本文整理汇总了Python中expedient.common.permissions.shortcuts.must_have_permission函数的典型用法代码示例。如果您正苦于以下问题:Python must_have_permission函数的具体用法?Python must_have_permission怎么用?Python must_have_permission使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了must_have_permission函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: user_cert_manage
def user_cert_manage(request, user_id):
"""Allow the user to download/regenerate/upload a GCF certificate.
@param request: the request object
@param user_id: the id of the user whose certificate we are managing.
"""
user = get_object_or_404(User, pk=user_id)
user_profile = UserProfile.get_or_create_profile(request.user)
user_cert = user_profile.certificate
private_ssh_key_exists = len(user_profile.private_ssh_key) > 0
public_ssh_key_exists = len(user_profile.public_ssh_key) > 0
must_have_permission(request.user, user, "can_change_user_cert")
cert_fname = get_user_cert_fname(user)
if not os.access(cert_fname, os.F_OK):
cert = None
else:
cert = read_cert_from_string(user_cert)
return simple.direct_to_template(
request,
template= TEMPLATE_PATH + "/user_cert_manage.html",
extra_context={
"curr_user": user,
"cert": cert,
"private_ssh_key_exists" : private_ssh_key_exists,
"public_ssh_key_exists": public_ssh_key_exists
},
)示例2: user_cert_manage
def user_cert_manage(request, user_id):
"""Allow the user to download/regenerate/upload a GCF certificate.
@param request: the request object
@param user_id: the id of the user whose certificate we are managing.
"""
user = get_object_or_404(User, pk=user_id)
must_have_permission(request.user, user, "can_change_user_cert")
cert_fname = get_user_cert_fname(user)
if not os.access(cert_fname, os.F_OK):
cert = None
else:
cert = read_cert_from_file(cert_fname)
return simple.direct_to_template(
request,
template="user_cert_manage.html",
extra_context={
"curr_user": user,
"cert": cert,
},
)示例3: user_cert_upload
def user_cert_upload(request, user_id):
"""Upload a key and certificate"""
user = get_object_or_404(User, pk=user_id)
must_have_permission(request.user, user, "can_change_user_cert")
if request.method == "POST":
form = UploadCertForm(data=request.POST, files=request.FILES)
if form.is_valid():
form.save(user)
DatedMessage.objects.post_message_to_user(
"Successfully uploaded GCF certificate and key for user %s.",
user=request.user, msg_type=DatedMessage.TYPE_SUCCESS)
return HttpResponseRedirect(
reverse("gcf_cert_manage", args=[user_id])
)
else:
form = UploadCertForm()
return simple.direct_to_template(
request,
template="user_cert_upload.html",
extra_context={
"curr_user": user,
"form": form,
}
)示例4: update
def update(request, proj_id, iframe=False):
'''Update information about a project'''
project = get_object_or_404(Project, id=proj_id)
must_have_permission(request.user, project, "can_edit_project")
def redirect(instance):
if iframe:
return reverse("project_list")
else:
return reverse("project_detail", args=[instance.id])
return generic_crud(
request, proj_id,
model=Project,
form_class=ProjectCreateForm,
template=TEMPLATE_PATH+"/create_update.html",
redirect=redirect,
template_object_name="project",
extra_context={
"breadcrumbs": (
("Home", reverse("home")),
("Project %s" % project.name, reverse("project_detail", args=[project.id])),
("Update Info", request.path),
),
},
success_msg = lambda instance: "Successfully updated project %s." % instance.name,
)示例5: remove_from_project
def remove_from_project(self, project, next):
"""
Similar to L{add_to_project} but does the reverse, deleting the
permission from the project using::
from expedient.common.permissions.shortcuts import \
delete_permission
delete_permission("can_use_aggregate", self.as_leaf_class(), project)
and then redirecting to C{next}. Additionally, if not overridden,
this function stops all slices in the project before removing the
aggregate. Subclasses should also stop slices.
"""
must_have_permission("user", self.as_leaf_class(), "can_use_aggregate")
prefix = self.__class__.get_url_name_prefix()
try:
return reverse("%s_aggregate_project_remove" % prefix,
kwargs={'agg_id': self.id,
'proj_id': project.id})+"?next=%s" % next
except NoReverseMatch:
# Stop all the slices in the project for this aggregate.
for slice in project.slice_set.all():
try:
self.as_leaf_class().stop_slice(slice)
except:
pass
# Carolina: remove permision for aggregate in every slice inside the project
self.remove_from_slice(slice, next)
delete_permission("can_use_aggregate", self.as_leaf_class(), project)
return next示例6: delete
def delete(request, role_id):
"""Delete a role"""
role = get_object_or_404(ProjectRole, pk=role_id)
project = role.project
# require permission to proceed
must_have_permission(request.user, project, "can_edit_roles")
if role.name == "owner" or role.name == "researcher":
return simple.direct_to_template(
request,
template=TEMPLATE_PATH+"/delete_default.html",
extra_context={"role": role})
if request.method == "POST":
role.delete()
return HttpResponseRedirect(
reverse("project_detail", args=[project.id]))
return simple.direct_to_template(
request,
template=TEMPLATE_PATH+"/delete.html",
extra_context={
"breadcrumbs": (
("Home", reverse("home")),
("Project %s" % role.project.name,
reverse("project_detail", args=[role.project.id])),
("Delete Role %s" % role.name, request.path),
),
"role": role},
)示例7: user_cert_generate
def user_cert_generate(request, user_id):
"""Create a new user certificate after confirmation.
@param request: the request object
@param user_id: the id of the user whose certificate we are generating.
"""
user = get_object_or_404(User, pk=user_id)
must_have_permission(request.user, user, "can_change_user_cert")
cert_fname = get_user_cert_fname(user)
key_fname = get_user_key_fname(user)
urn = get_user_urn(user.username)
if request.method == "POST":
create_x509_cert(urn, cert_fname, key_fname)
DatedMessage.objects.post_message_to_user(
"GCF Certificate for user %s successfully created." % user.username,
user=request.user, msg_type=DatedMessage.TYPE_SUCCESS)
return HttpResponseRedirect(reverse(user_cert_manage, args=[user.id]))
return simple.direct_to_template(
request,
template="user_cert_generate.html",
extra_context={
"curr_user": user,
},
)示例8: home
def home(request, slice_id):
"""Show buttons to download and upload rspecs."""
slice = get_object_or_404(Slice, pk=slice_id)
info = GENISliceInfo.objects.get(slice=slice)
slice_urn = info.slice_urn
must_have_permission(
request.user, slice.project, "can_edit_slices")
if request.method == "POST":
form = UploadRSpecForm(request.POST, request.FILES)
if form.is_valid():
# parse the rspec
rspec = form.files["rspec"].read()
gapi.CreateSliver(slice_urn, rspec, request.user)
DatedMessage.objects.post_message_to_user(
"Successfully uploaded RSpec.",
request.user, msg_type=DatedMessage.TYPE_SUCCESS)
return HttpResponseRedirect(request.path)
else:
form = UploadRSpecForm()
return simple.direct_to_template(
request,
template=TEMPLATE_PATH+"/home.html",
extra_context={
"form": form, "slice_urn": slice_urn, "slice": slice,
},
)示例9: remove_controller_from_slice
def remove_controller_from_slice(request, agg_id, slice_id):
"""Perform the actual remove_controller_from_slice request."""
aggregate = get_object_or_404(OpenFlowAggregate, id=agg_id)
slice = get_object_or_404(Slice, id=slice_id)
must_have_permission(request.user, aggregate, "can_use_aggregate")
must_have_permission(slice.project, aggregate, "can_use_aggregate")
# Check if there's info already and delete it.
error = ""
try:
OpenFlowSliceInfo.objects.get(slice=slice).delete()
# Also, stop slice (any started slice must have a controller)
if slice.started:
slice.stop(request.user)
except OpenFlowSliceInfo.DoesNotExist:
error = "OpentFlow plug-in: could not delete controller from slice. Details: no controller was already there"
except Exception as e:
error = "OpentFlow plug-in: could not delete controller from slice: %s. Details: %s" % (str(slice.id). str(e))
print error
DatedMessage.objects.post_message_to_user(
error, request.user, msg_type=DatedMessage.TYPE_ERROR,
)
# Get back to slice detail page
return HttpResponseRedirect(reverse("slice_detail",
args=[slice_id]))示例10: remove_from_project
def remove_from_project(self, project, next):
"""
aggregate.remove_from_project on a ResourceOrchestrator AM will get here first to check
that no slice inside the project contains ResourceOrchestrator's for the given aggregate
"""
# Check permission because it won't always call parent method (where permission checks)
must_have_permission("user", self.as_leaf_class(), "can_use_aggregate")
return super(ResourceOrchestratorAggregate, self).remove_from_project(project, next)示例11: delete
def delete(self, *args, **kwargs):
"""
Override the default delete method to enforce permissions.
"""
must_have_permission(permittee_kw, self, delete_perm)
# delete all permissions for the object
ObjectPermission.objects.filter_from_instance(self).delete()
super(model_func(), self).delete(*args, **kwargs)示例12: update
def update(request, role_id):
"""Update the permissions in the role"""
role = get_object_or_404(ProjectRole, pk=role_id)
# require permission to proceed
must_have_permission(request.user, role.project, "can_edit_roles")
permittee = Permittee.objects.get_as_permittee(request.user)
initial_set = list(role.obj_permissions.values_list("pk", flat=True))
# Get the permissions that the user can delegate to others as well
# as the ones that are already in the role. Obtain DISTINCT values.
obj_permissions = ObjectPermission.objects.filter_from_instance(
role.project).filter(
Q(permissionownership__permittee=permittee,
permissionownership__can_delegate=True) |
Q(id__in=initial_set)
).distinct()
project_url = reverse("project_detail", args=[role.project.id])
# Use to update the permissions in the ProjectRole object so
# users with that role are affected from the time this is updated
def post_save(instance, created):
from expedient.clearinghouse.roles.models import ObjectPermission
new_obj_permissions_pks = [ p.pk for p in instance.obj_permissions.all() ]
for permission in obj_permissions:
# Add and delete permissions accordingly...
try:
instance.remove_permission(permission)
except:
pass
if permission.pk in new_obj_permissions_pks:
instance.add_permission(permission)
return generic_crud(
request,
obj_id=role_id,
model=ProjectRole,
template=TEMPLATE_PATH+"/update.html",
redirect=lambda instance: project_url,
template_object_name="role",
form_class=ProjectRoleForm,
extra_form_params={
"obj_permissions": obj_permissions,
},
extra_context={
"project": role.project,
"breadcrumbs": (
("Home", reverse("home")),
("Project %s" % role.project.name, project_url),
("Update Role %s" % role.name, request.path),
)
},
post_save = post_save,
)示例13: detail
def detail(request, slice_id):
'''Show information about the slice'''
slice = get_object_or_404(Slice, id=slice_id)
must_have_permission(request.user, slice.project, "can_view_project")
resource_list = [rsc.as_leaf_class() for rsc in slice.resource_set.all()]
user_profile = UserProfile.get_or_create_profile(request.user)
user_urn = user_profile.urn
user_cert = user_profile.certificate
#creds = get_slice_credentials(slice.project.urn, slice.urn, user_urn, user_cert)
#print_debug_message(str(creds))
template_list_computation = []
template_list_network = []
template_list_aggregate = []
for plugin in PLUGIN_LOADER.plugin_settings:
try:
plugin_dict = PLUGIN_LOADER.plugin_settings.get(plugin)
# Get templates according to the plugin category ('computation' or 'network')
# instead of directly using "TEMPLATE_RESOURCES" settings
if plugin_dict.get("general").get("resource_type") == "computation":
template_list_computation.append(plugin_dict.get("paths").get("template_resources"))
elif plugin_dict.get("general").get("resource_type") == "network":
template_list_network.append(plugin_dict.get("paths").get("template_resources"))
elif plugin_dict.get("general").get("resource_type") == "aggregate":
template_list_aggregate.append(plugin_dict.get("paths").get("template_resources"))
except Exception as e:
print "[WARNING] Could not obtain template to add resources to slides in plugin '%s'. Details: %s" % (str(plugin), str(e))
plugin_context = TOPOLOGY_GENERATOR.load_ui_data(slice)
# if not plugin_context['d3_nodes'] or not plugin_context['d3_links']:
# template_list_computation = []
# template_list_network = []
extra_context={
"breadcrumbs": (
("Home", reverse("home")),
("Project %s" % slice.project.name, reverse("project_detail", args=[slice.project.id])),
("Slice %s" % slice.name, reverse("slice_detail", args=[slice_id])),
),
"resource_list": resource_list,
"plugin_template_list_aggregate": template_list_aggregate,
"plugin_template_list_network": template_list_network,
"plugin_template_list_computation": template_list_computation,
"plugins_path": PLUGIN_LOADER.plugins_path,
}
return list_detail.object_detail(
request,
Slice.objects.all(),
object_id=slice_id,
template_name=TEMPLATE_PATH+"/detail.html",
template_object_name="slice",
extra_context=dict(extra_context.items()+plugin_context.items())
)示例14: delete
def delete(request, user_id):
user = get_object_or_404(auth.models.User, pk=user_id)
must_have_permission(request.user, user, "can_edit_user")
return create_update.delete_object(
request,
auth.models.User,
reverse("users_home"),
user_id,
template_name="expedient/clearinghouse/users/confirm_delete.html",
)示例15: delete
def delete(request, slice_id):
'''Delete the slice'''
slice = get_object_or_404(Slice, id=slice_id)
project = slice.project
#Slice can edited and used by anyone in the project, but only the owner of the slice
#or the project's owner can delete it
try:
must_have_permission(request.user, slice, "can_delete_slices")
except Exception,e:
must_have_permission(request.user, project, "can_delete_slices")