enforcing admin ( syspanel ) urls

django-openstack/django_openstack/decorators.py

@@ -0,0 +1,40 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2011 United States Government as represented by the
+# Administrator of the National Aeronautics and Space Administration.
+# All Rights Reserved.
+#
+# Copyright 2011 CRS4
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+""" 
+Simple decorator container for general purpose
+"""
+
+from django.shortcuts import redirect
+import logging
+
+LOG = logging.getLogger('django_openstack.syspanel')
+
+def enforce_admin_access(fn):
+    """ Preserve unauthorized bypass typing directly the URL and redirects to 
+    the overview dash page """
+    def dec(*args,**kwargs):
+        if args[0].user.is_admin():
+            return fn(*args,**kwargs)
+        else:
+            LOG.warn('Redirecting user "%s" from syspanel to dash  ( %s )' %
+                     ( args[0].user.username, fn.__name__) , exc_info=True)
+            return redirect('dash_overview')
+    return dec

django-openstack/django_openstack/syspanel/views/flavors.py

@@ -34,6 +34,7 @@ from openstackx.api import exceptions as api_exceptions
 
 from django_openstack import api
 from django_openstack import forms
+from django_openstack.decorators import enforce_admin_access
 
 LOG = logging.getLogger('django_openstack.syspanel.views.flavors')
 
@@ -75,6 +76,7 @@ class DeleteFlavor(forms.SelfHandlingForm):
         return redirect(request.build_absolute_uri())
 
 @login_required
+@enforce_admin_access
 def index(request):
     for f in (DeleteFlavor,):
         _, handled = f.maybe_handle(request)
@@ -98,6 +100,7 @@ def index(request):
 
 
 @login_required
+@enforce_admin_access
 def create(request):
     form, handled = CreateFlavor.maybe_handle(request)
     if handled:

django-openstack/django_openstack/syspanel/views/images.py

@@ -30,7 +30,7 @@ from glance.common import exception as glance_exception
 
 from django_openstack import api
 from django_openstack import forms
-
+from django_openstack.decorators import enforce_admin_access
 
 LOG = logging.getLogger('django_openstack.sysadmin.views.images')
 
@@ -81,6 +81,7 @@ class UpdateImageForm(forms.Form):
     #is_public = forms.BooleanField(label="Publicly Available", required=False)
 
 @login_required
+@enforce_admin_access
 def index(request):
     for f in (DeleteImage, ToggleImage):
         _, handled = f.maybe_handle(request)
@@ -112,6 +113,7 @@ def index(request):
 
 
 @login_required
+@enforce_admin_access
 def update(request, image_id):
     try:
         image = api.image_get(request, image_id)
@@ -190,6 +192,7 @@ def update(request, image_id):
 
 
 @login_required
+@enforce_admin_access
 def upload(request):
     if request.method == "POST":
         form = UploadImageForm(request.POST)

django-openstack/django_openstack/syspanel/views/instances.py

@@ -33,6 +33,8 @@ from django.contrib import messages
 from django_openstack import api
 from django_openstack import forms
 from django_openstack.dash.views import instances as dash_instances
+from django_openstack.decorators import enforce_admin_access
+
 from openstackx.api import exceptions as api_exceptions
 
 
@@ -76,6 +78,7 @@ def _csv_usage_link(date_start):
 
 
 @login_required
+@enforce_admin_access
 def usage(request):
     (date_start, date_end, datetime_start, datetime_end) = _get_start_and_end_date(request)
 
@@ -115,6 +118,7 @@ def usage(request):
 
 
 @login_required
+@enforce_admin_access
 def tenant_usage(request, tenant_id):
     (date_start, date_end, datetime_start, datetime_end) = _get_start_and_end_date(request)
     if date_start > _current_month():
@@ -167,6 +171,7 @@ def tenant_usage(request, tenant_id):
 
 
 @login_required
+@enforce_admin_access
 def index(request):
     for f in (TerminateInstance, RebootInstance):
         _, handled = f.maybe_handle(request)
@@ -192,6 +197,7 @@ def index(request):
     }, context_instance=template.RequestContext(request))
 
 @login_required
+@enforce_admin_access
 def refresh(request):
     for f in (TerminateInstance, RebootInstance):
         _, handled = f.maybe_handle(request)

django-openstack/django_openstack/syspanel/views/quotas.py

@@ -14,9 +14,10 @@ from openstackx.api import exceptions as api_exceptions
 
 from django_openstack import api
 from django_openstack import forms
-
+from django_openstack.decorators import enforce_admin_access
 
 @login_required
+@enforce_admin_access
 def index(request):
     quotas = api.admin_api(request).quota_sets.get(True)._info
     quotas['ram'] = int(quotas['ram']) / 100

django-openstack/django_openstack/syspanel/views/services.py

@@ -39,6 +39,7 @@ from django.contrib import messages
 from django_openstack import api
 from django_openstack import forms
 from django_openstack.dash.views import instances as dash_instances
+from django_openstack.decorators import enforce_admin_access
 from openstackx.api import exceptions as api_exceptions
 
 LOG = logging.getLogger('django_openstack.syspanel.views.services')
@@ -70,6 +71,7 @@ class ToggleService(forms.SelfHandlingForm):
 
 
 @login_required
+@enforce_admin_access
 def index(request):
     for f in (ToggleService,):
         _, handled = f.maybe_handle(request)

django-openstack/django_openstack/syspanel/views/tenants.py

@@ -35,6 +35,7 @@ from django.contrib import messages
 from django_openstack import api
 from django_openstack import forms
 from django_openstack.dash.views import instances as dash_instances
+from django_openstack.decorators import enforce_admin_access
 from openstackx.api import exceptions as api_exceptions
 
 
@@ -159,6 +160,7 @@ class UpdateQuotas(forms.SelfHandlingForm):
 
 
 @login_required
+@enforce_admin_access
 def index(request):
     tenants = []
     try:
@@ -173,6 +175,7 @@ def index(request):
 
 
 @login_required
+@enforce_admin_access
 def create(request):
     form, handled = CreateTenant.maybe_handle(request)
     if handled:
@@ -185,6 +188,7 @@ def create(request):
 
 
 @login_required
+@enforce_admin_access
 def update(request, tenant_id):
     form, handled = UpdateTenant.maybe_handle(request)
     if handled:
@@ -209,6 +213,7 @@ def update(request, tenant_id):
 
 
 @login_required
+@enforce_admin_access
 def users(request, tenant_id):
     for f in (AddUser, RemoveUser,):
         _, handled = f.maybe_handle(request)
@@ -242,6 +247,7 @@ def users(request, tenant_id):
 
 
 @login_required
+@enforce_admin_access
 def quotas(request, tenant_id):
     for f in (UpdateQuotas,):
         _, handled = f.maybe_handle(request)

django-openstack/django_openstack/syspanel/views/users.py

@@ -36,6 +36,7 @@ from django.contrib import messages
 from django_openstack import api
 from django_openstack import forms
 from django_openstack.dash.views import instances as dash_instances
+from django_openstack.decorators import enforce_admin_access
 from openstackx.api import exceptions as api_exceptions
 
 
@@ -91,6 +92,7 @@ class UserEnableDisableForm(forms.SelfHandlingForm):
 
 
 @login_required
+@enforce_admin_access
 def index(request):
     for f in (UserDeleteForm, UserEnableDisableForm):
         _, handled = f.maybe_handle(request)
@@ -115,6 +117,7 @@ def index(request):
 
 
 @login_required
+@enforce_admin_access
 def update(request, user_id):
     if request.method == "POST":
         tenants = api.tenant_list(request)
@@ -171,6 +174,7 @@ def update(request, user_id):
 
 
 @login_required
+@enforce_admin_access
 def create(request):
     try:
         tenants = api.tenant_list(request)