Improved performance on domain admin

This commit is contained in:
root 2014-11-05 21:29:14 +00:00
parent 6864e462bf
commit 8cce7b58f6
4 changed files with 15 additions and 28 deletions

26
TODO.md
View file

@ -159,45 +159,30 @@ Remember that, as always with QuerySets, any subsequent chained methods which im
* Resource monitoring without ROUTE alert or explicit error * Resource monitoring without ROUTE alert or explicit error
* Domain validation has to be done with injected records and subdomains * Domain validation has to be done with injected records and subdomains
* Names: lower andupper case allow or disallow ? webapps/account.username etc * Names: lower andupper case allow or disallow ? webapps/account.username etc
* Split plans into a separate app (plans and rates / services ) ? * Split plans into a separate app (plans and rates / services ) ?
* reconsider binding webapps to systemusers (pangea multiple users wordpress-ftp, moodle-pangea, etc)
* sync() ServiceController method that synchronizes orchestra and servers (delete or import) * sync() ServiceController method that synchronizes orchestra and servers (delete or import)
* validate address.forward: if mailbox in account.mailboxes then: _("Please use mailboxes field") or consider removing mailbox support on forward (user@pangea.org instead) * validate address.forward: if mailbox in account.mailboxes then: _("Please use mailboxes field") or consider removing mailbox support on forward (user@pangea.org instead)
* reespell systemuser to system_user
* remove order in account admin and others
* create admin prefetch_related on ExtendedModelAdmin * reespell systemuser to system_user
* remove order in account admin and others admininlines
* Databases.User add reverse M2M databases widget (like mailbox.addresses) * Databases.User add reverse M2M databases widget (like mailbox.addresses)
* One domain zone validation for each save, not one per subdomain, maybe on modeladmin.save_related? prevent save on model_related, and save it on save_related()
* Change permissions periodically on the web server, to ensure security * Change permissions periodically on the web server, to ensure security
* Apache RLimit ?
* Patch suexec: if user mismatch, check user belongs to suexecusergroup group
* fuck suexec http://www.litespeedtech.com/support/forum/threads/solved-cloudlinux-php-lsapi-say-no-to-suexec.5812/
* http://mail-archives.apache.org/mod_mbox/httpd-dev/201409.mbox/%3C5411FFBE.9050506@loginroot.com%3E ??
* Root owned logs on user's home ? * Root owned logs on user's home ?
* reconsider binding webapps to systemusers (pangea multiple users wordpress-ftp, moodle-pangea, etc)
* Secondary user home in /home/secondaryuser and simlink to /home/main/webapps/app so it can have private storage? * Secondary user home in /home/secondaryuser and simlink to /home/main/webapps/app so it can have private storage?
* Grant permissions like in webfaction * Grant permissions like in webfaction
* Secondaryusers home should be under mainuser home. i.e. /home/mainuser/webapps/seconduser_webapp/ * Secondaryusers home should be under mainuser home. i.e. /home/mainuser/webapps/seconduser_webapp/
* Make one dedicated CGI user for each account only for CGI execution (fpm/fcgid). Different from the files owner, and without W permissions, so attackers can not inject backdors and malware. * Make one dedicated CGI user for each account only for CGI execution (fpm/fcgid). Different from the files owner, and without W permissions, so attackers can not inject backdors and malware.
* In most cases we can prevent the creation of files for the CGI users, preventing attackers to upload and executing PHPShells. * In most cases we can prevent the creation of files for the CGI users, preventing attackers to upload and executing PHPShells.
@ -209,6 +194,3 @@ Remember that, as always with QuerySets, any subsequent chained methods which im
* resource min max allocation with validation * resource min max allocation with validation
* mailman needs both aliases when address_name is provided (default messages and bounces and all) * mailman needs both aliases when address_name is provided (default messages and bounces and all)
* specify field on ValidationError under model.clean() of form.clean(): ValidationError({'bark_volume': ["Must be louder!",]}
* And raise ValidationError once at the end collecting all errors at once

View file

@ -4,7 +4,7 @@ from django import forms
from django.contrib import admin from django.contrib import admin
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from orchestra.admin import ChangeListDefaultFilter, ExtendedModelAdmin from orchestra.admin import ExtendedModelAdmin
from orchestra.admin.utils import admin_link, change_url from orchestra.admin.utils import admin_link, change_url
from orchestra.apps.accounts.admin import AccountAdminMixin from orchestra.apps.accounts.admin import AccountAdminMixin
from orchestra.utils import apps from orchestra.utils import apps
@ -46,14 +46,19 @@ class DomainInline(admin.TabularInline):
account_link = admin_link('account') account_link = admin_link('account')
def display_records(self, domain): def display_records(self, domain):
return ', '.join(domain.records.values_list('type', flat=True)) return ', '.join([record.type for record in domain.records.all()])
display_records.short_description = _("Declared records") display_records.short_description = _("Declared records")
def has_add_permission(self, *args, **kwargs): def has_add_permission(self, *args, **kwargs):
return False return False
def get_queryset(self, request):
""" Order by structured name and imporve performance """
qs = super(DomainInline, self).get_queryset(request)
return qs.select_related('account').prefetch_related('records')
class DomainAdmin(ChangeListDefaultFilter, AccountAdminMixin, ExtendedModelAdmin): class DomainAdmin(AccountAdminMixin, ExtendedModelAdmin):
list_display = ( list_display = (
'structured_name', 'display_is_top', 'websites', 'account_link' 'structured_name', 'display_is_top', 'websites', 'account_link'
) )
@ -99,7 +104,7 @@ class DomainAdmin(ChangeListDefaultFilter, AccountAdminMixin, ExtendedModelAdmin
def get_queryset(self, request): def get_queryset(self, request):
""" Order by structured name and imporve performance """ """ Order by structured name and imporve performance """
qs = super(DomainAdmin, self).get_queryset(request) qs = super(DomainAdmin, self).get_queryset(request)
qs = qs.select_related('top') qs = qs.select_related('top', 'account')
# For some reason if we do this we know for sure that join table will be called T4 # For some reason if we do this we know for sure that join table will be called T4
query = str(qs.query) query = str(qs.query)
table = re.findall(r'(T\d+)\."account_id"', query)[0] table = re.findall(r'(T\d+)\."account_id"', query)[0]

View file

@ -68,8 +68,8 @@ class CreateDomainAdminForm(forms.ModelForm):
# self.save_formset(request, form, formset, change=change) # self.save_formset(request, form, formset, change=change)
# TODO do it in admin
class RecordInlineFormSet(forms.models.BaseInlineFormSet): class RecordInlineFormSet(forms.models.BaseInlineFormSet):
# TODO
def clean(self): def clean(self):
""" Checks if everything is consistent """ """ Checks if everything is consistent """
if any(self.errors): if any(self.errors):

View file

@ -62,7 +62,7 @@ class Domain(models.Model):
def render_zone(self): def render_zone(self):
origin = self.origin origin = self.origin
zone = origin.render_records() zone = origin.render_records()
for subdomain in origin.get_subdomains(): for subdomain in origin.get_subdomains().prefetch_related('records'):
zone += subdomain.render_records() zone += subdomain.render_records()
return zone return zone