Add access control groups to DataSource

746ce02c · James Graham · b8aeebf7 · 746ce02c · 746ce02c · 746ce02c
Commit 746ce02c authored 6 years ago by James Graham
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,7 @@ db.sqlite3
 # Python environments and run time
 /env
+/venv
 *.pyc
 __pycache__/

--- a/applications/migrations/0002_limit_owner_group.py
+++ b/applications/migrations/0002_limit_owner_group.py
+# Generated by Django 2.0.8 on 2018-08-21 09:41
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+class Migration(migrations.Migration):
+    dependencies = [
+        ('applications', '0001_initial'),
+    ]
+    operations = [
+        migrations.AlterField(
+            model_name='application',
+            name='owner',
+            field=models.ForeignKey(limit_choices_to={'groups__name': 'Application providers'}, on_delete=django.db.models.deletion.PROTECT, related_name='applications', to=settings.AUTH_USER_MODEL),
+        ),
+    ]
--- a/datasources/migrations/0002_add_access_control_groups.py
+++ b/datasources/migrations/0002_add_access_control_groups.py
+# Generated by Django 2.0.8 on 2018-08-21 09:41
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+class Migration(migrations.Migration):
+    dependencies = [
+        ('auth', '0009_alter_user_last_name_max_length'),
+        ('datasources', '0001_initial'),
+    ]
+    operations = [
+        migrations.AddField(
+            model_name='datasource',
+            name='access_control',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='datasource',
+            name='users_group',
+            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='datasource', to='auth.Group'),
+        ),
+        migrations.AddField(
+            model_name='datasource',
+            name='users_group_requested',
+            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='datasource_requested', to='auth.Group'),
+        ),
+        migrations.AlterField(
+            model_name='datasource',
+            name='owner',
+            field=models.ForeignKey(limit_choices_to={'groups__name': 'Data providers'}, on_delete=django.db.models.deletion.PROTECT, related_name='datasources', to=settings.AUTH_USER_MODEL),
+        ),
+    ]
--- a/datasources/migrations/0003_allow_blank_access_group.py
+++ b/datasources/migrations/0003_allow_blank_access_group.py
+# Generated by Django 2.0.8 on 2018-08-21 09:53
+from django.db import migrations, models
+import django.db.models.deletion
+class Migration(migrations.Migration):
+    dependencies = [
+        ('datasources', '0002_add_access_control_groups'),
+    ]
+    operations = [
+        migrations.AlterField(
+            model_name='datasource',
+            name='users_group',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='datasource', to='auth.Group'),
+        ),
+        migrations.AlterField(
+            model_name='datasource',
+            name='users_group_requested',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='datasource_requested', to='auth.Group'),
+        ),
+    ]
--- a/datasources/models.py
+++ b/datasources/models.py
 from django.conf import settings
+from django.contrib.auth.models import Group
 from django.db import models
 from django.urls import reverse
@@ -28,6 +29,7 @@ class DataSource(models.Model):
    #: Address at which the API may be accessed
    url = models.URLField(blank=False, null=False)
+    # TODO replace this with an admin group
    #: User who has responsibility for this data source
    owner = models.ForeignKey(settings.AUTH_USER_MODEL,
                              limit_choices_to={
@@ -37,6 +39,46 @@ class DataSource(models.Model):
                              related_name='datasources',
                              blank=False, null=False)
+    #: Group of users who have explicit permission to use (query) this data source
+    users_group = models.ForeignKey(Group,
+                                    on_delete=models.SET_NULL,
+                                    related_name='datasource',
+                                    blank=True, null=True)
+    #: Groups of users who have requested explicit permission to use this data source
+    users_group_requested = models.ForeignKey(Group,
+                                              on_delete=models.SET_NULL,
+                                              related_name='datasource_requested',
+                                              blank=True, null=True)
+    #: Do users require explicit permission to use this data source?
+    access_control = models.BooleanField(default=False,
+                                         blank=False, null=False)
+    def has_permission(self, user: settings.AUTH_USER_MODEL) -> bool:
+        """
+        Does a user have permission to use this data source?
+        :param user: User to check
+        :return: User has permission?
+        """
+        if not self.access_control:
+            return True
+        return user.groups.exists(self.users_group)
+    def save(self, **kwargs):
+        if self.access_control:
+            # Create access control groups if they do not exist
+            self.users_group, created = Group.objects.get_or_create(
+                name=self.name + ' Users'
+            )
+            self.users_group_requested, created = Group.objects.get_or_create(
+                name=self.name + ' Users Requested'
+            )
+        super().save(**kwargs)
    def get_absolute_url(self):
        return reverse('datasources:datasource.detail',
                       kwargs={'pk': self.pk})

--- a/datasources/templates/datasources/datasource/detail.html
+++ b/datasources/templates/datasources/datasource/detail.html
@@ -23,5 +23,9 @@
       class="btn btn-success" role="button">Edit</a>
    <a href="{% url 'datasources:datasource.delete' pk=datasource.pk %}"
       class="btn btn-danger" role="button">Delete</a>
+    {% if datasource.access_control %}
+        <a href="{% url 'datasources:datasource.manage-access' pk=datasource.pk %}"
+           class="btn btn-primary" role="button">Manage Access</a>
+    {% endif %}
 {% endblock %}
\ No newline at end of file
--- a/datasources/templates/datasources/datasource/manage_access.html
+++ b/datasources/templates/datasources/datasource/manage_access.html
+{% extends "base.html" %}
+{% load bootstrap4 %}
+{% block content %}
+    <nav aria-label="breadcrumb">
+        <ol class="breadcrumb">
+            <li class="breadcrumb-item" aria-current="page">
+                <a href="{% url 'datasources:datasource.list' %}">Data Sources</a>
+            </li>
+            <li class="breadcrumb-item" aria-current="page">
+                <a href="{% url 'datasources:datasource.detail' pk=datasource.pk %}">{{ datasource.name }}</a>
+            </li>
+            <li class="breadcrumb-item active" aria-current="page">
+                Manage Access
+            </li>
+        </ol>
+    </nav>
+    <h2>View Data Source - {{ datasource.name }}</h2>
+    {% if datasource.description %}
+        <p>{{ datasource.description }}</p>
+    {% endif %}
+    <hr/>
+    <h2>Requests for Access</h2>
+    <table class="table">
+        <thead class="thead">
+            <tr>
+                <th>Username</th>
+                <th></th>
+                <th></th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for user in datasource.users_group_requested.users.all %}
+                <tr>
+                    <td>user.username</td>
+                    <td>
+                        <a href="#" class="btn btn-success" role="button">Approve</a>
+                    </td>
+                    <td>
+                        <a href="#" class="btn btn-danger" role="button">Reject</a>
+                    </td>
+                </tr>
+            {% empty %}
+                <tr><td>No requests</td></tr>
+            {% endfor %}
+        </tbody>
+    </table>
+    <hr/>
+    <h2>Approved Users</h2>
+    <table class="table">
+        <thead class="thead">
+        <tr>
+            <th>Username</th>
+            <th></th>
+            <th></th>
+        </tr>
+        </thead>
+        <tbody>
+        {% for user in datasource.users_group.users.all %}
+            <tr>
+                <td>user.username</td>
+                <td>
+                    <a href="#" class="btn btn-success" role="button">Approve</a>
+                </td>
+                <td>
+                    <a href="#" class="btn btn-danger" role="button">Reject</a>
+                </td>
+            </tr>
+        {% empty %}
+            <tr><td>No approved users</td></tr>
+        {% endfor %}
+        </tbody>
+    </table>
+{% endblock %}
\ No newline at end of file
--- a/datasources/urls.py
+++ b/datasources/urls.py
@@ -24,4 +24,8 @@ urlpatterns = [
    path('<int:pk>/delete',
         views.DataSourceDeleteView.as_view(),
         name='datasource.delete'),
+    path('<int:pk>/manage-access',
+         views.DataSourceManageAccessView.as_view(),
+         name='datasource.manage-access'),
 ]
--- a/datasources/views.py
+++ b/datasources/views.py
@@ -45,3 +45,11 @@ class DataSourceDeleteView(OwnerPermissionRequiredMixin, DeleteView):
    success_url = reverse_lazy('datasources:datasource.list')
    permission_required = 'datasources.delete_datasource'
+class DataSourceManageAccessView(OwnerPermissionRequiredMixin, DetailView):
+    model = models.DataSource
+    template_name = 'datasources/datasource/manage_access.html'
+    context_object_name = 'datasource'
+    permission_required = 'datasources.change_datasource'