2017-03-07 17:17:39 -05:00
|
|
|
import binascii
|
|
|
|
|
import os
|
|
|
|
|
|
2020-05-29 11:18:22 -04:00
|
|
|
from django.contrib.auth.models import Group, User
|
2020-05-08 17:30:25 -04:00
|
|
|
from django.contrib.contenttypes.models import ContentType
|
2020-07-16 12:02:49 -04:00
|
|
|
from django.contrib.postgres.fields import ArrayField
|
2017-03-08 11:34:47 -05:00
|
|
|
from django.core.validators import MinLengthValidator
|
2017-03-07 17:17:39 -05:00
|
|
|
from django.db import models
|
2020-04-23 16:36:12 -04:00
|
|
|
from django.db.models.signals import post_save
|
|
|
|
|
from django.dispatch import receiver
|
2017-03-07 23:30:31 -05:00
|
|
|
from django.utils import timezone
|
2017-03-07 17:17:39 -05:00
|
|
|
|
2021-12-21 20:30:59 -05:00
|
|
|
from netbox.config import get_config
|
2020-06-08 14:01:15 -04:00
|
|
|
from utilities.querysets import RestrictedQuerySet
|
2020-04-24 09:50:26 -04:00
|
|
|
from utilities.utils import flatten_dict
|
2021-04-02 10:55:16 -04:00
|
|
|
from .constants import *
|
2020-04-24 09:50:26 -04:00
|
|
|
|
2017-03-07 17:17:39 -05:00
|
|
|
|
2020-01-14 12:01:23 -05:00
|
|
|
__all__ = (
|
2020-05-28 11:08:35 -04:00
|
|
|
'ObjectPermission',
|
2020-01-14 12:01:23 -05:00
|
|
|
'Token',
|
2020-04-23 15:25:47 -04:00
|
|
|
'UserConfig',
|
2020-01-14 12:01:23 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2020-05-29 10:31:34 -04:00
|
|
|
#
|
|
|
|
|
# Proxy models for admin
|
|
|
|
|
#
|
|
|
|
|
|
2020-05-29 11:18:22 -04:00
|
|
|
class AdminGroup(Group):
|
2020-05-29 10:31:34 -04:00
|
|
|
"""
|
|
|
|
|
Proxy contrib.auth.models.Group for the admin UI
|
|
|
|
|
"""
|
|
|
|
|
class Meta:
|
2020-06-02 13:21:00 -04:00
|
|
|
verbose_name = 'Group'
|
2020-05-29 10:31:34 -04:00
|
|
|
proxy = True
|
|
|
|
|
|
|
|
|
|
|
2020-05-29 11:18:22 -04:00
|
|
|
class AdminUser(User):
|
2020-05-29 10:31:34 -04:00
|
|
|
"""
|
|
|
|
|
Proxy contrib.auth.models.User for the admin UI
|
|
|
|
|
"""
|
|
|
|
|
class Meta:
|
2020-06-02 13:21:00 -04:00
|
|
|
verbose_name = 'User'
|
2020-05-29 10:31:34 -04:00
|
|
|
proxy = True
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# User preferences
|
|
|
|
|
#
|
|
|
|
|
|
2021-02-26 16:12:52 -05:00
|
|
|
class UserConfig(models.Model):
|
2020-04-23 15:25:47 -04:00
|
|
|
"""
|
|
|
|
|
This model stores arbitrary user-specific preferences in a JSON data structure.
|
|
|
|
|
"""
|
|
|
|
|
user = models.OneToOneField(
|
|
|
|
|
to=User,
|
|
|
|
|
on_delete=models.CASCADE,
|
|
|
|
|
related_name='config'
|
|
|
|
|
)
|
2020-07-16 12:02:49 -04:00
|
|
|
data = models.JSONField(
|
2020-04-23 15:25:47 -04:00
|
|
|
default=dict
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
class Meta:
|
|
|
|
|
ordering = ['user']
|
2020-04-23 15:53:43 -04:00
|
|
|
verbose_name = verbose_name_plural = 'User Preferences'
|
2020-04-23 15:25:47 -04:00
|
|
|
|
2020-04-23 16:36:12 -04:00
|
|
|
def get(self, path, default=None):
|
2020-04-23 15:25:47 -04:00
|
|
|
"""
|
|
|
|
|
Retrieve a configuration parameter specified by its dotted path. Example:
|
|
|
|
|
|
|
|
|
|
userconfig.get('foo.bar.baz')
|
|
|
|
|
|
|
|
|
|
:param path: Dotted path to the configuration key. For example, 'foo.bar' returns self.data['foo']['bar'].
|
2020-04-23 16:36:12 -04:00
|
|
|
:param default: Default value to return for a nonexistent key (default: None).
|
2020-04-23 15:25:47 -04:00
|
|
|
"""
|
|
|
|
|
d = self.data
|
|
|
|
|
keys = path.split('.')
|
|
|
|
|
|
2020-04-23 16:36:12 -04:00
|
|
|
# Iterate down the hierarchy, returning the default value if any invalid key is encountered
|
2021-12-22 10:13:08 -05:00
|
|
|
try:
|
|
|
|
|
for key in keys:
|
2021-12-22 10:45:21 -05:00
|
|
|
d = d[key]
|
2021-12-22 10:13:08 -05:00
|
|
|
return d
|
2021-12-22 10:45:21 -05:00
|
|
|
except (TypeError, KeyError):
|
2021-12-22 10:13:08 -05:00
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
# If the key is not found in the user's config, check for an application-wide default
|
|
|
|
|
config = get_config()
|
|
|
|
|
d = config.DEFAULT_USER_PREFERENCES
|
|
|
|
|
try:
|
|
|
|
|
for key in keys:
|
2021-12-22 10:45:21 -05:00
|
|
|
d = d[key]
|
2021-12-22 10:13:08 -05:00
|
|
|
return d
|
2021-12-22 10:45:21 -05:00
|
|
|
except (TypeError, KeyError):
|
2021-12-22 10:13:08 -05:00
|
|
|
pass
|
2020-04-23 15:25:47 -04:00
|
|
|
|
2021-12-22 10:13:08 -05:00
|
|
|
# Finally, return the specified default value (if any)
|
|
|
|
|
return default
|
2020-04-23 15:25:47 -04:00
|
|
|
|
2020-04-24 09:50:26 -04:00
|
|
|
def all(self):
|
|
|
|
|
"""
|
|
|
|
|
Return a dictionary of all defined keys and their values.
|
|
|
|
|
"""
|
|
|
|
|
return flatten_dict(self.data)
|
|
|
|
|
|
2020-04-23 15:25:47 -04:00
|
|
|
def set(self, path, value, commit=False):
|
|
|
|
|
"""
|
|
|
|
|
Define or overwrite a configuration parameter. Example:
|
|
|
|
|
|
|
|
|
|
userconfig.set('foo.bar.baz', 123)
|
|
|
|
|
|
|
|
|
|
Leaf nodes (those which are not dictionaries of other nodes) cannot be overwritten as dictionaries. Similarly,
|
|
|
|
|
branch nodes (dictionaries) cannot be overwritten as single values. (A TypeError exception will be raised.) In
|
|
|
|
|
both cases, the existing key must first be cleared. This safeguard is in place to help avoid inadvertently
|
|
|
|
|
overwriting the wrong key.
|
|
|
|
|
|
|
|
|
|
:param path: Dotted path to the configuration key. For example, 'foo.bar' sets self.data['foo']['bar'].
|
|
|
|
|
:param value: The value to be written. This can be any type supported by JSON.
|
|
|
|
|
:param commit: If true, the UserConfig instance will be saved once the new value has been applied.
|
|
|
|
|
"""
|
|
|
|
|
d = self.data
|
|
|
|
|
keys = path.split('.')
|
|
|
|
|
|
|
|
|
|
# Iterate through the hierarchy to find the key we're setting. Raise TypeError if we encounter any
|
|
|
|
|
# interim leaf nodes (keys which do not contain dictionaries).
|
|
|
|
|
for i, key in enumerate(keys[:-1]):
|
|
|
|
|
if key in d and type(d[key]) is dict:
|
|
|
|
|
d = d[key]
|
|
|
|
|
elif key in d:
|
|
|
|
|
err_path = '.'.join(path.split('.')[:i + 1])
|
|
|
|
|
raise TypeError(f"Key '{err_path}' is a leaf node; cannot assign new keys")
|
|
|
|
|
else:
|
|
|
|
|
d = d.setdefault(key, {})
|
|
|
|
|
|
|
|
|
|
# Set a key based on the last item in the path. Raise TypeError if attempting to overwrite a non-leaf node.
|
|
|
|
|
key = keys[-1]
|
|
|
|
|
if key in d and type(d[key]) is dict:
|
|
|
|
|
raise TypeError(f"Key '{path}' has child keys; cannot assign a value")
|
|
|
|
|
else:
|
|
|
|
|
d[key] = value
|
|
|
|
|
|
|
|
|
|
if commit:
|
|
|
|
|
self.save()
|
|
|
|
|
|
|
|
|
|
def clear(self, path, commit=False):
|
|
|
|
|
"""
|
|
|
|
|
Delete a configuration parameter specified by its dotted path. The key and any child keys will be deleted.
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
|
|
userconfig.clear('foo.bar.baz')
|
|
|
|
|
|
2020-04-29 15:05:29 -04:00
|
|
|
Invalid keys will be ignored silently.
|
2020-04-23 15:25:47 -04:00
|
|
|
|
|
|
|
|
:param path: Dotted path to the configuration key. For example, 'foo.bar' deletes self.data['foo']['bar'].
|
|
|
|
|
:param commit: If true, the UserConfig instance will be saved once the new value has been applied.
|
|
|
|
|
"""
|
|
|
|
|
d = self.data
|
|
|
|
|
keys = path.split('.')
|
|
|
|
|
|
|
|
|
|
for key in keys[:-1]:
|
2020-04-29 15:05:29 -04:00
|
|
|
if key not in d:
|
|
|
|
|
break
|
|
|
|
|
if type(d[key]) is dict:
|
2020-04-23 15:25:47 -04:00
|
|
|
d = d[key]
|
|
|
|
|
|
|
|
|
|
key = keys[-1]
|
2020-04-29 15:05:29 -04:00
|
|
|
d.pop(key, None) # Avoid a KeyError on invalid keys
|
2020-04-23 15:25:47 -04:00
|
|
|
|
|
|
|
|
if commit:
|
|
|
|
|
self.save()
|
|
|
|
|
|
|
|
|
|
|
2020-04-23 16:36:12 -04:00
|
|
|
@receiver(post_save, sender=User)
|
2022-04-18 08:36:41 -04:00
|
|
|
def create_userconfig(instance, created, raw=False, **kwargs):
|
2020-04-23 16:36:12 -04:00
|
|
|
"""
|
2022-04-18 08:36:41 -04:00
|
|
|
Automatically create a new UserConfig when a new User is created. Skip this if importing a user from a fixture.
|
2020-04-23 16:36:12 -04:00
|
|
|
"""
|
2022-04-18 08:36:41 -04:00
|
|
|
if created and not raw:
|
2021-12-21 20:30:59 -05:00
|
|
|
config = get_config()
|
|
|
|
|
UserConfig(user=instance, data=config.DEFAULT_USER_PREFERENCES).save()
|
2020-04-23 16:36:12 -04:00
|
|
|
|
|
|
|
|
|
2020-05-29 10:31:34 -04:00
|
|
|
#
|
|
|
|
|
# REST API
|
|
|
|
|
#
|
|
|
|
|
|
2022-01-25 17:37:06 -05:00
|
|
|
class Token(models.Model):
|
2017-03-07 17:17:39 -05:00
|
|
|
"""
|
|
|
|
|
An API token used for user authentication. This extends the stock model to allow each user to have multiple tokens.
|
|
|
|
|
It also supports setting an expiration time and toggling write ability.
|
|
|
|
|
"""
|
2018-03-30 13:57:26 -04:00
|
|
|
user = models.ForeignKey(
|
|
|
|
|
to=User,
|
|
|
|
|
on_delete=models.CASCADE,
|
|
|
|
|
related_name='tokens'
|
|
|
|
|
)
|
|
|
|
|
created = models.DateTimeField(
|
|
|
|
|
auto_now_add=True
|
|
|
|
|
)
|
|
|
|
|
expires = models.DateTimeField(
|
|
|
|
|
blank=True,
|
|
|
|
|
null=True
|
|
|
|
|
)
|
|
|
|
|
key = models.CharField(
|
|
|
|
|
max_length=40,
|
|
|
|
|
unique=True,
|
|
|
|
|
validators=[MinLengthValidator(40)]
|
|
|
|
|
)
|
|
|
|
|
write_enabled = models.BooleanField(
|
|
|
|
|
default=True,
|
|
|
|
|
help_text='Permit create/update/delete operations using this key'
|
|
|
|
|
)
|
|
|
|
|
description = models.CharField(
|
2020-03-13 15:49:58 -04:00
|
|
|
max_length=200,
|
2018-03-30 13:57:26 -04:00
|
|
|
blank=True
|
|
|
|
|
)
|
2017-03-07 17:17:39 -05:00
|
|
|
|
2017-03-07 22:40:05 -05:00
|
|
|
class Meta:
|
2018-10-05 11:06:59 -04:00
|
|
|
pass
|
2017-03-07 22:40:05 -05:00
|
|
|
|
2017-03-07 17:17:39 -05:00
|
|
|
def __str__(self):
|
2017-03-08 11:34:47 -05:00
|
|
|
# Only display the last 24 bits of the token to avoid accidental exposure.
|
2021-08-06 09:41:49 -04:00
|
|
|
return f"{self.key[-6:]} ({self.user})"
|
2017-03-07 17:17:39 -05:00
|
|
|
|
|
|
|
|
def save(self, *args, **kwargs):
|
|
|
|
|
if not self.key:
|
|
|
|
|
self.key = self.generate_key()
|
2018-11-27 10:52:24 -05:00
|
|
|
return super().save(*args, **kwargs)
|
2017-03-07 17:17:39 -05:00
|
|
|
|
2021-06-11 15:14:19 -04:00
|
|
|
@staticmethod
|
|
|
|
|
def generate_key():
|
2017-03-07 22:56:29 -05:00
|
|
|
# Generate a random 160-bit key expressed in hexadecimal.
|
|
|
|
|
return binascii.hexlify(os.urandom(20)).decode()
|
2017-03-07 23:30:31 -05:00
|
|
|
|
|
|
|
|
@property
|
|
|
|
|
def is_expired(self):
|
2017-03-31 11:13:37 -04:00
|
|
|
if self.expires is None or timezone.now() < self.expires:
|
|
|
|
|
return False
|
|
|
|
|
return True
|
2020-05-08 17:30:25 -04:00
|
|
|
|
|
|
|
|
|
2020-05-29 10:31:34 -04:00
|
|
|
#
|
|
|
|
|
# Permissions
|
|
|
|
|
#
|
|
|
|
|
|
2022-01-25 17:37:06 -05:00
|
|
|
class ObjectPermission(models.Model):
|
2020-05-08 17:30:25 -04:00
|
|
|
"""
|
|
|
|
|
A mapping of view, add, change, and/or delete permission for users and/or groups to an arbitrary set of objects
|
|
|
|
|
identified by ORM query parameters.
|
|
|
|
|
"""
|
2020-07-08 13:34:57 -04:00
|
|
|
name = models.CharField(
|
2020-08-03 16:10:51 -04:00
|
|
|
max_length=100
|
2020-07-08 13:34:57 -04:00
|
|
|
)
|
2020-08-03 16:27:14 -04:00
|
|
|
description = models.CharField(
|
|
|
|
|
max_length=200,
|
|
|
|
|
blank=True
|
|
|
|
|
)
|
2020-07-08 13:34:57 -04:00
|
|
|
enabled = models.BooleanField(
|
|
|
|
|
default=True
|
|
|
|
|
)
|
2020-06-03 09:27:20 -04:00
|
|
|
object_types = models.ManyToManyField(
|
2020-05-08 17:30:25 -04:00
|
|
|
to=ContentType,
|
2021-04-02 10:55:16 -04:00
|
|
|
limit_choices_to=OBJECTPERMISSION_OBJECT_TYPES,
|
2020-05-28 15:04:46 -04:00
|
|
|
related_name='object_permissions'
|
2020-05-08 17:30:25 -04:00
|
|
|
)
|
2020-06-03 13:08:04 -04:00
|
|
|
groups = models.ManyToManyField(
|
|
|
|
|
to=Group,
|
2020-05-27 10:48:56 -04:00
|
|
|
blank=True,
|
2020-06-03 13:08:04 -04:00
|
|
|
related_name='object_permissions'
|
|
|
|
|
)
|
|
|
|
|
users = models.ManyToManyField(
|
|
|
|
|
to=User,
|
|
|
|
|
blank=True,
|
|
|
|
|
related_name='object_permissions'
|
2020-05-08 17:30:25 -04:00
|
|
|
)
|
2020-05-29 11:18:22 -04:00
|
|
|
actions = ArrayField(
|
|
|
|
|
base_field=models.CharField(max_length=30),
|
|
|
|
|
help_text="The list of actions granted by this permission"
|
2020-05-08 17:30:25 -04:00
|
|
|
)
|
2020-07-16 12:02:49 -04:00
|
|
|
constraints = models.JSONField(
|
2020-06-03 13:08:04 -04:00
|
|
|
blank=True,
|
|
|
|
|
null=True,
|
|
|
|
|
help_text="Queryset filter matching the applicable objects of the selected type(s)"
|
|
|
|
|
)
|
2020-05-08 17:30:25 -04:00
|
|
|
|
2020-06-08 14:01:15 -04:00
|
|
|
objects = RestrictedQuerySet.as_manager()
|
|
|
|
|
|
2020-05-29 11:18:22 -04:00
|
|
|
class Meta:
|
2020-08-03 16:10:51 -04:00
|
|
|
ordering = ['name']
|
2020-07-22 15:25:06 -04:00
|
|
|
verbose_name = "permission"
|
2020-05-29 11:18:22 -04:00
|
|
|
|
2020-05-28 15:04:46 -04:00
|
|
|
def __str__(self):
|
2020-08-03 16:10:51 -04:00
|
|
|
return self.name
|
2020-08-07 14:09:55 -04:00
|
|
|
|
|
|
|
|
def list_constraints(self):
|
|
|
|
|
"""
|
|
|
|
|
Return all constraint sets as a list (even if only a single set is defined).
|
|
|
|
|
"""
|
|
|
|
|
if type(self.constraints) is not list:
|
|
|
|
|
return [self.constraints]
|
|
|
|
|
return self.constraints
|
