django-orchestra-test/orchestra/contrib/systemusers/models.py

140 lines
5.4 KiB
Python

import fnmatch
import os
from django.contrib.auth.hashers import make_password
from django.core.exceptions import ValidationError
from django.db import models
from django.db.models import F
from django.utils.functional import cached_property
from django.utils.translation import ugettext_lazy as _
from orchestra.core import validators
from . import settings
class SystemUserQuerySet(models.QuerySet):
def create_user(self, username, password='', **kwargs):
user = super(SystemUserQuerySet, self).create(username=username, **kwargs)
user.set_password(password)
user.save(update_fields=['password'])
return user
def by_is_main(self, is_main=True, **kwargs):
if is_main:
return self.filter(account__main_systemuser_id=F('id'))
else:
return self.exclude(account__main_systemuser_id=F('id'))
class SystemUser(models.Model):
"""
System users
Username max_length determined by LINUX system user/group lentgh: 32
"""
username = models.CharField(_("username"), max_length=32, unique=True,
help_text=_("Required. 32 characters or fewer. Letters, digits and ./-/_ only."),
validators=[validators.validate_username])
password = models.CharField(_("password"), max_length=128)
account = models.ForeignKey('accounts.Account', verbose_name=_("Account"),
related_name='systemusers')
home = models.CharField(_("home"), max_length=256, blank=True,
help_text=_("Starting location when login with this no-shell user."))
directory = models.CharField(_("directory"), max_length=256, blank=True,
help_text=_("Optional directory relative to user's home."))
shell = models.CharField(_("shell"), max_length=32, choices=settings.SYSTEMUSERS_SHELLS,
default=settings.SYSTEMUSERS_DEFAULT_SHELL)
groups = models.ManyToManyField('self', blank=True, symmetrical=False,
help_text=_("A new group will be created for the user. "
"Which additional groups would you like them to be a member of?"))
is_active = models.BooleanField(_("active"), default=True,
help_text=_("Designates whether this account should be treated as active. "
"Unselect this instead of deleting accounts."))
objects = SystemUserQuerySet.as_manager()
def __str__(self):
return self.username
@cached_property
def active(self):
try:
return self.is_active and self.account.is_active
except type(self).account.field.rel.to.DoesNotExist:
return self.is_active
@cached_property
def is_main(self):
# TODO on account delete
# On account creation main_systemuser_id is still None
if self.account.main_systemuser_id:
return self.account.main_systemuser_id == self.pk
return self.account.username == self.username
@cached_property
def main(self):
# On account creation main_systemuser_id is still None
if self.account.main_systemuser_id:
return self.account.main_systemuser
return type(self).objects.get(username=self.account.username)
@property
def has_shell(self):
return self.shell not in settings.SYSTEMUSERS_DISABLED_SHELLS
def disable(self):
self.is_active = False
self.save(update_fields=('is_active',))
def get_description(self):
return self.get_shell_display()
def save(self, *args, **kwargs):
if not self.home:
self.home = self.get_base_home()
super(SystemUser, self).save(*args, **kwargs)
def clean(self):
if self.home:
self.home = os.path.normpath(self.home)
if self.directory:
self.directory = os.path.normpath(self.directory)
dir_errors = []
if self.has_shell:
dir_errors.append(_("Directory with shell users can not be specified."))
elif self.account_id and self.is_main:
dir_errors.append(_("Directory with main system users can not be specified."))
elif self.home == self.get_base_home():
dir_errors.append(_("Directory on the user's base home is not allowed."))
for pattern in settings.SYSTEMUSERS_FORBIDDEN_PATHS:
if fnmatch.fnmatch(self.directory, pattern):
dir_errors.append(_("Provided directory is forbidden."))
if dir_errors:
raise ValidationError({
'directory': [ValidationError(error) for error in dir_errors]
})
if self.has_shell and self.home and self.home != self.get_base_home():
raise ValidationError({
'home': _("Shell users should use their own home."),
})
def set_password(self, raw_password):
self.password = make_password(raw_password)
def set_permission(self, base_home, extension, perms='rw', action='grant'):
self.set_perm_action = action
self.set_perm_base_home = base_home
self.set_perm_home_extension = extension
self.set_perm_perms = perms
def get_base_home(self):
context = {
'user': self.username,
'username': self.username,
}
return os.path.normpath(settings.SYSTEMUSERS_HOME % context)
def get_home(self):
return os.path.normpath(os.path.join(self.home, self.directory))