1 |
|
# authentic2 - versatile identity manager
|
2 |
|
# Copyright (C) 2010-2019 Entr'ouvert
|
3 |
|
#
|
4 |
|
# This program is free software: you can redistribute it and/or modify it
|
5 |
|
# under the terms of the GNU Affero General Public License as published
|
6 |
|
# by the Free Software Foundation, either version 3 of the License, or
|
7 |
|
# (at your option) any later version.
|
8 |
|
#
|
9 |
|
# This program is distributed in the hope that it will be useful,
|
10 |
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
11 |
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
12 |
|
# GNU Affero General Public License for more details.
|
13 |
|
#
|
14 |
|
# You should have received a copy of the GNU Affero General Public License
|
15 |
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
16 |
|
|
17 |
|
from functools import partialmethod
|
18 |
|
|
19 |
|
from django import forms
|
20 |
|
from django.contrib import admin
|
21 |
|
|
22 |
|
from authentic2.attributes_ng.engine import get_service_attributes
|
23 |
|
from authentic2.forms.widgets import DatalistTextInput
|
24 |
|
|
25 |
|
from . import app_settings, models
|
26 |
|
|
27 |
|
|
28 |
|
class OIDCClaimInlineForm(forms.ModelForm):
|
29 |
|
def __init__(self, *args, **kwargs):
|
30 |
|
super().__init__(*args, **kwargs)
|
31 |
|
data = dict(get_service_attributes(getattr(self.instance, 'client', None))).keys()
|
32 |
|
widget = self.fields['value'].widget
|
33 |
|
widget.data = data
|
34 |
|
widget.name = 'list__oidcclaim-inline'
|
35 |
|
widget.attrs.update({'list': 'list__oidcclaim-inline'})
|
36 |
|
|
37 |
|
class Meta:
|
38 |
|
model = models.OIDCClaim
|
39 |
|
fields = ['name', 'value', 'scopes']
|
40 |
|
widgets = {
|
41 |
|
'value': DatalistTextInput,
|
42 |
|
}
|
43 |
|
|
44 |
|
|
45 |
|
class OIDCClaimInlineAdmin(admin.TabularInline):
|
46 |
|
|
47 |
|
model = models.OIDCClaim
|
48 |
|
form = OIDCClaimInlineForm
|
49 |
|
extra = 0
|
50 |
|
|
51 |
|
def get_formset(self, request, obj=None, **kwargs):
|
52 |
|
initial = []
|
53 |
|
# formsets are only saved if formset.has_changed() is True, so only set initial
|
54 |
|
# values on the GET (display of the creation form)
|
55 |
|
if request.method == 'GET' and not obj:
|
56 |
|
initial.extend(app_settings.DEFAULT_MAPPINGS)
|
57 |
|
self.extra = 5
|
58 |
|
formset = super().get_formset(request, obj=obj, **kwargs)
|
59 |
|
formset.__init__ = partialmethod(formset.__init__, initial=initial)
|
60 |
|
return formset
|
61 |
|
|
62 |
|
|
63 |
|
class OIDCClientAdmin(admin.ModelAdmin):
|
64 |
|
list_display = [
|
65 |
|
'name',
|
66 |
|
'slug',
|
67 |
|
'client_id',
|
68 |
|
'ou',
|
69 |
|
'identifier_policy',
|
70 |
|
'created',
|
71 |
|
'modified',
|
72 |
|
'activate_user_profiles',
|
73 |
|
]
|
74 |
|
list_filter = ['ou', 'identifier_policy']
|
75 |
|
date_hierarchy = 'modified'
|
76 |
|
readonly_fields = ['created', 'modified']
|
77 |
|
inlines = [OIDCClaimInlineAdmin]
|
78 |
|
|
79 |
|
|
80 |
|
class OIDCAuthorizationAdmin(admin.ModelAdmin):
|
81 |
|
list_display = ['client', 'user', 'created', 'expired']
|
82 |
|
search_fields = ['user__first_name', 'user__last_name', 'user__email', 'user__username']
|
83 |
|
date_hierarchy = 'created'
|
84 |
|
readonly_fields = ['created', 'expired']
|
85 |
|
|
86 |
|
def get_queryset(self, request):
|
87 |
|
qs = super().get_queryset(request)
|
88 |
|
qs = qs.prefetch_related('client')
|
89 |
|
return qs
|
90 |
|
|
91 |
|
def get_search_results(self, request, queryset, search_term):
|
92 |
|
from django.contrib.contenttypes.models import ContentType
|
93 |
|
|
94 |
|
from authentic2.a2_rbac.models import OrganizationalUnit as OU
|
95 |
|
|
96 |
|
queryset, use_distinct = super().get_search_results(request, queryset, search_term)
|
97 |
|
clients = models.OIDCClient.objects.filter(name__contains=search_term).values_list('pk')
|
98 |
|
ous = OU.objects.filter(name__contains=search_term).values_list('pk')
|
99 |
|
queryset |= self.model.objects.filter(
|
100 |
|
client_ct=ContentType.objects.get_for_model(models.OIDCClient), client_id=clients
|
101 |
|
)
|
102 |
|
queryset |= self.model.objects.filter(client_ct=ContentType.objects.get_for_model(OU), client_id=ous)
|
103 |
|
return queryset, use_distinct
|
104 |
|
|
105 |
|
|
106 |
|
class OIDCCodeAdmin(admin.ModelAdmin):
|
107 |
|
list_display = ['client', 'user', 'uuid', 'created', 'expired']
|
108 |
|
list_filter = ['client']
|
109 |
|
search_fields = ['user__first_name', 'user__last_name', 'user__email', 'user__username', 'client__name']
|
110 |
|
date_hierarchy = 'created'
|
111 |
|
readonly_fields = ['uuid', 'created', 'expired', 'user', 'uuid', 'client', 'state', 'nonce']
|
112 |
|
|
113 |
|
|
114 |
|
class OIDCAccessTokenAdmin(admin.ModelAdmin):
|
115 |
|
list_display = ['client', 'user', 'uuid', 'created', 'expired']
|
116 |
|
list_filter = ['client']
|
117 |
|
search_fields = ['user__first_name', 'user__last_name', 'user__email', 'user__username', 'client__name']
|
118 |
|
date_hierarchy = 'created'
|
119 |
|
readonly_fields = ['uuid', 'created', 'expired']
|
120 |
|
|
121 |
|
|
122 |
|
admin.site.register(models.OIDCClient, OIDCClientAdmin)
|
123 |
|
admin.site.register(models.OIDCAuthorization, OIDCAuthorizationAdmin)
|
124 |
|
admin.site.register(models.OIDCCode, OIDCCodeAdmin)
|
125 |
|
admin.site.register(models.OIDCAccessToken, OIDCAccessTokenAdmin)
|