Produits Entr'ouvert » Authentic 2

        # create CRUD operations and admin

        post_migrate.connect(signal_handlers.create_base_operations, sender=self)

from django.db.models import Manager, query

from django.db.models.query import Q

from authentic2.a2_rbac.utils import get_operation

class OperationManager(Manager):

    def get_by_natural_key(self, slug):

        return self.get(slug=slug)

    def has_perm(self, user, operation_slug, object_or_model, ou=None):

        """Test if an user can do the operation given by operation_slug

        on the given object_or_model eventually scoped by an organizational

        unit given by ou.

        Returns True or False.

        """

        ou_query = Q(ou__isnull=True)

        if ou:

            ou_query |= Q(ou=ou.as_scope())

        ct = ContentType.objects.get_for_model(object_or_model)

        target_query = Q(target_ct=ContentType.objects.get_for_model(ContentType), target_id=ct.pk)

        if isinstance(object_or_model, models.Model):

            target_query |= Q(target_ct=ct, target_id=object.pk)

        qs = models.Permission.objects.for_user(user)

        qs = qs.filter(operation__slug=operation_slug)

        qs = qs.filter(ou_query & target_query)

        return qs.exists()

class PermissionManagerBase(Manager):

    def get_by_natural_key(self, operation_slug, ou_nk, target_ct, target_nk):

        qs = self.filter(operation__slug=operation_slug)

        if ou_nk:

            try:

                ou = models.OrganizationalUnit.objects.get_by_natural_key(*ou_nk)

            except models.OrganizationalUnit.DoesNotExist:

                raise self.model.DoesNotExist

            qs = qs.filter(ou=ou)

        else:

            qs = qs.filter(ou__isnull=True)

        try:

            target_ct = ContentType.objects.get_by_natural_key(*target_ct)

        except ContentType.DoesNotExist:

            raise self.model.DoesNotExist

        target_model = target_ct.model_class()

        try:

            target = target_model.objects.get_by_natural_key(*target_nk)

        except target_model.DoesNotExist:

            raise self.model.DoesNotExist

        return qs.get(target_ct=ContentType.objects.get_for_model(target), target_id=target.pk)

class PermissionQueryset(query.QuerySet):

    def by_target_ct(self, target):

        """Filter permission whose target content-type matches the content

        type of the target argument

        """

        target_ct = ContentType.objects.get_for_model(target)

        return self.filter(target_ct=target_ct)

    def by_target(self, target):

        '''Filter permission whose target matches target'''

        return self.by_target_ct(target).filter(target_id=target.pk)

    def for_user(self, user):

        """Retrieve all permissions hold by an user through its role and

        inherited roles.

        """

        roles = models.Role.objects.for_user(user=user)

        return self.filter(roles__in=roles)

    def cleanup(self):

        count = 0

        for p in self:

            if not p.target and (p.target_ct_id or p.target_id):

                p.delete()

                count += 1

        return count

PermissionManager = PermissionManagerBase.from_queryset(PermissionQueryset)

        operation=None,

        if operation is None:

            operation = models.ADMIN_OP

from authentic2.a2_rbac.models import CHANGE_OP, MANAGE_MEMBERS_OP

# Generated by Django 2.2.19 on 2021-12-06 15:04

import django.db.models.deletion

from django.db import migrations, models

class Migration(migrations.Migration):

    dependencies = [

        ('a2_rbac', '0025_auto_20210622_1132'),

    ]

    operations = [

        migrations.CreateModel(

            name='Operation',

            fields=[

                (

                    'id',

                    models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),

                ),

                ('slug', models.CharField(max_length=32, unique=True, verbose_name='slug')),

            ],

        ),

        migrations.AlterField(

            model_name='permission',

            name='operation',

            field=models.ForeignKey(

                on_delete=django.db.models.deletion.CASCADE, to='a2_rbac.Operation', verbose_name='operation'

            ),

        ),

    ]

from django.utils.translation import gettext, pgettext_lazy

from authentic2.a2_rbac.utils import get_operation

from django_rbac.models import OrganizationalUnitAbstractBase, RoleAbstractBase, RoleParentingAbstractBase

from . import app_settings, fields

    from .managers import OrganizationalUnitManager

    objects = OrganizationalUnitManager()

class Operation(models.Model):

    from .managers import OperationManager

    slug = models.CharField(max_length=32, verbose_name=_('slug'), unique=True)

    def natural_key(self):

        return [self.slug]

    def __str__(self):

        return str(self._registry.get(self.slug, self.slug))

    def export_json(self):

        return {'slug': self.slug}

    @property

    def name(self):

        return str(self)

    @classmethod

    def register(cls, name, slug):

        cls._registry[slug] = name

        return cls(slug=slug)

    _registry = {}

    objects = OperationManager()

Operation._meta.natural_key = ['slug']

class PermissionAbstractBase(models.Model):

    from .managers import PermissionManager

    operation = models.ForeignKey(to=Operation, verbose_name=_('operation'), on_delete=models.CASCADE)

    ou = models.ForeignKey(

        to=OrganizationalUnit,

        verbose_name=_('organizational unit'),

        related_name='scoped_permission',

        null=True,

        on_delete=models.CASCADE,

    )

    target_ct = models.ForeignKey(to='contenttypes.ContentType', related_name='+', on_delete=models.CASCADE)

    target_id = models.PositiveIntegerField()

    target = GenericForeignKey('target_ct', 'target_id')

    objects = PermissionManager()

    def natural_key(self):

        return [

            self.operation.slug,

            self.ou and self.ou.natural_key(),

            self.target and self.target_ct.natural_key(),

            self.target and self.target.natural_key(),

        ]

    def export_json(self):

        return {

            "operation": self.operation.natural_key_json(),

            "ou": self.ou and self.ou.natural_key_json(),

            'target_ct': self.target_ct.natural_key_json(),

            "target": self.target.natural_key_json(),

        }

    def __str__(self):

        ct = ContentType.objects.get_for_id(self.target_ct_id)

        ct_ct = ContentType.objects.get_for_model(ContentType)

        if ct == ct_ct:

            target = ContentType.objects.get_for_id(self.target_id)

            s = f'{self.operation} / {target}'

        else:

            s = f'{self.operation} / {ct} / {self.target}'

        if self.ou:

            s += gettext(' (scope "{0}")').format(self.ou)

        return s

    class Meta:

        abstract = True

        # FIXME: it's still allow non-unique permission with ou=null

        unique_together = (('operation', 'ou', 'target_ct', 'target_id'),)

    from .managers import RoleManager

        operation = get_operation(op)

        operation = get_operation(op)

    objects = RoleManager()

# base rbac operations

ADMIN_OP = Operation.register(name=_('Management'), slug='admin')

CHANGE_OP = Operation.register(name=_('Change'), slug='change')

DELETE_OP = Operation.register(name=_('Delete'), slug='delete')

ADD_OP = Operation.register(name=_('Add'), slug='add')

VIEW_OP = Operation.register(name=_('View'), slug='view')

SEARCH_OP = Operation.register(name=_('Search'), slug='search')

# a2 specific operations

from authentic2.a2_rbac.models import Operation, OrganizationalUnit, Role

from authentic2.a2_rbac.utils import get_operation

def create_base_operations(app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS, **kwargs):

    '''Create some basic operations, matching permissions from Django'''

    from .models import ADD_OP, ADMIN_OP, CHANGE_OP, DELETE_OP, SEARCH_OP, VIEW_OP

    if not router.allow_migrate(using, Operation):

        return

    get_operation(ADD_OP)

    get_operation(CHANGE_OP)

    get_operation(DELETE_OP)

    get_operation(VIEW_OP)

    get_operation(ADMIN_OP)

    get_operation(SEARCH_OP)

        operation=get_operation(models.VIEW_OP),

            operation=get_operation(models.SEARCH_OP),

            operation=get_operation(models.SEARCH_OP),

        operation=get_operation(models.MANAGE_AUTHORIZATIONS_OP),

def get_operation(operation_tpl):

    operation, dummy = models.Operation.objects.get_or_create(slug=operation_tpl.slug)

    return operation

from authentic2.a2_rbac.models import (

    Operation,

    OrganizationalUnit,

    Permission,

    Role,

    RoleAttribute,

    RoleParenting,

)

from authentic2.a2_rbac.models import ADMIN_OP

from authentic2.a2_rbac.utils import get_operation

from authentic2.a2_rbac.models import Operation, OrganizationalUnit, Permission, Role

from authentic2.a2_rbac.models import Operation

from authentic2.a2_rbac.models import SEARCH_OP

from authentic2.a2_rbac.models import (

    ADMIN_OP,

    MANAGE_MEMBERS_OP,

    VIEW_OP,

    Operation,

    OrganizationalUnit,

    Permission,

    Role,

)

from authentic2.a2_rbac.utils import get_default_ou, get_operation

from authentic2.a2_rbac.models import MANAGE_MEMBERS_OP, VIEW_OP

from authentic2.a2_rbac.utils import get_default_ou, get_operation

from authentic2.a2_rbac.models import VIEW_OP

from authentic2.a2_rbac.utils import get_default_ou, get_operation, get_view_user_perm