2020-05-07 19:51:06 +01:00
|
|
|
"""Policy base models"""
|
|
|
|
from django.db import models
|
|
|
|
from django.utils.translation import gettext_lazy as _
|
2020-05-16 17:07:00 +01:00
|
|
|
from model_utils.managers import InheritanceManager
|
2020-05-07 19:51:06 +01:00
|
|
|
|
2020-05-16 17:07:00 +01:00
|
|
|
from passbook.lib.models import CreatedUpdatedModel, UUIDModel
|
|
|
|
from passbook.policies.exceptions import PolicyException
|
|
|
|
from passbook.policies.types import PolicyRequest, PolicyResult
|
2020-05-07 19:51:06 +01:00
|
|
|
|
|
|
|
|
|
|
|
class PolicyBindingModel(models.Model):
|
2020-05-14 12:51:05 +01:00
|
|
|
"""Base Model for objects that have policies applied to them."""
|
2020-05-07 19:51:06 +01:00
|
|
|
|
2020-05-08 17:45:53 +01:00
|
|
|
policies = models.ManyToManyField(
|
2020-05-16 18:00:43 +01:00
|
|
|
"Policy", through="PolicyBinding", related_name="bindings", blank=True
|
2020-05-08 17:45:53 +01:00
|
|
|
)
|
2020-05-07 19:51:06 +01:00
|
|
|
|
2020-05-08 13:33:14 +01:00
|
|
|
class Meta:
|
|
|
|
|
|
|
|
verbose_name = _("Policy Binding Model")
|
|
|
|
verbose_name_plural = _("Policy Binding Models")
|
|
|
|
|
2020-05-07 19:51:06 +01:00
|
|
|
|
|
|
|
class PolicyBinding(UUIDModel):
|
|
|
|
"""Relationship between a Policy and a PolicyBindingModel."""
|
|
|
|
|
|
|
|
enabled = models.BooleanField(default=True)
|
|
|
|
|
2020-05-16 17:07:00 +01:00
|
|
|
policy = models.ForeignKey("Policy", on_delete=models.CASCADE, related_name="+")
|
2020-05-07 19:51:06 +01:00
|
|
|
target = models.ForeignKey(
|
|
|
|
PolicyBindingModel, on_delete=models.CASCADE, related_name="+"
|
|
|
|
)
|
|
|
|
|
|
|
|
# default value and non-unique for compatibility
|
|
|
|
order = models.IntegerField(default=0)
|
|
|
|
|
2020-05-08 13:33:14 +01:00
|
|
|
def __str__(self) -> str:
|
|
|
|
return f"PolicyBinding policy={self.policy} target={self.target} order={self.order}"
|
|
|
|
|
2020-05-07 19:51:06 +01:00
|
|
|
class Meta:
|
|
|
|
|
|
|
|
verbose_name = _("Policy Binding")
|
|
|
|
verbose_name_plural = _("Policy Bindings")
|
2020-05-16 17:07:00 +01:00
|
|
|
|
|
|
|
|
|
|
|
class Policy(UUIDModel, CreatedUpdatedModel):
|
|
|
|
"""Policies which specify if a user is authorized to use an Application. Can be overridden by
|
|
|
|
other types to add other fields, more logic, etc."""
|
|
|
|
|
|
|
|
name = models.TextField(blank=True, null=True)
|
|
|
|
negate = models.BooleanField(default=False)
|
|
|
|
order = models.IntegerField(default=0)
|
|
|
|
timeout = models.IntegerField(default=30)
|
|
|
|
|
|
|
|
objects = InheritanceManager()
|
|
|
|
|
|
|
|
def __str__(self):
|
|
|
|
return f"Policy {self.name}"
|
|
|
|
|
|
|
|
def passes(self, request: PolicyRequest) -> PolicyResult:
|
|
|
|
"""Check if user instance passes this policy"""
|
|
|
|
raise PolicyException()
|