diff --git a/flowspec/migrations/0004_auto_20250206_1442.py b/flowspec/migrations/0004_auto_20250206_1442.py
new file mode 100644
index 0000000000000000000000000000000000000000..7fd13220b66fd25c18324eca5ac8fca39f01f7c8
--- /dev/null
+++ b/flowspec/migrations/0004_auto_20250206_1442.py
@@ -0,0 +1,34 @@
+# Generated by Django 3.2.16 on 2025-02-06 14:42
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+ ('flowspec', '0003_auto_20220310_1509'),
+ ]
+
+ operations = [
+ migrations.CreateModel(
+ name='FoDExtraPermissionsModel',
+ fields=[
+ ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+ ],
+ options={
+ 'permissions': (('can_use_netmask31_in_rules', 'Can use net mask 31 and higher in rules'), ('can_use_netmask30_in_rules', 'Can use net mask 30 and higher in rules'), ('can_use_netmask29_in_rules', 'Can use net mask 29 and higher in rules'), ('can_use_netmask28_in_rules', 'Can use net mask 28 and higher in rules'), ('can_use_netmask27_in_rules', 'Can use net mask 27 and higher in rules'), ('can_use_netmask26_in_rules', 'Can use net mask 26 and higher in rules'), ('can_use_netmask25_in_rules', 'Can use net mask 25 and higher in rules'), ('can_use_netmask24_in_rules', 'Can use net mask 24 and higher in rules'), ('can_use_netmask23_in_rules', 'Can use net mask 23 and higher in rules'), ('can_use_netmask22_in_rules', 'Can use net mask 22 and higher in rules'), ('can_use_netmask21_in_rules', 'Can use net mask 21 and higher in rules'), ('can_use_netmask20_in_rules', 'Can use net mask 20 and higher in rules')),
+ },
+ ),
+ migrations.AlterModelOptions(
+ name='route',
+ options={'verbose_name': 'Rulex', 'verbose_name_plural': 'Rules'},
+ ),
+ migrations.AlterField(
+ model_name='route',
+ name='applier',
+ field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.DO_NOTHING, to=settings.AUTH_USER_MODEL),
+ ),
+ ]
diff --git a/flowspec/models.py b/flowspec/models.py
index 393cfafc9c19f122a8db359749212c2466fb58c4..ef23e6ed00a035747f488282d1ec8179a834f4be 100644
--- a/flowspec/models.py
+++ b/flowspec/models.py
@@ -24,6 +24,7 @@ from django.contrib.sites.models import Site
from django.utils.translation import ugettext_lazy as _
from django.urls import reverse
from flowspec.tasks import *
+from django.contrib.auth.models import Permission
from flowspec.helpers import send_new_mail, get_peer_techc_mails
from utils.proxy import PR0 as PR
@@ -823,6 +824,59 @@ class Route(models.Model):
##
+class FoDExtraPermissionsModel(models.Model):
+ # Model fields go here
+ class Meta:
+ # TODO: like this, only useful for IPV4:
+ permissions = (
+ ( "can_use_netmask31_in_rules", "Can use net mask 31 and higher in rules"),
+ ( "can_use_netmask30_in_rules", "Can use net mask 30 and higher in rules"),
+ ( "can_use_netmask29_in_rules", "Can use net mask 29 and higher in rules"),
+ ( "can_use_netmask28_in_rules", "Can use net mask 28 and higher in rules"),
+ ( "can_use_netmask27_in_rules", "Can use net mask 27 and higher in rules"),
+ ( "can_use_netmask26_in_rules", "Can use net mask 26 and higher in rules"),
+ ( "can_use_netmask25_in_rules", "Can use net mask 25 and higher in rules"),
+ ( "can_use_netmask24_in_rules", "Can use net mask 24 and higher in rules"),
+ ( "can_use_netmask23_in_rules", "Can use net mask 23 and higher in rules"),
+ ( "can_use_netmask22_in_rules", "Can use net mask 22 and higher in rules"),
+ ( "can_use_netmask21_in_rules", "Can use net mask 21 and higher in rules"),
+ ( "can_use_netmask20_in_rules", "Can use net mask 20 and higher in rules"),
+ )
+
+ @classmethod
+ def test_can_use_netmask__inner(classhandle, permissions, min_netmasksize):
+ string1="can_use_netmask"
+ string2="_in_rules"
+ permissions = permissions.filter(codename__startswith=string1).filter(codename__endswith=string2)
+
+ for perm in permissions:
+ codename=perm.codename
+ logger.info("test_can_use_netmask(): codename="+str(codename))
+ netmask=codename[len(string1):]
+ netmask=netmask[0:len(netmask)-len(string2)]
+ logger.info("test_can_use_netmask(): => netmask="+str(netmask))
+ netmask=int(netmask)
+ if netmask < min_netmasksize:
+ min_netmasksize = netmask
+
+ return min_netmasksize
+
+ @classmethod
+ def test_can_use_netmask(classhandle, request):
+ # Individual permissions
+ permissions = Permission.objects.filter(user=request.user)
+ logger.info("test_can_use_netmask(): permissions1="+str(permissions))
+ min_netmasksize = classhandle.test_can_use_netmask__inner(permissions, 32)
+
+ # Permissions that the user has via a group
+ group_permissions = Permission.objects.filter(group__user=request.user)
+ logger.info("test_can_use_netmask(): permissions2="+str(group_permissions))
+ min_netmasksize = classhandle.test_can_use_netmask__inner(group_permissions, min_netmasksize)
+
+ logger.info("test_can_use_netmask(): => min_netmasksize="+str(min_netmasksize))
+
+##
+
def send_message(msg, peer, route):
## username = user.username
##b = beanstalkc.Connection()
diff --git a/flowspec/views.py b/flowspec/views.py
index 09fff28c9cf98b65baab9f3fd6898078eca48ca5..758db7b0097e4bc553db3690297bef7e13cec5ea 100644
--- a/flowspec/views.py
+++ b/flowspec/views.py
@@ -463,6 +463,8 @@ def edit_route(request, route_slug):
applier = request.user.pk
route_edit = get_object_or_404(Route, name=route_slug)
+ FoDExtraPermissionsModel.test_can_use_netmask(request)
+
applier_peer_networks = []
if request.user.is_superuser:
applier_peer_networks = PeerRange.objects.all()