diff --git a/app/sso/app_defines.py b/app/sso/app_defines.py new file mode 100644 index 0000000..6b1f58f --- /dev/null +++ b/app/sso/app_defines.py @@ -0,0 +1,3 @@ +# Rule Checktypes +CHECK_TYPE_AND = 0 +CHECK_TYPE_OR = 1 diff --git a/app/sso/migrations/0009_auto__add_permissionrule__add_permissionruleset.py b/app/sso/migrations/0009_auto__add_permissionrule__add_permissionruleset.py new file mode 100644 index 0000000..1087ff7 --- /dev/null +++ b/app/sso/migrations/0009_auto__add_permissionrule__add_permissionruleset.py @@ -0,0 +1,222 @@ +# encoding: utf-8 +import datetime +from south.db import db +from south.v2 import SchemaMigration +from django.db import models + +class Migration(SchemaMigration): + + def forwards(self, orm): + + # Adding model 'PermissionRule' + db.create_table('sso_permissionrule', ( + ('id', self.gf('django.db.models.fields.AutoField')(primary_key=True)), + ('ruleset', self.gf('django.db.models.fields.related.ForeignKey')(related_name='rules', to=orm['sso.PermissionRuleset'])), + ('obj_type', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['contenttypes.ContentType'])), + ('obj_id', self.gf('django.db.models.fields.IntegerField')()), + ('check_type', self.gf('django.db.models.fields.IntegerField')()), + )) + db.send_create_signal('sso', ['PermissionRule']) + + # Adding model 'PermissionRuleset' + db.create_table('sso_permissionruleset', ( + ('id', self.gf('django.db.models.fields.AutoField')(primary_key=True)), + ('name', self.gf('django.db.models.fields.CharField')(max_length=200)), + ('active', self.gf('django.db.models.fields.BooleanField')(default=False)), + ('group', self.gf('django.db.models.fields.related.ForeignKey')(to=orm['auth.Group'])), + ('check_type', self.gf('django.db.models.fields.BooleanField')(default=False)), + )) + db.send_create_signal('sso', ['PermissionRuleset']) + + + def backwards(self, orm): + + # Deleting model 'PermissionRule' + db.delete_table('sso_permissionrule') + + # Deleting model 'PermissionRuleset' + db.delete_table('sso_permissionruleset') + + + models = { + 'auth.group': { + 'Meta': {'object_name': 'Group'}, + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}), + 'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}) + }, + 'auth.permission': { + 'Meta': {'ordering': "('content_type__app_label', 'content_type__model', 'codename')", 'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Permission'}, + 'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '50'}) + }, + 'auth.user': { + 'Meta': {'object_name': 'User'}, + 'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}), + 'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}), + 'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}), + 'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), + 'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), + 'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}), + 'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}), + 'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}), + 'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}), + 'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'}) + }, + 'contenttypes.contenttype': { + 'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"}, + 'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '100'}) + }, + 'eve_api.eveplayeralliance': { + 'Meta': {'ordering': "['date_founded']", 'object_name': 'EVEPlayerAlliance'}, + 'api_last_updated': ('django.db.models.fields.DateTimeField', [], {'null': 'True', 'blank': 'True'}), + 'date_founded': ('django.db.models.fields.DateField', [], {'null': 'True', 'blank': 'True'}), + 'executor': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['eve_api.EVEPlayerCorporation']", 'null': 'True', 'blank': 'True'}), + 'group': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Group']", 'null': 'True', 'blank': 'True'}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'member_count': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '255', 'blank': 'True'}), + 'ticker': ('django.db.models.fields.CharField', [], {'max_length': '15', 'blank': 'True'}) + }, + 'eve_api.eveplayercharacter': { + 'Meta': {'object_name': 'EVEPlayerCharacter'}, + 'api_last_updated': ('django.db.models.fields.DateTimeField', [], {'null': 'True', 'blank': 'True'}), + 'attrib_charisma': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}), + 'attrib_intelligence': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}), + 'attrib_memory': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}), + 'attrib_perception': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}), + 'attrib_willpower': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}), + 'balance': ('django.db.models.fields.FloatField', [], {'null': 'True', 'blank': 'True'}), + 'corporation': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['eve_api.EVEPlayerCorporation']", 'null': 'True', 'blank': 'True'}), + 'corporation_date': ('django.db.models.fields.DateTimeField', [], {'null': 'True', 'blank': 'True'}), + 'current_location_id': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}), + 'gender': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'last_login': ('django.db.models.fields.DateTimeField', [], {'null': 'True', 'blank': 'True'}), + 'last_logoff': ('django.db.models.fields.DateTimeField', [], {'null': 'True', 'blank': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '255', 'blank': 'True'}), + 'race': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}), + 'roles': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': "orm['eve_api.EVEPlayerCharacterRole']", 'null': 'True', 'blank': 'True'}), + 'security_status': ('django.db.models.fields.FloatField', [], {'null': 'True', 'blank': 'True'}), + 'skills': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['eve_api.EVESkill']", 'through': "orm['eve_api.EVEPlayerCharacterSkill']", 'symmetrical': 'False'}), + 'total_sp': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}) + }, + 'eve_api.eveplayercharacterrole': { + 'Meta': {'object_name': 'EVEPlayerCharacterRole'}, + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '255'}), + 'roleid': ('django.db.models.fields.CharField', [], {'max_length': '64'}) + }, + 'eve_api.eveplayercharacterskill': { + 'Meta': {'object_name': 'EVEPlayerCharacterSkill'}, + 'character': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['eve_api.EVEPlayerCharacter']"}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'in_training': ('django.db.models.fields.IntegerField', [], {'default': '0'}), + 'level': ('django.db.models.fields.IntegerField', [], {'default': '0'}), + 'skill': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['eve_api.EVESkill']"}), + 'skillpoints': ('django.db.models.fields.IntegerField', [], {'default': '0'}) + }, + 'eve_api.eveplayercorporation': { + 'Meta': {'object_name': 'EVEPlayerCorporation'}, + 'alliance': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['eve_api.EVEPlayerAlliance']", 'null': 'True', 'blank': 'True'}), + 'alliance_join_date': ('django.db.models.fields.DateField', [], {'null': 'True', 'blank': 'True'}), + 'api_last_updated': ('django.db.models.fields.DateTimeField', [], {'null': 'True', 'blank': 'True'}), + 'ceo_character': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['eve_api.EVEPlayerCharacter']", 'null': 'True', 'blank': 'True'}), + 'description': ('django.db.models.fields.TextField', [], {'null': 'True', 'blank': 'True'}), + 'group': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Group']", 'null': 'True', 'blank': 'True'}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'logo_color1': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}), + 'logo_color2': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}), + 'logo_color3': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}), + 'logo_graphic_id': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}), + 'logo_shape1': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}), + 'logo_shape2': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}), + 'logo_shape3': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}), + 'member_count': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '255', 'null': 'True', 'blank': 'True'}), + 'shares': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}), + 'tax_rate': ('django.db.models.fields.FloatField', [], {'null': 'True', 'blank': 'True'}), + 'ticker': ('django.db.models.fields.CharField', [], {'max_length': '15', 'null': 'True', 'blank': 'True'}), + 'url': ('django.db.models.fields.URLField', [], {'max_length': '200', 'null': 'True', 'blank': 'True'}) + }, + 'eve_api.eveskill': { + 'Meta': {'object_name': 'EVESkill'}, + 'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}), + 'group': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['eve_api.EVESkillGroup']", 'null': 'True'}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '255', 'blank': 'True'}) + }, + 'eve_api.eveskillgroup': { + 'Meta': {'object_name': 'EVESkillGroup'}, + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '255', 'blank': 'True'}) + }, + 'sso.permissionrule': { + 'Meta': {'object_name': 'PermissionRule'}, + 'check_type': ('django.db.models.fields.IntegerField', [], {}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'obj_id': ('django.db.models.fields.IntegerField', [], {}), + 'obj_type': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['contenttypes.ContentType']"}), + 'ruleset': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'rules'", 'to': "orm['sso.PermissionRuleset']"}) + }, + 'sso.permissionruleset': { + 'Meta': {'object_name': 'PermissionRuleset'}, + 'active': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), + 'check_type': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), + 'group': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.Group']"}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '200'}) + }, + 'sso.service': { + 'Meta': {'ordering': "['id']", 'object_name': 'Service'}, + 'active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'api': ('django.db.models.fields.CharField', [], {'max_length': '200'}), + 'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '200'}), + 'settings_json': ('jsonfield.fields.JSONField', [], {'default': '{}', 'blank': 'True'}), + 'url': ('django.db.models.fields.CharField', [], {'max_length': '200', 'blank': 'True'}) + }, + 'sso.serviceaccount': { + 'Meta': {'ordering': "['user']", 'object_name': 'ServiceAccount'}, + 'active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'character': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['eve_api.EVEPlayerCharacter']", 'null': 'True'}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'service': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['sso.Service']"}), + 'service_uid': ('django.db.models.fields.CharField', [], {'max_length': '200'}), + 'user': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.User']"}) + }, + 'sso.ssouser': { + 'Meta': {'object_name': 'SSOUser'}, + 'api_service_password': ('django.db.models.fields.CharField', [], {'max_length': '200', 'blank': 'True'}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'primary_character': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['eve_api.EVEPlayerCharacter']", 'null': 'True'}), + 'user': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'profile'", 'unique': 'True', 'to': "orm['auth.User']"}) + }, + 'sso.ssouseripaddress': { + 'Meta': {'ordering': "['user']", 'object_name': 'SSOUserIPAddress'}, + 'first_seen': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'ip_address': ('django.db.models.fields.CharField', [], {'max_length': '200'}), + 'last_seen': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}), + 'user': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'ip_addresses'", 'to': "orm['auth.User']"}) + }, + 'sso.ssousernote': { + 'Meta': {'ordering': "['date_created']", 'object_name': 'SSOUserNote'}, + 'created_by': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['auth.User']"}), + 'date_created': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}), + 'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'note': ('django.db.models.fields.TextField', [], {}), + 'user': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'notes'", 'to': "orm['auth.User']"}) + } + } + + complete_apps = ['sso'] diff --git a/app/sso/models.py b/app/sso/models.py index 945d856..33604de 100644 --- a/app/sso/models.py +++ b/app/sso/models.py @@ -6,12 +6,15 @@ import types from django.db import models from django.db.models import signals from django.contrib.auth.models import User, UserManager, Group +from django.contrib.contenttypes.models import ContentType +from django.contrib.contenttypes import generic from django.utils import simplejson as json from jsonfield.fields import JSONField from eve_api.models import EVEAccount, EVEPlayerCorporation, EVEPlayerAlliance, EVEPlayerCharacter -from services import get_api +from sso.app_defines import * +from sso.services import get_api ## Exceptions @@ -194,3 +197,52 @@ class ServiceAccount(models.Model): raise ServiceError('Unable to delete account on related service') signals.pre_delete.connect(ServiceAccount.pre_delete_listener, sender=ServiceAccount) + + +class PermissionRuleset(models.Model): + """ A group of rules to assign a Group to a user """ + + name = models.CharField("Name", max_length=200) + active = models.BooleanField() + group = models.ForeignKey(Group) + + check_type = models.BooleanField() + + def check_ruleset(self, user): + if self.check_type == CHECK_TYPE_AND: + ret = False + for rule in self.rules: + ret = rule.check_rule(user) + return ret + elif self.check_type == CHECK_TYPE_OR: + for rule in self.rules: + if rule.check_rule(user) == True: + return True + return False + + class Meta: + verbose_name = u'Ruleset' + verbose_name_plural = u'Rulesets' + + +class PermissionRule(models.Model): + ruleset = models.ForeignKey(PermissionRuleset, related_name='rules') + + obj_type = models.ForeignKey(ContentType) + obj_id = models.IntegerField() + related_obj = generic.GenericForeignKey(obj_type, obj_id) + + check_type = models.IntegerField() + + def check_rule(self, user): + + if self.obj_type.app_label == 'eve_api' and self.obj_type.model == 'eveplayercorporation': + return EVEPlayerCharacter.objects.filter(eveaccount__user=user, corporation=self.related_obj).count() + elif self.obj_type.app_label == 'eve_api' and self.obj_type.model == 'eveplayeralliance': + return EVEPlayerCharacter.objects.filter(eveaccount__user=user, corporation__alliance=self.related_obj).count() + + return False + + class Meta: + verbose_name = u'Rule' + verbose_name_plural = u'Rules'