allow user only to use his own instances #63

vycontrol/config/views.py

@@ -24,7 +24,6 @@ from perms import is_authenticated
 def get_item(dictionary, key):
     return dictionary.get(key)
 
-
 @is_authenticated
 def index(request):
        
@@ -45,7 +44,6 @@ def index(request):
     }   
     return HttpResponse(template.render(context, request))
 
-
 @is_authenticated
 def users_list(request):
        
@@ -143,7 +141,6 @@ def groups_list(request):
     }   
     return HttpResponse(template.render(context, request))
 
-
 @is_authenticated
 def instances(request):
         
@@ -202,7 +199,6 @@ def instance_add(request):
     }   
     return HttpResponse(template.render(context, request))
 
-
 @is_authenticated
 def group_add(request):
         
@@ -290,7 +286,6 @@ def user_add(request):
     }   
     return HttpResponse(template.render(context, request))    
 
-
 @is_authenticated
 def instance_conntry(request, hostname):
        
@@ -345,7 +340,6 @@ def instance_change(request, hostname = False):
 
     return redirect('config:instances')    
 
-
 @is_authenticated
 def instance_remove(request, hostname):
         

vycontrol/perms.py

@@ -3,6 +3,9 @@ import functools
 from django.shortcuts import redirect
 from django.urls import reverse
 
+from config.models import Instance
+
+import vyos
 
 def is_authenticated(func):
     @functools.wraps(func)
@@ -11,6 +14,9 @@ def is_authenticated(func):
         if not request.user.is_authenticated:
            return redirect('%s?next=%s' % (reverse('registration-login'), request.path))
 
+        hostname_default = vyos.get_hostname_prefered(request)
+
+
         value = func(*args, **kwargs)
         return value
     return wrapper_perm

vycontrol/vyos.py

@@ -4,6 +4,63 @@ import pprint
 import sys
 
 from config.models import Instance
+from django.contrib.auth.models import Group
+from django.contrib.auth.models import User
+
+def get_hostname_prefered(request):
+    # get username    
+    username = request.user
+    hostname = None
+
+    # get usergroup - VyControl groups is one to one
+    try:
+        usergroup = Group.objects.get(user=username)
+    except Group.DoesNotExist:
+        usergroup = None
+
+    # check if username is admin
+    useradmin = User.objects.filter(
+        username=username,
+        is_active=True,
+        is_superuser=True
+    )
+    is_admin = False
+    if useradmin.count() > 0:
+        is_admin = True
+
+    # get session hostname and validate if group has permission
+    if request.session.get('hostname', None) != None and usergroup != None:
+        hostname = request.session.get('hostname', None)
+        try:
+            instance = Instance.objects.get(hostname=hostname, group=usergroup)
+            return instance.hostname
+        except Instance.DoesNotExist:
+            pass
+
+    # if we have no hostname yet try to get the default one from database
+    if hostname == None:
+        try:
+            instance = Instance.objects.get(main=True, group=usergroup)
+            request.session['hostname'] = instance.hostname
+            return instance.hostname
+        except Instance.DoesNotExist:
+            pass
+
+
+        # if superuser get any instance
+        if is_admin:
+            try:
+                instance = Instance.objects.all()
+                for i in instance:
+                    request.session['hostname'] = i.hostname
+                    return i.hostname
+
+
+            except Instance.DoesNotExist:
+                pass
+    return None
+
+
 
 def repvar(s):
     return s.replace("-", "_")
@@ -93,23 +150,6 @@ def api_show(hostname, cmd):
 
 def api_set(hostname, cmd):
     return api('configure', hostname, cmd)    
-
-def get_hostname_prefered(request):
-    hostname = None
-
-    if request.session.get('hostname', None) != None:
-       hostname = request.session.get('hostname', None)
-        
-
-    if hostname == None:
-        try:
-            instance = Instance.objects.get(main=True)
-        except Instance.DoesNotExist:
-            return None
-
-        hostname = instance.hostname
-
-    return hostname 
     
 def conntry(hostname): 
     cmd = {"op": "showConfig", "path": ["interfaces"]}
@@ -185,9 +225,6 @@ def get_firewall(hostname, name):
     result1 = api_get(hostname, cmd)
     return result1
 
-  
- 
-
 def get_firewall_rule(hostname, name, rulenumber):
     cmd = {"op": "showConfig", "path": ["firewall", "name", name, "rule", rulenumber]}