', 'tcpflag'], 'classes': ['collapse']}),
# ("Then", {'fields': ['then' ]}), class UserProfileInline(admin.StackedInline):
# (None, {'fields': ['comments',]}), model = UserProfile
#
# ] class UserProfileAdmin(UserAdmin):
inlines = [UserProfileInline]
# fields = ('name', 'applier', 'expires') # fields = ('name', 'applier', 'expires')
#def formfield_for_dbfield(self, db_field, **kwargs): #def formfield_for_dbfield(self, db_field, **kwargs):
...@@ -35,6 +40,7 @@ from utils import proxy as PR ...@@ -35,6 +40,7 @@ from utils import proxy as PR
# return db_field.formfield(**kwargs) # return db_field.formfield(**kwargs)
#admin.site.register(MatchAddress) #admin.site.register(MatchAddress)
admin.site.unregister(User)
admin.site.register(MatchPort) admin.site.register(MatchPort)
admin.site.register(MatchDscp) admin.site.register(MatchDscp)
admin.site.register(UserProfile) admin.site.register(UserProfile)
...@@ -47,8 +53,8 @@ admin.site.register(UserProfile) ...@@ -47,8 +53,8 @@ admin.site.register(UserProfile)
admin.site.register(ThenAction) admin.site.register(ThenAction)
#admin.site.register(ThenStatement) #admin.site.register(ThenStatement)
#admin.site.register(MatchStatement) #admin.site.register(MatchStatement)
admin.site.register(Route) admin.site.register(Route, RouteAdmin)
admin.site.register(User, UserProfileAdmin)
admin.site.disable_action('delete_selected') admin.site.disable_action('delete_selected')
...@@ -45,7 +45,8 @@ ROUTE_STATES = ( ...@@ -45,7 +45,8 @@ ROUTE_STATES = (
("EXPIRED", "EXPIRED"), ("EXPIRED", "EXPIRED"),
("PENDING", "PENDING"), ("PENDING", "PENDING"),
("OUTOFSYNC", "OUTOFSYNC"), ("OUTOFSYNC", "OUTOFSYNC"),
("INACTIVE", "INACTIVE"), ("INACTIVE", "INACTIVE"),
("ADMININACTIVE", "ADMININACTIVE"),
) )
...@@ -299,6 +300,14 @@ class Route(models.Model): ...@@ -299,6 +300,14 @@ class Route(models.Model):
get_match.short_description = 'Match statement' get_match.short_description = 'Match statement'
get_match.allow_tags = True get_match.allow_tags = True
@property
def applier_peer(self):
try:
applier_peer = self.applier.get_profile().peer
except:
applier_peer = None
return applier_peer
def send_message(msg, user): def send_message(msg, user):
# username = user.username # username = user.username
......
...@@ -71,6 +71,9 @@ def batch_delete(routes, **kwargs): ...@@ -71,6 +71,9 @@ def batch_delete(routes, **kwargs):
if "reason" in kwargs and kwargs['reason']=='EXPIRED': if "reason" in kwargs and kwargs['reason']=='EXPIRED':
status = 'EXPIRED' status = 'EXPIRED'
reason_text = " Reason: %s " %status reason_text = " Reason: %s " %status
elif "reason" in kwargs and kwargs['reason']!='EXPIRED':
status = kwargs['reason']
reason_text = " Reason: %s " %status
else: else:
status = "ERROR" status = "ERROR"
for route in routes: for route in routes:
...@@ -102,9 +105,13 @@ def check_sync(route_name=None, selected_routes = []): ...@@ -102,9 +105,13 @@ def check_sync(route_name=None, selected_routes = []):
if route_name: if route_name:
routes = routes.filter(name=route_name) routes = routes.filter(name=route_name)
for route in routes: for route in routes:
if route.has_expired() and route.status != 'EXPIRED': if route.has_expired() and (route.status != 'EXPIRED' or route.status != 'ADMININACTIVE' or route.status != 'INACTIVE'):
logger.info('Expiring route %s' %route.name) logger.info('Expiring route %s' %route.name)
subtask(delete).delay(route, reason="EXPIRED") subtask(delete).delay(route, reason="EXPIRED")
elif route.has_expired() and (route.status == 'ADMININACTIVE' or route.status == 'INACTIVE'):
route.status = 'EXPIRED'
route.response = 'Route Expired'
route.save()
elif route.status != 'EXPIRED': elif route.status != 'EXPIRED':
route.check_sync() route.check_sync()
......
...@@ -119,6 +119,14 @@ def edit_route(request, route_slug): ...@@ -119,6 +119,14 @@ def edit_route(request, route_slug):
messages.add_message(request, messages.WARNING, messages.add_message(request, messages.WARNING,
"Insufficient rights to edit rule %s" %(route_slug)) "Insufficient rights to edit rule %s" %(route_slug))
return HttpResponseRedirect(reverse("group-routes")) return HttpResponseRedirect(reverse("group-routes"))
if route_edit.status == "ADMININACTIVE" :
messages.add_message(request, messages.WARNING,
"Administrator has disabled editing of rule %s" %(route_slug))
return HttpResponseRedirect(reverse("group-routes"))
if route_edit.status == "EXPIRED" :
messages.add_message(request, messages.WARNING,
"Cannot edit the expired rule %s. Contact helpdesk to enable it" %(route_slug))
return HttpResponseRedirect(reverse("group-routes"))
route_original = deepcopy(route_edit) route_original = deepcopy(route_edit)
if request.POST: if request.POST:
form = RouteForm(request.POST, instance = route_edit) form = RouteForm(request.POST, instance = route_edit)
......
...@@ -12,7 +12,6 @@ def exception_printer(sender, **kwargs): ...@@ -12,7 +12,6 @@ def exception_printer(sender, **kwargs):
traceback.print_exc() traceback.print_exc()
got_request_exception.connect(exception_printer) got_request_exception.connect(exception_printer)
call_command('syncdb') call_command('syncdb')
application = WSGIHandler() application = WSGIHandler()
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment