2015-05-12 12:38:40 +00:00
|
|
|
import fnmatch
|
2014-10-02 15:58:27 +00:00
|
|
|
import os
|
|
|
|
|
|
2014-09-30 09:49:07 +00:00
|
|
|
from django.contrib.auth.hashers import make_password
|
2014-11-14 22:19:58 +00:00
|
|
|
from django.core.exceptions import ValidationError
|
2014-09-30 09:49:07 +00:00
|
|
|
from django.db import models
|
2015-05-13 12:16:51 +00:00
|
|
|
from django.db.models import F
|
2014-10-01 16:42:40 +00:00
|
|
|
from django.utils.functional import cached_property
|
2014-09-30 09:49:07 +00:00
|
|
|
from django.utils.translation import ugettext_lazy as _
|
|
|
|
|
|
2015-05-07 19:00:02 +00:00
|
|
|
from orchestra.core import validators
|
2014-09-30 09:49:07 +00:00
|
|
|
|
|
|
|
|
from . import settings
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class SystemUserQuerySet(models.QuerySet):
|
|
|
|
|
def create_user(self, username, password='', **kwargs):
|
|
|
|
|
user = super(SystemUserQuerySet, self).create(username=username, **kwargs)
|
|
|
|
|
user.set_password(password)
|
2014-09-30 16:06:42 +00:00
|
|
|
user.save(update_fields=['password'])
|
2014-10-01 21:03:16 +00:00
|
|
|
return user
|
2015-05-13 12:16:51 +00:00
|
|
|
|
|
|
|
|
def by_is_main(self, is_main=True, **kwargs):
|
|
|
|
|
if is_main:
|
|
|
|
|
return self.filter(account__main_systemuser_id=F('id'))
|
|
|
|
|
else:
|
|
|
|
|
return self.exclude(account__main_systemuser_id=F('id'))
|
2014-09-30 09:49:07 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class SystemUser(models.Model):
|
2015-02-24 09:34:26 +00:00
|
|
|
"""
|
|
|
|
|
System users
|
|
|
|
|
|
2015-03-02 12:07:27 +00:00
|
|
|
Username max_length determined by LINUX system user lentgh: 32
|
2015-02-24 09:34:26 +00:00
|
|
|
"""
|
|
|
|
|
username = models.CharField(_("username"), max_length=32, unique=True,
|
2015-04-05 10:46:24 +00:00
|
|
|
help_text=_("Required. 64 characters or fewer. Letters, digits and ./-/_ only."),
|
|
|
|
|
validators=[validators.validate_username])
|
2014-09-30 09:49:07 +00:00
|
|
|
password = models.CharField(_("password"), max_length=128)
|
|
|
|
|
account = models.ForeignKey('accounts.Account', verbose_name=_("Account"),
|
2015-04-05 10:46:24 +00:00
|
|
|
related_name='systemusers')
|
2014-11-14 22:19:58 +00:00
|
|
|
home = models.CharField(_("home"), max_length=256, blank=True,
|
2015-04-05 10:46:24 +00:00
|
|
|
help_text=_("Starting location when login with this no-shell user."))
|
2014-11-14 14:38:06 +00:00
|
|
|
directory = models.CharField(_("directory"), max_length=256, blank=True,
|
2015-04-05 10:46:24 +00:00
|
|
|
help_text=_("Optional directory relative to user's home."))
|
2014-11-14 14:38:06 +00:00
|
|
|
shell = models.CharField(_("shell"), max_length=32, choices=settings.SYSTEMUSERS_SHELLS,
|
2015-04-05 10:46:24 +00:00
|
|
|
default=settings.SYSTEMUSERS_DEFAULT_SHELL)
|
2014-10-27 17:34:14 +00:00
|
|
|
groups = models.ManyToManyField('self', blank=True, symmetrical=False,
|
2015-04-05 10:46:24 +00:00
|
|
|
help_text=_("A new group will be created for the user. "
|
|
|
|
|
"Which additional groups would you like them to be a member of?"))
|
2014-09-30 09:49:07 +00:00
|
|
|
is_active = models.BooleanField(_("active"), default=True,
|
2015-04-05 10:46:24 +00:00
|
|
|
help_text=_("Designates whether this account should be treated as active. "
|
|
|
|
|
"Unselect this instead of deleting accounts."))
|
2014-09-30 09:49:07 +00:00
|
|
|
|
|
|
|
|
objects = SystemUserQuerySet.as_manager()
|
|
|
|
|
|
2015-04-02 16:14:55 +00:00
|
|
|
def __str__(self):
|
2014-09-30 09:49:07 +00:00
|
|
|
return self.username
|
|
|
|
|
|
2014-10-01 16:42:40 +00:00
|
|
|
@cached_property
|
|
|
|
|
def active(self):
|
2014-10-02 15:58:27 +00:00
|
|
|
try:
|
|
|
|
|
return self.is_active and self.account.is_active
|
|
|
|
|
except type(self).account.field.rel.to.DoesNotExist:
|
|
|
|
|
return self.is_active
|
|
|
|
|
|
2014-10-23 21:25:44 +00:00
|
|
|
@cached_property
|
2014-10-23 15:38:46 +00:00
|
|
|
def is_main(self):
|
2014-10-23 21:25:44 +00:00
|
|
|
# TODO on account delete
|
2014-10-23 15:38:46 +00:00
|
|
|
# On account creation main_systemuser_id is still None
|
|
|
|
|
if self.account.main_systemuser_id:
|
|
|
|
|
return self.account.main_systemuser_id == self.pk
|
|
|
|
|
return self.account.username == self.username
|
|
|
|
|
|
2015-05-12 12:38:40 +00:00
|
|
|
@cached_property
|
|
|
|
|
def main(self):
|
|
|
|
|
return self.account.main_systemuser
|
|
|
|
|
|
2014-11-14 14:38:06 +00:00
|
|
|
@property
|
|
|
|
|
def has_shell(self):
|
|
|
|
|
return self.shell not in settings.SYSTEMUSERS_DISABLED_SHELLS
|
|
|
|
|
|
2015-05-09 17:08:45 +00:00
|
|
|
def disable(self):
|
|
|
|
|
self.is_active = False
|
|
|
|
|
self.save(update_fields=('is_active',))
|
|
|
|
|
|
2014-11-27 19:17:26 +00:00
|
|
|
def get_description(self):
|
|
|
|
|
return self.get_shell_display()
|
|
|
|
|
|
2014-11-14 22:19:58 +00:00
|
|
|
def save(self, *args, **kwargs):
|
|
|
|
|
if not self.home:
|
2014-11-14 14:38:06 +00:00
|
|
|
self.home = self.get_base_home()
|
2014-11-14 22:19:58 +00:00
|
|
|
super(SystemUser, self).save(*args, **kwargs)
|
|
|
|
|
|
|
|
|
|
def clean(self):
|
2014-11-27 19:17:26 +00:00
|
|
|
if self.home:
|
|
|
|
|
self.home = os.path.normpath(self.home)
|
2014-11-14 22:23:20 +00:00
|
|
|
if self.directory:
|
2015-05-12 12:38:40 +00:00
|
|
|
self.directory = os.path.normpath(self.directory)
|
|
|
|
|
dir_errors = []
|
2014-11-14 22:23:20 +00:00
|
|
|
if self.has_shell:
|
2015-05-12 12:38:40 +00:00
|
|
|
dir_errors.append(_("Directory with shell users can not be specified."))
|
2014-11-14 23:06:14 +00:00
|
|
|
elif self.account_id and self.is_main:
|
2015-05-12 12:38:40 +00:00
|
|
|
dir_errors.append(_("Directory with main system users can not be specified."))
|
2014-11-14 22:23:20 +00:00
|
|
|
elif self.home == self.get_base_home():
|
2015-05-12 12:38:40 +00:00
|
|
|
dir_errors.append(_("Directory on the user's base home is not allowed."))
|
|
|
|
|
for pattern in settings.SYSTEMUSERS_FORBIDDEN_PATHS:
|
|
|
|
|
if fnmatch.fnmatch(self.directory, pattern):
|
|
|
|
|
dir_errors.append(_("Provided directory is forbidden."))
|
|
|
|
|
if dir_errors:
|
2014-11-14 22:23:20 +00:00
|
|
|
raise ValidationError({
|
2015-05-12 12:38:40 +00:00
|
|
|
'directory': [ValidationError(error) for error in dir_errors]
|
2014-11-14 22:23:20 +00:00
|
|
|
})
|
2015-04-08 14:41:09 +00:00
|
|
|
if self.has_shell and self.home and self.home != self.get_base_home():
|
2015-04-05 22:34:47 +00:00
|
|
|
raise ValidationError({
|
|
|
|
|
'home': _("Shell users should use their own home."),
|
|
|
|
|
})
|
2014-11-14 23:50:06 +00:00
|
|
|
|
2014-10-06 14:57:02 +00:00
|
|
|
def set_password(self, raw_password):
|
|
|
|
|
self.password = make_password(raw_password)
|
|
|
|
|
|
2015-05-13 12:16:51 +00:00
|
|
|
def set_permission(self, base_home, extension, perms='rw', action='grant'):
|
|
|
|
|
self.set_perm_action = action
|
|
|
|
|
self.set_perm_base_home = base_home
|
|
|
|
|
self.set_perm_home_extension = extension
|
|
|
|
|
self.set_perm_perms = perms
|
|
|
|
|
|
2014-11-14 14:38:06 +00:00
|
|
|
def get_base_home(self):
|
|
|
|
|
context = {
|
2015-03-10 21:51:10 +00:00
|
|
|
'user': self.username,
|
2014-11-14 14:38:06 +00:00
|
|
|
'username': self.username,
|
|
|
|
|
}
|
2014-11-18 17:47:26 +00:00
|
|
|
return os.path.normpath(settings.SYSTEMUSERS_HOME % context)
|
2014-11-14 14:38:06 +00:00
|
|
|
|
2014-10-02 15:58:27 +00:00
|
|
|
def get_home(self):
|
2015-03-02 10:37:25 +00:00
|
|
|
return os.path.normpath(os.path.join(self.home, self.directory))
|
