2014-09-29 13:34:38 +00:00
|
|
|
from django.contrib.auth import models as auth
|
2015-05-27 14:05:25 +00:00
|
|
|
from django.conf import settings as djsettings
|
2014-09-29 13:34:38 +00:00
|
|
|
from django.core import validators
|
2014-05-08 16:59:35 +00:00
|
|
|
from django.db import models
|
2015-05-01 17:23:22 +00:00
|
|
|
from django.apps import apps
|
2015-05-27 14:05:25 +00:00
|
|
|
from django.utils import timezone, translation
|
2014-05-08 16:59:35 +00:00
|
|
|
from django.utils.translation import ugettext_lazy as _
|
|
|
|
|
2015-04-05 10:46:24 +00:00
|
|
|
from orchestra.contrib.orchestration.middlewares import OperationsMiddleware
|
2015-04-07 15:14:49 +00:00
|
|
|
from orchestra.contrib.orchestration import Operation
|
2015-09-18 11:29:52 +00:00
|
|
|
from orchestra.core import services
|
2015-05-06 19:30:13 +00:00
|
|
|
from orchestra.utils.mail import send_email_template
|
2014-07-10 10:03:22 +00:00
|
|
|
|
2014-05-08 16:59:35 +00:00
|
|
|
from . import settings
|
|
|
|
|
|
|
|
|
2015-09-04 10:22:14 +00:00
|
|
|
class AccountManager(auth.UserManager):
|
|
|
|
def get_main(self):
|
|
|
|
return self.get(pk=settings.ACCOUNTS_MAIN_PK)
|
|
|
|
|
|
|
|
|
2014-09-29 13:34:38 +00:00
|
|
|
class Account(auth.AbstractBaseUser):
|
2015-05-30 14:44:05 +00:00
|
|
|
# Username max_length determined by LINUX system user/group lentgh: 32
|
2015-03-02 12:07:27 +00:00
|
|
|
username = models.CharField(_("username"), max_length=32, unique=True,
|
2015-05-30 14:44:05 +00:00
|
|
|
help_text=_("Required. 32 characters or fewer. Letters, digits and ./-/_ only."),
|
2015-04-05 10:46:24 +00:00
|
|
|
validators=[
|
|
|
|
validators.RegexValidator(r'^[\w.-]+$', _("Enter a valid username."), 'invalid')
|
|
|
|
])
|
2014-10-23 15:38:46 +00:00
|
|
|
main_systemuser = models.ForeignKey(settings.ACCOUNTS_SYSTEMUSER_MODEL, null=True,
|
2015-04-05 10:46:24 +00:00
|
|
|
related_name='accounts_main', editable=False)
|
2014-10-30 16:34:02 +00:00
|
|
|
short_name = models.CharField(_("short name"), max_length=64, blank=True)
|
|
|
|
full_name = models.CharField(_("full name"), max_length=256)
|
2014-09-30 09:49:07 +00:00
|
|
|
email = models.EmailField(_('email address'), help_text=_("Used for password recovery"))
|
2014-07-29 20:10:37 +00:00
|
|
|
type = models.CharField(_("type"), choices=settings.ACCOUNTS_TYPES,
|
2015-04-05 10:46:24 +00:00
|
|
|
max_length=32, default=settings.ACCOUNTS_DEFAULT_TYPE)
|
2014-05-08 16:59:35 +00:00
|
|
|
language = models.CharField(_("language"), max_length=2,
|
2015-04-05 10:46:24 +00:00
|
|
|
choices=settings.ACCOUNTS_LANGUAGES,
|
|
|
|
default=settings.ACCOUNTS_DEFAULT_LANGUAGE)
|
2014-05-08 16:59:35 +00:00
|
|
|
comments = models.TextField(_("comments"), max_length=256, blank=True)
|
2014-09-30 09:49:07 +00:00
|
|
|
is_superuser = models.BooleanField(_("superuser status"), default=False,
|
2015-04-05 10:46:24 +00:00
|
|
|
help_text=_("Designates that this user has all permissions without "
|
|
|
|
"explicitly assigning them."))
|
2014-09-29 13:34:38 +00:00
|
|
|
is_active = models.BooleanField(_("active"), default=True,
|
2015-04-05 10:46:24 +00:00
|
|
|
help_text=_("Designates whether this account should be treated as active. "
|
|
|
|
"Unselect this instead of deleting accounts."))
|
2014-09-29 13:34:38 +00:00
|
|
|
date_joined = models.DateTimeField(_("date joined"), default=timezone.now)
|
|
|
|
|
2015-09-04 10:22:14 +00:00
|
|
|
objects = AccountManager()
|
2014-09-29 13:34:38 +00:00
|
|
|
|
|
|
|
USERNAME_FIELD = 'username'
|
|
|
|
REQUIRED_FIELDS = ['email']
|
2014-05-08 16:59:35 +00:00
|
|
|
|
2015-04-02 16:14:55 +00:00
|
|
|
def __str__(self):
|
2014-05-08 16:59:35 +00:00
|
|
|
return self.name
|
|
|
|
|
2014-09-14 09:52:45 +00:00
|
|
|
@property
|
2014-05-08 16:59:35 +00:00
|
|
|
def name(self):
|
2014-09-29 13:34:38 +00:00
|
|
|
return self.username
|
|
|
|
|
|
|
|
@property
|
|
|
|
def is_staff(self):
|
|
|
|
return self.is_superuser
|
2014-08-19 18:59:23 +00:00
|
|
|
|
2014-10-24 10:16:46 +00:00
|
|
|
def save(self, active_systemuser=False, *args, **kwargs):
|
2014-10-23 15:38:46 +00:00
|
|
|
created = not self.pk
|
2015-03-26 16:00:30 +00:00
|
|
|
if not created:
|
|
|
|
was_active = Account.objects.filter(pk=self.pk).values_list('is_active', flat=True)[0]
|
2014-10-23 15:38:46 +00:00
|
|
|
super(Account, self).save(*args, **kwargs)
|
|
|
|
if created:
|
2015-07-15 10:35:21 +00:00
|
|
|
self.main_systemuser = self.systemusers.create(
|
|
|
|
account=self, username=self.username, password=self.password,
|
|
|
|
is_active=active_systemuser)
|
2015-06-15 11:21:33 +00:00
|
|
|
self.save(update_fields=('main_systemuser',))
|
2015-03-26 16:00:30 +00:00
|
|
|
elif was_active != self.is_active:
|
|
|
|
self.notify_related()
|
2014-10-23 15:38:46 +00:00
|
|
|
|
2014-10-21 16:13:18 +00:00
|
|
|
def clean(self):
|
2014-10-27 14:31:04 +00:00
|
|
|
self.short_name = self.short_name.strip()
|
|
|
|
self.full_name = self.full_name.strip()
|
2014-10-21 16:13:18 +00:00
|
|
|
|
2014-10-07 13:50:59 +00:00
|
|
|
def disable(self):
|
|
|
|
self.is_active = False
|
2015-09-22 10:24:04 +00:00
|
|
|
self.save(update_fields=('is_active',))
|
2015-03-26 16:00:30 +00:00
|
|
|
self.notify_related()
|
|
|
|
|
2016-03-31 16:02:50 +00:00
|
|
|
def enable(self):
|
|
|
|
self.is_active = True
|
|
|
|
self.save(update_fields=('is_active',))
|
|
|
|
self.notify_related()
|
|
|
|
|
2015-09-18 11:29:52 +00:00
|
|
|
def get_services_to_disable(self):
|
2014-10-07 13:50:59 +00:00
|
|
|
for rel in self._meta.get_all_related_objects():
|
2015-02-27 16:57:39 +00:00
|
|
|
source = getattr(rel, 'related_model', rel.model)
|
2015-03-18 21:51:12 +00:00
|
|
|
if source in services and hasattr(source, 'active'):
|
2014-10-07 13:50:59 +00:00
|
|
|
for obj in getattr(self, rel.get_accessor_name()).all():
|
2015-09-18 11:29:52 +00:00
|
|
|
yield obj
|
|
|
|
|
|
|
|
def notify_related(self):
|
|
|
|
""" Trigger save() on related objects that depend on this account """
|
|
|
|
for obj in self.get_services_to_disable():
|
2015-09-22 10:24:04 +00:00
|
|
|
OperationsMiddleware.collect(Operation.SAVE, instance=obj, update_fields=())
|
2015-04-08 14:41:09 +00:00
|
|
|
|
2015-05-27 14:05:25 +00:00
|
|
|
def send_email(self, template, context, email_from=None, contacts=[], attachments=[], html=None):
|
2014-09-04 15:55:43 +00:00
|
|
|
contacts = self.contacts.filter(email_usages=contacts)
|
|
|
|
email_to = contacts.values_list('email', flat=True)
|
2015-05-27 14:05:25 +00:00
|
|
|
extra_context = {
|
|
|
|
'account': self,
|
|
|
|
'email_from': email_from or djsettings.SERVER_EMAIL,
|
|
|
|
}
|
|
|
|
extra_context.update(context)
|
|
|
|
with translation.override(self.language):
|
|
|
|
send_email_template(
|
2015-05-30 14:44:05 +00:00
|
|
|
template, extra_context, email_to, email_from=email_from, html=html,
|
2015-05-27 14:05:25 +00:00
|
|
|
attachments=attachments)
|
2014-09-29 13:34:38 +00:00
|
|
|
|
|
|
|
def get_full_name(self):
|
2014-10-27 14:31:04 +00:00
|
|
|
return self.full_name or self.short_name or self.username
|
2014-09-29 13:34:38 +00:00
|
|
|
|
|
|
|
def get_short_name(self):
|
|
|
|
""" Returns the short name for the user """
|
2014-10-27 14:31:04 +00:00
|
|
|
return self.short_name or self.username or self.full_name
|
2014-09-29 13:34:38 +00:00
|
|
|
|
|
|
|
def has_perm(self, perm, obj=None):
|
|
|
|
"""
|
|
|
|
Returns True if the user has the specified permission. This method
|
|
|
|
queries all available auth backends, but returns immediately if any
|
|
|
|
backend returns True. Thus, a user who has permission from a single
|
|
|
|
auth backend is assumed to have permission in general. If an object is
|
|
|
|
provided, permissions for this specific object are checked.
|
|
|
|
"""
|
|
|
|
# Active superusers have all permissions.
|
|
|
|
if self.is_active and self.is_superuser:
|
|
|
|
return True
|
|
|
|
# Otherwise we need to check the backends.
|
|
|
|
return auth._user_has_perm(self, perm, obj)
|
|
|
|
|
|
|
|
def has_perms(self, perm_list, obj=None):
|
|
|
|
"""
|
|
|
|
Returns True if the user has each of the specified permissions. If
|
|
|
|
object is passed, it checks if the user has all required perms for this
|
|
|
|
object.
|
|
|
|
"""
|
|
|
|
for perm in perm_list:
|
|
|
|
if not self.has_perm(perm, obj):
|
|
|
|
return False
|
|
|
|
return True
|
|
|
|
|
|
|
|
def has_module_perms(self, app_label):
|
|
|
|
"""
|
|
|
|
Returns True if the user has any permissions in the given app label.
|
|
|
|
Uses pretty much the same logic as has_perm, above.
|
|
|
|
"""
|
|
|
|
# Active superusers have all permissions.
|
|
|
|
if self.is_active and self.is_superuser:
|
|
|
|
return True
|
|
|
|
return auth._user_has_module_perms(self, app_label)
|
2014-10-23 15:38:46 +00:00
|
|
|
|
2014-10-20 15:51:24 +00:00
|
|
|
def get_related_passwords(self):
|
2014-10-23 15:38:46 +00:00
|
|
|
related = [
|
|
|
|
self.main_systemuser,
|
|
|
|
]
|
|
|
|
for model, key, related_kwargs, __ in settings.ACCOUNTS_CREATE_RELATED:
|
|
|
|
if 'password' not in related_kwargs:
|
2014-10-20 15:51:24 +00:00
|
|
|
continue
|
2015-05-01 17:23:22 +00:00
|
|
|
model = apps.get_model(model)
|
2014-10-20 15:51:24 +00:00
|
|
|
kwargs = {
|
2014-10-23 15:38:46 +00:00
|
|
|
key: eval(related_kwargs[key], {'account': self})
|
2014-10-20 15:51:24 +00:00
|
|
|
}
|
|
|
|
try:
|
|
|
|
rel = model.objects.get(account=self, **kwargs)
|
|
|
|
except model.DoesNotExist:
|
|
|
|
continue
|
|
|
|
related.append(rel)
|
|
|
|
return related
|