8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-12-23 15:33:45 +00:00

helpful acl messages for machines.

This commit is contained in:
Hugo Levy-Falk 2019-09-06 14:14:33 +02:00
parent dd57daffd1
commit ce659348be

View file

@ -105,8 +105,11 @@ class Machine(RevMixin, FieldPermissionModelMixin, models.Model):
A tuple with a boolean stating if edition is allowed and an
explanation message.
"""
return (user_request.has_perm('machines.change_machine_user'),
_("You don't have the right to change the machine's user."))
return (
user_request.has_perm('machines.change_machine_user'),
_("You don't have the right to change the machine's user."),
('machines.change_machine_user',)
)
@staticmethod
def can_view_all(user_request, *_args, **_kwargs):
@ -115,9 +118,12 @@ class Machine(RevMixin, FieldPermissionModelMixin, models.Model):
:param user_request: instance user qui fait l'edition
:return: True ou False avec la raison de l'échec le cas échéant"""
if not user_request.has_perm('machines.view_machine'):
return False, _("You don't have the right to view all the"
" machines.")
return True, None
return (
False,
_("You don't have the right to view all the machines."),
('machines.view_machine',)
)
return True, None, None
@staticmethod
def can_create(user_request, userid, *_args, **_kwargs):
@ -129,7 +135,7 @@ class Machine(RevMixin, FieldPermissionModelMixin, models.Model):
try:
user = users.models.User.objects.get(pk=userid)
except users.models.User.DoesNotExist:
return False, _("Nonexistent user.")
return False, _("Nonexistent user."), None
max_lambdauser_interfaces = (preferences.models.OptionalMachine
.get_cached_value(
'max_lambdauser_interfaces'
@ -137,15 +143,23 @@ class Machine(RevMixin, FieldPermissionModelMixin, models.Model):
if not user_request.has_perm('machines.add_machine'):
if not (preferences.models.OptionalMachine
.get_cached_value('create_machine')):
return False, (_("You don't have the right to add a machine."))
return (
False,
_("You don't have the right to add a machine."),
('machines.add_machine',)
)
if user != user_request:
return False, (_("You don't have the right to add a machine"
" to another user."))
return (
False,
_("You don't have the right to add a machine"
" to another user."),
('machines.add_machine',)
)
if user.user_interfaces().count() >= max_lambdauser_interfaces:
return False, (_("You reached the maximum number of interfaces"
return False, _("You reached the maximum number of interfaces"
" that you are allowed to create yourself"
" (%s)." % max_lambdauser_interfaces))
return True, None
" (%s)." % max_lambdauser_interfaces), None
return True, None, None
def can_edit(self, user_request, *args, **kwargs):
"""Vérifie qu'on peut bien éditer cette instance particulière (soit
@ -154,16 +168,22 @@ class Machine(RevMixin, FieldPermissionModelMixin, models.Model):
:param user_request: instance user qui fait l'edition
:return: True ou False avec la raison le cas échéant"""
if self.user != user_request:
if (not user_request.has_perm('machines.change_interface') or
not self.user.can_edit(
self.user,
user_request,
*args,
**kwargs
)[0]):
return False, (_("You don't have the right to edit a machine"
" of another user."))
return True, None
can_user, _, permissions = self.user.can_edit(
self.user,
user_request,
*args,
**kwargs
)
if not (
user_request.has_perm('machines.change_interface') and
can_user):
return (
False,
_("You don't have the right to edit a machine"
" of another user."),
('machines.change_interface',) + permissions
)
return True, None, None
def can_delete(self, user_request, *args, **kwargs):
"""Vérifie qu'on peut bien supprimer cette instance particulière (soit
@ -172,16 +192,22 @@ class Machine(RevMixin, FieldPermissionModelMixin, models.Model):
:param user_request: instance user qui fait l'edition
:return: True ou False avec la raison de l'échec le cas échéant"""
if self.user != user_request:
if (not user_request.has_perm('machines.change_interface') or
not self.user.can_edit(
self.user,
user_request,
*args,
**kwargs
)[0]):
return False, _("You don't have the right to delete a machine"
" of another user.")
return True, None
can_user, _, permissions = self.user.can_edit(
self.user,
user_request,
*args,
**kwargs
)
if not (
user_request.has_perm('machines.change_interface') and
can_user):
return (
False,
_("You don't have the right to delete a machine"
" of another user."),
('machines.change_interface',) + permissions
)
return True, None, None
def can_view(self, user_request, *_args, **_kwargs):
"""Vérifie qu'on peut bien voir cette instance particulière (soit
@ -191,9 +217,13 @@ class Machine(RevMixin, FieldPermissionModelMixin, models.Model):
:return: True ou False avec la raison de l'échec le cas échéant"""
if (not user_request.has_perm('machines.view_machine') and
self.user != user_request):
return False, _("You don't have the right to view other machines"
" than yours.")
return True, None
return (
False,
_("You don't have the right to view other machines"
" than yours."),
('machines.view_machine',)
)
return True, None, None
@cached_property
def short_name(self):
@ -285,9 +315,12 @@ class MachineType(RevMixin, AclMixin, models.Model):
message is acces is not allowed.
"""
if not user_request.has_perm('machines.use_all_machinetype'):
return False, (_("You don't have the right to use all machine"
" types."))
return True, None
return (
False,
_("You don't have the right to use all machine types."),
('machines.use_all_machinetype',)
)
return True, None, None
def __str__(self):
return self.name
@ -528,7 +561,11 @@ class IpType(RevMixin, AclMixin, models.Model):
restrictions
:param user_request: instance user qui fait l'edition
:return: True ou False avec la raison de l'échec le cas échéant"""
return user_request.has_perm('machines.use_all_iptype'), None
return (
user_request.has_perm('machines.use_all_iptype'),
None,
('machines.use_all_iptype',)
)
def __str__(self):
return self.name
@ -766,7 +803,11 @@ class Extension(RevMixin, AclMixin, models.Model):
restrictions
:param user_request: instance user qui fait l'edition
:return: True ou False avec la raison de l'échec le cas échéant"""
return user_request.has_perm('machines.use_all_extension'), None
return (
user_request.has_perm('machines.use_all_extension'),
_("You cannot use all extensions."),
('machines.use_all_extension',)
)
def __str__(self):
return self.name
@ -1222,31 +1263,42 @@ class Interface(RevMixin, AclMixin, FieldPermissionModelMixin, models.Model):
try:
machine = Machine.objects.get(pk=machineid)
except Machine.DoesNotExist:
return False, _("Nonexistent machine.")
return False, _("Nonexistent machine."), None
if not user_request.has_perm('machines.add_interface'):
if not (preferences.models.OptionalMachine
.get_cached_value('create_machine')):
return False, _("You can't add a machine.")
return False, _("You can't add a machine."), ('machines.add_interface',)
max_lambdauser_interfaces = (preferences.models.OptionalMachine
.get_cached_value(
'max_lambdauser_interfaces'
))
if machine.user != user_request:
return False, _("You don't have the right to add an interface"
" to a machine of another user.")
return (
False,
_("You don't have the right to add an interface"
" to a machine of another user."),
('machines.add_interface',)
)
if (machine.user.user_interfaces().count() >=
max_lambdauser_interfaces):
return False, (_("You reached the maximum number of interfaces"
" that you are allowed to create yourself"
" (%s)." % max_lambdauser_interfaces))
return True, None
return (
False,
_("You reached the maximum number of interfaces"
" that you are allowed to create yourself"
" (%s)." % max_lambdauser_interfaces),
('machines.add_interface',)
)
return True, None, None
@staticmethod
def can_change_machine(user_request, *_args, **_kwargs):
"""Check if a user can change the machine associated with an
Interface object """
return (user_request.has_perm('machines.change_interface_machine'),
_("Permission required to edit the machine."))
return (
user_request.has_perm('machines.change_interface_machine'),
_("Permission required to edit the machine."),
('machines.change_interface_machine',)
)
def can_edit(self, user_request, *args, **kwargs):
"""Verifie que l'user a les bons droits infra pour editer
@ -1255,15 +1307,21 @@ class Interface(RevMixin, AclMixin, FieldPermissionModelMixin, models.Model):
:param user_request: Utilisateur qui fait la requête
:return: soit True, soit False avec la raison de l'échec"""
if self.machine.user != user_request:
if (not user_request.has_perm('machines.change_interface') or
not self.machine.user.can_edit(
user_request,
*args,
**kwargs
)[0]):
return False, _("You don't have the right to edit a machine of"
" another user.")
return True, None
can_user, _, permissions = self.machine.user.can_edit(
user_request,
*args,
**kwargs
)
if not (
user_request.has_perm('machines.change_interface') and
can_user ):
return (
False,
_("You don't have the right to edit a machine of"
" another user."),
('machines.change_interface',) + permissions
)
return True, None, None
def can_delete(self, user_request, *args, **kwargs):
"""Verifie que l'user a les bons droits delete object pour del
@ -1272,15 +1330,21 @@ class Interface(RevMixin, AclMixin, FieldPermissionModelMixin, models.Model):
:param user_request: Utilisateur qui fait la requête
:return: soit True, soit False avec la raison de l'échec"""
if self.machine.user != user_request:
if (not user_request.has_perm('machines.change_interface') or
not self.machine.user.can_edit(
user_request,
*args,
**kwargs
)[0]):
return False, _("You don't have the right to edit a machine of"
" another user.")
return True, None
can_user, _, permissions = self.machine.user.can_edit(
user_request,
*args,
**kwargs
)
if not (
user_request.has_perm('machines.change_interface') and
can_user):
return (
False,
_("You don't have the right to edit a machine of"
" another user."),
('machines.change_interface',) + permissions
)
return True, None, None
def can_view(self, user_request, *_args, **_kwargs):
"""Vérifie qu'on peut bien voir cette instance particulière avec
@ -1290,9 +1354,12 @@ class Interface(RevMixin, AclMixin, FieldPermissionModelMixin, models.Model):
:return: True ou False avec la raison de l'échec le cas échéant"""
if (not user_request.has_perm('machines.view_interface') and
self.machine.user != user_request):
return False, _("You don't have the right to view machines other"
" than yours.")
return True, None
return (
False,
_("You don't have the right to view machines other than yours."),
('machines.view_interface',)
)
return True, None, None
def __init__(self, *args, **kwargs):
super(Interface, self).__init__(*args, **kwargs)
@ -1340,19 +1407,26 @@ class Ipv6List(RevMixin, AclMixin, FieldPermissionModelMixin, models.Model):
try:
interface = Interface.objects.get(pk=interfaceid)
except Interface.DoesNotExist:
return False, _("Nonexistent interface.")
return False, _("Nonexistent interface."), None
if not user_request.has_perm('machines.add_ipv6list'):
if interface.machine.user != user_request:
return False, _("You don't have the right to add an alias to a"
" machine of another user.")
return True, None
return (
False,
_("You don't have the right to add an alias to a"
" machine of another user."),
('machines.add_ipv6list',)
)
return True, None, None
@staticmethod
def can_change_slaac_ip(user_request, *_args, **_kwargs):
""" Check if a user can change the slaac value """
return (user_request.has_perm('machines.change_ipv6list_slaac_ip'),
_("Permission required to change the SLAAC value of an IPv6"
" address"))
return (
user_request.has_perm('machines.change_ipv6list_slaac_ip'),
_("Permission required to change the SLAAC value of an IPv6"
" address"),
('machines.change_ipv6list_slaac_ip',)
)
def can_edit(self, user_request, *args, **kwargs):
"""Verifie que l'user a les bons droits infra pour editer
@ -1361,15 +1435,21 @@ class Ipv6List(RevMixin, AclMixin, FieldPermissionModelMixin, models.Model):
:param user_request: Utilisateur qui fait la requête
:return: soit True, soit False avec la raison de l'échec"""
if self.interface.machine.user != user_request:
if (not user_request.has_perm('machines.change_ipv6list') or
not self.interface.machine.user.can_edit(
user_request,
*args,
**kwargs
)[0]):
return False, _("You don't have the right to edit a machine of"
" another user.")
return True, None
can_user, _, permissions = self.interface.machine.user.can_edit(
user_request,
*args,
**kwargs
)
if not (
user_request.has_perm('machines.change_ipv6list') and
can_user):
return (
False,
_("You don't have the right to edit a machine of"
" another user."),
('machines.change_ipv6list',)
)
return True, None, None
def can_delete(self, user_request, *args, **kwargs):
"""Verifie que l'user a les bons droits delete object pour del
@ -1378,15 +1458,20 @@ class Ipv6List(RevMixin, AclMixin, FieldPermissionModelMixin, models.Model):
:param user_request: Utilisateur qui fait la requête
:return: soit True, soit False avec la raison de l'échec"""
if self.interface.machine.user != user_request:
if (not user_request.has_perm('machines.change_ipv6list') or
not self.interface.machine.user.can_edit(
user_request,
*args,
**kwargs
)[0]):
return False, _("You don't have the right to edit a machine of"
" another user.")
return True, None
can_user, _, permissions = self.interface.machine.user.can_edit(
user_request,
*args,
**kwargs
)
if not (user_request.has_perm('machines.change_ipv6list') and
can_user):
return (
False,
_("You don't have the right to edit a machine of"
" another user."),
('machines.change_ipv6list',) + permissions
)
return True, None, None
def can_view(self, user_request, *_args, **_kwargs):
"""Vérifie qu'on peut bien voir cette instance particulière avec
@ -1396,9 +1481,12 @@ class Ipv6List(RevMixin, AclMixin, FieldPermissionModelMixin, models.Model):
:return: True ou False avec la raison de l'échec le cas échéant"""
if (not user_request.has_perm('machines.view_ipv6list') and
self.interface.machine.user != user_request):
return False, _("You don't have the right to view machines other"
" than yours.")
return True, None
return (
False,
_("You don't have the right to view machines other than yours."),
('machines.view_ipv6list',)
)
return True, None, None
def __init__(self, *args, **kwargs):
super(Ipv6List, self).__init__(*args, **kwargs)
@ -1554,25 +1642,33 @@ class Domain(RevMixin, AclMixin, models.Model):
try:
interface = Interface.objects.get(pk=interfaceid)
except Interface.DoesNotExist:
return False, _("Nonexistent interface.")
return False, _("Nonexistent interface."), None
if not user_request.has_perm('machines.add_domain'):
max_lambdauser_aliases = (preferences.models.OptionalMachine
.get_cached_value(
'max_lambdauser_aliases'
))
if interface.machine.user != user_request:
return False, _("You don't have the right to add an alias to a"
" machine of another user.")
return (
False,
_("You don't have the right to add an alias to a"
" machine of another user."),
('machines.add_domain',)
)
if Domain.objects.filter(
cname__in=Domain.objects.filter(
interface_parent__in=(interface.machine.user
.user_interfaces())
)
).count() >= max_lambdauser_aliases:
return False, _("You reached the maximum number of alias that"
" you are allowed to create yourself (%s). "
% max_lambdauser_aliases)
return True, None
return (
False,
_("You reached the maximum number of alias that"
" you are allowed to create yourself (%s). "
% max_lambdauser_aliases),
('machines.add_domain',)
)
return True, None, None
def can_edit(self, user_request, *_args, **_kwargs):
"""Verifie que l'user a les bons droits pour editer
@ -1582,9 +1678,13 @@ class Domain(RevMixin, AclMixin, models.Model):
:return: soit True, soit False avec la raison de l'échec"""
if (not user_request.has_perm('machines.change_domain') and
self.get_source_interface.machine.user != user_request):
return False, _("You don't have the right to edit an alias of a"
" machine of another user.")
return True, None
return (
False,
_("You don't have the right to edit an alias of a"
" machine of another user."),
('machines.change_domain',)
)
return True, None, None
def can_delete(self, user_request, *_args, **_kwargs):
"""Verifie que l'user a les bons droits delete object pour del
@ -1594,9 +1694,13 @@ class Domain(RevMixin, AclMixin, models.Model):
:return: soit True, soit False avec la raison de l'échec"""
if (not user_request.has_perm('machines.delete_domain') and
self.get_source_interface.machine.user != user_request):
return False, _("You don't have the right to delete an alias of a"
" machine of another user.")
return True, None
return (
False,
_("You don't have the right to delete an alias of a"
" machine of another user."),
('machines.delete_domain',)
)
return True, None, None
def can_view(self, user_request, *_args, **_kwargs):
"""Vérifie qu'on peut bien voir cette instance particulière avec
@ -1606,9 +1710,12 @@ class Domain(RevMixin, AclMixin, models.Model):
:return: True ou False avec la raison de l'échec le cas échéant"""
if (not user_request.has_perm('machines.view_domain') and
self.get_source_interface.machine.user != user_request):
return False, _("You don't have the right to view machines other"
" than yours.")
return True, None
return (
False,
_("You don't have the right to view machines other than yours."),
('machines.view_domain',)
)
return True, None, None
def __str__(self):
return str(self.name) + str(self.extension)
@ -1840,11 +1947,14 @@ class OuverturePortList(RevMixin, AclMixin, models.Model):
:param user_request: Utilisateur qui fait la requête
:return: soit True, soit False avec la raison de l'échec"""
if not user_request.has_perm('machines.delete_ouvertureportlist'):
return False, _("You don't have the right to delete a ports"
" opening list.")
return (
False,
_("You don't have the right to delete a ports opening list."),
('machines.delete_ouvertureportlist',)
)
if self.interface_set.all():
return False, _("This ports opening list is used.")
return True, None
return False, _("This ports opening list is used."), None
return True, None, None
def __str__(self):
return self.name