django-orchestra/orchestra/contrib/systemusers/models.py

141 lines
5.4 KiB
Python
Raw Normal View History

2015-05-12 12:38:40 +00:00
import fnmatch
2014-10-02 15:58:27 +00:00
import os
from django.contrib.auth.hashers import make_password
from django.core.exceptions import ValidationError
from django.db import models
2015-05-13 12:16:51 +00:00
from django.db.models import F
from django.utils.functional import cached_property
from django.utils.translation import ugettext_lazy as _
2015-05-07 19:00:02 +00:00
from orchestra.core import validators
from . import settings
class SystemUserQuerySet(models.QuerySet):
def create_user(self, username, password='', **kwargs):
user = super(SystemUserQuerySet, self).create(username=username, **kwargs)
user.set_password(password)
user.save(update_fields=['password'])
2014-10-01 21:03:16 +00:00
return user
2015-05-13 12:16:51 +00:00
def by_is_main(self, is_main=True, **kwargs):
if is_main:
return self.filter(account__main_systemuser_id=F('id'))
else:
return self.exclude(account__main_systemuser_id=F('id'))
class SystemUser(models.Model):
2015-02-24 09:34:26 +00:00
"""
System users
2015-05-30 14:44:05 +00:00
Username max_length determined by LINUX system user/group lentgh: 32
2015-02-24 09:34:26 +00:00
"""
username = models.CharField(_("username"), max_length=32, unique=True,
2015-05-30 14:44:05 +00:00
help_text=_("Required. 32 characters or fewer. Letters, digits and ./-/_ only."),
2015-04-05 10:46:24 +00:00
validators=[validators.validate_username])
password = models.CharField(_("password"), max_length=128)
account = models.ForeignKey('accounts.Account', verbose_name=_("Account"),
2015-04-05 10:46:24 +00:00
related_name='systemusers')
home = models.CharField(_("home"), max_length=256, blank=True,
2015-04-05 10:46:24 +00:00
help_text=_("Starting location when login with this no-shell user."))
directory = models.CharField(_("directory"), max_length=256, blank=True,
2015-04-05 10:46:24 +00:00
help_text=_("Optional directory relative to user's home."))
shell = models.CharField(_("shell"), max_length=32, choices=settings.SYSTEMUSERS_SHELLS,
2015-04-05 10:46:24 +00:00
default=settings.SYSTEMUSERS_DEFAULT_SHELL)
2014-10-27 17:34:14 +00:00
groups = models.ManyToManyField('self', blank=True, symmetrical=False,
2015-04-05 10:46:24 +00:00
help_text=_("A new group will be created for the user. "
"Which additional groups would you like them to be a member of?"))
is_active = models.BooleanField(_("active"), default=True,
2015-04-05 10:46:24 +00:00
help_text=_("Designates whether this account should be treated as active. "
"Unselect this instead of deleting accounts."))
objects = SystemUserQuerySet.as_manager()
2015-04-02 16:14:55 +00:00
def __str__(self):
return self.username
@cached_property
def active(self):
2014-10-02 15:58:27 +00:00
try:
return self.is_active and self.account.is_active
except type(self).account.field.rel.to.DoesNotExist:
return self.is_active
2014-10-23 21:25:44 +00:00
@cached_property
2014-10-23 15:38:46 +00:00
def is_main(self):
2014-10-23 21:25:44 +00:00
# TODO on account delete
2014-10-23 15:38:46 +00:00
# On account creation main_systemuser_id is still None
if self.account.main_systemuser_id:
return self.account.main_systemuser_id == self.pk
return self.account.username == self.username
2015-05-12 12:38:40 +00:00
@cached_property
def main(self):
2015-06-15 11:21:33 +00:00
# On account creation main_systemuser_id is still None
if self.account.main_systemuser_id:
return self.account.main_systemuser
return type(self).objects.get(username=self.account.username)
2015-05-12 12:38:40 +00:00
@property
def has_shell(self):
return self.shell not in settings.SYSTEMUSERS_DISABLED_SHELLS
2015-05-09 17:08:45 +00:00
def disable(self):
self.is_active = False
self.save(update_fields=('is_active',))
2014-11-27 19:17:26 +00:00
def get_description(self):
return self.get_shell_display()
def save(self, *args, **kwargs):
if not self.home:
self.home = self.get_base_home()
super(SystemUser, self).save(*args, **kwargs)
def clean(self):
2015-07-29 09:05:07 +00:00
self.directory = self.directory.lstrip('/')
2014-11-27 19:17:26 +00:00
if self.home:
self.home = os.path.normpath(self.home)
if self.directory:
2015-05-12 12:38:40 +00:00
self.directory = os.path.normpath(self.directory)
dir_errors = []
if self.has_shell:
2015-05-12 12:38:40 +00:00
dir_errors.append(_("Directory with shell users can not be specified."))
elif self.account_id and self.is_main:
2015-05-12 12:38:40 +00:00
dir_errors.append(_("Directory with main system users can not be specified."))
elif self.home == self.get_base_home():
2015-05-12 12:38:40 +00:00
dir_errors.append(_("Directory on the user's base home is not allowed."))
for pattern in settings.SYSTEMUSERS_FORBIDDEN_PATHS:
if fnmatch.fnmatch(self.directory, pattern):
dir_errors.append(_("Provided directory is forbidden."))
if dir_errors:
raise ValidationError({
2015-05-12 12:38:40 +00:00
'directory': [ValidationError(error) for error in dir_errors]
})
2015-04-08 14:41:09 +00:00
if self.has_shell and self.home and self.home != self.get_base_home():
raise ValidationError({
'home': _("Shell users should use their own home."),
})
2014-10-06 14:57:02 +00:00
def set_password(self, raw_password):
self.password = make_password(raw_password)
2015-05-13 12:16:51 +00:00
def set_permission(self, base_home, extension, perms='rw', action='grant'):
self.set_perm_action = action
self.set_perm_base_home = base_home
self.set_perm_home_extension = extension
self.set_perm_perms = perms
def get_base_home(self):
context = {
2015-03-10 21:51:10 +00:00
'user': self.username,
'username': self.username,
}
return os.path.normpath(settings.SYSTEMUSERS_HOME % context)
2014-10-02 15:58:27 +00:00
def get_home(self):
2015-03-02 10:37:25 +00:00
return os.path.normpath(os.path.join(self.home, self.directory))