Use decorators for permission checks
This commit is contained in:
parent
0707fb2211
commit
c5f539e5e8
1 changed files with 149 additions and 164 deletions
313
manager/views.py
313
manager/views.py
|
@ -7,6 +7,7 @@ from django.utils import timezone
|
|||
from django.core.files import File
|
||||
from django.db.models.fields.files import FieldFile
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.auth.decorators import login_required, user_passes_test
|
||||
|
||||
from .models import Device, Organization, Network, Model, Wifi
|
||||
|
||||
|
@ -23,17 +24,21 @@ import tarfile
|
|||
import datetime
|
||||
import time
|
||||
|
||||
def is_superuser(user):
|
||||
return user.is_superuser
|
||||
|
||||
def is_staff(user):
|
||||
return user.is_staff
|
||||
|
||||
@login_required
|
||||
def index(request):
|
||||
if request.user.is_authenticated:
|
||||
return redirect("/devices")
|
||||
else:
|
||||
return redirect("/accounts/login")
|
||||
return redirect("/devices")
|
||||
|
||||
@csrf_exempt
|
||||
def heartbeat(request):
|
||||
device = get_object_or_404(Device, secret=request.POST.get("secret", ""))
|
||||
ip = request.POST.get("ip", "")
|
||||
|
||||
|
||||
if device.update:
|
||||
device.reboot = False
|
||||
code = """
|
||||
|
@ -133,16 +138,16 @@ def mkfirmware(device, path):
|
|||
vpnconf.write(device.vpnconfig)
|
||||
|
||||
# Write secret
|
||||
|
||||
|
||||
with open(tempdir.name + "/etc/vpnsecret", "w") as secret:
|
||||
secret.write('SECRET="%s"' % device.secret)
|
||||
|
||||
|
||||
# Write password
|
||||
|
||||
|
||||
with open(tempdir.name + "/etc/shadow", "r") as shadow:
|
||||
password = crypt.crypt(device.password, crypt.mksalt(crypt.METHOD_MD5))
|
||||
shadowin = shadow.read()
|
||||
|
||||
|
||||
with open(tempdir.name + "/etc/shadow", "w") as shadowout:
|
||||
shadowout.write(shadowin.replace("$PASSWORD", password))
|
||||
|
||||
|
@ -154,18 +159,6 @@ def mkfirmware(device, path):
|
|||
with open(tempdir.name + "/etc/config/wireless", "w") as wireout:
|
||||
wire = wirein.replace("$SSID", device.serial)
|
||||
wireout.write(wire + "\n" + makewificonfig(device))
|
||||
|
||||
'''
|
||||
# Generate .tar.gz file
|
||||
|
||||
with tarfile.open(tempdir.name + ".tar.gz", "w:gz") as tar:
|
||||
tar.add(tempdir.name, arcname=os.path.sep)
|
||||
|
||||
with open(tempdir.name + ".tar.gz", "rb") as download:
|
||||
response = HttpResponse(download.read(), content_type="application/tar+gzip")
|
||||
response['Content-Disposition'] = 'inline; filename=' + os.path.basename(device.serial + ".tar.gz")
|
||||
return response
|
||||
'''
|
||||
|
||||
# Create compilation environment
|
||||
|
||||
|
@ -203,7 +196,7 @@ def update(request):
|
|||
FWDIR = "/opt/vpnmanager/images/"
|
||||
|
||||
device = get_object_or_404(Device, secret=request.POST.get("secret", ""))
|
||||
|
||||
|
||||
if not mkfirmware(device, FWDIR):
|
||||
return HttpResponse(status=503)
|
||||
|
||||
|
@ -252,119 +245,113 @@ def ping(request, device_id):
|
|||
|
||||
ajax += "\n}"
|
||||
return HttpResponse(ajax, content_type="application/json")
|
||||
|
||||
|
||||
@login_required
|
||||
def devices(request):
|
||||
if request.user.is_authenticated:
|
||||
user = request.user
|
||||
devices = set()
|
||||
wifis = set()
|
||||
users = set()
|
||||
orga = ", ".join([x.__str__() for x in Organization.objects.filter(users=user)])
|
||||
user = request.user
|
||||
devices = set()
|
||||
wifis = set()
|
||||
users = set()
|
||||
orga = ", ".join([x.__str__() for x in Organization.objects.filter(users=user)])
|
||||
|
||||
for organization in Organization.objects.filter(users=user):
|
||||
for device in Device.objects.filter(organization=organization):
|
||||
devices.add(device)
|
||||
for wifi in Wifi.objects.filter(organization=organization):
|
||||
wifis.add(wifi)
|
||||
if user.is_staff:
|
||||
for orgauser in User.objects.filter(organization=organization):
|
||||
orgauser.organizations = set()
|
||||
for orga in Organization.objects.filter(users=orgauser):
|
||||
orgauser.organizations.add(orga)
|
||||
users.add(orgauser)
|
||||
for organization in Organization.objects.filter(users=user):
|
||||
for device in Device.objects.filter(organization=organization):
|
||||
devices.add(device)
|
||||
for wifi in Wifi.objects.filter(organization=organization):
|
||||
wifis.add(wifi)
|
||||
if user.is_staff:
|
||||
for orgauser in User.objects.filter(organization=organization):
|
||||
orgauser.organizations = set()
|
||||
for orga in Organization.objects.filter(users=orgauser):
|
||||
orgauser.organizations.add(orga)
|
||||
users.add(orgauser)
|
||||
|
||||
return render(request, "manager/index.html",
|
||||
{
|
||||
"title": "Device Administration",
|
||||
"user": user,
|
||||
"organization": orga,
|
||||
"devices": sorted(devices, key=lambda x: x.serial),
|
||||
"wifis": sorted(wifis, key=lambda x: x.serial),
|
||||
"users": sorted(users, key=lambda x: x.username)
|
||||
}
|
||||
)
|
||||
else:
|
||||
return redirect("/")
|
||||
return render(request, "manager/index.html",
|
||||
{
|
||||
"title": "Device Administration",
|
||||
"user": user,
|
||||
"organization": orga,
|
||||
"devices": sorted(devices, key=lambda x: x.serial),
|
||||
"wifis": sorted(wifis, key=lambda x: x.serial),
|
||||
"users": sorted(users, key=lambda x: x.username)
|
||||
}
|
||||
)
|
||||
|
||||
@login_required
|
||||
def editdevice(request, device_id):
|
||||
if request.user.is_authenticated:
|
||||
device = None
|
||||
subnets = set()
|
||||
wifis = set()
|
||||
|
||||
for organization in Organization.objects.filter(users=request.user):
|
||||
device = device or Device.objects.filter(id=device_id, organization=organization)
|
||||
if not device:
|
||||
device = None
|
||||
subnets = set()
|
||||
wifis = set()
|
||||
|
||||
for organization in Organization.objects.filter(users=request.user):
|
||||
device = device or Device.objects.filter(id=device_id, organization=organization)
|
||||
if not device:
|
||||
return redirect("/")
|
||||
|
||||
for subnet in Network.objects.filter(organizations=device[0].organization):
|
||||
subnets.add(subnet)
|
||||
|
||||
for wifi in Wifi.objects.filter(organization=device[0].organization):
|
||||
wifis.add(wifi)
|
||||
|
||||
|
||||
if request.POST.get("subnet", ""):
|
||||
subnet = Network.objects.filter(intip=request.POST.get("subnet", device[0].network.intip if device[0].network else "No VPN"))
|
||||
|
||||
if subnet[0] in subnets:
|
||||
device[0].name = request.POST.get("name", "")
|
||||
device[0].network = subnet[0]
|
||||
device[0].reboot = True if request.POST.get("reboot", "0") == "True" else False
|
||||
device[0].update = True if request.POST.get("update", "0") == "True" else False
|
||||
device[0].wifi.set(request.POST.getlist("wifi", []))
|
||||
device[0].changed = timezone.now()
|
||||
device[0].save()
|
||||
|
||||
return redirect("/")
|
||||
|
||||
for subnet in Network.objects.filter(organizations=device[0].organization):
|
||||
subnets.add(subnet)
|
||||
|
||||
for wifi in Wifi.objects.filter(organization=device[0].organization):
|
||||
wifis.add(wifi)
|
||||
|
||||
|
||||
if request.POST.get("subnet", ""):
|
||||
subnet = Network.objects.filter(intip=request.POST.get("subnet", device[0].network.intip if device[0].network else "No VPN"))
|
||||
|
||||
if subnet[0] in subnets:
|
||||
device[0].name = request.POST.get("name", "")
|
||||
device[0].network = subnet[0]
|
||||
device[0].reboot = True if request.POST.get("reboot", "0") == "True" else False
|
||||
device[0].update = True if request.POST.get("update", "0") == "True" else False
|
||||
device[0].wifi.set(request.POST.getlist("wifi", []))
|
||||
device[0].changed = timezone.now()
|
||||
device[0].save()
|
||||
|
||||
return redirect("/")
|
||||
|
||||
return render(request, "manager/edit.html",
|
||||
{
|
||||
"title": "Edit Device",
|
||||
"device": device[0],
|
||||
"subnets": subnets,
|
||||
"user": request.user,
|
||||
"wifis": wifis,
|
||||
"curfis": Wifi.objects.filter(device=device[0])
|
||||
}
|
||||
)
|
||||
|
||||
else:
|
||||
return redirect("/")
|
||||
return render(request, "manager/edit.html",
|
||||
{
|
||||
"title": "Edit Device",
|
||||
"device": device[0],
|
||||
"subnets": subnets,
|
||||
"user": request.user,
|
||||
"wifis": wifis,
|
||||
"curfis": Wifi.objects.filter(device=device[0])
|
||||
}
|
||||
)
|
||||
|
||||
@login_required
|
||||
def edituser(request, user_id):
|
||||
if request.user.is_staff or request.user.id == user_id:
|
||||
if request.user.is_staff or request.user.id == user_id:
|
||||
user = None
|
||||
orgas = Organization.objects.filter(users=request.user)
|
||||
|
||||
for organization in orgas:
|
||||
user = user or User.objects.filter(id=user_id, organization=organization)
|
||||
user = user or User.objects.filter(id=user_id, organization=organization)
|
||||
if not user:
|
||||
return redirect("/")
|
||||
|
||||
if request.POST.get("form", ""):
|
||||
user[0].first_name = request.POST.get("firstname", "")
|
||||
user[0].last_name = request.POST.get("lastname", "")
|
||||
user[0].is_staff = True if request.POST.get("staff", "0") == "True" else False
|
||||
user[0].email = request.POST.get("email", "")
|
||||
user[0].save()
|
||||
user[0].first_name = request.POST.get("firstname", "")
|
||||
user[0].last_name = request.POST.get("lastname", "")
|
||||
user[0].is_staff = True if request.POST.get("staff", "0") == "True" else False
|
||||
user[0].email = request.POST.get("email", "")
|
||||
user[0].save()
|
||||
|
||||
return redirect("/")
|
||||
return redirect("/")
|
||||
|
||||
return render(request, "manager/edituser.html",
|
||||
{
|
||||
"title": "Edit User",
|
||||
"auser": user[0]
|
||||
}
|
||||
)
|
||||
{
|
||||
"title": "Edit User",
|
||||
"auser": user[0]
|
||||
}
|
||||
)
|
||||
|
||||
else:
|
||||
return redirect("/")
|
||||
else:
|
||||
return redirect('/accounts/login/?next=%s' % request.path)
|
||||
|
||||
@login_required
|
||||
def editwifi(request, wifi_id):
|
||||
if not request.user.is_authenticated:
|
||||
return redirect("/")
|
||||
|
||||
wifi = None
|
||||
|
||||
for organization in Organization.objects.filter(users=request.user):
|
||||
|
@ -388,17 +375,15 @@ def editwifi(request, wifi_id):
|
|||
}
|
||||
)
|
||||
|
||||
@user_passes_test(is_superuser)
|
||||
def getconfig(request, device_id):
|
||||
FWDIR = "/opt/vpnmanager/images/"
|
||||
|
||||
if not request.user.is_superuser:
|
||||
return redirect("/")
|
||||
|
||||
device = get_object_or_404(Device, id=device_id)
|
||||
|
||||
if not mkfirmware(device, FWDIR):
|
||||
return HttpResponse("Something went wrong generating the firmware image. The server may be busy, please try again later.")
|
||||
|
||||
|
||||
device.update = False
|
||||
device.save()
|
||||
|
||||
|
@ -407,68 +392,67 @@ def getconfig(request, device_id):
|
|||
response['Content-Disposition'] = 'inline; filename=%s.bin' % device.serial
|
||||
return response
|
||||
|
||||
@login_required
|
||||
def rebootdevice(request, device_id):
|
||||
if request.user.is_authenticated:
|
||||
device = None
|
||||
for organization in Organization.objects.filter(users=request.user):
|
||||
device = device or Device.objects.filter(id=device_id, organization=organization)
|
||||
device = None
|
||||
for organization in Organization.objects.filter(users=request.user):
|
||||
device = device or Device.objects.filter(id=device_id, organization=organization)
|
||||
|
||||
if device:
|
||||
device[0].reboot = True
|
||||
device[0].save()
|
||||
if device:
|
||||
device[0].reboot = True
|
||||
device[0].save()
|
||||
|
||||
return redirect("/")
|
||||
|
||||
@user_passes_test(is_staff)
|
||||
def updatedevice(request, device_id):
|
||||
if request.user.is_staff:
|
||||
device = None
|
||||
for organization in Organization.objects.filter(users=request.user):
|
||||
device = device or Device.objects.filter(id=device_id, organization=organization)
|
||||
device = None
|
||||
|
||||
if device:
|
||||
device[0].update = True
|
||||
device[0].save()
|
||||
for organization in Organization.objects.filter(users=request.user):
|
||||
device = device or Device.objects.filter(id=device_id, organization=organization)
|
||||
|
||||
if device:
|
||||
device[0].update = True
|
||||
device[0].save()
|
||||
|
||||
return redirect("/")
|
||||
|
||||
@user_passes_test(is_superuser)
|
||||
def deletedevice(request, device_id):
|
||||
if request.user.is_superuser:
|
||||
CADIR = "/etc/openvpn/ca/"
|
||||
BEFORE = os.getcwd()
|
||||
CADIR = "/etc/openvpn/ca/"
|
||||
BEFORE = os.getcwd()
|
||||
|
||||
device = get_object_or_404(Device, id=device_id)
|
||||
device = get_object_or_404(Device, id=device_id)
|
||||
|
||||
os.chdir(CADIR)
|
||||
os.chdir(CADIR)
|
||||
|
||||
subprocess.call(CADIR + "/revoke " + device.serial, shell=True)
|
||||
os.system("rm " + CADIR + "/keys/" + device.serial + ".{crt,csr,key}")
|
||||
subprocess.call(CADIR + "/revoke " + device.serial, shell=True)
|
||||
os.system("rm " + CADIR + "/keys/" + device.serial + ".{crt,csr,key}")
|
||||
|
||||
os.chdir(BEFORE)
|
||||
os.chdir(BEFORE)
|
||||
|
||||
device.delete()
|
||||
device.delete()
|
||||
|
||||
return redirect("/")
|
||||
|
||||
@user_passes_test(is_staff)
|
||||
def deletewifi(request, wifi_id):
|
||||
if request.user.is_staff:
|
||||
wifi = get_object_or_404(Wifi, id=wifi_id)
|
||||
wifi = get_object_or_404(Wifi, id=wifi_id)
|
||||
|
||||
for organization in Organization.objects.filter(users=request.user):
|
||||
if organization == wifi.organization:
|
||||
wifi.delete()
|
||||
break
|
||||
for organization in Organization.objects.filter(users=request.user):
|
||||
if organization == wifi.organization:
|
||||
wifi.delete()
|
||||
break
|
||||
|
||||
return redirect("/")
|
||||
|
||||
@user_passes_test(is_staff)
|
||||
def makewifi(request):
|
||||
wifi_serial = request.POST.get("serial", "")
|
||||
wifi_ssid = request.POST.get("ssid", "")
|
||||
wifi_key = request.POST.get("key", "")
|
||||
wifi_organization = request.POST.get("organization", "")
|
||||
|
||||
if not request.user.is_staff:
|
||||
return redirect("/")
|
||||
|
||||
if not wifi_serial:
|
||||
orga = Organization.objects.filter(users=request.user)
|
||||
|
||||
|
@ -479,15 +463,16 @@ def makewifi(request):
|
|||
}
|
||||
)
|
||||
|
||||
wifi = Wifi.objects.create(
|
||||
serial = wifi_serial,
|
||||
ssid = wifi_ssid,
|
||||
key = wifi_key,
|
||||
organization = Organization.objects.filter(id=wifi_organization)[0]
|
||||
)
|
||||
wifi = Wifi.objects.create(
|
||||
serial = wifi_serial,
|
||||
ssid = wifi_ssid,
|
||||
key = wifi_key,
|
||||
organization = Organization.objects.filter(id=wifi_organization)[0]
|
||||
)
|
||||
|
||||
return redirect("/")
|
||||
return redirect("/")
|
||||
|
||||
@user_passes_test(is_superuser)
|
||||
def makedevice(request):
|
||||
CADIR = "/etc/openvpn/ca/"
|
||||
CONFIGDIR = "/etc/openvpn/client-configs/"
|
||||
|
@ -499,13 +484,13 @@ def makedevice(request):
|
|||
device_model = request.POST.get("model", "")
|
||||
|
||||
if not request.user.is_superuser:
|
||||
return redirect("/")
|
||||
return redirect("/")
|
||||
|
||||
if not device_serial:
|
||||
orga = Organization.objects.all()
|
||||
models = Model.objects.all()
|
||||
|
||||
return render(request, "manager/add.html",
|
||||
orga = Organization.objects.all()
|
||||
models = Model.objects.all()
|
||||
|
||||
return render(request, "manager/add.html",
|
||||
{
|
||||
"title": "Add Device",
|
||||
"organizations": orga,
|
||||
|
@ -513,14 +498,14 @@ def makedevice(request):
|
|||
}
|
||||
)
|
||||
|
||||
if glob.glob(CADIR + "/keys/" + device_serial + "*"):
|
||||
return HttpResponse("This key already exists.")
|
||||
if glob.glob(CADIR + "/keys/" + device_serial + "*"):
|
||||
return HttpResponse("This key already exists.")
|
||||
|
||||
os.chdir(CADIR)
|
||||
|
||||
if subprocess.call(CADIR + "/generate-key " + device_serial, shell=True):
|
||||
os.chdir(BEFORE)
|
||||
return HttpResponse("Something went wrong trying to generate the key.")
|
||||
os.chdir(BEFORE)
|
||||
return HttpResponse("Something went wrong trying to generate the key.")
|
||||
|
||||
if glob.glob(CONFIGDIR + "/files/" + device_serial + "*"):
|
||||
os.chdir(BEFORE)
|
||||
|
|
Loading…
Reference in a new issue