Initial access cotrol implemented

pages/access.py

@@ -1,14 +1,72 @@
+from django.conf import settings
+import logging
+
+from .models import PikiPage
+
+logger = logging.getLogger(settings.ROOT_LOGGER_NAME).getChild(__name__)
+
+
 class access_control(object):
     def __init__(self, request, rel_path):
         self._request = request
         self._rel_path = rel_path
+        self._user = request.user
+        try:
+            self._page = PikiPage.objects.get(rel_path=rel_path)
+        except PikiPage.DoesNotExist:
+            self._page = None
+        self._read = None
+        self._write = None
+
+    def __analyse_access_rights__(self):
+        if self._read is None or self._write is None:
+            self._read = False
+            self._write = False
+            #
+            if self._user.is_superuser:
+                # A superuser has full access
+                logger.debug("User is superuser -> full access granted")
+                self._read = True
+                self._write = True
+            elif self._page is None:
+                if self._user.is_staff:
+                    # Page creation is allowed for staff users
+                    logger.debug("Page does not exist and user is staff -> full access granted")
+                    self._read = True
+                    self._write = True
+                else:
+                    logger.debug("Page does not exist and user is not staff -> no access granted")
+            else:
+                user_is_owner = self._page.owner == self._user
+                user_in_page_group = self._page.group in self._user.groups.all()
+                # read permissions
+                if user_is_owner and self._page.owner_perms_read:
+                    logger.debug("Read access granted, due to owner permissions of page")
+                    self._read = True
+                elif user_in_page_group and self._page.group_perms_read:
+                    logger.debug("Read access granted, due to group permissions of page")
+                    self._read = True
+                elif self._page.other_perms_read:
+                    logger.debug("Read access granted, due to other permissions of page")
+                    self._read = True
+                # write permissions
+                if user_is_owner and self._page.owner_perms_write:
+                    logger.debug("Write access granted, due to owner permissions of page")
+                    self._write = True
+                elif user_in_page_group and self._page.group_perms_write:
+                    logger.debug("Write access granted, due to group permissions of page")
+                    self._write = True
+                elif self._page.other_perms_write:
+                    logger.debug("Write access granted, due to other permissions of page")
+                    self._write = True
 
     def may_read(self):
-        return "private" not in self._rel_path or self.may_write()
+        self.__analyse_access_rights__()
+        return self._read
 
     def may_write(self):
-        # /!\ rel_path is the filsystem rel_path - caused by the flat folder structure /!\
-        return self._request.user.is_authenticated and self._request.user.username in ['root', 'dirk']
+        self.__analyse_access_rights__()
+        return self._write
 
     def may_read_attachment(self):
         return self.may_read()

pages/admin.py

@@ -10,6 +10,8 @@ class PikiPageAdmin(SimpleHistoryAdmin):
     search_fields = ('rel_path', 'tags', )
     list_filter = (
         ('deleted', admin.BooleanFieldListFilter),
+        ('other_perms_read', admin.BooleanFieldListFilter),
+        ('other_perms_write', admin.BooleanFieldListFilter),
     )
     ordering = ["rel_path"]
 

pages/context.py

@@ -5,7 +5,6 @@ import os
 from django.conf import settings
 from django.utils.translation import gettext as _
 
-from pages.access import access_control
 import pages.parameter
 from .help import actionbar as actionbar_add_help
 import mycreole
@@ -74,7 +73,7 @@ def actionbar(context, request, caller_name, **kwargs):
     bar = context[context.ACTIONBAR]
     if not cms_mode_active(request):
         if caller_name in ['page', 'edit', 'delete', 'rename']:
-            acc = access_control(request, kwargs["rel_path"])
+            acc = kwargs["acc"]
             if acc.may_write():
                 add_page_menu(request, bar, kwargs["rel_path"], kwargs.get('is_available', False))
             if acc.may_modify_attachment():

pages/forms.py

@@ -9,7 +9,12 @@ from .models import PikiPage
 class EditForm(forms.ModelForm):
     class Meta:
         model = PikiPage
-        fields = ["page_txt", "tags", "owner", "group"]
+        fields = [
+            "page_txt",
+            "tags",
+            "owner", "owner_perms_read", "owner_perms_write",
+            "group", "group_perms_read", "group_perms_write",
+            "other_perms_read", "other_perms_write",]
 
 
 class RenameForm(forms.Form):  # Note that it is not inheriting from forms.ModelForm

pages/help.py

@@ -35,8 +35,24 @@ CREOLE += mycreole.render_simple("""
 
 ACCESS = mycreole.render_simple(_("""
 = Access
-* Currently just two specific users have write access.
-* Pages containing "private" in the relative page path have no public read access.
+== Administrator
+If the user has //Superuser status//, the user is able to create, read and write all pages.
+== Create new pages
+Only users with //Superuser status// or //Staff status// are able to create new pages.
+== Page rigths
+All following subsections are able to grant read or write access to the user
+=== Owner permissions
+Every page has an owner, if the user is the owner, the defined read or write permissions will be granted.
+=== Group permissions
+Every page has a group, if the user is in that group, the defined read or write permissions will be granted.
+=== Other permissions
+If no other mechanism granted the permissions, the defined read or write permissions for all other users will be granted.
+
+= Default permissions
+| =Mechanism | =Read | Write |
+| Owner      |   X   |   X   |
+| Group      |   X   |   X   |
+| Other      |   X   |   -   |
 """))
 
 SEARCH = mycreole.render_simple(_(

pages/management/commands/migrate_to_db.py

@@ -1,73 +0,0 @@
-from django.conf import settings
-from django.contrib.auth.models import User
-from django.core.management.base import BaseCommand
-from pages.page import full_path_all_pages, page_wrapped
-
-from pages.models import PikiPage
-
-from datetime import datetime
-import fstools
-import os
-import shutil
-from zoneinfo import ZoneInfo
-
-
-def add_page_data(rel_path, tags, page_txt, creation_time, creation_user, modified_time, modified_user):
-    try:
-        page = PikiPage.objects.get(rel_path=rel_path)
-    except PikiPage.DoesNotExist:
-        page = PikiPage(rel_path=rel_path)
-    #
-    page.tags = tags
-    page.page_txt = page_txt
-    #
-    page.creation_time = datetime.fromtimestamp(creation_time, ZoneInfo("UTC"))
-    creation_user = creation_user or "dirk"
-    page.creation_user = User.objects.get(username=creation_user)
-    modified_user = modified_user or "dirk"
-    page.modified_time = datetime.fromtimestamp(modified_time, ZoneInfo("UTC"))
-    page.modified_user = User.objects.get(username=modified_user)
-    page.owner = page.owner or page.creation_user
-    #
-    page.save()
-
-
-class Command(BaseCommand):
-    def handle(self, *args, **options):
-        for path in full_path_all_pages():
-            fs_page = page_wrapped(None, path)
-            if fs_page._page.is_available():
-                self.stdout.write(self.style.MIGRATE_HEADING("Migration of page '%s'" % fs_page.rel_path))
-                for history_number in fs_page._page.history_numbers_list():
-                    self.stdout.write(self.style.MIGRATE_HEADING("  * Adding history version %d" % history_number))
-                    h_page = page_wrapped(None, path, history_version=history_number)
-                    add_page_data(
-                        rel_path=h_page.rel_path,
-                        tags=h_page.tags,
-                        page_txt=h_page._page.raw_page_src,
-                        #
-                        creation_time=h_page.creation_time,
-                        creation_user=h_page.creation_user,
-                        modified_time=h_page.modified_time,
-                        modified_user=h_page.modified_user
-                    )
-                #
-                self.stdout.write(self.style.MIGRATE_HEADING("  * Adding current version"))
-                add_page_data(
-                    rel_path=fs_page.rel_path,
-                    tags=fs_page.tags,
-                    page_txt=fs_page._page.raw_page_src,
-                    #
-                    creation_time=fs_page.creation_time,
-                    creation_user=fs_page.creation_user,
-                    modified_time=fs_page.modified_time,
-                    modified_user=fs_page.modified_user
-                )
-                #
-                src = os.path.join(path, "attachments")
-                if os.path.isdir(src):
-                    dst = os.path.join(settings.MYCREOLE_ROOT, fs_page.rel_path)
-                    for attachment in fstools.filelist(src):
-                        self.stdout.write(self.style.MIGRATE_HEADING("  * Copy attachment ''%s to new location" % os.path.basename(attachment)))
-                        fstools.mkdir(dst)
-                        shutil.copy(attachment, dst)

pages/migrations/0002_historicalpikipage_group_perms_read_and_more.py

@@ -0,0 +1,73 @@
+# Generated by Django 5.1.2 on 2024-10-21 10:49
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('pages', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='historicalpikipage',
+            name='group_perms_read',
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AddField(
+            model_name='historicalpikipage',
+            name='group_perms_write',
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AddField(
+            model_name='historicalpikipage',
+            name='other_perms_read',
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AddField(
+            model_name='historicalpikipage',
+            name='other_perms_write',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='historicalpikipage',
+            name='owner_perms_read',
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AddField(
+            model_name='historicalpikipage',
+            name='owner_perms_write',
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AddField(
+            model_name='pikipage',
+            name='group_perms_read',
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AddField(
+            model_name='pikipage',
+            name='group_perms_write',
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AddField(
+            model_name='pikipage',
+            name='other_perms_read',
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AddField(
+            model_name='pikipage',
+            name='other_perms_write',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='pikipage',
+            name='owner_perms_read',
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AddField(
+            model_name='pikipage',
+            name='owner_perms_write',
+            field=models.BooleanField(default=True),
+        ),
+    ]

pages/models.py

@@ -34,8 +34,14 @@ class PikiPage(models.Model):
     owner = models.ForeignKey(User, null=True, blank=True, on_delete=models.SET_NULL, related_name="owner")
     group = models.ForeignKey(Group, null=True, blank=True, on_delete=models.SET_NULL, related_name="group")
     # owner_perms
+    owner_perms_read = models.BooleanField(default=True)
+    owner_perms_write = models.BooleanField(default=True)
     # group_perms
+    group_perms_read = models.BooleanField(default=True)
+    group_perms_write = models.BooleanField(default=True)
     # other_perms
+    other_perms_read = models.BooleanField(default=True)
+    other_perms_write = models.BooleanField(default=False)
     #
     history = HistoricalRecords()
 

pages/page.py

@@ -1,347 +0,0 @@
-import difflib
-from django.conf import settings
-from django.utils.translation import gettext as _
-import fstools
-import json
-import logging
-from pages import messages, url_page
-import mycreole
-import os
-import shutil
-import time
-from . import timestamp_to_datetime
-
-logger = logging.getLogger(settings.ROOT_LOGGER_NAME).getChild(__name__)
-
-
-SPLITCHAR = ":"
-HISTORY_FOLDER_NAME = 'history'
-
-
-def full_path_all_pages(expression="*"):
-    system_pages = fstools.dirlist(settings.SYSTEM_PAGES_ROOT, expression=expression, rekursive=False)
-    system_pages = [os.path.join(settings.PAGES_ROOT, os.path.basename(path)) for path in system_pages]
-    pages = fstools.dirlist(settings.PAGES_ROOT, expression=expression, rekursive=False)
-    rv = []
-    for path in set(system_pages + pages):
-        p = page_wrapped(None, path)
-        if p.is_available():
-            rv.append(path)
-    return rv
-
-
-class base(dict):
-    @property
-    def rel_path(self):
-        return os.path.basename(self._path).replace(2*SPLITCHAR, "/")
-
-    def is_available(self):
-        is_a = os.path.isfile(self.filename)
-        if not is_a:
-            logger.debug("Not available - %s", self.filename)
-        return is_a
-
-    def history_numbers_list(self):
-        history_folder = os.path.join(self._path, HISTORY_FOLDER_NAME)
-        return list(set([int(os.path.basename(filename)[:5]) for filename in fstools.filelist(history_folder)]))
-
-
-class meta_data(base):
-    META_FILE_NAME = 'meta.json'
-    #
-    KEY_CREATION_TIME = "creation_time"
-    KEY_CREATION_USER = "creation_user"
-    KEY_MODIFIED_TIME = "modified_time"
-    KEY_MODIFIED_USER = "modified_user"
-    KEY_TAGS = "tags"
-
-    def __init__(self, path, history_version=None):
-        self._path = path
-        self._history_version = history_version
-        #
-        # Load data from disk
-        try:
-            with open(self.filename, 'r') as fh:
-                super().__init__(json.load(fh))
-        except (FileNotFoundError, json.decoder.JSONDecodeError) as e:
-            super().__init__()
-
-    def delete(self):
-        os.remove(self.filename)
-
-    @property
-    def filename(self):
-        if not self._history_version:
-            return os.path.join(self._path, self.META_FILE_NAME)
-        else:
-            return self.history_filename(self._history_version)
-
-    def history_filename(self, history_version):
-        return os.path.join(self._path, HISTORY_FOLDER_NAME, "%05d_%s" % (history_version, self.META_FILE_NAME))
-
-    def update_required(self, tags):
-        return tags != self.get(self.KEY_TAGS)
-
-    def update(self, username, tags):
-        if self._history_version:
-            logger.error("A history version %05d can not be updated!", self._history_version)
-            return False
-        else:
-            if username:
-                self[self.KEY_MODIFIED_TIME] = int(time.time())
-                self[self.KEY_MODIFIED_USER] = username
-                #
-                if self.KEY_CREATION_USER not in self:
-                    self[self.KEY_CREATION_USER] = self[self.KEY_MODIFIED_USER]
-                if self.KEY_CREATION_TIME not in self:
-                    self[self.KEY_CREATION_TIME] = self[self.KEY_MODIFIED_TIME]
-            if tags:
-                self[self.KEY_TAGS] = tags
-            #
-            if username or tags:
-                self.save()
-            return True
-
-    def save(self):
-        if self._history_version:
-            logger.error("A history version %05d can not be updated!", self._history_version)
-            return False
-        else:
-            with open(self.filename, 'w') as fh:
-                json.dump(self, fh, indent=4)
-            return True
-
-    def store_to_history(self, history_number):
-        history_filename = self.history_filename(history_number)
-        fstools.mkdir(os.path.dirname(history_filename))
-        shutil.copy(self.filename, history_filename)
-
-
-class page_data(base):
-    PAGE_FILE_NAME = 'page'
-
-    def __init__(self, path, history_version=None):
-        self._history_version = history_version
-        self._path = path
-        self._raw_page_src = None
-
-    def _load_page_src(self):
-        if self._raw_page_src is None:
-            try:
-                with open(self.filename, 'r') as fh:
-                    self._raw_page_src = fh.read()
-            except FileNotFoundError:
-                self._raw_page_src = ""
-
-    def delete(self):
-        os.remove(self.filename)
-
-    def rename(self, page_name):
-        # Change backslash to slash and remove double slashes
-        page_name = page_name.replace("\\", "/")
-        while "//" in page_name:
-            page_name = page_name.replace("//", "/")
-        # move path
-        target_path = os.path.join(settings.PAGES_ROOT, page_name.replace("/", 2*SPLITCHAR))
-        shutil.move(self._path, target_path)
-        # set my path
-        self._path = target_path
-
-    def update_required(self, page_txt):
-        return page_txt.replace("\r\n", "\n") != self.raw_page_src
-
-    def update_page(self, page_txt):
-        if self._history_version:
-            logger.error("A history version %05d can not be updated!", self._history_version)
-            return False
-        else:
-            # save the new page content
-            fstools.mkdir(os.path.dirname(self.filename))
-            with open(self.filename, 'w') as fh:
-                fh.write(page_txt)
-            self._raw_page_src = page_txt
-            return True
-
-    @property
-    def filename(self):
-        if not self._history_version:
-            return os.path.join(self._path, self.PAGE_FILE_NAME)
-        else:
-            return self.history_filename(self._history_version)
-
-    def history_filename(self, history_version):
-        return os.path.join(self._path, HISTORY_FOLDER_NAME, "%05d_%s" % (history_version, self.PAGE_FILE_NAME))
-
-    @property
-    def rel_path(self):
-        return os.path.basename(self._path).replace(2*SPLITCHAR, "/")
-
-    @property
-    def title(self):
-        return os.path.basename(self._path).split(2*SPLITCHAR)[-1]
-
-    @property
-    def raw_page_src(self):
-        self._load_page_src()
-        return self._raw_page_src
-
-    def store_to_history(self, history_number):
-        history_filename = self.history_filename(history_number)
-        fstools.mkdir(os.path.dirname(history_filename))
-        shutil.copy(self.filename, history_filename)
-
-
-class page_wrapped(object):
-    """
-    This class holds different page and meta instances and decides which will be used in which case.
-    """
-
-    def __init__(self, request, path, history_version=None):
-        """_summary_
-
-        Args:
-            request (_type_): The django request or None (if None, the page functionality is limited)
-            path (_type_): A rel_path of the django page or the filesystem path to the page
-            history_version (_type_, optional): The history version of the page to be created
-        """
-        self._request = request
-        #
-        page_path = self.__page_path__(path)
-        # Page
-        self._page = page_data(page_path, history_version=history_version)
-        self._page_meta = meta_data(page_path, history_version=history_version)
-
-    def __page_path__(self, path):
-        if path.startswith(settings.PAGES_ROOT):
-            # must be a filesystem path
-            return path
-        else:
-            # must be a relative url
-            return os.path.join(settings.PAGES_ROOT, path.replace("/", 2*SPLITCHAR))
-
-    def __page_choose__(self):
-        return self._page
-
-    def __meta_choose__(self):
-        return self._page_meta
-
-    def __store_history__(self):
-        if self._page.is_available():
-            try:
-                history_number = max(self._page.history_numbers_list()) + 1
-            except ValueError:
-                history_number = 1     # no history yet
-            self._page.store_to_history(history_number)
-            self._page_meta.store_to_history(history_number)
-
-    #
-    # meta_data
-    #
-    @property
-    def creation_time(self):
-        meta = self.__meta_choose__()
-        rv = meta.get(meta.KEY_CREATION_TIME)
-        return rv
-
-    @property
-    def creation_user(self):
-        meta = self.__meta_choose__()
-        rv = meta.get(meta.KEY_CREATION_USER)
-        return rv
-
-    def delete(self):
-        self.__store_history__()
-        self._page.delete()
-        self._page_meta.delete()
-
-    @property
-    def modified_time(self):
-        meta = self.__meta_choose__()
-        rv = meta.get(meta.KEY_MODIFIED_TIME)
-        return rv
-
-    @property
-    def modified_user(self):
-        meta = self.__meta_choose__()
-        rv = meta.get(meta.KEY_MODIFIED_USER)
-        return rv
-
-    def rename(self, page_name):
-        self._page.rename(page_name)
-
-    @property
-    def tags(self):
-        meta = self.__meta_choose__()
-        rv = meta.get(meta.KEY_TAGS)
-        return rv
-
-    #
-    # page
-    #
-    @property
-    def attachment_path(self):
-        page = self.__page_choose__()
-        rv = page.attachment_path
-        return rv
-
-    def is_available(self):
-        return self._page.is_available()
-
-    def userpage_is_available(self):
-        return self._page.is_available()
-
-    @property
-    def raw_page_src(self):
-        page = self.__page_choose__()
-        rv = page.raw_page_src
-        return rv
-
-    @property
-    def rel_path(self):
-        page = self.__page_choose__()
-        rv = page.rel_path
-        return rv
-
-    def render_meta(self):
-        page = self.__page_choose__()
-        rv = page.render_meta(self.creation_time, self.modified_time, self.creation_user, self.modified_user, self.tags)
-        return rv
-
-    def render_to_html(self):
-        page = self.__page_choose__()
-        rv = page.render_to_html()
-        return rv
-
-    def render_text(self, request, txt):
-        page = self.__page_choose__()
-        rv = page.render_text(request, txt)
-        return rv
-
-    @property
-    def title(self):
-        page = self.__page_choose__()
-        rv = page.title
-        return rv
-
-    def update_page(self, txt, tags):
-        if self._page.update_required(txt) or self._page_meta.update_required(tags):
-            rv = False
-            # Store history
-            self.__store_history__()
-            username = None
-            if self._page.update_required(txt):
-                # Update page
-                rv |= self._page.update_page(txt)
-                # Identify username, to update meta
-                try:
-                    if self._request.user.is_authenticated:
-                        username = self._request.user.username
-                    else:
-                        logger.warning("Page edit without having a logged in user. This is not recommended. Check your access definitions!")
-                except AttributeError:
-                    logger.exception("Page edit without having a request object. Check programming!")
-            rv |= self._page_meta.update(username, tags)
-            # Update search index
-            from pages.search import update_item
-            update_item(self)
-            return rv

pages/views.py

@@ -78,6 +78,7 @@ def page(request, rel_path):
     context_adaption(
         context,
         request,
+        acc=acc,
         rel_path=rel_path,
         title=title,
         upload_path=rel_path,
@@ -110,6 +111,7 @@ def edit(request, rel_path):
             context_adaption(
                 context,
                 request,
+                acc=acc,
                 rel_path=rel_path,
                 is_available=is_available,
                 form=form,
@@ -141,6 +143,7 @@ def edit(request, rel_path):
                 context_adaption(
                     context,
                     request,
+                    acc=acc,
                     rel_path=rel_path,
                     is_available=is_available,
                     form=form,
@@ -176,6 +179,7 @@ def delete(request, rel_path):
             context_adaption(
                 context,
                 request,
+                acc=acc,
                 rel_path=rel_path,
                 is_available=is_available,
                 # TODO: Add translation
@@ -222,6 +226,7 @@ def rename(request, rel_path):
             context_adaption(
                 context,
                 request,
+                acc=acc,
                 rel_path=rel_path,
                 is_available=is_available,
                 form=form,

requirements.txt

@@ -1,4 +1,5 @@
 Django
+django-simple-history
 Pillow
 python-creole
 pytz