Commit 023b3d3c authored by Levy--Falk Hugo's avatar Levy--Falk Hugo Committed by chirac

VLAN de pré-rézotage.

parent 0e56f22f
......@@ -63,6 +63,7 @@ from preferences.models import OptionalTopologie
options, created = OptionalTopologie.objects.get_or_create()
VLAN_NOK = options.vlan_decision_nok.vlan_id
VLAN_OK = options.vlan_decision_ok.vlan_id
VLAN_NON_MEMBER = options.vlan_non_member.vlan_id
RADIUS_POLICY = options.radius_general_policy
#: Serveur radius de test (pas la prod)
......@@ -329,17 +330,18 @@ def decide_vlan_and_register_switch(nas_machine, nas_type, port_number,
- mode strict :
- pas de chambre associée : VLAN_NOK
- pas d'utilisateur dans la chambre : VLAN_NOK
- cotisation non à jour : VLAN_NOK
- cotisation non à jour : VLAN_NON_MEMBER
- sinon passe à common (ci-dessous)
- mode common :
- interface connue (macaddress):
- utilisateur proprio non cotisant ou banni : VLAN_NOK
- utilisateur proprio non cotisant : VLAN_NON_MEMBER
- utilisateur proprio banni : VLAN_NOK
- user à jour : VLAN_OK
- interface inconnue :
- register mac désactivé : VLAN_NOK
- register mac désactivé : VLAN_NON_MEMBER
- register mac activé :
- dans la chambre associé au port, pas d'user ou non à
jour : VLAN_NOK
jour : VLAN_NON_MEMBER
- user à jour, autocapture de la mac et VLAN_OK
"""
# Get port from switch and port number
......@@ -407,8 +409,10 @@ def decide_vlan_and_register_switch(nas_machine, nas_type, port_number,
if not room_user:
return (sw_name, room, u'Chambre non cotisante', VLAN_NOK)
for user in room_user:
if not user.has_access():
if user.is_ban() or user.state != User.STATE_ACTIVE:
return (sw_name, room, u'Chambre resident desactive', VLAN_NOK)
elif not (user.is_connected() or user.is_whitelisted()):
return (sw_name, room, u'Utilisateur non cotisant', VLAN_NON_MEMBER)
# else: user OK, on passe à la verif MAC
# Si on fait de l'auth par mac, on cherche l'interface via sa mac dans la bdd
......@@ -424,13 +428,13 @@ def decide_vlan_and_register_switch(nas_machine, nas_type, port_number,
# On essaye de register la mac, si l'autocapture a été activée
# Sinon on rejette sur vlan_nok
if not nas_type.autocapture_mac:
return (sw_name, "", u'Machine inconnue', VLAN_NOK)
return (sw_name, "", u'Machine inconnue', VLAN_NON_MEMBER)
# On ne peut autocapturer que si on connait la chambre et donc l'user correspondant
elif not room:
return (sw_name,
"Inconnue",
u'Chambre et machine inconnues',
VLAN_NOK)
VLAN_NON_MEMBER)
else:
# Si la chambre est vide (local club, prises en libre services)
# Impossible d'autocapturer
......@@ -443,7 +447,7 @@ def decide_vlan_and_register_switch(nas_machine, nas_type, port_number,
room,
u'Machine et propriétaire de la chambre '
'inconnus',
VLAN_NOK)
VLAN_NON_MEMBER)
# Si il y a plus d'un user dans la chambre, impossible de savoir à qui
# Ajouter la machine
elif room_user.count() > 1:
......@@ -452,13 +456,13 @@ def decide_vlan_and_register_switch(nas_machine, nas_type, port_number,
u'Machine inconnue, il y a au moins 2 users '
'dans la chambre/local -> ajout de mac '
'automatique impossible',
VLAN_NOK)
VLAN_NON_MEMBER)
# Si l'adhérent de la chambre n'est pas à jour de cotis, pas d'autocapture
elif not room_user.first().has_access():
return (sw_name,
room,
u'Machine inconnue et adhérent non cotisant',
VLAN_NOK)
VLAN_NON_MEMBER)
# Sinon on capture et on laisse passer sur le bon vlan
else:
interface, reason = (room_user
......@@ -491,7 +495,7 @@ def decide_vlan_and_register_switch(nas_machine, nas_type, port_number,
return (sw_name,
room,
u'Machine non active / adherent non cotisant',
VLAN_NOK)
VLAN_NON_MEMBER)
## Si on choisi de placer les machines sur le vlan correspondant à leur type :
if RADIUS_POLICY == 'MACHINE':
DECISION_VLAN = interface.type.ip_type.vlan.vlan_id
......
# -*- coding: utf-8 -*-
# Generated by Django 1.10.7 on 2018-09-01 10:41
from __future__ import unicode_literals
from django.db import migrations, models
import django.db.models.deletion
def init_vlan_non_member(apps, schema_editor):
OptionalTopologie = apps.get_model('preferences', 'OptionalTopologie')
option, _created = OptionalTopologie.objects.get_or_create()
option.vlan_non_member = option.vlan_decision_nok
option.save()
class Migration(migrations.Migration):
dependencies = [
('machines', '0094_auto_20180815_1918'),
('preferences', '0050_auto_20180818_1329'),
]
operations = [
migrations.AddField(
model_name='optionaltopologie',
name='vlan_non_member',
field=models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.PROTECT, related_name='decision_non_member', to='machines.Vlan'),
),
migrations.RunPython(init_vlan_non_member)
]
......@@ -200,6 +200,13 @@ class OptionalTopologie(AclMixin, PreferencesModel):
blank=True,
null=True
)
vlan_non_member = models.OneToOneField(
'machines.Vlan',
on_delete=models.PROTECT,
related_name='decision_non_member',
blank=True,
null=True
)
class Meta:
permissions = (
......
......@@ -45,7 +45,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
</tr>
<tr>
<th>{% trans "Default shell for users" %}</th>
<td>{{ useroptions.shell_default }}</td>
<td>{{ useroptions.shell_default }}</td>
<th>{% trans "Users can edit their shell" %}</th>
<td>{{ useroptions.self_change_shell|tick }}</td>
</tr>
......@@ -118,6 +118,10 @@ with this program; if not, write to the Free Software Foundation, Inc.,
<th>{% trans "VLAN for machines rejected by RADIUS" %}</th>
<td>{{ topologieoptions.vlan_decision_nok }}</td>
</tr>
<tr>
<th>{% trans "VLAN for non members machines" %}</th>
<td>{{ topologieoptions.vlan_non_member }}</td>
</tr>
</table>
<h4>{% trans "General preferences" %}</h4>
<a class="btn btn-primary btn-sm" role="button" href="{% url 'preferences:edit-options' 'GeneralOption' %}">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment