application/piki
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial access cotrol implemented

Browse Source
This commit is contained in:
Dirk Alders 2024-10-21 17:29:49 +02:00
parent a528ac19cb
commit b8606bc0b5
11 changed files with 173 additions and 428 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
pages/access.py
View File

@ -1,14 +1,72 @@
from django.conf import settings
import logging
from .models import PikiPage
logger = logging.getLogger(settings.ROOT_LOGGER_NAME).getChild(__name__)
class access_control(object): class access_control(object):
def __init__(self, request, rel_path): def __init__(self, request, rel_path):
self._request = request self._request = request
self._rel_path = rel_path self._rel_path = rel_path
self._user = request.user
try:
self._page = PikiPage.objects.get(rel_path=rel_path)
except PikiPage.DoesNotExist:
self._page = None
self._read = None
self._write = None
def __analyse_access_rights__(self):
if self._read is None or self._write is None:
self._read = False
self._write = False
#
if self._user.is_superuser:
# A superuser has full access
logger.debug("User is superuser -> full access granted")
self._read = True
self._write = True
elif self._page is None:
if self._user.is_staff:
# Page creation is allowed for staff users
logger.debug("Page does not exist and user is staff -> full access granted")
self._read = True
self._write = True
else:
logger.debug("Page does not exist and user is not staff -> no access granted")
else:
user_is_owner = self._page.owner == self._user
user_in_page_group = self._page.group in self._user.groups.all()
# read permissions
if user_is_owner and self._page.owner_perms_read:
logger.debug("Read access granted, due to owner permissions of page")
self._read = True
elif user_in_page_group and self._page.group_perms_read:
logger.debug("Read access granted, due to group permissions of page")
self._read = True
elif self._page.other_perms_read:
logger.debug("Read access granted, due to other permissions of page")
self._read = True
# write permissions
if user_is_owner and self._page.owner_perms_write:
logger.debug("Write access granted, due to owner permissions of page")
self._write = True
elif user_in_page_group and self._page.group_perms_write:
logger.debug("Write access granted, due to group permissions of page")
self._write = True
elif self._page.other_perms_write:
logger.debug("Write access granted, due to other permissions of page")
self._write = True
def may_read(self): def may_read(self):
return "private" not in self._rel_path or self.may_write() self.__analyse_access_rights__()
return self._read
def may_write(self): def may_write(self):
# /!\ rel_path is the filsystem rel_path - caused by the flat folder structure /!\ self.__analyse_access_rights__()
return self._request.user.is_authenticated and self._request.user.username in ['root', 'dirk'] return self._write
def may_read_attachment(self): def may_read_attachment(self):
return self.may_read() return self.may_read()

2
pages/admin.py
View File

@ -10,6 +10,8 @@ class PikiPageAdmin(SimpleHistoryAdmin):
search_fields = ('rel_path', 'tags', ) search_fields = ('rel_path', 'tags', )
list_filter = ( list_filter = (
('deleted', admin.BooleanFieldListFilter), ('deleted', admin.BooleanFieldListFilter),
('other_perms_read', admin.BooleanFieldListFilter),
('other_perms_write', admin.BooleanFieldListFilter),
) )
ordering = ["rel_path"] ordering = ["rel_path"]

3
pages/context.py
View File

@ -5,7 +5,6 @@ import os
from django.conf import settings from django.conf import settings
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from pages.access import access_control
import pages.parameter import pages.parameter
from .help import actionbar as actionbar_add_help from .help import actionbar as actionbar_add_help
import mycreole import mycreole
@ -74,7 +73,7 @@ def actionbar(context, request, caller_name, **kwargs):
bar = context[context.ACTIONBAR] bar = context[context.ACTIONBAR]
if not cms_mode_active(request): if not cms_mode_active(request):
if caller_name in ['page', 'edit', 'delete', 'rename']: if caller_name in ['page', 'edit', 'delete', 'rename']:
acc = access_control(request, kwargs["rel_path"]) acc = kwargs["acc"]
if acc.may_write(): if acc.may_write():
add_page_menu(request, bar, kwargs["rel_path"], kwargs.get('is_available', False)) add_page_menu(request, bar, kwargs["rel_path"], kwargs.get('is_available', False))
if acc.may_modify_attachment(): if acc.may_modify_attachment():

7
pages/forms.py
View File

@ -9,7 +9,12 @@ from .models import PikiPage
class EditForm(forms.ModelForm): class EditForm(forms.ModelForm):
class Meta: class Meta:
model = PikiPage model = PikiPage
fields = ["page_txt", "tags", "owner", "group"] fields = [
"page_txt",
"tags",
"owner", "owner_perms_read", "owner_perms_write",
"group", "group_perms_read", "group_perms_write",
"other_perms_read", "other_perms_write",]
class RenameForm(forms.Form): # Note that it is not inheriting from forms.ModelForm class RenameForm(forms.Form): # Note that it is not inheriting from forms.ModelForm

20
pages/help.py
View File

@ -35,8 +35,24 @@ CREOLE += mycreole.render_simple("""
ACCESS = mycreole.render_simple(_(""" ACCESS = mycreole.render_simple(_("""
= Access = Access
* Currently just two specific users have write access. == Administrator
* Pages containing "private" in the relative page path have no public read access. If the user has //Superuser status//, the user is able to create, read and write all pages.
== Create new pages
Only users with //Superuser status// or //Staff status// are able to create new pages.
== Page rigths
All following subsections are able to grant read or write access to the user
=== Owner permissions
Every page has an owner, if the user is the owner, the defined read or write permissions will be granted.
=== Group permissions
Every page has a group, if the user is in that group, the defined read or write permissions will be granted.
=== Other permissions
If no other mechanism granted the permissions, the defined read or write permissions for all other users will be granted.
= Default permissions
| =Mechanism | =Read | Write |
| Owner | X | X |
| Group | X | X |
| Other | X | - |
""")) """))
SEARCH = mycreole.render_simple(_( SEARCH = mycreole.render_simple(_(

73
pages/management/commands/migrate_to_db.py
View File

@ -1,73 +0,0 @@
from django.conf import settings
from django.contrib.auth.models import User
from django.core.management.base import BaseCommand
from pages.page import full_path_all_pages, page_wrapped
from pages.models import PikiPage
from datetime import datetime
import fstools
import os
import shutil
from zoneinfo import ZoneInfo
def add_page_data(rel_path, tags, page_txt, creation_time, creation_user, modified_time, modified_user):
try:
page = PikiPage.objects.get(rel_path=rel_path)
except PikiPage.DoesNotExist:
page = PikiPage(rel_path=rel_path)
#
page.tags = tags
page.page_txt = page_txt
#
page.creation_time = datetime.fromtimestamp(creation_time, ZoneInfo("UTC"))
creation_user = creation_user or "dirk"
page.creation_user = User.objects.get(username=creation_user)
modified_user = modified_user or "dirk"
page.modified_time = datetime.fromtimestamp(modified_time, ZoneInfo("UTC"))
page.modified_user = User.objects.get(username=modified_user)
page.owner = page.owner or page.creation_user
#
page.save()
class Command(BaseCommand):
def handle(self, *args, **options):
for path in full_path_all_pages():
fs_page = page_wrapped(None, path)
if fs_page._page.is_available():
self.stdout.write(self.style.MIGRATE_HEADING("Migration of page '%s'" % fs_page.rel_path))
for history_number in fs_page._page.history_numbers_list():
self.stdout.write(self.style.MIGRATE_HEADING(" * Adding history version %d" % history_number))
h_page = page_wrapped(None, path, history_version=history_number)
add_page_data(
rel_path=h_page.rel_path,
tags=h_page.tags,
page_txt=h_page._page.raw_page_src,
#
creation_time=h_page.creation_time,
creation_user=h_page.creation_user,
modified_time=h_page.modified_time,
modified_user=h_page.modified_user
)
#
self.stdout.write(self.style.MIGRATE_HEADING(" * Adding current version"))
add_page_data(
rel_path=fs_page.rel_path,
tags=fs_page.tags,
page_txt=fs_page._page.raw_page_src,
#
creation_time=fs_page.creation_time,
creation_user=fs_page.creation_user,
modified_time=fs_page.modified_time,
modified_user=fs_page.modified_user
)
#
src = os.path.join(path, "attachments")
if os.path.isdir(src):
dst = os.path.join(settings.MYCREOLE_ROOT, fs_page.rel_path)
for attachment in fstools.filelist(src):
self.stdout.write(self.style.MIGRATE_HEADING(" * Copy attachment ''%s to new location" % os.path.basename(attachment)))
fstools.mkdir(dst)
shutil.copy(attachment, dst)

73
pages/migrations/0002_historicalpikipage_group_perms_read_and_more.py Normal file
View File

@ -0,0 +1,73 @@
# Generated by Django 5.1.2 on 2024-10-21 10:49
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('pages', '0001_initial'),
]
operations = [
migrations.AddField(
model_name='historicalpikipage',
name='group_perms_read',
field=models.BooleanField(default=True),
),
migrations.AddField(
model_name='historicalpikipage',
name='group_perms_write',
field=models.BooleanField(default=True),
),
migrations.AddField(
model_name='historicalpikipage',
name='other_perms_read',
field=models.BooleanField(default=True),
),
migrations.AddField(
model_name='historicalpikipage',
name='other_perms_write',
field=models.BooleanField(default=False),
),
migrations.AddField(
model_name='historicalpikipage',
name='owner_perms_read',
field=models.BooleanField(default=True),
),
migrations.AddField(
model_name='historicalpikipage',
name='owner_perms_write',
field=models.BooleanField(default=True),
),
migrations.AddField(
model_name='pikipage',
name='group_perms_read',
field=models.BooleanField(default=True),
),
migrations.AddField(
model_name='pikipage',
name='group_perms_write',
field=models.BooleanField(default=True),
),
migrations.AddField(
model_name='pikipage',
name='other_perms_read',
field=models.BooleanField(default=True),
),
migrations.AddField(
model_name='pikipage',
name='other_perms_write',
field=models.BooleanField(default=False),
),
migrations.AddField(
model_name='pikipage',
name='owner_perms_read',
field=models.BooleanField(default=True),
),
migrations.AddField(
model_name='pikipage',
name='owner_perms_write',
field=models.BooleanField(default=True),
),
]

6
pages/models.py
View File

@ -34,8 +34,14 @@ class PikiPage(models.Model):
owner = models.ForeignKey(User, null=True, blank=True, on_delete=models.SET_NULL, related_name="owner") owner = models.ForeignKey(User, null=True, blank=True, on_delete=models.SET_NULL, related_name="owner")
group = models.ForeignKey(Group, null=True, blank=True, on_delete=models.SET_NULL, related_name="group") group = models.ForeignKey(Group, null=True, blank=True, on_delete=models.SET_NULL, related_name="group")
# owner_perms # owner_perms
owner_perms_read = models.BooleanField(default=True)
owner_perms_write = models.BooleanField(default=True)
# group_perms # group_perms
group_perms_read = models.BooleanField(default=True)
group_perms_write = models.BooleanField(default=True)
# other_perms # other_perms
other_perms_read = models.BooleanField(default=True)
other_perms_write = models.BooleanField(default=False)
# #
history = HistoricalRecords() history = HistoricalRecords()

347
pages/page.py
View File

@ -1,347 +0,0 @@
import difflib
from django.conf import settings
from django.utils.translation import gettext as _
import fstools
import json
import logging
from pages import messages, url_page
import mycreole
import os
import shutil
import time
from . import timestamp_to_datetime
logger = logging.getLogger(settings.ROOT_LOGGER_NAME).getChild(__name__)
SPLITCHAR = ":"
HISTORY_FOLDER_NAME = 'history'
def full_path_all_pages(expression="*"):
system_pages = fstools.dirlist(settings.SYSTEM_PAGES_ROOT, expression=expression, rekursive=False)
system_pages = [os.path.join(settings.PAGES_ROOT, os.path.basename(path)) for path in system_pages]
pages = fstools.dirlist(settings.PAGES_ROOT, expression=expression, rekursive=False)
rv = []
for path in set(system_pages + pages):
p = page_wrapped(None, path)
if p.is_available():
rv.append(path)
return rv
class base(dict):
@property
def rel_path(self):
return os.path.basename(self._path).replace(2*SPLITCHAR, "/")
def is_available(self):
is_a = os.path.isfile(self.filename)
if not is_a:
logger.debug("Not available - %s", self.filename)
return is_a
def history_numbers_list(self):
history_folder = os.path.join(self._path, HISTORY_FOLDER_NAME)
return list(set([int(os.path.basename(filename)[:5]) for filename in fstools.filelist(history_folder)]))
class meta_data(base):
META_FILE_NAME = 'meta.json'
#
KEY_CREATION_TIME = "creation_time"
KEY_CREATION_USER = "creation_user"
KEY_MODIFIED_TIME = "modified_time"
KEY_MODIFIED_USER = "modified_user"
KEY_TAGS = "tags"
def __init__(self, path, history_version=None):
self._path = path
self._history_version = history_version
#
# Load data from disk
try:
with open(self.filename, 'r') as fh:
super().__init__(json.load(fh))
except (FileNotFoundError, json.decoder.JSONDecodeError) as e:
super().__init__()
def delete(self):
os.remove(self.filename)
@property
def filename(self):
if not self._history_version:
return os.path.join(self._path, self.META_FILE_NAME)
else:
return self.history_filename(self._history_version)
def history_filename(self, history_version):
return os.path.join(self._path, HISTORY_FOLDER_NAME, "%05d_%s" % (history_version, self.META_FILE_NAME))
def update_required(self, tags):
return tags != self.get(self.KEY_TAGS)
def update(self, username, tags):
if self._history_version:
logger.error("A history version %05d can not be updated!", self._history_version)
return False
else:
if username:
self[self.KEY_MODIFIED_TIME] = int(time.time())
self[self.KEY_MODIFIED_USER] = username
#
if self.KEY_CREATION_USER not in self:
self[self.KEY_CREATION_USER] = self[self.KEY_MODIFIED_USER]
if self.KEY_CREATION_TIME not in self:
self[self.KEY_CREATION_TIME] = self[self.KEY_MODIFIED_TIME]
if tags:
self[self.KEY_TAGS] = tags
#
if username or tags:
self.save()
return True
def save(self):
if self._history_version:
logger.error("A history version %05d can not be updated!", self._history_version)
return False
else:
with open(self.filename, 'w') as fh:
json.dump(self, fh, indent=4)
return True
def store_to_history(self, history_number):
history_filename = self.history_filename(history_number)
fstools.mkdir(os.path.dirname(history_filename))
shutil.copy(self.filename, history_filename)
class page_data(base):
PAGE_FILE_NAME = 'page'
def __init__(self, path, history_version=None):
self._history_version = history_version
self._path = path
self._raw_page_src = None
def _load_page_src(self):
if self._raw_page_src is None:
try:
with open(self.filename, 'r') as fh:
self._raw_page_src = fh.read()
except FileNotFoundError:
self._raw_page_src = ""
def delete(self):
os.remove(self.filename)
def rename(self, page_name):
# Change backslash to slash and remove double slashes
page_name = page_name.replace("\\", "/")
while "//" in page_name:
page_name = page_name.replace("//", "/")
# move path
target_path = os.path.join(settings.PAGES_ROOT, page_name.replace("/", 2*SPLITCHAR))
shutil.move(self._path, target_path)
# set my path
self._path = target_path
def update_required(self, page_txt):
return page_txt.replace("\r\n", "\n") != self.raw_page_src
def update_page(self, page_txt):
if self._history_version:
logger.error("A history version %05d can not be updated!", self._history_version)
return False
else:
# save the new page content
fstools.mkdir(os.path.dirname(self.filename))
with open(self.filename, 'w') as fh:
fh.write(page_txt)
self._raw_page_src = page_txt
return True
@property
def filename(self):
if not self._history_version:
return os.path.join(self._path, self.PAGE_FILE_NAME)
else:
return self.history_filename(self._history_version)
def history_filename(self, history_version):
return os.path.join(self._path, HISTORY_FOLDER_NAME, "%05d_%s" % (history_version, self.PAGE_FILE_NAME))
@property
def rel_path(self):
return os.path.basename(self._path).replace(2*SPLITCHAR, "/")
@property
def title(self):
return os.path.basename(self._path).split(2*SPLITCHAR)[-1]
@property
def raw_page_src(self):
self._load_page_src()
return self._raw_page_src
def store_to_history(self, history_number):
history_filename = self.history_filename(history_number)
fstools.mkdir(os.path.dirname(history_filename))
shutil.copy(self.filename, history_filename)
class page_wrapped(object):
"""
This class holds different page and meta instances and decides which will be used in which case.
"""
def __init__(self, request, path, history_version=None):
"""_summary_
Args:
request (_type_): The django request or None (if None, the page functionality is limited)
path (_type_): A rel_path of the django page or the filesystem path to the page
history_version (_type_, optional): The history version of the page to be created
"""
self._request = request
#
page_path = self.__page_path__(path)
# Page
self._page = page_data(page_path, history_version=history_version)
self._page_meta = meta_data(page_path, history_version=history_version)
def __page_path__(self, path):
if path.startswith(settings.PAGES_ROOT):
# must be a filesystem path
return path
else:
# must be a relative url
return os.path.join(settings.PAGES_ROOT, path.replace("/", 2*SPLITCHAR))
def __page_choose__(self):
return self._page
def __meta_choose__(self):
return self._page_meta
def __store_history__(self):
if self._page.is_available():
try:
history_number = max(self._page.history_numbers_list()) + 1
except ValueError:
history_number = 1 # no history yet
self._page.store_to_history(history_number)
self._page_meta.store_to_history(history_number)
#
# meta_data
#
@property
def creation_time(self):
meta = self.__meta_choose__()
rv = meta.get(meta.KEY_CREATION_TIME)
return rv
@property
def creation_user(self):
meta = self.__meta_choose__()
rv = meta.get(meta.KEY_CREATION_USER)
return rv
def delete(self):
self.__store_history__()
self._page.delete()
self._page_meta.delete()
@property
def modified_time(self):
meta = self.__meta_choose__()
rv = meta.get(meta.KEY_MODIFIED_TIME)
return rv
@property
def modified_user(self):
meta = self.__meta_choose__()
rv = meta.get(meta.KEY_MODIFIED_USER)
return rv
def rename(self, page_name):
self._page.rename(page_name)
@property
def tags(self):
meta = self.__meta_choose__()
rv = meta.get(meta.KEY_TAGS)
return rv
#
# page
#
@property
def attachment_path(self):
page = self.__page_choose__()
rv = page.attachment_path
return rv
def is_available(self):
return self._page.is_available()
def userpage_is_available(self):
return self._page.is_available()
@property
def raw_page_src(self):
page = self.__page_choose__()
rv = page.raw_page_src
return rv
@property
def rel_path(self):
page = self.__page_choose__()
rv = page.rel_path
return rv
def render_meta(self):
page = self.__page_choose__()
rv = page.render_meta(self.creation_time, self.modified_time, self.creation_user, self.modified_user, self.tags)
return rv
def render_to_html(self):
page = self.__page_choose__()
rv = page.render_to_html()
return rv
def render_text(self, request, txt):
page = self.__page_choose__()
rv = page.render_text(request, txt)
return rv
@property
def title(self):
page = self.__page_choose__()
rv = page.title
return rv
def update_page(self, txt, tags):
if self._page.update_required(txt) or self._page_meta.update_required(tags):
rv = False
# Store history
self.__store_history__()
username = None
if self._page.update_required(txt):
# Update page
rv |= self._page.update_page(txt)
# Identify username, to update meta
try:
if self._request.user.is_authenticated:
username = self._request.user.username
else:
logger.warning("Page edit without having a logged in user. This is not recommended. Check your access definitions!")
except AttributeError:
logger.exception("Page edit without having a request object. Check programming!")
rv |= self._page_meta.update(username, tags)
# Update search index
from pages.search import update_item
update_item(self)
return rv

5
pages/views.py
View File

@ -78,6 +78,7 @@ def page(request, rel_path):
context_adaption( context_adaption(
context, context,
request, request,
acc=acc,
rel_path=rel_path, rel_path=rel_path,
title=title, title=title,
upload_path=rel_path, upload_path=rel_path,
@ -110,6 +111,7 @@ def edit(request, rel_path):
context_adaption( context_adaption(
context, context,
request, request,
acc=acc,
rel_path=rel_path, rel_path=rel_path,
is_available=is_available, is_available=is_available,
form=form, form=form,
@ -141,6 +143,7 @@ def edit(request, rel_path):
context_adaption( context_adaption(
context, context,
request, request,
acc=acc,
rel_path=rel_path, rel_path=rel_path,
is_available=is_available, is_available=is_available,
form=form, form=form,
@ -176,6 +179,7 @@ def delete(request, rel_path):
context_adaption( context_adaption(
context, context,
request, request,
acc=acc,
rel_path=rel_path, rel_path=rel_path,
is_available=is_available, is_available=is_available,
# TODO: Add translation # TODO: Add translation
@ -222,6 +226,7 @@ def rename(request, rel_path):
context_adaption( context_adaption(
context, context,
request, request,
acc=acc,
rel_path=rel_path, rel_path=rel_path,
is_available=is_available, is_available=is_available,
form=form, form=form,

1
requirements.txt
View File

@ -1,4 +1,5 @@
Django Django
django-simple-history
Pillow Pillow
python-creole python-creole
pytz pytz