Refactor access control fields into common model

5565e8db · James Graham · f98d8e5d · 5565e8db · 5565e8db · 5565e8db
Commit 5565e8db authored 6 years ago by James Graham
--- a/applications/migrations/0004_application_access_control.py
+++ b/applications/migrations/0004_application_access_control.py
+# Generated by Django 2.0.8 on 2018-09-25 12:26
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('applications', '0003_remove_owner_from_forms'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='application',
+            name='access_control',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/applications/migrations/0005_one_to_one_group.py
+++ b/applications/migrations/0005_one_to_one_group.py
+# Generated by Django 2.0.8 on 2018-09-25 12:35
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('auth', '0009_alter_user_last_name_max_length'),
+        ('applications', '0004_application_access_control'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='application',
+            name='users_group',
+            field=models.OneToOneField(blank=True, editable=False, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='+', to='auth.Group'),
+        ),
+        migrations.AddField(
+            model_name='application',
+            name='users_group_requested',
+            field=models.OneToOneField(blank=True, editable=False, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='+', to='auth.Group'),
+        ),
+    ]
--- a/datasources/migrations/0006_one_to_one_group.py
+++ b/datasources/migrations/0006_one_to_one_group.py
+# Generated by Django 2.0.8 on 2018-09-25 12:35
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('datasources', '0005_datasource_plugin_name'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='datasource',
+            name='users_group',
+            field=models.OneToOneField(blank=True, editable=False, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='+', to='auth.Group'),
+        ),
+        migrations.AlterField(
+            model_name='datasource',
+            name='users_group_requested',
+            field=models.OneToOneField(blank=True, editable=False, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='+', to='auth.Group'),
+        ),
+    ]
--- a/datasources/models.py
+++ b/datasources/models.py
@@ -18,7 +18,6 @@ class DataSource(BaseAppDataModel):
    * Track provenance of the data source itself
    * Track provenance of data accesses
    """
-    # TODO replace this with an admin group
    #: User who has responsibility for this data source
    owner = models.ForeignKey(settings.AUTH_USER_MODEL,
                              limit_choices_to={
@@ -28,24 +27,6 @@ class DataSource(BaseAppDataModel):
                              related_name='datasources',
                              blank=False, null=False)

-    #: Group of users who have explicit permission to use (query) this data source
-    users_group = models.ForeignKey(Group,
-                                    on_delete=models.SET_NULL,
-                                    related_name='datasource',
-                                    editable=False,
-                                    blank=True, null=True)
-
-    #: Groups of users who have requested explicit permission to use this data source
-    users_group_requested = models.ForeignKey(Group,
-                                              on_delete=models.SET_NULL,
-                                              related_name='datasource_requested',
-                                              editable=False,
-                                              blank=True, null=True)
-
-    #: Do users require explicit permission to use this data source?
-    access_control = models.BooleanField(default=False,
-                                         blank=False, null=False)
-
    #: Name of plugin which allows interaction with this data source
    plugin_name = models.CharField(max_length=MAX_LENGTH_NAME,
                                   blank=False, null=False)
@@ -63,32 +44,6 @@ class DataSource(BaseAppDataModel):

        return self._data_connector

-    def has_view_permission(self, user: settings.AUTH_USER_MODEL) -> bool:
-        """
-        Does a user have permission to use this data source?
-
-        :param user: User to check
-        :return: User has permission?
-        """
-        if not self.access_control:
-            return True
-        if self.owner == user:
-            return True
-
-        return self.users_group.user_set.filter(pk=user.pk).exists()
-
-    def save(self, **kwargs):
-        if self.access_control:
-            # Create access control groups if they do not exist
-            self.users_group, created = Group.objects.get_or_create(
-                name=self.name + ' Users'
-            )
-            self.users_group_requested, created = Group.objects.get_or_create(
-                name=self.name + ' Users Requested'
-            )
-
-        super().save(**kwargs)
-
    def get_absolute_url(self):
        return reverse('datasources:datasource.detail',
                       kwargs={'pk': self.pk})
--- a/pedasi/common/base_models.py
+++ b/pedasi/common/base_models.py
+import abc
+
+from django.conf import settings
+from django.contrib.auth.models import Group
 from django.db import models


@@ -16,6 +20,77 @@ class BaseAppDataModel(models.Model):
    #: Address at which the API may be accessed
    url = models.URLField(blank=False, null=False)

+    #: Do users require explicit permission to use this data source / application?
+    access_control = models.BooleanField(default=False,
+                                         blank=False, null=False)
+
+    # TODO replace this with an admin group
+    @property
+    @abc.abstractmethod
+    def owner(self):
+        """
+        User responsible for this data source / application.
+        """
+        raise NotImplementedError
+
+    #: Group of users who have read / use access to this data source / application
+    users_group = models.OneToOneField(Group,
+                                       on_delete=models.SET_NULL,
+                                       related_name='+',
+                                       editable=False,
+                                       blank=True, null=True)
+
+    #: Groups of users who have requested access to this data source / application
+    users_group_requested = models.OneToOneField(Group,
+                                                 on_delete=models.SET_NULL,
+                                                 related_name='+',
+                                                 editable=False,
+                                                 blank=True, null=True)
+
+    @property
+    def _access_group_name(self):
+        return str(type(self)) + ' ' + self.name + ' Users'
+
+    def save(self, **kwargs):
+        # Create access control groups if they do not exist
+        # Make sure their names match self.name if they do exist
+        if self.access_control:
+            if self.users_group:
+                # Update existing group name
+                self.users_group.name = self._access_group_name
+                self.users_group.save()
+
+            else:
+                self.users_group, created = Group.objects.get_or_create(
+                    name=self._access_group_name
+                )
+
+            if self.users_group_requested:
+                # Update existing group name
+                self.users_group_requested.name = self._access_group_name + ' Requested'
+                self.users_group_requested.save()
+
+            else:
+                self.users_group_requested, created = Group.objects.get_or_create(
+                    name=self._access_group_name + ' Requested'
+                )
+
+        super().save(**kwargs)
+
+    def has_view_permission(self, user: settings.AUTH_USER_MODEL) -> bool:
+        """
+        Does a user have permission to use this data source?
+
+        :param user: User to check
+        :return: User has permission?
+        """
+        if not self.access_control:
+            return True
+        if self.owner == user:
+            return True
+
+        return self.users_group.user_set.filter(pk=user.pk).exists()
+
    def __str__(self):
        return self.name