canaille-globuzma/canaille/core/models.py

import datetime

from flask import session


class User:
    def __init__(self, *args, **kwargs):
        self.read = set()
        self.write = set()
        self.permissions = set()
        super().__init__(*args, **kwargs)

    @classmethod
    def get_from_login(cls, login=None, **kwargs):
        raise NotImplementedError()

    def login(self):
        try:
            previous = (
                session["user_id"]
                if isinstance(session["user_id"], list)
                else [session["user_id"]]
            )
            session["user_id"] = previous + [self.id]
        except KeyError:
            session["user_id"] = [self.id]

    @classmethod
    def logout(self):
        try:
            session["user_id"].pop()
            if not session["user_id"]:
                del session["user_id"]
        except (IndexError, KeyError):
            pass

    @property
    def identifier(self):
        """
        Returns a unique value that will be used to identify the user.
        This value will be used in URLs in canaille, so it should be unique and short.
        """
        raise NotImplementedError()

    def has_password(self):
        raise NotImplementedError()

    def check_password(self, password):
        raise NotImplementedError()

    def set_password(self, password):
        raise NotImplementedError()

    def can_read(self, field):
        return field in self.read | self.write

    @property
    def preferred_email(self):
        return self.emails[0] if self.emails else None

    @property
    def can_edit_self(self):
        return "edit_self" in self.permissions

    @property
    def can_use_oidc(self):
        return "use_oidc" in self.permissions

    @property
    def can_manage_users(self):
        return "manage_users" in self.permissions

    @property
    def can_manage_groups(self):
        return "manage_groups" in self.permissions

    @property
    def can_manage_oidc(self):
        return "manage_oidc" in self.permissions

    @property
    def can_delete_account(self):
        return "delete_account" in self.permissions

    @property
    def can_impersonate_users(self):
        return "impersonate_users" in self.permissions

    @property
    def locked(self):
        return bool(self.lock_date) and self.lock_date < datetime.datetime.now(
            datetime.timezone.utc
        )


class Group:
    @property
    def identifier(self):
        """
        Returns a unique value that will be used to identify the user.
        This value will be used in URLs in canaille, so it should be unique and short.
        """
        raise NotImplementedError()
Implemented LDAP ppolicy support. 2022-11-01 11:25:21 +00:00			`import datetime`

pre-commit tox test 2021-12-20 22:57:27 +00:00			`from flask import session`

draft 2020-08-14 11:18:08 +00:00
Moved models specificities in the backend module 2023-04-10 11:45:52 +00:00			`class User:`
Permissions overhaul 2021-12-02 17:23:14 +00:00			`def __init__(self, args, *kwargs):`
			`self.read = set()`
			`self.write = set()`
			`self.permissions = set()`
			`super().__init__(args, *kwargs)`

Admin login 2020-08-19 14:20:57 +00:00			`@classmethod`
Split the User.get method 2023-04-07 19:24:09 +00:00			`def get_from_login(cls, login=None, **kwargs):`
Moved models specificities in the backend module 2023-04-10 11:45:52 +00:00			`raise NotImplementedError()`
ACL filters are no more LDAP filters but user attribute mappings. 2023-04-14 16:46:42 +00:00
User refactoring 2020-08-21 08:23:39 +00:00			`def login(self):`
Admins can impersonate users. Fixes #39 2020-12-11 10:52:37 +00:00			`try:`
Session compatibility fix 2020-12-29 08:31:46 +00:00			`previous = (`
avoid ldap related session variable names 2022-12-29 00:10:07 +00:00			`session["user_id"]`
			`if isinstance(session["user_id"], list)`
			`else [session["user_id"]]`
Session compatibility fix 2020-12-29 08:31:46 +00:00			`)`
Used 'id' instead of 'dn' 2023-02-05 18:08:25 +00:00			`session["user_id"] = previous + [self.id]`
Admins can impersonate users. Fixes #39 2020-12-11 10:52:37 +00:00			`except KeyError:`
Used 'id' instead of 'dn' 2023-02-05 18:08:25 +00:00			`session["user_id"] = [self.id]`
User refactoring 2020-08-21 08:23:39 +00:00
Session compatibility fix 2020-12-29 08:31:46 +00:00			`@classmethod`
User refactoring 2020-08-21 08:23:39 +00:00			`def logout(self):`
			`try:`
avoid ldap related session variable names 2022-12-29 00:10:07 +00:00			`session["user_id"].pop()`
			`if not session["user_id"]:`
			`del session["user_id"]`
User.logout excepts IndexError in case of invalid sessions 2023-04-18 18:36:48 +00:00			`except (IndexError, KeyError):`
User refactoring 2020-08-21 08:23:39 +00:00			`pass`

Use a unique identifier to indentify users in URLS Previously we used the uid since we supposed this value was always valid, but some users user the mail attribute as the User RDN in their OpenLDAP installation, and do not have a uuid. 2023-06-27 15:41:00 +00:00			`@property`
			`def identifier(self):`
			`"""`
			`Returns a unique value that will be used to identify the user.`
			`This value will be used in URLs in canaille, so it should be unique and short.`
			`"""`
			`raise NotImplementedError()`

Password setup for new users. Fixes #37 2020-11-16 14:39:58 +00:00			`def has_password(self):`
Moved models specificities in the backend module 2023-04-10 11:45:52 +00:00			`raise NotImplementedError()`
Password setup for new users. Fixes #37 2020-11-16 14:39:58 +00:00
draft 2020-08-14 11:18:08 +00:00			`def check_password(self, password):`
Moved models specificities in the backend module 2023-04-10 11:45:52 +00:00			`raise NotImplementedError()`
draft 2020-08-14 11:18:08 +00:00
Removed the 'conn' argument when it is not needed 2023-04-07 18:43:46 +00:00			`def set_password(self, password):`
Moved models specificities in the backend module 2023-04-10 11:45:52 +00:00			`raise NotImplementedError()`
Permissions overhaul 2021-12-02 17:23:14 +00:00
jpegPhoto profile form 2021-12-08 17:06:50 +00:00			`def can_read(self, field):`
			`return field in self.read \| self.write`

Implemented User.preferred_email 2023-06-22 13:24:13 +00:00			`@property`
			`def preferred_email(self):`
			`return self.emails[0] if self.emails else None`

Added an option to disable self edition 2022-04-05 15:16:09 +00:00			`@property`
			`def can_edit_self(self):`
			`return "edit_self" in self.permissions`

Option to not use OIDC 2021-12-06 23:07:32 +00:00			`@property`
			`def can_use_oidc(self):`
			`return "use_oidc" in self.permissions`

Permissions overhaul 2021-12-02 17:23:14 +00:00			`@property`
			`def can_manage_users(self):`
			`return "manage_users" in self.permissions`

			`@property`
			`def can_manage_groups(self):`
			`return "manage_groups" in self.permissions`

			`@property`
			`def can_manage_oidc(self):`
			`return "manage_oidc" in self.permissions`

			`@property`
			`def can_delete_account(self):`
			`return "delete_account" in self.permissions`

			`@property`
			`def can_impersonate_users(self):`
			`return "impersonate_users" in self.permissions`

Implemented LDAP ppolicy support. 2022-11-01 11:25:21 +00:00			`@property`
			`def locked(self):`
			`return bool(self.lock_date) and self.lock_date < datetime.datetime.now(`
			`datetime.timezone.utc`
			`)`

Issue 12 groups 2021-06-03 13:00:11 +00:00
Moved models specificities in the backend module 2023-04-10 11:45:52 +00:00			`class Group:`
Implements a flask Group converter 2023-06-28 16:09:25 +00:00			`@property`
			`def identifier(self):`
			`"""`
			`Returns a unique value that will be used to identify the user.`
			`This value will be used in URLs in canaille, so it should be unique and short.`
			`"""`
			`raise NotImplementedError()`