django-orchestra/orchestra/contrib/systemusers/models.py

import fnmatch
import os

from django.contrib.auth.hashers import make_password
from django.core.exceptions import ValidationError
from django.db import models
from django.db.models import F
from django.utils.functional import cached_property
from django.utils.translation import ugettext_lazy as _

from orchestra.core import validators

from . import settings


class SystemUserQuerySet(models.QuerySet):
    def create_user(self, username, password='', **kwargs):
        user = super(SystemUserQuerySet, self).create(username=username, **kwargs)
        user.set_password(password)
        user.save(update_fields=['password'])
        return user
    
    def by_is_main(self, is_main=True, **kwargs):
        if is_main:
            return self.filter(account__main_systemuser_id=F('id'))
        else:
            return self.exclude(account__main_systemuser_id=F('id'))


class SystemUser(models.Model):
    """
    System users
    
    Username max_length determined by LINUX system user/group lentgh: 32
    """
    username = models.CharField(_("username"), max_length=32, unique=True,
        help_text=_("Required. 32 characters or fewer. Letters, digits and ./-/_ only."),
        validators=[validators.validate_username])
    password = models.CharField(_("password"), max_length=128)
    account = models.ForeignKey('accounts.Account', verbose_name=_("Account"),
        related_name='systemusers')
    home = models.CharField(_("home"), max_length=256, blank=True,
        help_text=_("Starting location when login with this no-shell user."))
    directory = models.CharField(_("directory"), max_length=256, blank=True,
        help_text=_("Optional directory relative to user's home."))
    shell = models.CharField(_("shell"), max_length=32, choices=settings.SYSTEMUSERS_SHELLS,
        default=settings.SYSTEMUSERS_DEFAULT_SHELL)
    groups = models.ManyToManyField('self', blank=True,  symmetrical=False,
        help_text=_("A new group will be created for the user. "
                    "Which additional groups would you like them to be a member of?"))
    is_active = models.BooleanField(_("active"), default=True,
        help_text=_("Designates whether this account should be treated as active. "
                    "Unselect this instead of deleting accounts."))
    
    objects = SystemUserQuerySet.as_manager()
    
    def __str__(self):
        return self.username
    
    @cached_property
    def active(self):
        try:
            return self.is_active and self.account.is_active
        except type(self).account.field.rel.to.DoesNotExist:
            return self.is_active
    
    @cached_property
    def is_main(self):
        # TODO on account delete
        # On account creation main_systemuser_id is still None
        if self.account.main_systemuser_id:
            return self.account.main_systemuser_id == self.pk
        return self.account.username == self.username
    
    @cached_property
    def main(self):
        # On account creation main_systemuser_id is still None
        if self.account.main_systemuser_id:
            return self.account.main_systemuser
        return type(self).objects.get(username=self.account.username)
    
    @property
    def has_shell(self):
        return self.shell not in settings.SYSTEMUSERS_DISABLED_SHELLS
    
    def disable(self):
        self.is_active = False
        self.save(update_fields=('is_active',))
    
    def get_description(self):
        return self.get_shell_display()
    
    def save(self, *args, **kwargs):
        if not self.home:
            self.home = self.get_base_home()
        super(SystemUser, self).save(*args, **kwargs)
    
    def clean(self):
        if self.home:
            self.home = os.path.normpath(self.home)
        if self.directory:
            self.directory = os.path.normpath(self.directory)
            dir_errors = []
            if self.has_shell:
                dir_errors.append(_("Directory with shell users can not be specified."))
            elif self.account_id and self.is_main:
                dir_errors.append(_("Directory with main system users can not be specified."))
            elif self.home == self.get_base_home():
                dir_errors.append(_("Directory on the user's base home is not allowed."))
            for pattern in settings.SYSTEMUSERS_FORBIDDEN_PATHS:
                if fnmatch.fnmatch(self.directory, pattern):
                    dir_errors.append(_("Provided directory is forbidden."))
            if dir_errors:
                raise ValidationError({
                    'directory': [ValidationError(error) for error in dir_errors]
                })
        if self.has_shell and self.home and self.home != self.get_base_home():
            raise ValidationError({
                'home': _("Shell users should use their own home."),
            })
    
    def set_password(self, raw_password):
        self.password = make_password(raw_password)
    
    def set_permission(self, base_home, extension, perms='rw', action='grant'):
        self.set_perm_action = action
        self.set_perm_base_home = base_home
        self.set_perm_home_extension = extension
        self.set_perm_perms = perms
    
    def get_base_home(self):
        context = {
            'user': self.username,
            'username': self.username,
        }
        return os.path.normpath(settings.SYSTEMUSERS_HOME % context)
    
    def get_home(self):
        return os.path.normpath(os.path.join(self.home, self.directory))