# Standard library imports. from StringIO import StringIO from zipfile import ZipFile, ZIP_DEFLATED # Django imports. from django.contrib.auth.decorators import permission_required from django.contrib import messages from django.core.urlresolvers import reverse, reverse_lazy from django.http import HttpResponse from django.shortcuts import render_to_response, get_object_or_404 from django.views.generic import TemplateView, DetailView, CreateView, UpdateView, DeleteView # Third-party application imports. from braces.views import MultiplePermissionsRequiredMixin # Application imports. from .forms import EntityForm, InterfaceForm, CommunicationForm from .models import Project, Entity, Location, Interface, Communication from .utils import generate_entity_iptables class IndexView(MultiplePermissionsRequiredMixin, TemplateView): """ Custom view used for rendering the index page. """ template_name = 'conntrackt/index.html' # Required permissions. permissions = { "all": ("conntrackt.view",), } # Raise authorisation denied exception for unmet permissions. raise_exception = True def get_context_data(self, **kwargs): """ Returns the context data that should be used for rendering of the template. Adds the 'projects' context object containing all of the projects available sorted aplhabetically by name. """ # Set the context using the parent class. context = super(IndexView, self).get_context_data(**kwargs) # Store information about all projcts in context. context['projects'] = Project.objects.all().order_by('name') # Store information about all locations in context. context['locations'] = Location.objects.all().order_by('name') return context class ProjectView(MultiplePermissionsRequiredMixin, DetailView): """ Custom view for presenting the project information. """ model = Project permissions = { "all": ("conntrackt.view",), } # Raise authorisation denied exception for unmet permissions. raise_exception = True def get_context_data(self, **kwargs): """ Returns the context data that should be used for rendering of the template. Adds the 'location_entities' context object that contains tuples of the form '(location, entities)', where location is an instance of a Location, and entities is a query set of entities that belong to that particular location, and to related project. """ # Set the context using the parent class. context = super(ProjectView, self).get_context_data(**kwargs) # Set-up an array that will contaion (location, entities) tuples. location_entities = [] # Add the (location, entities) tuple for each location that has entities # belonging to the related project. for location in Location.objects.filter(entity__project=self.object).distinct().order_by("name"): entities = Entity.objects.filter(project=self.object, location=location) location_entities.append((location, entities)) # Add the (location, entities) tuples to context. context['location_entities'] = location_entities # Finally return the context. return context class EntityView(MultiplePermissionsRequiredMixin, DetailView): """ Custom view for presenting entity information. """ # Optimise the query to fetch the related data from reverse relationships. queryset = Entity.objects.all() queryset = queryset.prefetch_related('interface_set__destination_set__source__entity') queryset = queryset.prefetch_related('interface_set__destination_set__destination__entity') queryset = queryset.prefetch_related('interface_set__source_set__source__entity') queryset = queryset.prefetch_related('interface_set__source_set__destination__entity') # Required permissions. permissions = { "all": ("conntrackt.view",), } # Raise authorisation denied exception for unmet permissions. raise_exception = True def get_context_data(self, **kwargs): """ Returns the context data that should be used for rendering of the template. Adds the 'entity_iptables' context object that contains full iptables rules generated for the entity. """ # Call the parent class method. context = super(EntityView, self).get_context_data(**kwargs) # Add the rendered iptables rules to the context. context['entity_iptables'] = generate_entity_iptables(self.object) # Add the incoming and outgoing commmunication to the context. context["incoming_communications"] = self.object.incoming_communications() context["outgoing_communications"] = self.object.outgoing_communications() # Add the interfaces to the context. context["interfaces"] = self.object.interface_set.all().order_by("name") # Add project/location to the context. context["project"] = self.object.project context["location"] = self.object.location return context @permission_required("conntrackt.view", raise_exception=True) def entity_iptables(request, pk): """ Custom view that returns response containing iptables rules generated for an entity. Makes sure to set the Content-Disposition of a response in order to signal the browser it should start download of this view's response immediately. Also sets the suggested filename for it. Arguments: pk - Primary key of the Entity object for which the rules should be generated. Returns: Response object that contains the iptables rules for specified entity. """ # Fetch the entity, and construct the response with iptables rules as # content. entity = get_object_or_404(Entity, pk=pk) content = generate_entity_iptables(entity) response = HttpResponse(content, mimetype='text/plain') # Add the Content-Disposition information for the browser, telling the # browser to download the file with suggested filename. response['Content-Disposition'] = "attachment; filename=%s-iptables.conf" % entity.name.lower().replace(" ", "_") return response @permission_required("conntrackt.view", raise_exception=True) def project_iptables(request, project_id, location_id=None): """ Custom view for obtaining iptables for all entities of a project or project location in a single ZIP file. Arguments: request - Request object. project_id - Unique ID of the project for whose entities the iptables rules should be generated. location_id - Optional unique ID of the project location for whose entities the iptables rules should be generated. Default is None, which means generate rules for _all_ entities in a project. Returns: Response object that contains the ZIP file and Content-Disposition information. """ # Fetch the project. project = get_object_or_404(Project, pk=project_id) # Set-up a string IO object to which we'll write the ZIP file (in-memory). buff = StringIO() # Create a new ZIP file in-memory. zipped_iptables = ZipFile(buff, "w", ZIP_DEFLATED) # Create the response object, setting the mime type so browser could offer # to open the file with program as well. response = HttpResponse(mimetype='application/zip') # If specific location was specified, get the entities that are part of that # project location only, otherwise fetch all of the project's entities. Also # set-up the filename that will be suggested to the browser. if location_id: location = get_object_or_404(Location, pk=location_id) entities = project.entity_set.filter(location=location) filename = '%s-%s-iptables.zip' % (project.name.lower().replace(" ", "_"), location.name.lower().replace(" ", "_")) else: entities = project.entity_set.all() filename = '%s-iptables.zip' % (project.name.lower().replace(" ", "_")) # Render iptables rules for each entity, placing them in the ZIP archive. for entity in entities: entity_iptables = generate_entity_iptables(entity) zipped_iptables.writestr("%s-iptables.conf" % entity.name.lower().replace(" ", "_"), entity_iptables) # Close the archive, and flush the buffer. zipped_iptables.close() buff.flush() # Write the contents of our buffer (ZIP archive) to response content, and # close the IO string. response.write(buff.getvalue()) buff.close() # Set the Content-Disposition so the browser would know it should download # the archive, and suggest the filename. response['Content-Disposition'] = 'attachment; filename="%s"' % filename # Finally return the response object. return response class ProjectCreateView(MultiplePermissionsRequiredMixin, CreateView): """ View for creating a new project. """ model = Project template_name_suffix = "_create_form" # Required permissions. permissions = { "all": ("conntrackt.add_project",), } # Raise authorisation denied exception for unmet permissions. raise_exception = True def get_form(self, form_class): """ Implements an override for the default form constructed for the create view that includes some better styling of input widgets. """ form = super(ProjectCreateView, self).get_form(form_class) form.fields["name"].widget.attrs["class"] = "span6" form.fields["name"].widget.attrs["placeholder"] = "New Project" form.fields["description"].widget.attrs["class"] = "span6" form.fields["description"].widget.attrs["placeholder"] = "Description for new project." return form class ProjectUpdateView(MultiplePermissionsRequiredMixin, UpdateView): """ View for modifying an existing project. """ model = Project template_name_suffix = "_update_form" # Required permissions. permissions = { "all": ("conntrackt.change_project",), } # Raise authorisation denied exception for unmet permissions. raise_exception = True def get_form(self, form_class): """ Implements an override for the default form constructed for the create view that includes some better styling of input widgets. """ form = super(ProjectUpdateView, self).get_form(form_class) form.fields["name"].widget.attrs["class"] = "span6" form.fields["name"].widget.attrs["placeholder"] = "Project name" form.fields["description"].widget.attrs["class"] = "span6" form.fields["description"].widget.attrs["placeholder"] = "Description for project." return form class ProjectDeleteView(MultiplePermissionsRequiredMixin, DeleteView): """ View for deleting a project. """ model = Project # Required permissions. permissions = { "all": ("conntrackt.delete_project",), } # Raise authorisation denied exception for unmet permissions. raise_exception = True success_url = reverse_lazy("index") def post(self, *args, **kwargs): """ Add a success message that will be displayed to the user to confirm the project deletion. """ messages.success(self.request, "Project %s has been removed." % self.get_object().name, extra_tags="alert alert-success") return super(ProjectDeleteView, self).post(*args, **kwargs) class LocationCreateView(MultiplePermissionsRequiredMixin, CreateView): """ View for creating a new location. """ model = Location template_name_suffix = "_create_form" # Required permissions. permissions = { "all": ("conntrackt.add_location",), } # Raise authorisation denied exception for unmet permissions. raise_exception = True success_url = reverse_lazy("index") def get_form(self, form_class): """ Implements an override for the default form constructed for the create view that includes some better styling of input widgets. """ form = super(LocationCreateView, self).get_form(form_class) form.fields["name"].widget.attrs["class"] = "span6" form.fields["name"].widget.attrs["placeholder"] = "New Location" form.fields["description"].widget.attrs["class"] = "span6" form.fields["description"].widget.attrs["placeholder"] = "Description for new location." return form class LocationUpdateView(MultiplePermissionsRequiredMixin, UpdateView): """ View for modifying an existing location. """ model = Location template_name_suffix = "_update_form" # Required permissions. permissions = { "all": ("conntrackt.change_location",), } # Raise authorisation denied exception for unmet permissions. raise_exception = True success_url = reverse_lazy("index") def get_form(self, form_class): """ Implements an override for the default form constructed for the create view that includes some better styling of input widgets. """ form = super(LocationUpdateView, self).get_form(form_class) form.fields["name"].widget.attrs["class"] = "span6" form.fields["name"].widget.attrs["placeholder"] = "Location name" form.fields["description"].widget.attrs["class"] = "span6" form.fields["description"].widget.attrs["placeholder"] = "Description for location." return form class LocationDeleteView(MultiplePermissionsRequiredMixin, DeleteView): """ View for deleting a location. """ model = Location # Required permissions. permissions = { "all": ("conntrackt.delete_location",), } # Raise authorisation denied exception for unmet permissions. raise_exception = True success_url = reverse_lazy("index") def post(self, *args, **kwargs): """ Add a success message that will be displayed to the user to confirm the location deletion. """ messages.success(self.request, "Location %s has been removed." % self.get_object().name, extra_tags="alert alert-success") return super(LocationDeleteView, self).post(*args, **kwargs) class EntityCreateView(MultiplePermissionsRequiredMixin, CreateView): """ View for creating a new entity. """ model = Entity form_class = EntityForm template_name_suffix = "_create_form" # Required permissions. permissions = { "all": ("conntrackt.add_entity",), } # Raise authorisation denied exception for unmet permissions. raise_exception = True def get_form(self, form_class): """ Returns an instance of form that can be used by the view. The method will limit the project or location select inputs if request contained this information. """ form = super(EntityCreateView, self).get_form(form_class) # Limit the project selection if required. project_id = self.request.GET.get("project", None) if project_id: form.fields["project"].queryset = Project.objects.filter(pk=project_id) form.fields["project"].widget.attrs["readonly"] = True # Limit the location selection if required. location_id = self.request.GET.get("location", None) if location_id: form.fields["location"].queryset = Location.objects.filter(pk=location_id) form.fields["location"].widget.attrs["readonly"] = True return form def get_initial(self): """ Returns initial values that should be pre-selected (if they were specified through a GET parameter). """ initial = super(EntityCreateView, self).get_initial() initial["project"] = self.request.GET.get("project", None) initial["location"] = self.request.GET.get("location", None) return initial class EntityUpdateView(MultiplePermissionsRequiredMixin, UpdateView): """ View for updating an existing entity. """ model = Entity form_class = EntityForm template_name_suffix = "_update_form" # Required permissions. permissions = { "all": ("conntrackt.change_entity",), } # Raise authorisation denied exception for unmet permissions. raise_exception = True class EntityDeleteView(MultiplePermissionsRequiredMixin, DeleteView): """ View for deleting an entity. """ model = Entity # Required permissions. permissions = { "all": ("conntrackt.delete_entity",), } # Raise authorisation denied exception for unmet permissions. raise_exception = True def post(self, *args, **kwargs): """ Add a success message that will be displayed to the user to confirm the entity deletion. """ messages.success(self.request, "Entity %s has been removed." % self.get_object().name, extra_tags="alert alert-success") return super(EntityDeleteView, self).post(*args, **kwargs) def delete(self, *args, **kwargs): """ Deletes the object. This method is overridden in order to obtain the project ID for success URL. @TODO: Fix this once Django 1.6 comes out with fix from ticket 19044. """ self.success_url = reverse("project", args=(self.get_object().project.id,)) return super(EntityDeleteView, self).delete(*args, **kwargs) class InterfaceCreateView(MultiplePermissionsRequiredMixin, CreateView): """ View for creating a new interface. """ model = Interface form_class = InterfaceForm template_name_suffix = "_create_form" # Required permissions permissions = { "all": ("conntrackt.add_interface",), } # Raise authorisation denied exception for unmet permissions. raise_exception = True def get_form(self, form_class): """ Returns an instance of form that can be used by the view. The method will limit the entity select input if request contained this information. """ form = super(InterfaceCreateView, self).get_form(form_class) # Limit the entity selection if required. entity_id = self.request.GET.get("entity", None) if entity_id: form.fields["entity"].queryset = Entity.objects.filter(pk=entity_id) form.fields["entity"].widget.attrs["readonly"] = True return form def get_initial(self): """ Returns initial values that should be pre-selected (if they were specified through a GET parameter). """ initial = super(InterfaceCreateView, self).get_initial() initial["entity"] = self.request.GET.get("entity", None) return initial def get_success_url(self): """ Returns the URL to which the user should be redirected after an interface has been created. The URL in this case will be set to entity's details page. """ return reverse("entity", args=(self.object.entity.pk,)) class InterfaceUpdateView(MultiplePermissionsRequiredMixin, UpdateView): """ View for updating an existing interface. """ model = Interface form_class = InterfaceForm template_name_suffix = "_update_form" # Required permissions. permissions = { "all": ("conntrackt.change_interface",), } # Raise authorisation denied exception for unmet permissions. raise_exception = True def get_form(self, form_class): """ Returns an instance of form that can be used by the view. The method will limit the entities that can be selected for the interface to the ones that belong to the same project as the currently set entity. """ form = super(InterfaceUpdateView, self).get_form(form_class) # Limit the entities to same project. form.fields["entity"].queryset = Entity.objects.filter(project=self.object.entity.project) return form def get_success_url(self): """ Returns the URL to which the user should be redirected after an interface has been updated. The URL in this case will be set to entity's details page. """ return reverse("entity", args=(self.object.entity.pk,)) class InterfaceDeleteView(MultiplePermissionsRequiredMixin, DeleteView): """ View for deleting an interface. """ model = Interface # Required permissions. permissions = { "all": ("conntrackt.delete_interface",), } # Raise authorisation denied exception for unmet permissions. raise_exception = True def post(self, *args, **kwargs): """ Add a success message that will be displayed to the user to confirm the interface deletion. """ messages.success(self.request, "Interface %s has been removed." % self.get_object().name, extra_tags="alert alert-success") return super(InterfaceDeleteView, self).post(*args, **kwargs) def delete(self, *args, **kwargs): """ Deletes the object. This method is overridden in order to obtain the entity ID for success URL. @TODO: Fix this once Django 1.6 comes out with fix from ticket 19044. """ self.success_url = reverse("entity", args=(self.get_object().entity.id,)) return super(InterfaceDeleteView, self).delete(*args, **kwargs) class CommunicationCreateView(MultiplePermissionsRequiredMixin, CreateView): """ View for creating a new communication. """ model = Communication form_class = CommunicationForm template_name_suffix = "_create_form" # Required permissions permissions = { "all": ("conntrackt.add_communication",), } # Raise authorisation denied exception for unmet permissions. raise_exception = True def get_form(self, form_class): """ Returns an instance of form that can be used by the view. The method will limit the source and destination interface selection to interfaces belonging to the same project as provided entity ID (if any was provided). """ form = super(CommunicationCreateView, self).get_form(form_class) # Limit the interface selection based on provided source entity, # destination entity, or project. entity_id = self.request.GET.get("from_entity", None) or self.request.GET.get("to_entity", None) project_id = self.request.GET.get("project", None) if project_id: form.fields["source"].queryset = Interface.objects.filter(entity__project=project_id) form.fields["destination"].queryset = Interface.objects.filter(entity__project=project_id) elif entity_id: entity = Entity.objects.get(pk=1) form.fields["source"].queryset = Interface.objects.filter(entity__project=entity.project) form.fields["destination"].queryset = Interface.objects.filter(entity__project=entity.project) return form def get_initial(self): """ Returns initial values that should be pre-selected (if they were specified through a GET parameter). """ initial = super(CommunicationCreateView, self).get_initial() # If source or destination entity were specified in request, fetch the # first interface from them and use it as initial source and destination. from_entity = self.request.GET.get("from_entity", None) to_entity = self.request.GET.get("to_entity", None) if from_entity: try: interface = Interface.objects.filter(entity=from_entity)[0] initial["source"] = interface.id except IndexError: pass if to_entity: try: interface = Interface.objects.filter(entity=to_entity)[0] initial["destination"] = interface.id except IndexError: pass return initial def get_success_url(self): """ Returns the URL to which the user should be redirected after a communication has been created. The URL will be set to entity details page of an entity that was provided as part of the from/to GET request (in that order), or as a fallback it'll direct the user to source interface's entity details page. """ entity_id = self.request.GET.get("from_entity", None) or self.request.GET.get("to_entity", None) or self.object.source.entity.pk return reverse("entity", args=(entity_id,)) class CommunicationUpdateView(MultiplePermissionsRequiredMixin, UpdateView): """ View for updating an existing communication. """ model = Communication form_class = CommunicationForm template_name_suffix = "_update_form" # Required permissions. permissions = { "all": ("conntrackt.change_communication",), } # Raise authorisation denied exception for unmet permissions. raise_exception = True def get_form(self, form_class): """ Returns an instance of form that can be used by the view. The method will limit the source and destination interfaces that can be selected for the communication. Both will be limited to interfaces coming from entities that belong to the same project as current communication's source interface. """ form = super(CommunicationUpdateView, self).get_form(form_class) project = self.object.source.entity.project form.fields["source"].queryset = Interface.objects.filter(entity__project=project) form.fields["destination"].queryset = Interface.objects.filter(entity__project=project) return form def get_success_url(self): """ Returns the URL to which the user should be redirected after a communication has been created. The URL will be set to entity details page of an entity that was provided as part of the from/to GET request (in that order), or as a fallback it'll direct the user to source interface's entity details page. """ entity_id = self.request.GET.get("from_entity", None) or self.request.GET.get("to_entity", None) or self.object.source.entity.pk return reverse("entity", args=(entity_id,)) class CommunicationDeleteView(MultiplePermissionsRequiredMixin, DeleteView): """ View for deleting an communication. """ model = Communication # Required permissions. permissions = { "all": ("conntrackt.delete_communication",), } # Raise authorisation denied exception for unmet permissions. raise_exception = True def post(self, *args, **kwargs): """ Add a success message that will be displayed to the user to confirm the communication deletion. """ messages.success(self.request, "Communication %s has been removed." % self.get_object(), extra_tags="alert alert-success") return super(CommunicationDeleteView, self).post(*args, **kwargs) def delete(self, *args, **kwargs): """ Deletes the object. This method is overridden in order to obtain the entity ID for success URL. @TODO: Fix this once Django 1.6 comes out with fix from ticket 19044. """ entity_id = self.request.GET.get("from_entity", None) or self.request.GET.get("to_entity", None) or self.get_object().source.entity.pk self.success_url = reverse("entity", args=(entity_id,)) return super(CommunicationDeleteView, self).delete(*args, **kwargs)