canaille-globuzma/canaille/core/models.py

import datetime
from typing import List
from typing import Optional


class User:
    """
    User model, based on the `SCIM User schema <https://datatracker.ietf.org/doc/html/rfc7643#section-4.1>`_
    """

    id: str
    user_name: Optional[str]
    password: Optional[str]
    preferred_language: Optional[str]
    family_name: Optional[str]
    given_name: Optional[str]
    formatted_name: Optional[str]
    display_name: Optional[str]
    emails: List[str]
    phone_numbers: List[str]
    formatted_address: Optional[str]
    street: Optional[str]
    postal_code: Optional[str]
    locality: Optional[str]
    region: Optional[str]
    photo: Optional[str]
    profile_url: Optional[str]
    employee_number: Optional[str]
    department: Optional[str]
    title: Optional[str]
    organization: Optional[str]
    last_modified: Optional[datetime.datetime]
    groups: List["Group"]
    lock_date: Optional[datetime.datetime]

    def __init__(self, *args, **kwargs):
        self.read = set()
        self.write = set()
        self.permissions = set()
        super().__init__(*args, **kwargs)

    @classmethod
    def get_from_login(cls, login=None, **kwargs) -> Optional["User"]:
        raise NotImplementedError()

    def has_password(self) -> bool:
        """
        Checks wether a password has been set for the user.
        """
        raise NotImplementedError()

    def check_password(self, password: str) -> bool:
        """
        Checks if the password matches the user password in the database.
        """
        raise NotImplementedError()

    def set_password(self, password: str):
        """
        Sets a password for the user.
        """
        raise NotImplementedError()

    def can_read(self, field: str):
        return field in self.read | self.write

    @property
    def preferred_email(self):
        return self.emails[0] if self.emails else None

    def __getattr__(self, name):
        if name.startswith("can_") and name != "can_read":
            permission = name[4:]
            return permission in self.permissions

        return super().__getattr__(name)

    @property
    def locked(self) -> bool:
        """
        Wether the user account has been locked or has expired.
        """
        return bool(self.lock_date) and self.lock_date < datetime.datetime.now(
            datetime.timezone.utc
        )


class Group:
    """
    User model, based on the `SCIM Group schema <https://datatracker.ietf.org/doc/html/rfc7643#section-4.2>`_
    """

    id: str
    display_name: str
    members: List["User"]
    description: Optional[str]
Implemented LDAP ppolicy support. 2022-11-01 11:25:21 +00:00			`import datetime`
doc: models types draft 2023-08-23 13:18:43 +00:00			`from typing import List`
doc: model documentation 2023-08-17 13:55:41 +00:00			`from typing import Optional`
Implemented LDAP ppolicy support. 2022-11-01 11:25:21 +00:00
draft 2020-08-14 11:18:08 +00:00
Moved models specificities in the backend module 2023-04-10 11:45:52 +00:00			`class User:`
doc: model documentation 2023-08-17 13:55:41 +00:00			`"""`
			User model, based on the `SCIM User schema <https://datatracker.ietf.org/doc/html/rfc7643#section-4.1>`_
			`"""`

doc: models types draft 2023-08-23 13:18:43 +00:00			`id: str`
			`user_name: Optional[str]`
			`password: Optional[str]`
			`preferred_language: Optional[str]`
			`family_name: Optional[str]`
			`given_name: Optional[str]`
			`formatted_name: Optional[str]`
			`display_name: Optional[str]`
			`emails: List[str]`
			`phone_numbers: List[str]`
			`formatted_address: Optional[str]`
			`street: Optional[str]`
			`postal_code: Optional[str]`
			`locality: Optional[str]`
			`region: Optional[str]`
			`photo: Optional[str]`
			`profile_url: Optional[str]`
			`employee_number: Optional[str]`
			`department: Optional[str]`
			`title: Optional[str]`
			`organization: Optional[str]`
			`last_modified: Optional[datetime.datetime]`
			`groups: List["Group"]`
			`lock_date: Optional[datetime.datetime]`

Permissions overhaul 2021-12-02 17:23:14 +00:00			`def __init__(self, args, *kwargs):`
			`self.read = set()`
			`self.write = set()`
			`self.permissions = set()`
			`super().__init__(args, *kwargs)`

Admin login 2020-08-19 14:20:57 +00:00			`@classmethod`
doc: model documentation 2023-08-17 13:55:41 +00:00			`def get_from_login(cls, login=None, **kwargs) -> Optional["User"]:`
Moved models specificities in the backend module 2023-04-10 11:45:52 +00:00			`raise NotImplementedError()`
ACL filters are no more LDAP filters but user attribute mappings. 2023-04-14 16:46:42 +00:00
doc: model documentation 2023-08-17 13:55:41 +00:00			`def has_password(self) -> bool:`
Use a unique identifier to indentify users in URLS Previously we used the uid since we supposed this value was always valid, but some users user the mail attribute as the User RDN in their OpenLDAP installation, and do not have a uuid. 2023-06-27 15:41:00 +00:00			`"""`
doc: model documentation 2023-08-17 13:55:41 +00:00			`Checks wether a password has been set for the user.`
Use a unique identifier to indentify users in URLS Previously we used the uid since we supposed this value was always valid, but some users user the mail attribute as the User RDN in their OpenLDAP installation, and do not have a uuid. 2023-06-27 15:41:00 +00:00			`"""`
			`raise NotImplementedError()`

doc: model documentation 2023-08-17 13:55:41 +00:00			`def check_password(self, password: str) -> bool:`
			`"""`
			`Checks if the password matches the user password in the database.`
			`"""`
Moved models specificities in the backend module 2023-04-10 11:45:52 +00:00			`raise NotImplementedError()`
draft 2020-08-14 11:18:08 +00:00
doc: model documentation 2023-08-17 13:55:41 +00:00			`def set_password(self, password: str):`
			`"""`
			`Sets a password for the user.`
			`"""`
Moved models specificities in the backend module 2023-04-10 11:45:52 +00:00			`raise NotImplementedError()`
Permissions overhaul 2021-12-02 17:23:14 +00:00
doc: model documentation 2023-08-17 13:55:41 +00:00			`def can_read(self, field: str):`
jpegPhoto profile form 2021-12-08 17:06:50 +00:00			`return field in self.read \| self.write`

Implemented User.preferred_email 2023-06-22 13:24:13 +00:00			`@property`
			`def preferred_email(self):`
			`return self.emails[0] if self.emails else None`

refactor: user permission sugar 2023-08-14 14:25:12 +00:00			`def __getattr__(self, name):`
			`if name.startswith("can_") and name != "can_read":`
			`permission = name[4:]`
			`return permission in self.permissions`
Permissions overhaul 2021-12-02 17:23:14 +00:00
refactor: user permission sugar 2023-08-14 14:25:12 +00:00			`return super().__getattr__(name)`
Permissions overhaul 2021-12-02 17:23:14 +00:00
Implemented LDAP ppolicy support. 2022-11-01 11:25:21 +00:00			`@property`
doc: model documentation 2023-08-17 13:55:41 +00:00			`def locked(self) -> bool:`
			`"""`
			`Wether the user account has been locked or has expired.`
			`"""`
Implemented LDAP ppolicy support. 2022-11-01 11:25:21 +00:00			`return bool(self.lock_date) and self.lock_date < datetime.datetime.now(`
			`datetime.timezone.utc`
			`)`

Issue 12 groups 2021-06-03 13:00:11 +00:00
Moved models specificities in the backend module 2023-04-10 11:45:52 +00:00			`class Group:`
doc: model documentation 2023-08-17 13:55:41 +00:00			`"""`
			User model, based on the `SCIM Group schema <https://datatracker.ietf.org/doc/html/rfc7643#section-4.2>`_
			`"""`
doc: models types draft 2023-08-23 13:18:43 +00:00
			`id: str`
			`display_name: str`
			`members: List["User"]`
			`description: Optional[str]`