Adding permissions managing to objects

2025-03-12 04:58:34 +03:00 · 2015-03-02 11:51:20 +01:00 · 2015-03-02 11:51:20 +01:00 · 9920af9c59
commit 9920af9c59
parent 681b1333d1
10 changed files with 64 additions and 27 deletions
--- a/server/src/uds/core/util/permissions.py
+++ b/server/src/uds/core/util/permissions.py
@ -32,16 +32,19 @@
 '''
 from __future__ import unicode_literals

-__updated__ = '2015-03-01'
+__updated__ = '2015-03-02'

-from uds.models.Permissions import PERMISSION_ALL, PERMISSION_READ, PERMISSION_NONE
-from uds.models import Permissions, User, Group
+from uds.models import Permissions
 from uds.core.util import ot

 import logging

 logger = logging.getLogger(__name__)

+PERMISSION_ALL = Permissions.PERMISSION_ALL
+PERMISSION_READ = Permissions.PERMISSION_READ
+PERMISSION_NONE = Permissions.PERMISSION_NONE
+

 def clean(obj):
    Permissions.cleanPermissions(ot.getObjectType(obj), obj.pk)
@ -57,4 +60,10 @@ def addGroupPermission(group, obj, permission=PERMISSION_READ):


 def checkPermissions(user, obj, permission=PERMISSION_ALL):
+    if user.is_admin is True:
+        return True
+
+    if user.is_staff is False:
+        return False
+
    return Permissions.getPermissions(user=user, groups=user.groups.all(), object_type=ot.getObjectType(obj), object_id=obj.pk) >= permission
--- a/server/src/uds/models/Authenticator.py
+++ b/server/src/uds/models/Authenticator.py
@ -33,7 +33,7 @@

 from __future__ import unicode_literals

-__updated__ = '2015-03-01'
+__updated__ = '2015-03-02'

 from django.db import models
 from django.utils.encoding import python_2_unicode_compatible
--- a/server/src/uds/models/Network.py
+++ b/server/src/uds/models/Network.py
@ -33,9 +33,10 @@

 from __future__ import unicode_literals

-__updated__ = '2014-09-16'
+__updated__ = '2015-03-02'

 from django.db import models
+from django.db.models import signals
 from django.utils.encoding import python_2_unicode_compatible

 from uds.models.Transport import Transport
@ -127,3 +128,16 @@ class Network(UUIDModel):

    def __str__(self):
        return u'Network {0} ({1}) from {2} to {3}'.format(self.name, self.net_string, net.longToIp(self.net_start), net.longToIp(self.net_end))
+
+    @staticmethod
+    def beforeDelete(sender, **kwargs):
+        from uds.core.util.permissions import clean
+        toDelete = kwargs['instance']
+
+        logger.debug('Before delete auth {}'.format(toDelete))
+
+        # Clears related permissions
+        clean(toDelete)
+
+# Connects a pre deletion signal to Authenticator
+signals.pre_delete.connect(Network.beforeDelete, sender=Network)
--- a/server/src/uds/models/Permissions.py
+++ b/server/src/uds/models/Permissions.py
@ -33,7 +33,7 @@

 from __future__ import unicode_literals

-__updated__ = '2015-03-01'
+__updated__ = '2015-03-02'

 from django.utils.encoding import python_2_unicode_compatible
 from django.utils.translation import ugettext as _
@ -49,11 +49,6 @@ import logging

 logger = logging.getLogger(__name__)

-# Allowed permissions
-PERMISSION_NONE = 0
-PERMISSION_READ = 16
-PERMISSION_ALL = 32
-

@python_2_unicode_compatible
 class Permissions(UUIDModel):
@ -61,6 +56,10 @@ class Permissions(UUIDModel):
    An OS Manager represents a manager for responding requests for agents inside services.
    '''
    # pylint: disable=model-missing-unicode
+    # Allowed permissions
+    PERMISSION_NONE = 0
+    PERMISSION_READ = 16
+    PERMISSION_ALL = 32

    created = models.DateTimeField(db_index=True)
    ends = models.DateTimeField(db_index=True, null=True, blank=True, default=None)  # Future "permisions ends at this moment", not assigned right now
@ -76,9 +75,9 @@ class Permissions(UUIDModel):
    @staticmethod
    def permissionAsString(perm):
        return {
-            PERMISSION_NONE: _('None'),
-            PERMISSION_READ: _('Read'),
-            PERMISSION_ALL: _('All')
+            Permissions.PERMISSION_NONE: _('None'),
+            Permissions.PERMISSION_READ: _('Read'),
+            Permissions.PERMISSION_ALL: _('All')
        }.get(perm, _('None'))

    @staticmethod
@ -102,7 +101,7 @@ class Permissions(UUIDModel):

        object_id = kwargs.get('object_id', None)

-        permission = kwargs.get('permission', PERMISSION_NONE)
+        permission = kwargs.get('permission', Permissions.PERMISSION_NONE)

        if user is not None:
            q = Q(user=user)
@ -152,7 +151,7 @@ class Permissions(UUIDModel):
            logger.debug('Got permission {}'.format(perm))
            return perm.permission
        except Exception:  # DoesNotExists
-            return PERMISSION_NONE
+            return Permissions.PERMISSION_NONE

    @staticmethod
    def cleanPermissions(object_type, object_id):
--- a/server/src/uds/models/Provider.py
+++ b/server/src/uds/models/Provider.py
@ -33,7 +33,7 @@

 from __future__ import unicode_literals

-__updated__ = '2014-12-20'
+__updated__ = '2015-03-02'

 from django.utils.encoding import python_2_unicode_compatible
 from django.db import models
@ -88,7 +88,11 @@ class Provider(ManagedObjectModel):

        :note: If destroy raises an exception, the deletion is not taken.
        '''
+        from uds.core.util.permissions import clean
+
        toDelete = kwargs['instance']
+        logger.debug('Before delete service provider {}'.format(toDelete))
+
        # Only tries to get instance if data is not empty
        if toDelete.data != '':
            s = toDelete.getInstance()
@ -98,7 +102,8 @@ class Provider(ManagedObjectModel):
        # Clears related logs
        log.clearLogs(toDelete)

-        logger.debug('Before delete service provider {}'.format(toDelete))
+        # Clears related permissions
+        clean(toDelete)

 # : Connects a pre deletion signal to Provider
 signals.pre_delete.connect(Provider.beforeDelete, sender=Provider)
--- a/server/src/uds/models/Service.py
+++ b/server/src/uds/models/Service.py
@ -33,7 +33,7 @@

 from __future__ import unicode_literals

-__updated__ = '2014-09-16'
+__updated__ = '2015-03-02'

 from django.db import models
 from django.db.models import signals
@ -124,7 +124,10 @@ class Service(ManagedObjectModel):

        :note: If destroy raises an exception, the deletion is not taken.
        '''
+        from uds.core.util.permissions import clean
        toDelete = kwargs['instance']
+
+        logger.debug('Before delete service {}'.format(toDelete))
        # Only tries to get instance if data is not empty
        if toDelete.data != '':
            s = toDelete.getInstance()
@ -134,7 +137,8 @@ class Service(ManagedObjectModel):
        # Clears related logs
        log.clearLogs(toDelete)

-        logger.debug('Before delete service {}'.format(toDelete))
+        # Clears related permissions
+        clean(toDelete)

 # : Connects a pre deletion signal to Service
 signals.pre_delete.connect(Service.beforeDelete, sender=Service)
--- a/server/src/uds/models/ServicesPool.py
+++ b/server/src/uds/models/ServicesPool.py
@ -33,7 +33,7 @@

 from __future__ import unicode_literals

-__updated__ = '2015-02-01'
+__updated__ = '2015-03-02'

 from django.db import models
 from django.db.models import signals
@ -382,13 +382,17 @@ class DeployedService(UUIDModel):

        :note: If destroy raises an exception, the deletion is not taken.
        '''
+        from uds.core.util.permissions import clean
        toDelete = kwargs['instance']
+
+        logger.debug('Deleting Deployed Service {0}'.format(toDelete))
        toDelete.getEnvironment().clearRelatedData()

        # Clears related logs
        log.clearLogs(toDelete)

-        logger.debug('Deleting Deployed Service {0}'.format(toDelete))
+        # Clears related permissions
+        clean(toDelete)

    def __str__(self):
        return u"Deployed service {0}({1}) with {2} as initial, {3} as L1 cache, {4} as L2 cache, {5} as max".format(
--- a/server/src/uds/models/Transport.py
+++ b/server/src/uds/models/Transport.py
@ -33,7 +33,7 @@

 from __future__ import unicode_literals

-__updated__ = '2014-09-16'
+__updated__ = '2015-03-02'

 from django.db import models
 from django.db.models import signals
@ -125,15 +125,18 @@ class Transport(ManagedObjectModel):

        :note: If destroy raises an exception, the deletion is not taken.
        '''
+        from uds.core.util.permissions import clean
        toDelete = kwargs['instance']

+        logger.debug('Before delete transport {}'.format(toDelete))
        # Only tries to get instance if data is not empty
        if toDelete.data != '':
            s = toDelete.getInstance()
            s.destroy()
            s.env().clearRelatedData()

-        logger.debug('Before delete transport {}'.format(toDelete))
+        # Clears related permissions
+        clean(toDelete)

 # : Connects a pre deletion signal to OS Manager
 signals.pre_delete.connect(Transport.beforeDelete, sender=Transport)
--- a/server/src/uds/models/Util.py
+++ b/server/src/uds/models/Util.py
@ -33,12 +33,11 @@

 from __future__ import unicode_literals

-__updated__ = '2015-01-22'
+__updated__ = '2015-03-02'

 from datetime import datetime
 from django.db import connection
 from time import mktime
-import re


 import logging
--- a/server/src/uds/models/init.py
+++ b/server/src/uds/models/init.py
@ -33,7 +33,7 @@

 from __future__ import unicode_literals

-__updated__ = '2015-03-01'
+__updated__ = '2015-03-02'

 import logging