summaryrefslogtreecommitdiffstats
path: root/ogcp/views.py
diff options
context:
space:
mode:
authorAlejandro Sirgo Rica <asirgo@soleta.eu>2024-07-18 15:34:09 +0200
committerAlejandro Sirgo Rica <asirgo@soleta.eu>2024-07-25 09:48:12 +0200
commitefd0b8acb3f4f098697c8c30bd196dacda39b704 (patch)
tree95959f7e437a531548de90b94ae00181175a04fc /ogcp/views.py
parent594d655d6b13edfd1885d555ecda1a6f912db501 (diff)
ogcp: add image restrict functionality
Add center scope restriction using /image/restrict. Add view in Images to update scope permissions. Disable images in Commands for image update and restore if the client belongs to a disabled center. Consolidate template code to render scope selection checkboxes.
Diffstat (limited to 'ogcp/views.py')
-rw-r--r--ogcp/views.py130
1 files changed, 106 insertions, 24 deletions
diff --git a/ogcp/views.py b/ogcp/views.py
index b8f43c7..525ed3a 100644
--- a/ogcp/views.py
+++ b/ogcp/views.py
@@ -14,7 +14,7 @@ from ogcp.forms.action_forms import (
RoomForm, DeleteRoomForm, CenterForm, DeleteCenterForm, OgliveForm,
GenericForm, SelectClientForm, ImageUpdateForm, ImportClientsForm,
ServerForm, DeleteRepositoryForm, RepoForm, FolderForm, CacheForm,
- ClientMoveForm, RunScriptForm
+ ClientMoveForm, RunScriptForm, ImageConfigForm
)
from flask_login import (
current_user, LoginManager,
@@ -779,22 +779,31 @@ def search_image(images_list, image_id):
return image
return False
-def get_images_grouped_by_repos_from_server(server):
+def filter_images_allowed_in_center(server, images, center_id):
+ res = []
+ for image in images:
+ r = server.get('/image/restrict', {'image': image['id']})
+ if not r:
+ raise ServerError
+ if r.status_code != requests.codes.ok:
+ raise ServerErrorCode
+ allowed_scopes = r.json().get('scopes')
+ if not allowed_scopes or center_id in allowed_scopes:
+ res.append(image)
+ return res
+
+def get_images_from_repo(server, repo_id):
r = server.get('/images')
if not r:
raise ServerError
if r.status_code != requests.codes.ok:
raise ServerErrorCode
images = r.json()['images']
- repos={}
-
+ res=[]
for image in images:
- repo_id=image['repo_id']
- if repo_id not in repos:
- repos[repo_id] = [image]
- else:
- repos[repo_id].append(image)
- return repos
+ if image['repo_id'] == repo_id:
+ res.append(image)
+ return res
def get_clients_repo(server, ips):
repo_id=None
@@ -912,7 +921,9 @@ def action_image_restore():
flash(_(f'There was a problem sending the image restore command'), category='error')
return redirect(url_for('commands'))
else:
- ips = parse_elements(request.args.to_dict())
+ params = request.args.to_dict()
+ center_id = int(params.get('scope-center'))
+ ips = parse_elements(params)
if not validate_elements(ips):
return redirect(url_for('commands'))
form.ips.data = ' '.join(ips)
@@ -930,16 +941,19 @@ def action_image_restore():
flash(_(f'Computers have different repos assigned'), category='error')
return redirect(url_for('commands'))
try:
- images = get_images_grouped_by_repos_from_server(server)
+ images = get_images_from_repo(server, repo_id)
+
+ if not images:
+ flash(_(f'Computer(s) assigned to a repo with no images'), category='error')
+ return redirect(url_for('commands'))
+
+ images = filter_images_allowed_in_center(server, images, center_id)
except ServerError:
return ogserver_down('commands')
except ServerErrorCode:
return ogserver_error('commands')
- if repo_id not in images:
- flash(_(f'Computer(s) assigned to a repo with no images'), category='error')
- return redirect(url_for('commands'))
- for image in images[repo_id]:
+ for image in images:
form.image.choices.append((image['id'], image['name']))
part_choices = []
@@ -2276,6 +2290,8 @@ def action_image_create():
if client_repo_id == repo['id']]
form.repository.render_kw = {'readonly': True}
+ form.scopes.choices = get_available_centers()
+
scopes, clients = get_scopes(set(ips))
return render_template('actions/image_create.html', form=form,
scopes=scopes)
@@ -2326,7 +2342,9 @@ def action_image_update():
category='error')
return redirect(url_for('commands'))
- ips = parse_elements(request.args.to_dict())
+ params = request.args.to_dict()
+ center_id = int(params.get('scope-center'))
+ ips = parse_elements(params)
if not validate_elements(ips, max_len=1):
return redirect(url_for('commands'))
form.ip.data = ' '.join(ips)
@@ -2340,17 +2358,19 @@ def action_image_update():
repo_id = r.json()['repo_id']
try:
- images = get_images_grouped_by_repos_from_server(server)
+ images = get_images_from_repo(server, repo_id)
+
+ if not images:
+ flash(_(f'Computer(s) assigned to a repo with no images'), category='error')
+ return redirect(url_for('commands'))
+
+ images = filter_images_allowed_in_center(server, images, center_id)
except ServerError:
return ogserver_down('commands')
except ServerErrorCode:
return ogserver_error('commands')
- if repo_id not in images:
- flash(_('Computer is assigned to a repo with no images'),
- category='error')
- return redirect(url_for('commands'))
- for image in images[repo_id]:
+ for image in images:
form.image.choices.append((image['id'], image['name']))
r = server.get('/client/setup', payload={'client': list(ips)})
@@ -2381,7 +2401,7 @@ def action_image_update():
)
if part['image']:
- for image in images[repo_id]:
+ for image in images:
if image['id'] == part['image']:
part_content[partition_value] = part['image']
break
@@ -3450,6 +3470,15 @@ def action_image_info():
except ServerErrorCode:
return ogserver_error('images')
+ r = server.get('/image/restrict', {'image': image['id']})
+ if not r:
+ raise ServerError
+ if r.status_code != requests.codes.ok:
+ raise ServerErrorCode
+
+ form.scopes.choices = get_available_centers()
+ form.scopes.data = [str(scope) for scope in r.json().get('scopes')]
+
return render_template('actions/image_details.html', form=form,
responses=responses)
@@ -3492,6 +3521,59 @@ def action_image_delete():
image_name=image_name.split('_', 1)[0], image_id=image_id,
responses=responses)
+@app.route('/action/image/config', methods=['GET', 'POST'])
+@login_required
+def action_image_config():
+ form = ImageConfigForm(request.form)
+ if request.method == 'POST':
+ image_id = int(form.image_id.data)
+ server = get_server_from_ip_port(form.server.data)
+
+ scope_list = [int(scope) for scope in form.scopes.data]
+
+ payload = {'image': image_id, 'scopes': scope_list}
+
+ r = server.post('/image/restrict', payload)
+ if not r:
+ return ogserver_down('images')
+ if r.status_code != requests.codes.ok:
+ return ogserver_error('images')
+
+ flash(_('Image updated successfully'), category='info')
+ return redirect(url_for('images'))
+ else:
+ params = request.args.to_dict()
+ images = [(name, imgid) for name, imgid in params.items()
+ if name != 'csrf_token' and name != 'image-server']
+ if not validate_elements(images, max_len=1):
+ return redirect(url_for('images'))
+
+ image_name, image_id = images[0]
+ image_name=image_name.split('_', 1)[0]
+ server = get_server_from_ip_port(params['image-server'])
+
+ form.image_id.data = image_id
+
+ r = server.get('/image/restrict', {'image': int(image_id)})
+ if not r:
+ return ogserver_down('images')
+ if r.status_code != requests.codes.ok:
+ return ogserver_error('images')
+
+ form.server.data = params['image-server']
+ form.scopes.choices = get_available_centers()
+ form.scopes.data = [str(scope) for scope in r.json().get('scopes')]
+
+ try:
+ responses = get_images_grouped_by_repos()
+ except ServerError:
+ return ogserver_down('images')
+ except ServerErrorCode:
+ return ogserver_error('images')
+
+ return render_template('actions/image_config.html', form=form,
+ responses=responses)
+
@app.route('/action/log', methods=['GET'])
@login_required
def action_legacy_log():