# Copyright 2013 Hewlett-Packard Development Company, L.P. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import logging from django.conf import settings from django import shortcuts from django.template import defaultfilters as filters from django.urls import reverse from django.utils.http import urlencode from django.utils.translation import gettext_lazy as _ from django.utils.translation import ngettext_lazy from keystoneclient import exceptions as keystoneclient_exceptions from horizon import exceptions from horizon import messages from horizon import tables from openstack_dashboard import api from openstack_dashboard.dashboards.identity.domains import constants LOG = logging.getLogger(__name__) class UpdateUsersLink(tables.LinkAction): name = "users" verbose_name = _("Manage Members") url = "horizon:identity:domains:update" classes = ("ajax-modal",) policy_rules = (("identity", "identity:update_domain"),) def get_link_url(self, domain): step = 'update_user_members' base_url = reverse(self.url, args=[domain.id]) param = urlencode({"step": step}) return "?".join([base_url, param]) class UpdateGroupsLink(tables.LinkAction): name = "groups" verbose_name = _("Modify Groups") url = "horizon:identity:domains:update" classes = ("ajax-modal",) icon = "pencil" policy_rules = (("identity", "identity:update_domain"),) def get_link_url(self, domain): step = 'update_group_members' base_url = reverse(self.url, args=[domain.id]) param = urlencode({"step": step}) return "?".join([base_url, param]) class CreateDomainLink(tables.LinkAction): name = "create" verbose_name = _("Create Domain") url = constants.DOMAINS_CREATE_URL classes = ("ajax-modal",) icon = "plus" policy_rules = (('identity', 'identity:create_domain'),) def allowed(self, request, domain): return api.keystone.keystone_can_edit_domain() class EditDomainLink(tables.LinkAction): name = "edit" verbose_name = _("Edit") url = constants.DOMAINS_UPDATE_URL classes = ("ajax-modal",) icon = "pencil" policy_rules = (('identity', 'identity:update_domain'),) def allowed(self, request, domain): return api.keystone.keystone_can_edit_domain() class DeleteDomainsAction(tables.DeleteAction): @staticmethod def action_present(count): return ngettext_lazy( "Delete Domain", "Delete Domains", count ) @staticmethod def action_past(count): return ngettext_lazy( "Deleted Domain", "Deleted Domains", count ) policy_rules = (('identity', 'identity:delete_domain'),) def allowed(self, request, datum): return api.keystone.keystone_can_edit_domain() def delete(self, request, obj_id): domain = self.table.get_object_by_id(obj_id) if domain.enabled: msg = _('Domain "%s" must be disabled before it can be deleted.') \ % domain.name messages.error(request, msg) raise keystoneclient_exceptions.ClientException(msg) LOG.info('Deleting domain "%s".', obj_id) api.keystone.domain_delete(request, obj_id) class DisableDomainsAction(tables.BatchAction): @staticmethod def action_present(count): return ngettext_lazy( "Disable Domain", "Disable Domains", count ) @staticmethod def action_past(count): return ngettext_lazy( "Disabled Domain", "Disabled Domains", count ) name = "disable" policy_rules = (('identity', 'identity:update_domain'),) verbose_name = _("Disable Domains") def allowed(self, request, datum): return api.keystone.keystone_can_edit_domain() \ and (datum is None or datum.enabled) def action(self, request, obj_id): domain = self.table.get_object_by_id(obj_id) if domain.enabled: LOG.info('Disabling domain "%s".', obj_id) try: api.keystone.domain_update(request, domain_id=domain.id, name=domain.name, description=domain.description, enabled=False) except Exception: exceptions.handle(request, ignore=True) return False class EnableDomainsAction(tables.BatchAction): @staticmethod def action_present(count): return ngettext_lazy( "Enable Domain", "Enable Domains", count ) @staticmethod def action_past(count): return ngettext_lazy( "Enabled Domain", "Enabled Domains", count ) name = "enable" policy_rules = (('identity', 'identity:update_domain'),) verbose_name = _("Enable Domains") def allowed(self, request, datum): return api.keystone.keystone_can_edit_domain() \ and (datum is None or not datum.enabled) def action(self, request, obj_id): domain = self.table.get_object_by_id(obj_id) if not domain.enabled: LOG.info('Enabling domain "%s".', obj_id) try: api.keystone.domain_update(request, domain_id=domain.id, name=domain.name, description=domain.description, enabled=True) except Exception: exceptions.handle(request, ignore=True) return False class DomainFilterAction(tables.FilterAction): def allowed(self, request, datum): multidomain_support = settings.OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT return multidomain_support def filter(self, table, domains, filter_string): """Naive case-insensitive search.""" q = filter_string.lower() def comp(domain): if q in domain.name.lower(): return True return False return filter(comp, domains) class SetDomainContext(tables.Action): name = "set_domain_context" verbose_name = _("Set Domain Context") url = constants.DOMAINS_INDEX_URL preempt = True policy_rules = (('identity', 'identity:update_domain'),) def allowed(self, request, datum): multidomain_support = settings.OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT if not multidomain_support: return False ctx = request.session.get("domain_context", None) if ctx and datum.id == ctx: return False return True def single(self, table, request, obj_id): if ('domain_context' not in request.session or request.session['domain_context'] != obj_id): try: domain = api.keystone.domain_get(request, obj_id) request.session['domain_context'] = obj_id request.session['domain_context_name'] = domain.name messages.success(request, _('Domain Context updated to Domain %s.') % domain.name) return shortcuts.redirect(request.get_full_path()) except Exception: messages.error(request, _('Unable to set Domain Context.')) return shortcuts.redirect(request.get_full_path()) class UnsetDomainContext(tables.Action): name = "clear_domain_context" verbose_name = _("Clear Domain Context") url = constants.DOMAINS_INDEX_URL preempt = True requires_input = False policy_rules = (('identity', 'identity:update_domain'),) def allowed(self, request, datum): ctx = request.session.get("domain_context", None) return ctx is not None def single(self, table, request, obj_id): if 'domain_context' in request.session: request.session.pop("domain_context") request.session.pop("domain_context_name") messages.success(request, _('Domain Context cleared.')) return shortcuts.redirect(request.get_full_path()) class DomainsTable(tables.DataTable): name = tables.WrappingColumn('name', verbose_name=_('Name')) description = tables.Column(lambda obj: getattr(obj, 'description', None), verbose_name=_('Description')) id = tables.Column('id', verbose_name=_('Domain ID')) enabled = tables.Column('enabled', verbose_name=_('Enabled'), status=True, filters=(filters.yesno, filters.capfirst)) class Meta(object): name = "domains" verbose_name = _("Domains") table_actions_menu = (EnableDomainsAction, DisableDomainsAction) row_actions = (SetDomainContext, UpdateUsersLink, UpdateGroupsLink, EditDomainLink, EnableDomainsAction, DisableDomainsAction, DeleteDomainsAction) table_actions = (DomainFilterAction, CreateDomainLink, DeleteDomainsAction, UnsetDomainContext)