Merge branch 'bug/13869_disk_defaults' into release/0.10.1
[ganeti_webmgr.git] / ganeti_web / backend / queries.py
blob834ef995cf862f9a983b4e932a5836aa896c8041
1 # Copyright (C) 2012 Oregon State University et al.
3 # This program is free software; you can redistribute it and/or
4 # modify it under the terms of the GNU General Public License
5 # as published by the Free Software Foundation; either version 2
6 # of the License, or (at your option) any later version.
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
13 # You should have received a copy of the GNU General Public License
14 # along with this program; if not, write to the Free Software
15 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
16 # USA.
18 from django.db.models import Q
20 from object_permissions import get_users_any
22 from ganeti_web.models import Cluster, ClusterUser, VirtualMachine
25 def cluster_qs_for_user(user, groups=True, readonly=True, **kwargs):
26 """
27 Return clusters which a user has access to
28 """
29 if user.is_superuser:
30 qs = Cluster.objects.all()
31 elif user.is_anonymous():
32 qs = Cluster.objects.none()
33 else:
34 qs = user.get_objects_any_perms(Cluster, ['admin', 'create_vm'],
35 groups=groups, **kwargs)
37 if not readonly:
38 # Exclude all read-only clusters.
39 qs = qs.exclude(Q(username='') | Q(mtime__isnull=True))
41 return qs
44 def owner_qs_for_cluster(cluster):
45 """
46 Get all owners for a cluster.
47 """
49 # get_users_any() can't deal with None, and at any rate, nobody can
50 # possibly own a null cluster.
51 if not cluster:
52 return ClusterUser.objects.none()
54 # Get all superusers.
55 qs = ClusterUser.objects.filter(profile__user__is_superuser=True)
57 # Get all users who have the given permissions on the given cluster.
58 users = get_users_any(cluster, ["admin"], True)
59 qs |= ClusterUser.objects.filter(profile__user__in=users)
61 return qs
64 def vm_qs_for_admins(user):
65 """
66 Retrieve a queryset of all of the virtual machines for which this user is
67 an administrator.
68 """
70 if user.is_superuser:
71 qs = VirtualMachine.objects.all()
72 elif user.is_anonymous():
73 qs = VirtualMachine.objects.none()
74 else:
75 qs = user.get_objects_any_perms(VirtualMachine, groups=True,
76 perms=["admin"])
78 return qs
81 def vm_qs_for_users(user, clusters=True):
82 """
83 Retrieves a queryset of all the virtual machines for which the user has
84 any permission.
85 """
87 if user.is_superuser:
88 qs = VirtualMachine.objects.all()
89 elif user.is_anonymous():
90 qs = VirtualMachine.objects.none()
91 else:
92 # If no permissions are provided, then *any* permission will cause a VM
93 # to be added to the query.
94 qs = user.get_objects_any_perms(VirtualMachine, groups=True)
96 # Add all VMs including VMs you have permission to via Cluster Perms
97 if clusters:
98 # first we get the IDs of the clusters which a user is admin of
99 cluster_ids = user.get_objects_any_perms(
100 Cluster, ['admin'], groups=True).values_list('pk', flat=True)
101 # next create a queryset of VMs where the user is an admin of the
102 # cluster
103 cluster_vm_qs = VirtualMachine.objects.filter(
104 cluster__pk__in=cluster_ids).distinct()
106 # Union of vms a user has any permissions to AND vms a user has
107 # permissions to via cluster
108 qs |= cluster_vm_qs
110 return qs.distinct()