Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2025-07-09 12:30:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Grant service access by permissions (#692)

Browse Source 
* Add service access permissions and migration

`ENABLE_AUTH_<servicename> = True` will have the new permission applied
to the settings configured `DEFAULT_AUTH_GROUP` group or `Member` if
none is configured.

`ENABLE_BLUE_<servicename> = True` will have the new permission applied
to the settings configured `DEFAULT_BLUE_GROUP` group or `Blue` if none
is configured.

* Move views and hooks to permissions based access

* Remove access restriction to services view

Hypothetically non-member/blues could be granted permission to access
services manually as desired now. A user that has no permissions to
access any services will see a blank services list.

* Remove obsolete service settings

* Remove references to obsolete settings

* Adjusted tests to support permissions based access

* Fix incorrectly named permissions

* Add simple get_services generator function

* Added signals for user and groups perm changes

* Update validate_services to support permissions

deactivate_services removed as its surplus to requirements.

* Removed state parameter from validate_services calls

* Update tests to support signals changes

* Fix incorrect call to validate_services task

* Fix validate_services and test

* Add validate_user to changed user groups signal

* Added tests for new signals

* Remove unnecessary post_add signals

* Added documentation for service permissions

* Added detection for members with service active

If there are any service users in the Member or Blue groups active, then
the permission will be added to the respective Member or Blue group.
This means its no longer necessary to maintain the service enablesettings to migrate to permissions based service.

Remove obsolete state based status checking
This commit is contained in:
Basraah 2017-02-12 13:51:30 +10:00 committed by Adarnof
parent 58e121d10d
commit a33c8c14ee
80 changed files with 1192 additions and 496 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
alliance_auth/settings.py.example
View File

@ -283,58 +283,6 @@ MEMBER_ALLIANCE_GROUPS = 'True' == os.environ.get('AA_MEMBER_ALLIANCE_GROUPS', '
BLUE_CORP_GROUPS = 'True' == os.environ.get('AA_BLUE_CORP_GROUPS', 'False')
BLUE_ALLIANCE_GROUPS = 'True' == os.environ.get('AA_BLUE_ALLIANCE_GROUPS', 'False')
#########################
# Alliance Service Setup
#########################
# ENABLE_AUTH_FORUM - Enable forum support in the auth for auth'd members
# ENABLE_AUTH_JABBER - Enable jabber support in the auth for auth'd members
# ENABLE_AUTH_MUMBLE - Enable mumble support in the auth for auth'd members
# ENABLE_AUTH_IPBOARD - Enable IPBoard forum support in the auth for auth'd members
# ENABLE_AUTH_DISCORD - Enable Discord support in the auth for auth'd members
# ENABLE_AUTH_DISCOURSE - Enable Discourse support in the auth for auth'd members
# ENABLE_AUTH_IPS4 - Enable IPS4 support in the auth for auth'd members
# ENABLE_AUTH_SMF - Enable SMF forum support in the auth for auth'd members
# ENABLE_AUTH_MARKET = Enable Alliance Market support in auth for auth'd members
# ENABLE_AUTH_XENFORO = Enable XenForo forums support in the auth for auth'd members
#########################
ENABLE_AUTH_FORUM = 'True' == os.environ.get('AA_ENABLE_AUTH_FORUM', 'False')
ENABLE_AUTH_JABBER = 'True' == os.environ.get('AA_ENABLE_AUTH_JABBER', 'False')
ENABLE_AUTH_MUMBLE = 'True' == os.environ.get('AA_ENABLE_AUTH_MUMBLE', 'False')
ENABLE_AUTH_IPBOARD = 'True' == os.environ.get('AA_ENABLE_AUTH_IPBOARD', 'False')
ENABLE_AUTH_TEAMSPEAK3 = 'True' == os.environ.get('AA_ENABLE_AUTH_TEAMSPEAK3', 'False')
ENABLE_AUTH_DISCORD = 'True' == os.environ.get('AA_ENABLE_AUTH_DISCORD', 'False')
ENABLE_AUTH_DISCOURSE = 'True' == os.environ.get('AA_ENABLE_AUTH_DISCOURSE', 'False')
ENABLE_AUTH_IPS4 = 'True' == os.environ.get('AA_ENABLE_AUTH_IPS4', 'False')
ENABLE_AUTH_SMF = 'True' == os.environ.get('AA_ENABLE_AUTH_SMF', 'False')
ENABLE_AUTH_MARKET = 'True' == os.environ.get('AA_ENABLE_AUTH_MARKET', 'False')
ENABLE_AUTH_XENFORO = 'True' == os.environ.get('AA_ENABLE_AUTH_XENFORO', 'False')
#####################
# Blue service Setup
#####################
# ENABLE_BLUE_FORUM - Enable forum support in the auth for blues
# ENABLE_BLUE_JABBER - Enable jabber support in the auth for blues
# ENABLE_BLUE_MUMBLE - Enable mumble support in the auth for blues
# ENABLE_BLUE_IPBOARD - Enable IPBoard forum support in the auth for blues
# ENABLE_BLUE_DISCORD - Enable Discord support in the auth for blues
# ENABLE_BLUE_DISCOURSE - Enable Discord support in the auth for blues
# ENABLE_BLUE_IPS4 - Enable IPS4 forum support in the auth for blues
# ENABLE_BLUE_SMF - Enable SMF forum support in the auth for blues
# ENABLE_BLUE_MARKET - Enable Alliance Market in the auth for blues
# ENABLE_BLUE_XENFORO = Enable XenForo forum support in the auth for blue
#####################
ENABLE_BLUE_FORUM = 'True' == os.environ.get('AA_ENABLE_BLUE_FORUM', 'False')
ENABLE_BLUE_JABBER = 'True' == os.environ.get('AA_ENABLE_BLUE_JABBER', 'False')
ENABLE_BLUE_MUMBLE = 'True' == os.environ.get('AA_ENABLE_BLUE_MUMBLE', 'False')
ENABLE_BLUE_IPBOARD = 'True' == os.environ.get('AA_ENABLE_BLUE_IPBOARD', 'False')
ENABLE_BLUE_TEAMSPEAK3 = 'True' == os.environ.get('AA_ENABLE_BLUE_TEAMSPEAK3', 'False')
ENABLE_BLUE_DISCORD = 'True' == os.environ.get('AA_ENABLE_BLUE_DISCORD', 'False')
ENABLE_BLUE_DISCOURSE = 'True' == os.environ.get('AA_ENABLE_BLUE_DISCOURSE', 'False')
ENABLE_BLUE_IPS4 = 'True' == os.environ.get('AA_ENABLE_BLUE_IPS4', 'False')
ENABLE_BLUE_SMF = 'True' == os.environ.get('AA_ENABLE_BLUE_SMF', 'False')
ENABLE_BLUE_MARKET = 'True' == os.environ.get('AA_ENABLE_BLUE_MARKET', 'False')
ENABLE_BLUE_XENFORO = 'True' == os.environ.get('AA_ENABLE_BLUE_XENFORO', 'False')
#########################
# Tenant Configuration
#########################
@ -702,13 +650,13 @@ LOGGING = {
}
# Conditionally add databases only if configured
if ENABLE_AUTH_FORUM or ENABLE_BLUE_FORUM:
if 'services.modules.phpbb3' in INSTALLED_APPS:
DATABASES['phpbb3'] = PHPBB3_DB
if ENABLE_AUTH_SMF or ENABLE_BLUE_SMF:
if 'services.modules.smf' in INSTALLED_APPS:
DATABASES['smf'] = SMF_DB
if ENABLE_AUTH_MARKET or ENABLE_BLUE_MARKET:
if 'services.modules.market' in INSTALLED_APPS:
DATABASES['market'] = MARKET_DB
if ENABLE_AUTH_IPS4 or ENABLE_BLUE_IPS4:
if 'services.modules.ips4' in INSTALLED_APPS:
DATABASES['ips4'] = IPS4_DB
# Ensure corp/alliance IDs are expected types

7
alliance_auth/tests/auth_utils.py
View File

@ -1,9 +1,10 @@
from __future__ import unicode_literals
from django.db.models.signals import m2m_changed, pre_save
from django.contrib.auth.models import User
from django.contrib.auth.models import User, Group, Permission
from services.signals import m2m_changed_user_groups, pre_save_user
from services.signals import m2m_changed_group_permissions, m2m_changed_user_permissions
from authentication.signals import pre_save_auth_state
from authentication.tasks import make_member, make_blue
@ -55,12 +56,16 @@ class AuthUtils:
@classmethod
def disconnect_signals(cls):
m2m_changed.disconnect(m2m_changed_user_groups, sender=User.groups.through)
m2m_changed.disconnect(m2m_changed_group_permissions, sender=Group.permissions.through)
m2m_changed.disconnect(m2m_changed_user_permissions, sender=User.user_permissions.through)
pre_save.disconnect(pre_save_user, sender=User)
pre_save.disconnect(pre_save_auth_state, sender=AuthServicesInfo)
@classmethod
def connect_signals(cls):
m2m_changed.connect(m2m_changed_user_groups, sender=User.groups.through)
m2m_changed.connect(m2m_changed_group_permissions, sender=Group.permissions.through)
m2m_changed.connect(m2m_changed_user_permissions, sender=User.user_permissions.through)
pre_save.connect(pre_save_user, sender=User)
pre_save.connect(pre_save_auth_state, sender=AuthServicesInfo)

56
alliance_auth/tests/test_settings.py
View File

@ -247,62 +247,6 @@ MEMBER_ALLIANCE_GROUPS = 'True' == os.environ.get('AA_MEMBER_ALLIANCE_GROUPS', '
BLUE_CORP_GROUPS = 'True' == os.environ.get('AA_BLUE_CORP_GROUPS', 'False')
BLUE_ALLIANCE_GROUPS = 'True' == os.environ.get('AA_BLUE_ALLIANCE_GROUPS', 'False')
#########################
# Alliance Service Setup
#########################
# ENABLE_AUTH_FORUM - Enable forum support in the auth for auth'd members
# ENABLE_AUTH_JABBER - Enable jabber support in the auth for auth'd members
# ENABLE_AUTH_MUMBLE - Enable mumble support in the auth for auth'd members
# ENABLE_AUTH_IPBOARD - Enable IPBoard forum support in the auth for auth'd members
# ENABLE_AUTH_DISCORD - Enable Discord support in the auth for auth'd members
# ENABLE_AUTH_DISCOURSE - Enable Discourse support in the auth for auth'd members
# ENABLE_AUTH_IPS4 - Enable IPS4 support in the auth for auth'd members
# ENABLE_AUTH_SMF - Enable SMF forum support in the auth for auth'd members
# ENABLE_AUTH_MARKET = Enable Alliance Market support in auth for auth'd members
# ENABLE_AUTH_PATHFINDER = Enable Alliance Pathfinder suppor in auth for auth'd members
# ENABLE_AUTH_XENFORO = Enable XenForo forums support in the auth for auth'd members
#########################
ENABLE_AUTH_FORUM = 'True' == os.environ.get('AA_ENABLE_AUTH_FORUM', 'True')
ENABLE_AUTH_JABBER = 'True' == os.environ.get('AA_ENABLE_AUTH_JABBER', 'True')
ENABLE_AUTH_MUMBLE = 'True' == os.environ.get('AA_ENABLE_AUTH_MUMBLE', 'True')
ENABLE_AUTH_IPBOARD = 'True' == os.environ.get('AA_ENABLE_AUTH_IPBOARD', 'True')
ENABLE_AUTH_TEAMSPEAK3 = 'True' == os.environ.get('AA_ENABLE_AUTH_TEAMSPEAK3', 'True')
ENABLE_AUTH_DISCORD = 'True' == os.environ.get('AA_ENABLE_AUTH_DISCORD', 'True')
ENABLE_AUTH_DISCOURSE = 'True' == os.environ.get('AA_ENABLE_AUTH_DISCOURSE', 'True')
ENABLE_AUTH_IPS4 = 'True' == os.environ.get('AA_ENABLE_AUTH_IPS4', 'True')
ENABLE_AUTH_SMF = 'True' == os.environ.get('AA_ENABLE_AUTH_SMF', 'True')
ENABLE_AUTH_MARKET = 'True' == os.environ.get('AA_ENABLE_AUTH_MARKET', 'True')
ENABLE_AUTH_XENFORO = 'True' == os.environ.get('AA_ENABLE_AUTH_XENFORO', 'True')
#####################
# Blue service Setup
#####################
# BLUE_STANDING - The default lowest standings setting to consider blue
# ENABLE_BLUE_FORUM - Enable forum support in the auth for blues
# ENABLE_BLUE_JABBER - Enable jabber support in the auth for blues
# ENABLE_BLUE_MUMBLE - Enable mumble support in the auth for blues
# ENABLE_BLUE_IPBOARD - Enable IPBoard forum support in the auth for blues
# ENABLE_BLUE_DISCORD - Enable Discord support in the auth for blues
# ENABLE_BLUE_DISCOURSE - Enable Discord support in the auth for blues
# ENABLE_BLUE_IPS4 - Enable IPS4 forum support in the auth for blues
# ENABLE_BLUE_SMF - Enable SMF forum support in the auth for blues
# ENABLE_BLUE_MARKET - Enable Alliance Market in the auth for blues
# ENABLE_BLUE_PATHFINDER = Enable Pathfinder support in the auth for blues
# ENABLE_BLUE_XENFORO = Enable XenForo forum support in the auth for blue
#####################
BLUE_STANDING = float(os.environ.get('AA_BLUE_STANDING', '5.0'))
ENABLE_BLUE_FORUM = 'True' == os.environ.get('AA_ENABLE_BLUE_FORUM', 'True')
ENABLE_BLUE_JABBER = 'True' == os.environ.get('AA_ENABLE_BLUE_JABBER', 'True')
ENABLE_BLUE_MUMBLE = 'True' == os.environ.get('AA_ENABLE_BLUE_MUMBLE', 'True')
ENABLE_BLUE_IPBOARD = 'True' == os.environ.get('AA_ENABLE_BLUE_IPBOARD', 'True')
ENABLE_BLUE_TEAMSPEAK3 = 'True' == os.environ.get('AA_ENABLE_BLUE_TEAMSPEAK3', 'True')
ENABLE_BLUE_DISCORD = 'True' == os.environ.get('AA_ENABLE_BLUE_DISCORD', 'True')
ENABLE_BLUE_DISCOURSE = 'True' == os.environ.get('AA_ENABLE_BLUE_DISCOURSE', 'True')
ENABLE_BLUE_IPS4 = 'True' == os.environ.get('AA_ENABLE_BLUE_IPS4', 'True')
ENABLE_BLUE_SMF = 'True' == os.environ.get('AA_ENABLE_BLUE_SMF', 'True')
ENABLE_BLUE_MARKET = 'True' == os.environ.get('AA_ENABLE_BLUE_MARKET', 'True')
ENABLE_BLUE_XENFORO = 'True' == os.environ.get('AA_ENABLE_BLUE_XENFORO', 'True')
#########################
# Corp Configuration
#########################

2
authentication/signals.py
View File

@ -23,7 +23,7 @@ def pre_save_auth_state(sender, instance, *args, **kwargs):
make_blue(instance)
else:
disable_member(instance.user)
validate_services(instance.user, instance.state)
validate_services.apply(args=(instance.user,))
@receiver(post_save, sender=User)

4
authentication/tasks.py
View File

@ -32,7 +32,7 @@ def disable_member(user):
if user.groups.all().exists():
logger.info("Clearing all non-public user %s groups to disable member." % user)
user.groups.remove(*user.groups.filter(authgroup__public=False))
validate_services(user, None)
validate_services.apply(args=(user,))
def disable_user(user):
@ -48,7 +48,7 @@ def disable_user(user):
if user.groups.all().exists():
logger.info("Clearing user %s groups to deactivate user." % user)
user.groups.clear()
validate_services(user, None)
validate_services.apply(args=(user,))
def make_member(auth):

28
docs/installation/auth/settings.md
View File

@ -47,34 +47,6 @@ When changing these booleans, edit the setting within the brackets (eg `('AA_MEM
- OAuth callback URL. Should be `https://mydomain.com/sso/callback`
## Services
### Member Services
After installing services, enable specific services for members by setting the following to `True`
- [ENABLE_AUTH_FORUM](#enable-auth-forum)
- [ENABLE_AUTH_JABBER](#enable-auth-jabber)
- [ENABLE_AUTH_MUMBLE](#enable-auth-mumble)
- [ENABLE_AUTH_IPBOARD](#enable-auth-ipboard)
- [ENABLE_AUTH_TEAMSPEAK3](#enable-auth-teamspeak3)
- [ENABLE_AUTH_DISCORD](#enable-auth-discord)
- [ENABLE_AUTH_DISCOURSE](#enable-auth-discourse)
- [ENABLE_AUTH_IPS4](#enable-auth-ips4)
- [ENABLE_AUTH_SMF](#enable-auth-smf)
- [ENABLE_AUTH_MARKET](#enable-auth-market)
- [ENABLE_AUTH_XENFORO](#enable-auth-xenforo)
### Blue Services
After installing services, enable specific services for blues by setting the following to `True`
- [ENABLE_BLUE_FORUM](#enable-blue-forum)
- [ENABLE_BLUE_JABBER](#enable-blue-jabber)
- [ENABLE_BLUE_MUMBLE](#enable-blue-mumble)
- [ENABLE_BLUE_IPBOARD](#enable-blue-ipboard)
- [ENABLE_BLUE_TEAMSPEAK3](#enable-blue-teamspeak3)
- [ENABLE_BLUE_DISCORD](#enable-blue-discord)
- [ENABLE_BLUE_DISCOURSE](#enable-blue-discourse)
- [ENABLE_BLUE_IPS4](#enable-blue-ips4)
- [ENABLE_BLUE_SMF](#enable-blue-smf)
- [ENABLE_BLUE_MARKET](#enable-blue-market)
- [ENABLE_BLUE_XENFORO](#enable-blue-xenforo)
### IPBoard
If using IPBoard, the following need to be set in accordance with the [install instructions](../services/ipboard3.md)
- [IPBOARD_ENDPOINT](#ipboard-endpoint)

1
docs/installation/services/index.md
View File

@ -3,6 +3,7 @@
```eval_rst
.. toctree::
permissions
market
discord
discourse

37
docs/installation/services/permissions.md Normal file
View File

@ -0,0 +1,37 @@
# Service Permissions
```eval_rst
.. note::
New in 1.15
```
In the past, access to services was dictated by a list of settings in `settings.py`, granting access to each particular service for Members and/or Blues. This meant that granting access to a service was very broad and rigidly structured around these two states.
## Permissions based access
Instead of granting access to services by the previous rigid structure, access to services is now granted by the built in Django permissions system. This means that service access can be more granular, allowing only certain groups, for instance Corp CEOs, or even individual user access to each enabled service.
```eval_rst
.. important::
If you grant access to an individual user, they will have access to that service regardless of whether or not they are a member.
```
Each service has an access permission defined, named like `Can access the <service name> service`.
To mimick the old behaviour of enabling services for all members, you would select the `Member` group from the admin panel, add the required service permission to the group and save. Likewise for Blues, select the `Blue` group and add the required permission.
A user can be granted the same permission from multiple sources. e.g. they may have it granted by several groups and directly granted on their account as well. Auth will not remove their account until all instances of the permission for that service have been revoked.
## Removing access
```eval_rst
.. danger::
Access removal is processed immediately after removing a permission from a user or group. If you remove access from a large group, such as Member, it will immediately remove all users from that service.
```
When you remove a service permission from a user, a signal is triggered which will activate an immediate permission check. For users this will trigger an access check for all services. For groups, due to the potential extra load, only the services whose permissions have changed will be verified, and only the users in that group.
If a user no longer has permission to access the service when this permissions check is triggered, that service will be immediately disabled for them.
### Disabling user accounts
When you unset a user as active in the admin panel, all of that users service accounts will be immediately disabled or removed. This is due to the built in behaviour of Djangos permissions system, which will return False for all permissions if a users account is disabled, regardless of their actual permissions state.

31
services/hooks.py
View File

@ -3,6 +3,7 @@ from __future__ import unicode_literals
from django.template.loader import render_to_string
from django.utils.safestring import mark_safe
from alliance_auth.hooks import get_hooks
from authentication.states import MEMBER_STATE, BLUE_STATE
from authentication.models import AuthServicesInfo
@ -18,6 +19,7 @@ class ServicesHook:
self.name = 'Undefined'
self.urlpatterns = []
self.service_ctrl_template = 'registered/services_ctrl.html'
self.access_perm = None
@property
def title(self):
@ -67,26 +69,8 @@ class ServicesHook:
"""
pass
def service_enabled_members(self):
"""
Return setting config for service enabled for members
:return: bool True if enabled
"""
return False
def service_enabled_blues(self):
"""
Return setting config for service enabled for Blues
:return: bool True if enabled
"""
return False
def service_active_for_user(self, user):
state = AuthServicesInfo.objects.get(user=user).state
return (
(state == MEMBER_STATE and self.service_enabled_members()) or
(state == BLUE_STATE and self.service_enabled_blues())
)
pass
def show_service_ctrl(self, user, state):
"""
@ -97,9 +81,7 @@ class ServicesHook:
:param state: auth user state
:return: bool True if the service should be shown
"""
return (self.service_enabled_members() and (
state == MEMBER_STATE or user.is_superuser)) or (
self.service_enabled_blues() and (state == BLUE_STATE or user.is_superuser))
return self.service_active_for_user(user) or user.is_superuser
def render_services_ctrl(self, request):
"""
@ -119,6 +101,11 @@ class ServicesHook:
self.auth_reset_password = ''
self.auth_deactivate = ''
@staticmethod
def get_services():
for fn in get_hooks('services_hook'):
yield fn()
class MenuItemHook:
def __init__(self, text, classes, url_name, order=None):

8
services/modules/discord/auth_hooks.py
View File

@ -19,6 +19,7 @@ class DiscordService(ServicesHook):
self.urlpatterns = urlpatterns
self.name = 'discord'
self.service_ctrl_template = 'registered/discord_service_ctrl.html'
self.access_perm = 'discord.access_discord'
def delete_user(self, user, notify_user=False):
logger.debug('Deleting user %s %s account' % (user, self.name))
@ -42,11 +43,8 @@ class DiscordService(ServicesHook):
logger.debug('Update all %s groups called' % self.name)
DiscordTasks.update_all_groups.delay()
def service_enabled_members(self):
return settings.ENABLE_AUTH_DISCORD or False
def service_enabled_blues(self):
return settings.ENABLE_BLUE_DISCORD or False
def service_active_for_user(self, user):
return user.has_perm(self.access_perm)
def render_services_ctrl(self, request):
return render_to_string(self.service_ctrl_template, {

61
services/modules/discord/migrations/0002_service_permissions.py Normal file
View File

@ -0,0 +1,61 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.5 on 2017-02-02 05:59
from __future__ import unicode_literals
from django.db import migrations
from django.conf import settings
from django.core.exceptions import ObjectDoesNotExist
from django.contrib.auth.management import create_permissions
import logging
logger = logging.getLogger(__name__)
def migrate_service_enabled(apps, schema_editor):
for app_config in apps.get_app_configs():
app_config.models_module = True
create_permissions(app_config, apps=apps, verbosity=0)
app_config.models_module = None
Group = apps.get_model("auth", "Group")
Permission = apps.get_model("auth", "Permission")
DiscordUser = apps.get_model("discord", "DiscordUser")
perm = Permission.objects.get(codename='access_discord')
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
# Migrate members
if DiscordUser.objects.filter(user__groups__name=member_group_name).exists() or \
getattr(settings, str('ENABLE_AUTH_DISCORD'), False):
try:
group = Group.objects.get(name=member_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_AUTH_DISCORD setting')
# Migrate blues
if DiscordUser.objects.filter(user__groups__name=blue_group_name).exists() or \
getattr(settings, str('ENABLE_BLUE_DISCORD'), False):
try:
group = Group.objects.get(name=blue_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_BLUE_DISCORD setting')
class Migration(migrations.Migration):
dependencies = [
('discord', '0001_initial'),
]
operations = [
migrations.AlterModelOptions(
name='discorduser',
options={'permissions': (('access_discord', 'Can access the Discord service'),)},
),
migrations.RunPython(migrate_service_enabled),
]

6
services/modules/discord/models.py
View File

@ -4,6 +4,7 @@ from django.contrib.auth.models import User
from django.db import models
@python_2_unicode_compatible
class DiscordUser(models.Model):
user = models.OneToOneField(User,
primary_key=True,
@ -13,3 +14,8 @@ class DiscordUser(models.Model):
def __str__(self):
return "{} - {}".format(self.user.username, self.uid)
class Meta:
permissions = (
("access_discord", u"Can access the Discord service"),
)

6
services/modules/discord/tasks.py
View File

@ -122,10 +122,4 @@ class DiscordTasks:
@classmethod
def disable(cls):
if settings.ENABLE_AUTH_DISCORD:
logger.warn(
"ENABLE_AUTH_DISCORD still True, after disabling users will still be able to link Discord accounts")
if settings.ENABLE_BLUE_DISCORD:
logger.warn(
"ENABLE_BLUE_DISCORD still True, after disabling blues will still be able to link Discord accounts")
DiscordUser.objects.all().delete()

13
services/modules/discord/tests.py
View File

@ -9,7 +9,7 @@ except ImportError:
from django.test import TestCase, RequestFactory
from django.conf import settings
from django.contrib.auth.models import User
from django.contrib.auth.models import User, Group, Permission
from django.core.exceptions import ObjectDoesNotExist
from alliance_auth.tests.auth_utils import AuthUtils
@ -21,6 +21,13 @@ from .tasks import DiscordTasks
MODULE_PATH = 'services.modules.discord'
def add_permissions():
permission = Permission.objects.get(codename='access_discord')
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
AuthUtils.add_permissions_to_groups([permission], [members, blues])
class DiscordHooksTestCase(TestCase):
def setUp(self):
self.member = 'member_user'
@ -32,6 +39,7 @@ class DiscordHooksTestCase(TestCase):
self.none_user = 'none_user'
none_user = AuthUtils.create_user(self.none_user)
self.service = DiscordService
add_permissions()
def test_has_account(self):
member = User.objects.get(username=self.member)
@ -46,8 +54,6 @@ class DiscordHooksTestCase(TestCase):
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(service.service_enabled_members())
self.assertTrue(service.service_enabled_blues())
self.assertTrue(service.service_active_for_user(member))
self.assertTrue(service.service_active_for_user(blue))
@ -147,6 +153,7 @@ class DiscordViewsTestCase(TestCase):
self.member = AuthUtils.create_member('auth_member')
self.member.set_password('password')
self.member.save()
add_permissions()
def login(self):
self.client.login(username=self.member.username, password='password')

12
services/modules/discord/views.py
View File

@ -5,9 +5,9 @@ import logging
from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.contrib.auth.decorators import user_passes_test
from django.contrib.auth.decorators import permission_required
from django.shortcuts import redirect
from authentication.decorators import members_and_blues
from .manager import DiscordOAuthManager
from .tasks import DiscordTasks
from services.views import superuser_test
@ -15,9 +15,11 @@ from services.views import superuser_test
logger = logging.getLogger(__name__)
ACCESS_PERM = 'discord.access_discord'
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def deactivate_discord(request):
logger.debug("deactivate_discord called by user %s" % request.user)
if DiscordTasks.delete_user(request.user):
@ -30,7 +32,7 @@ def deactivate_discord(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def reset_discord(request):
logger.debug("reset_discord called by user %s" % request.user)
if DiscordTasks.delete_user(request.user):
@ -42,14 +44,14 @@ def reset_discord(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def activate_discord(request):
logger.debug("activate_discord called by user %s" % request.user)
return redirect(DiscordOAuthManager.generate_oauth_redirect_url())
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def discord_callback(request):
logger.debug("Received Discord callback for activation of user %s" % request.user)
code = request.GET.get('code', None)

8
services/modules/discourse/auth_hooks.py
View File

@ -21,6 +21,7 @@ class DiscourseService(ServicesHook):
self.urlpatterns = urlpatterns
self.name = 'discourse'
self.service_ctrl_template = 'registered/discourse_service_ctrl.html'
self.access_perm = 'discourse.access_discourse'
def delete_user(self, user, notify_user=False):
logger.debug('Deleting user %s %s account' % (user, self.name))
@ -40,11 +41,8 @@ class DiscourseService(ServicesHook):
logger.debug('Update all %s groups called' % self.name)
DiscourseTasks.update_all_groups.delay()
def service_enabled_members(self):
return settings.ENABLE_AUTH_DISCOURSE or False
def service_enabled_blues(self):
return settings.ENABLE_BLUE_DISCOURSE or False
def service_active_for_user(self, user):
return user.has_perm(self.access_perm)
def render_services_ctrl(self, request):
return render_to_string(self.service_ctrl_template, {

62
services/modules/discourse/migrations/0002_service_permissions.py Normal file
View File

@ -0,0 +1,62 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.5 on 2017-02-02 05:59
from __future__ import unicode_literals
from django.db import migrations
from django.conf import settings
from django.core.exceptions import ObjectDoesNotExist
from django.contrib.auth.management import create_permissions
import logging
logger = logging.getLogger(__name__)
def migrate_service_enabled(apps, schema_editor):
for app_config in apps.get_app_configs():
app_config.models_module = True
create_permissions(app_config, apps=apps, verbosity=0)
app_config.models_module = None
Group = apps.get_model("auth", "Group")
Permission = apps.get_model("auth", "Permission")
DiscourseUser = apps.get_model("discourse", "DiscourseUser")
perm = Permission.objects.get(codename='access_discourse')
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
# Migrate members
if DiscourseUser.objects.filter(user__groups__name=member_group_name).exists() or \
getattr(settings, str('ENABLE_AUTH_DISCOURSE'), False):
try:
group = Group.objects.get(name=member_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_AUTH_DISCOURSE setting')
# Migrate blues
if DiscourseUser.objects.filter(user__groups__name=blue_group_name).exists() or \
getattr(settings, str('ENABLE_BLUE_DISCOURSE'), False):
try:
group = Group.objects.get(name=blue_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_BLUE_DISCOURSE setting')
class Migration(migrations.Migration):
dependencies = [
('discourse', '0001_initial'),
]
operations = [
migrations.AlterModelOptions(
name='discourseuser',
options={'permissions': (('access_discourse', 'Can access the Discourse service'),)},
),
migrations.RunPython(migrate_service_enabled),
]

6
services/modules/discourse/models.py
View File

@ -4,6 +4,7 @@ from django.contrib.auth.models import User
from django.db import models
@python_2_unicode_compatible
class DiscourseUser(models.Model):
user = models.OneToOneField(User,
primary_key=True,
@ -13,3 +14,8 @@ class DiscourseUser(models.Model):
def __str__(self):
return self.user.username
class Meta:
permissions = (
("access_discourse", u"Can access the Discourse service"),
)

17
services/modules/discourse/tests.py
View File

@ -9,7 +9,7 @@ except ImportError:
from django.test import TestCase, RequestFactory
from django.conf import settings
from django.contrib.auth.models import User
from django.contrib.auth.models import User, Group, Permission
from django.core.exceptions import ObjectDoesNotExist
from alliance_auth.tests.auth_utils import AuthUtils
@ -21,6 +21,13 @@ from .tasks import DiscourseTasks
MODULE_PATH = 'services.modules.discourse'
def add_permissions():
permission = Permission.objects.get(codename='access_discourse')
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
AuthUtils.add_permissions_to_groups([permission], [members, blues])
class DiscourseHooksTestCase(TestCase):
def setUp(self):
self.member = 'member_user'
@ -32,6 +39,7 @@ class DiscourseHooksTestCase(TestCase):
self.none_user = 'none_user'
none_user = AuthUtils.create_user(self.none_user)
self.service = DiscourseService
add_permissions()
def test_has_account(self):
member = User.objects.get(username=self.member)
@ -46,11 +54,9 @@ class DiscourseHooksTestCase(TestCase):
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(service.service_enabled_members())
self.assertTrue(service.service_enabled_blues())
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_DISCOURSE)
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_DISCOURSE)
self.assertTrue(service.service_active_for_user(member))
self.assertTrue(service.service_active_for_user(blue))
self.assertFalse(service.service_active_for_user(none_user))
@mock.patch(MODULE_PATH + '.tasks.DiscourseManager')
@ -124,6 +130,7 @@ class DiscourseViewsTestCase(TestCase):
self.member.set_password('password')
self.member.save()
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
add_permissions()
@mock.patch(MODULE_PATH + '.tasks.DiscourseManager')
def test_sso_member(self, manager):

12
services/modules/discourse/views.py
View File

@ -31,20 +31,16 @@ import logging
logger = logging.getLogger(__name__)
ACCESS_PERM = 'discourse.access_discourse'
@login_required
def discourse_sso(request):
## Check if user has access
auth = AuthServicesInfo.objects.get(user=request.user)
if not request.user.is_superuser:
if not settings.ENABLE_AUTH_DISCOURSE and auth.state == MEMBER_STATE:
messages.error(request, 'Members are not authorized to access Discourse.')
return redirect('auth_dashboard')
elif not settings.ENABLE_BLUE_DISCOURSE and auth.state == BLUE_STATE:
messages.error(request, 'Blues are not authorized to access Discourse.')
return redirect('auth_dashboard')
elif auth.state == NONE_STATE:
if not request.user.has_perm(ACCESS_PERM):
messages.error(request, 'You are not authorized to access Discourse.')
return redirect('auth_dashboard')

8
services/modules/ipboard/auth_hooks.py
View File

@ -20,6 +20,7 @@ class IpboardService(ServicesHook):
self.name = 'ipboard'
self.service_url = settings.IPBOARD_ENDPOINT
self.urlpatterns = urlpatterns
self.access_perm = 'ipboard.access_ipboard'
@property
def title(self):
@ -43,11 +44,8 @@ class IpboardService(ServicesHook):
logger.debug('Update all %s groups called' % self.name)
IpboardTasks.update_all_groups.delay()
def service_enabled_members(self):
return settings.ENABLE_AUTH_IPBOARD or False
def service_enabled_blues(self):
return settings.ENABLE_BLUE_IPBOARD or False
def service_active_for_user(self, user):
return user.has_perm(self.access_perm)
def render_services_ctrl(self, request):
urls = self.Urls()

61
services/modules/ipboard/migrations/0002_service_permissions.py Normal file
View File

@ -0,0 +1,61 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.5 on 2017-02-02 05:59
from __future__ import unicode_literals
from django.db import migrations
from django.conf import settings
from django.core.exceptions import ObjectDoesNotExist
from django.contrib.auth.management import create_permissions
import logging
logger = logging.getLogger(__name__)
def migrate_service_enabled(apps, schema_editor):
for app_config in apps.get_app_configs():
app_config.models_module = True
create_permissions(app_config, apps=apps, verbosity=0)
app_config.models_module = None
Group = apps.get_model("auth", "Group")
Permission = apps.get_model("auth", "Permission")
IpboardUser = apps.get_model("ipboard", "IpboardUser")
perm = Permission.objects.get(codename='access_ipboard')
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
# Migrate members
if IpboardUser.objects.filter(user__groups__name=member_group_name).exists() or \
getattr(settings, str('ENABLE_AUTH_IPBOARD'), False):
try:
group = Group.objects.get(name=member_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_AUTH_IPBOARD setting')
# Migrate blues
if IpboardUser.objects.filter(user__groups__name=blue_group_name).exists() or \
getattr(settings, str('ENABLE_BLUE_IPBOARD'), False):
try:
group = Group.objects.get(name=blue_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_BLUE_IPBOARD setting')
class Migration(migrations.Migration):
dependencies = [
('ipboard', '0001_initial'),
]
operations = [
migrations.AlterModelOptions(
name='ipboarduser',
options={'permissions': (('access_ipboard', 'Can access the IPBoard service'),)},
),
migrations.RunPython(migrate_service_enabled),
]

5
services/modules/ipboard/models.py
View File

@ -14,3 +14,8 @@ class IpboardUser(models.Model):
def __str__(self):
return self.username
class Meta:
permissions = (
("access_ipboard", u"Can access the IPBoard service"),
)

6
services/modules/ipboard/tasks.py
View File

@ -62,11 +62,5 @@ class IpboardTasks:
@staticmethod
def disable():
if settings.ENABLE_AUTH_IPBOARD:
logger.warn(
"ENABLE_AUTH_IPBOARD still True, after disabling users will still be able to create IPBoard accounts")
if settings.ENABLE_BLUE_IPBOARD:
logger.warn(
"ENABLE_BLUE_IPBOARD still True, after disabling blues will still be able to create IPBoard accounts")
logger.debug("Deleting all Ipboard Users")
IpboardUser.objects.all().delete()

17
services/modules/ipboard/tests.py
View File

@ -9,7 +9,7 @@ except ImportError:
from django.test import TestCase, RequestFactory
from django.conf import settings
from django.contrib.auth.models import User
from django.contrib.auth.models import User, Group, Permission
from django import urls
from django.core.exceptions import ObjectDoesNotExist
@ -23,6 +23,13 @@ from .manager import IPBoardManager
MODULE_PATH = 'services.modules.ipboard'
def add_permissions():
permission = Permission.objects.get(codename='access_ipboard')
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
AuthUtils.add_permissions_to_groups([permission], [members, blues])
class IpboardHooksTestCase(TestCase):
def setUp(self):
self.member = 'member_user'
@ -34,6 +41,7 @@ class IpboardHooksTestCase(TestCase):
self.none_user = 'none_user'
none_user = AuthUtils.create_user(self.none_user)
self.service = IpboardService
add_permissions()
def test_has_account(self):
member = User.objects.get(username=self.member)
@ -48,11 +56,9 @@ class IpboardHooksTestCase(TestCase):
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(service.service_enabled_members())
self.assertTrue(service.service_enabled_blues())
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_IPBOARD)
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_IPBOARD)
self.assertTrue(service.service_active_for_user(member))
self.assertTrue(service.service_active_for_user(blue))
self.assertFalse(service.service_active_for_user(none_user))
@mock.patch(MODULE_PATH + '.tasks.IPBoardManager')
@ -133,6 +139,7 @@ class IpboardViewsTestCase(TestCase):
self.member.email = 'auth_member@example.com'
self.member.save()
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
add_permissions()
def login(self):
self.client.login(username=self.member.username, password='password')

13
services/modules/ipboard/views.py
View File

@ -1,10 +1,9 @@
from __future__ import unicode_literals
from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.contrib.auth.decorators import login_required, permission_required
from django.shortcuts import render, redirect
from authentication.decorators import members_and_blues
from services.forms import ServicePasswordForm
from eveonline.managers import EveManager
@ -16,9 +15,11 @@ import logging
logger = logging.getLogger(__name__)
ACCESS_PERM = 'ipboard.access_ipboard'
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def activate_ipboard_forum(request):
logger.debug("activate_ipboard_forum called by user %s" % request.user)
character = EveManager.get_main_character(request.user)
@ -46,7 +47,7 @@ def activate_ipboard_forum(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def deactivate_ipboard_forum(request):
logger.debug("deactivate_ipboard_forum called by user %s" % request.user)
# false we failed
@ -60,7 +61,7 @@ def deactivate_ipboard_forum(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def set_ipboard_password(request):
logger.debug("set_ipboard_password called by user %s" % request.user)
error = None
@ -90,7 +91,7 @@ def set_ipboard_password(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def reset_ipboard_password(request):
logger.debug("reset_ipboard_password called by user %s" % request.user)
if IpboardTasks.has_account(request.user):

8
services/modules/ips4/auth_hooks.py
View File

@ -16,16 +16,14 @@ class Ips4Service(ServicesHook):
self.name = 'ips4'
self.urlpatterns = urlpatterns
self.service_url = settings.IPS4_URL
self.access_perm = 'ips4.access_ips4'
@property
def title(self):
return 'IPS4'
def service_enabled_members(self):
return settings.ENABLE_AUTH_IPS4 or False
def service_enabled_blues(self):
return settings.ENABLE_BLUE_IPS4 or False
def service_active_for_user(self, user):
return user.has_perm(self.access_perm)
def render_services_ctrl(self, request):
"""

61
services/modules/ips4/migrations/0002_service_permissions.py Normal file
View File

@ -0,0 +1,61 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.5 on 2017-02-02 05:59
from __future__ import unicode_literals
from django.db import migrations
from django.conf import settings
from django.core.exceptions import ObjectDoesNotExist
from django.contrib.auth.management import create_permissions
import logging
logger = logging.getLogger(__name__)
def migrate_service_enabled(apps, schema_editor):
for app_config in apps.get_app_configs():
app_config.models_module = True
create_permissions(app_config, apps=apps, verbosity=0)
app_config.models_module = None
Group = apps.get_model("auth", "Group")
Permission = apps.get_model("auth", "Permission")
Ips4User = apps.get_model("ips4", "Ips4User")
perm = Permission.objects.get(codename='access_ips4')
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
# Migrate members
if Ips4User.objects.filter(user__groups__name=member_group_name).exists() or \
getattr(settings, str('ENABLE_AUTH_IPS4'), False):
try:
group = Group.objects.get(name=member_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_AUTH_IPS4 setting')
# Migrate blues
if Ips4User.objects.filter(user__groups__name=blue_group_name).exists() or \
getattr(settings, str('ENABLE_BLUE_IPS4'), False):
try:
group = Group.objects.get(name=blue_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_BLUE_IPS4 setting')
class Migration(migrations.Migration):
dependencies = [
('ips4', '0001_initial'),
]
operations = [
migrations.AlterModelOptions(
name='ips4user',
options={'permissions': (('access_ips4', 'Can access the IPS4 service'),)},
),
migrations.RunPython(migrate_service_enabled),
]

5
services/modules/ips4/models.py
View File

@ -15,3 +15,8 @@ class Ips4User(models.Model):
def __str__(self):
return self.username
class Meta:
permissions = (
("access_ips4", u"Can access the IPS4 service"),
)

6
services/modules/ips4/tasks.py
View File

@ -33,11 +33,5 @@ class Ips4Tasks:
@staticmethod
def disable():
if settings.ENABLE_AUTH_IPS4:
logger.warn(
"ENABLE_AUTH_IPS4 still True, after disabling users will still be able to create IPS4 accounts")
if settings.ENABLE_BLUE_IPS4:
logger.warn(
"ENABLE_BLUE_IPS4 still True, after disabling blues will still be able to create IPS4 accounts")
logging.debug("Deleting all IPS4 users")
Ips4User.objects.all().delete()

17
services/modules/ips4/tests.py
View File

@ -10,7 +10,7 @@ except ImportError:
from django.test import TestCase, RequestFactory
from django.conf import settings
from django import urls
from django.contrib.auth.models import User
from django.contrib.auth.models import User, Group, Permission
from django.core.exceptions import ObjectDoesNotExist
from alliance_auth.tests.auth_utils import AuthUtils
@ -22,6 +22,13 @@ from .tasks import Ips4Tasks
MODULE_PATH = 'services.modules.ips4'
def add_permissions():
permission = Permission.objects.get(codename='access_ips4')
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
AuthUtils.add_permissions_to_groups([permission], [members, blues])
class Ips4HooksTestCase(TestCase):
def setUp(self):
self.member = 'member_user'
@ -33,6 +40,7 @@ class Ips4HooksTestCase(TestCase):
self.none_user = 'none_user'
none_user = AuthUtils.create_user(self.none_user)
self.service = Ips4Service
add_permissions()
def test_has_account(self):
member = User.objects.get(username=self.member)
@ -47,11 +55,9 @@ class Ips4HooksTestCase(TestCase):
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(service.service_enabled_members())
self.assertTrue(service.service_enabled_blues())
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_IPS4)
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_IPS4)
self.assertTrue(service.service_active_for_user(member))
self.assertTrue(service.service_active_for_user(blue))
self.assertFalse(service.service_active_for_user(none_user))
def test_render_services_ctrl(self):
@ -81,6 +87,7 @@ class Ips4ViewsTestCase(TestCase):
self.member.email = 'auth_member@example.com'
self.member.save()
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
add_permissions()
def login(self):
self.client.login(username=self.member.username, password='password')

12
services/modules/ips4/views.py
View File

@ -1,7 +1,7 @@
from __future__ import unicode_literals
from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.contrib.auth.decorators import login_required, permission_required
from django.shortcuts import render, redirect
from authentication.decorators import members_and_blues
@ -16,9 +16,11 @@ import logging
logger = logging.getLogger(__name__)
ACCESS_PERM = 'ips4.access_ips4'
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def activate_ips4(request):
logger.debug("activate_ips4 called by user %s" % request.user)
character = EveManager.get_main_character(request.user)
@ -44,7 +46,7 @@ def activate_ips4(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def reset_ips4_password(request):
logger.debug("reset_ips4_password called by user %s" % request.user)
if Ips4Tasks.has_account(request.user):
@ -66,7 +68,7 @@ def reset_ips4_password(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def set_ips4_password(request):
logger.debug("set_ips4_password called by user %s" % request.user)
if request.method == 'POST':
@ -94,7 +96,7 @@ def set_ips4_password(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def deactivate_ips4(request):
logger.debug("deactivate_ips4 called by user %s" % request.user)
if Ips4Tasks.delete_user(request.user):

10
services/modules/market/auth_hooks.py
View File

@ -20,6 +20,7 @@ class MarketService(ServicesHook):
self.name = 'market'
self.urlpatterns = urlpatterns
self.service_url = settings.MARKET_URL
self.access_perm = 'market.access_market'
@property
def title(self):
@ -31,14 +32,11 @@ class MarketService(ServicesHook):
def validate_user(self, user):
logger.debug('Validating user %s %s account' % (user, self.name))
if MarketTasks.has_account(user) and self.service_active_for_user(user):
if MarketTasks.has_account(user) and not self.service_active_for_user(user):
self.delete_user(user)
def service_enabled_members(self):
return settings.ENABLE_AUTH_MARKET or False
def service_enabled_blues(self):
return settings.ENABLE_BLUE_MARKET or False
def service_active_for_user(self, user):
return user.has_perm(self.access_perm)
def render_services_ctrl(self, request):
urls = self.Urls()

61
services/modules/market/migrations/0002_service_permissions.py Normal file
View File

@ -0,0 +1,61 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.5 on 2017-02-02 05:59
from __future__ import unicode_literals
from django.db import migrations
from django.conf import settings
from django.core.exceptions import ObjectDoesNotExist
from django.contrib.auth.management import create_permissions
import logging
logger = logging.getLogger(__name__)
def migrate_service_enabled(apps, schema_editor):
for app_config in apps.get_app_configs():
app_config.models_module = True
create_permissions(app_config, apps=apps, verbosity=0)
app_config.models_module = None
Group = apps.get_model("auth", "Group")
Permission = apps.get_model("auth", "Permission")
MarketUser = apps.get_model("market", "MarketUser")
perm = Permission.objects.get(codename='access_market')
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
# Migrate members
if MarketUser.objects.filter(user__groups__name=member_group_name).exists() or \
getattr(settings, str('ENABLE_AUTH_MARKET'), False):
try:
group = Group.objects.get(name=member_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_AUTH_MARKET setting')
# Migrate blues
if MarketUser.objects.filter(user__groups__name=blue_group_name).exists() or \
getattr(settings, str('ENABLE_BLUE_MARKET'), False):
try:
group = Group.objects.get(name=blue_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_BLUE_MARKET setting')
class Migration(migrations.Migration):
dependencies = [
('market', '0001_initial'),
]
operations = [
migrations.AlterModelOptions(
name='marketuser',
options={'permissions': (('access_market', 'Can access the Evernus Market service'),)},
),
migrations.RunPython(migrate_service_enabled),
]

5
services/modules/market/models.py
View File

@ -14,3 +14,8 @@ class MarketUser(models.Model):
def __str__(self):
return self.username
class Meta:
permissions = (
("access_market", u"Can access the Evernus Market service"),
)

4
services/modules/market/tasks.py
View File

@ -37,8 +37,4 @@ class MarketTasks:
@staticmethod
def disable():
if settings.ENABLE_AUTH_MARKET:
logger.warn("ENABLE_AUTH_MARKET still True, after disabling users will still be able to activate Market accounts")
if settings.ENABLE_BLUE_MARKET:
logger.warn("ENABLE_BLUE_MARKET still True, after disabling blues will still be able to activate Market accounts")
MarketUser.objects.all().delete()

33
services/modules/market/tests.py
View File

@ -10,7 +10,7 @@ except ImportError:
from django.test import TestCase, RequestFactory
from django.conf import settings
from django import urls
from django.contrib.auth.models import User
from django.contrib.auth.models import User, Group, Permission
from django.core.exceptions import ObjectDoesNotExist
from alliance_auth.tests.auth_utils import AuthUtils
@ -22,6 +22,13 @@ from .tasks import MarketTasks
MODULE_PATH = 'services.modules.market'
def add_permissions():
permission = Permission.objects.get(codename='access_market')
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
AuthUtils.add_permissions_to_groups([permission], [members, blues])
class MarketHooksTestCase(TestCase):
def setUp(self):
self.member = 'member_user'
@ -33,6 +40,7 @@ class MarketHooksTestCase(TestCase):
self.none_user = 'none_user'
none_user = AuthUtils.create_user(self.none_user)
self.service = MarketService
add_permissions()
def test_has_account(self):
member = User.objects.get(username=self.member)
@ -47,11 +55,9 @@ class MarketHooksTestCase(TestCase):
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(service.service_enabled_members())
self.assertTrue(service.service_enabled_blues())
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_MARKET)
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_MARKET)
self.assertTrue(service.service_active_for_user(member))
self.assertTrue(service.service_active_for_user(blue))
self.assertFalse(service.service_active_for_user(none_user))
@mock.patch(MODULE_PATH + '.tasks.MarketManager')
@ -66,6 +72,22 @@ class MarketHooksTestCase(TestCase):
with self.assertRaises(ObjectDoesNotExist):
market_user = User.objects.get(username=self.member).market
@mock.patch(MODULE_PATH + '.tasks.MarketManager')
def test_validate_user(self, manager):
service = self.service()
# Test member is not deleted
member = User.objects.get(username=self.member)
service.validate_user(member)
self.assertTrue(User.objects.get(username=self.member).market)
# Test none user is deleted
none_user = User.objects.get(username=self.none_user)
MarketUser.objects.create(user=none_user, username='abc123')
service.validate_user(none_user)
self.assertTrue(manager.disable_user.called)
with self.assertRaises(ObjectDoesNotExist):
none_svc = User.objects.get(username=self.none_user).market
def test_render_services_ctrl(self):
service = self.service()
member = User.objects.get(username=self.member)
@ -93,6 +115,7 @@ class MarketViewsTestCase(TestCase):
self.member.email = 'auth_member@example.com'
self.member.save()
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
add_permissions()
def login(self):
self.client.login(username=self.member.username, password='password')

13
services/modules/market/views.py
View File

@ -1,10 +1,9 @@
from __future__ import unicode_literals
from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.contrib.auth.decorators import login_required, permission_required
from django.shortcuts import render, redirect
from authentication.decorators import members_and_blues
from services.forms import ServicePasswordForm
from eveonline.managers import EveManager
@ -16,9 +15,11 @@ import logging
logger = logging.getLogger(__name__)
ACCESS_PERM = 'market.access_market'
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def activate_market(request):
logger.debug("activate_market called by user %s" % request.user)
character = EveManager.get_main_character(request.user)
@ -44,7 +45,7 @@ def activate_market(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def deactivate_market(request):
logger.debug("deactivate_market called by user %s" % request.user)
# false we failed
@ -58,7 +59,7 @@ def deactivate_market(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def reset_market_password(request):
logger.debug("reset_market_password called by user %s" % request.user)
if MarketTasks.has_account(request.user):
@ -80,7 +81,7 @@ def reset_market_password(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def set_market_password(request):
logger.debug("set_market_password called by user %s" % request.user)
if request.method == 'POST':

8
services/modules/mumble/auth_hooks.py
View File

@ -20,6 +20,7 @@ class MumbleService(ServicesHook):
self.name = 'mumble'
self.urlpatterns = urlpatterns
self.service_url = settings.MUMBLE_URL
self.access_perm = 'mumble.access_mumble'
def delete_user(self, user, notify_user=False):
logging.debug("Deleting user %s %s account" % (user, self.name))
@ -42,11 +43,8 @@ class MumbleService(ServicesHook):
logger.debug("Updating all %s groups" % self.name)
MumbleTasks.update_all_groups.delay()
def service_enabled_members(self):
return settings.ENABLE_AUTH_MUMBLE or False
def service_enabled_blues(self):
return settings.ENABLE_BLUE_MUMBLE or False
def service_active_for_user(self, user):
return user.has_perm(self.access_perm)
def render_services_ctrl(self, request):
urls = self.Urls()

61
services/modules/mumble/migrations/0006_service_permissions.py Normal file
View File

@ -0,0 +1,61 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.5 on 2017-02-02 05:59
from __future__ import unicode_literals
from django.db import migrations
from django.conf import settings
from django.core.exceptions import ObjectDoesNotExist
from django.contrib.auth.management import create_permissions
import logging
logger = logging.getLogger(__name__)
def migrate_service_enabled(apps, schema_editor):
for app_config in apps.get_app_configs():
app_config.models_module = True
create_permissions(app_config, apps=apps, verbosity=0)
app_config.models_module = None
Group = apps.get_model("auth", "Group")
Permission = apps.get_model("auth", "Permission")
MumbleUser = apps.get_model("mumble", "MumbleUser")
perm = Permission.objects.get(codename='access_mumble')
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
# Migrate members
if MumbleUser.objects.filter(user__groups__name=member_group_name).exists() or \
getattr(settings, str('ENABLE_AUTH_MUMBLE'), False):
try:
group = Group.objects.get(name=member_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_AUTH_MUMBLE setting')
# Migrate blues
if MumbleUser.objects.filter(user__groups__name=blue_group_name).exists() or \
getattr(settings, str('ENABLE_BLUE_MUMBLE'), False):
try:
group = Group.objects.get(name=blue_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_BLUE_MUMBLE setting')
class Migration(migrations.Migration):
dependencies = [
('mumble', '0005_mumbleuser_hashfn'),
]
operations = [
migrations.AlterModelOptions(
name='mumbleuser',
options={'permissions': (('access_mumble', 'Can access the Mumble service'),)},
),
migrations.RunPython(migrate_service_enabled),
]

5
services/modules/mumble/models.py
View File

@ -13,3 +13,8 @@ class MumbleUser(models.Model):
def __str__(self):
return self.username
class Meta:
permissions = (
("access_mumble", u"Can access the Mumble service"),
)

4
services/modules/mumble/tasks.py
View File

@ -26,10 +26,6 @@ class MumbleTasks:
@staticmethod
def disable_mumble():
if settings.ENABLE_AUTH_MUMBLE:
logger.warn("ENABLE_AUTH_MUMBLE still True, after disabling users will still be able to create mumble accounts")
if settings.ENABLE_BLUE_MUMBLE:
logger.warn("ENABLE_BLUE_MUMBLE still True, after disabling blues will still be able to create mumble accounts")
logger.info("Deleting all MumbleUser models")
MumbleUser.objects.all().delete()

17
services/modules/mumble/tests.py
View File

@ -10,7 +10,7 @@ except ImportError:
from django.test import TestCase, RequestFactory
from django.conf import settings
from django import urls
from django.contrib.auth.models import User
from django.contrib.auth.models import User, Group, Permission
from django.core.exceptions import ObjectDoesNotExist
from alliance_auth.tests.auth_utils import AuthUtils
@ -22,6 +22,13 @@ from .tasks import MumbleTasks
MODULE_PATH = 'services.modules.mumble'
def add_permissions():
permission = Permission.objects.get(codename='access_mumble')
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
AuthUtils.add_permissions_to_groups([permission], [members, blues])
class MumbleHooksTestCase(TestCase):
def setUp(self):
self.member = 'member_user'
@ -33,6 +40,7 @@ class MumbleHooksTestCase(TestCase):
self.none_user = 'none_user'
none_user = AuthUtils.create_user(self.none_user)
self.service = MumbleService
add_permissions()
def test_has_account(self):
member = User.objects.get(username=self.member)
@ -47,11 +55,9 @@ class MumbleHooksTestCase(TestCase):
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(service.service_enabled_members())
self.assertTrue(service.service_enabled_blues())
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_MUMBLE)
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_MUMBLE)
self.assertTrue(service.service_active_for_user(member))
self.assertTrue(service.service_active_for_user(blue))
self.assertFalse(service.service_active_for_user(none_user))
@mock.patch(MODULE_PATH + '.tasks.MumbleManager')
@ -133,6 +139,7 @@ class MumbleViewsTestCase(TestCase):
self.member.save()
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation',
corp_ticker='TESTR')
add_permissions()
def login(self):
self.client.login(username=self.member.username, password='password')

13
services/modules/mumble/views.py
View File

@ -1,9 +1,8 @@
from __future__ import unicode_literals
from django.contrib.auth.decorators import login_required
from django.contrib.auth.decorators import login_required, permission_required
from django.shortcuts import render, redirect
from django.contrib import messages
from authentication.decorators import members_and_blues
from eveonline.managers import EveManager
from eveonline.models import EveAllianceInfo
from authentication.states import MEMBER_STATE, BLUE_STATE, NONE_STATE
@ -19,9 +18,11 @@ import logging
logger = logging.getLogger(__name__)
ACCESS_PERM = 'mumble.access_mumble'
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def activate_mumble(request):
logger.debug("activate_mumble called by user %s" % request.user)
authinfo = AuthServicesInfo.objects.get(user=request.user)
@ -57,7 +58,7 @@ def activate_mumble(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def deactivate_mumble(request):
logger.debug("deactivate_mumble called by user %s" % request.user)
# if we successfully remove the user or the user is already removed
@ -71,7 +72,7 @@ def deactivate_mumble(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def reset_mumble_password(request):
logger.debug("reset_mumble_password called by user %s" % request.user)
result = MumbleManager.update_user_password(request.user)
@ -93,7 +94,7 @@ def reset_mumble_password(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def set_mumble_password(request):
logger.debug("set_mumble_password called by user %s" % request.user)
if request.method == 'POST':

8
services/modules/openfire/auth_hooks.py
View File

@ -20,6 +20,7 @@ class OpenfireService(ServicesHook):
self.name = 'openfire'
self.urlpatterns = urlpatterns
self.service_url = settings.JABBER_URL
self.access_perm = 'openfire.access_openfire'
@property
def title(self):
@ -43,11 +44,8 @@ class OpenfireService(ServicesHook):
logger.debug('Update all %s groups called' % self.name)
OpenfireTasks.update_all_groups.delay()
def service_enabled_members(self):
return settings.ENABLE_AUTH_JABBER or False # TODO: Rename this setting
def service_enabled_blues(self):
return settings.ENABLE_BLUE_JABBER or False # TODO: Rename this setting
def service_active_for_user(self, user):
return user.has_perm(self.access_perm)
def render_services_ctrl(self, request):
"""

61
services/modules/openfire/migrations/0002_service_permissions.py Normal file
View File

@ -0,0 +1,61 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.5 on 2017-02-02 05:59
from __future__ import unicode_literals
from django.db import migrations
from django.conf import settings
from django.core.exceptions import ObjectDoesNotExist
from django.contrib.auth.management import create_permissions
import logging
logger = logging.getLogger(__name__)
def migrate_service_enabled(apps, schema_editor):
for app_config in apps.get_app_configs():
app_config.models_module = True
create_permissions(app_config, apps=apps, verbosity=0)
app_config.models_module = None
Group = apps.get_model("auth", "Group")
Permission = apps.get_model("auth", "Permission")
OpenfireUser = apps.get_model("openfire", "OpenfireUser")
perm = Permission.objects.get(codename='access_openfire')
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
# Migrate members
if OpenfireUser.objects.filter(user__groups__name=member_group_name).exists() or \
getattr(settings, str('ENABLE_AUTH_JABBER'), False):
try:
group = Group.objects.get(name=member_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_AUTH_JABBER setting')
# Migrate blues
if OpenfireUser.objects.filter(user__groups__name=blue_group_name).exists() or \
getattr(settings, str('ENABLE_BLUE_JABBER'), False):
try:
group = Group.objects.get(name=blue_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_BLUE_JABBER setting')
class Migration(migrations.Migration):
dependencies = [
('openfire', '0001_initial'),
]
operations = [
migrations.AlterModelOptions(
name='openfireuser',
options={'permissions': (('access_openfire', 'Can access the Openfire service'),)},
),
migrations.RunPython(migrate_service_enabled),
]

5
services/modules/openfire/models.py
View File

@ -13,3 +13,8 @@ class OpenfireUser(models.Model):
def __str__(self):
return self.username
class Meta:
permissions = (
("access_openfire", u"Can access the Openfire service"),
)

4
services/modules/openfire/tasks.py
View File

@ -39,10 +39,6 @@ class OpenfireTasks:
@staticmethod
def disable_jabber():
if settings.ENABLE_AUTH_JABBER:
logger.warn("ENABLE_AUTH_JABBER still True, after disabling users will still be able to create jabber accounts")
if settings.ENABLE_BLUE_JABBER:
logger.warn("ENABLE_BLUE_JABBER still True, after disabling blues will still be able to create jabber accounts")
logging.debug("Deleting all Openfire users")
OpenfireUser.objects.all().delete()

17
services/modules/openfire/tests.py
View File

@ -10,7 +10,7 @@ except ImportError:
from django.test import TestCase, RequestFactory
from django.conf import settings
from django import urls
from django.contrib.auth.models import User
from django.contrib.auth.models import User, Group, Permission
from django.core.exceptions import ObjectDoesNotExist
from alliance_auth.tests.auth_utils import AuthUtils
@ -22,6 +22,13 @@ from .tasks import OpenfireTasks
MODULE_PATH = 'services.modules.openfire'
def add_permissions():
permission = Permission.objects.get(codename='access_openfire')
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
AuthUtils.add_permissions_to_groups([permission], [members, blues])
class OpenfireHooksTestCase(TestCase):
def setUp(self):
self.member = 'member_user'
@ -33,6 +40,7 @@ class OpenfireHooksTestCase(TestCase):
self.none_user = 'none_user'
none_user = AuthUtils.create_user(self.none_user)
self.service = OpenfireService
add_permissions()
def test_has_account(self):
member = User.objects.get(username=self.member)
@ -47,11 +55,9 @@ class OpenfireHooksTestCase(TestCase):
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(service.service_enabled_members())
self.assertTrue(service.service_enabled_blues())
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_JABBER)
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_JABBER)
self.assertTrue(service.service_active_for_user(member))
self.assertTrue(service.service_active_for_user(blue))
self.assertFalse(service.service_active_for_user(none_user))
@mock.patch(MODULE_PATH + '.tasks.OpenfireManager')
@ -136,6 +142,7 @@ class OpenfireViewsTestCase(TestCase):
self.member.email = 'auth_member@example.com'
self.member.save()
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
add_permissions()
def login(self):
self.client.login(username=self.member.username, password='password')

10
services/modules/openfire/views.py
View File

@ -21,9 +21,11 @@ import logging
logger = logging.getLogger(__name__)
ACCESS_PERM = 'openfire.access_openfire'
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def activate_jabber(request):
logger.debug("activate_jabber called by user %s" % request.user)
character = EveManager.get_main_character(request.user)
@ -49,7 +51,7 @@ def activate_jabber(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def deactivate_jabber(request):
logger.debug("deactivate_jabber called by user %s" % request.user)
if OpenfireTasks.has_account(request.user) and OpenfireTasks.delete_user(request.user):
@ -62,7 +64,7 @@ def deactivate_jabber(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def reset_jabber_password(request):
logger.debug("reset_jabber_password called by user %s" % request.user)
if OpenfireTasks.has_account(request.user):
@ -133,7 +135,7 @@ def jabber_broadcast_view(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def set_jabber_password(request):
logger.debug("set_jabber_password called by user %s" % request.user)
if request.method == 'POST':

8
services/modules/phpbb3/auth_hooks.py
View File

@ -20,6 +20,7 @@ class Phpbb3Service(ServicesHook):
self.name = 'phpbb3'
self.urlpatterns = urlpatterns
self.service_url = settings.FORUM_URL # TODO: This needs to be renamed at some point...
self.access_perm = 'phpbb3.access_phpbb3'
@property
def title(self):
@ -43,11 +44,8 @@ class Phpbb3Service(ServicesHook):
logger.debug('Update all %s groups called' % self.name)
Phpbb3Tasks.update_all_groups.delay()
def service_enabled_members(self):
return settings.ENABLE_AUTH_FORUM or False # TODO: Rename this setting
def service_enabled_blues(self):
return settings.ENABLE_BLUE_FORUM or False # TODO: Rename this setting
def service_active_for_user(self, user):
return user.has_perm(self.access_perm)
def render_services_ctrl(self, request):
urls = self.Urls()

61
services/modules/phpbb3/migrations/0002_service_permissions.py Normal file
View File

@ -0,0 +1,61 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.5 on 2017-02-02 05:59
from __future__ import unicode_literals
from django.db import migrations
from django.conf import settings
from django.core.exceptions import ObjectDoesNotExist
from django.contrib.auth.management import create_permissions
import logging
logger = logging.getLogger(__name__)
def migrate_service_enabled(apps, schema_editor):
for app_config in apps.get_app_configs():
app_config.models_module = True
create_permissions(app_config, apps=apps, verbosity=0)
app_config.models_module = None
Group = apps.get_model("auth", "Group")
Permission = apps.get_model("auth", "Permission")
Phpbb3User = apps.get_model("phpbb3", "Phpbb3User")
perm = Permission.objects.get(codename='access_phpbb3')
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
# Migrate members
if Phpbb3User.objects.filter(user__groups__name=member_group_name).exists() or \
getattr(settings, str('ENABLE_AUTH_FORUM'), False):
try:
group = Group.objects.get(name=member_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_AUTH_FORUM setting')
# Migrate blues
if Phpbb3User.objects.filter(user__groups__name=blue_group_name).exists() or \
getattr(settings, str('ENABLE_BLUE_FORUM'), False):
try:
group = Group.objects.get(name=blue_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_BLUE_FORUM setting')
class Migration(migrations.Migration):
dependencies = [
('phpbb3', '0001_initial'),
]
operations = [
migrations.AlterModelOptions(
name='phpbb3user',
options={'permissions': (('access_phpbb3', 'Can access the phpBB3 service'),)},
),
migrations.RunPython(migrate_service_enabled),
]

5
services/modules/phpbb3/models.py
View File

@ -13,3 +13,8 @@ class Phpbb3User(models.Model):
def __str__(self):
return self.username
class Meta:
permissions = (
("access_phpbb3", u"Can access the phpBB3 service"),
)

4
services/modules/phpbb3/tasks.py
View File

@ -66,8 +66,4 @@ class Phpbb3Tasks:
@staticmethod
def disable():
if settings.ENABLE_AUTH_FORUM:
logger.warn("ENABLE_AUTH_FORUM still True, after disabling users will still be able to create forum accounts")
if settings.ENABLE_BLUE_FORUM:
logger.warn("ENABLE_BLUE_FORUM still True, after disabling blues will still be able to create forum accounts")
Phpbb3User.objects.all().delete()

17
services/modules/phpbb3/tests.py
View File

@ -10,7 +10,7 @@ except ImportError:
from django.test import TestCase, RequestFactory
from django.conf import settings
from django import urls
from django.contrib.auth.models import User
from django.contrib.auth.models import User, Group, Permission
from django.core.exceptions import ObjectDoesNotExist
from alliance_auth.tests.auth_utils import AuthUtils
@ -22,6 +22,13 @@ from .tasks import Phpbb3Tasks
MODULE_PATH = 'services.modules.phpbb3'
def add_permissions():
permission = Permission.objects.get(codename='access_phpbb3')
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
AuthUtils.add_permissions_to_groups([permission], [members, blues])
class Phpbb3HooksTestCase(TestCase):
def setUp(self):
self.member = 'member_user'
@ -33,6 +40,7 @@ class Phpbb3HooksTestCase(TestCase):
self.none_user = 'none_user'
none_user = AuthUtils.create_user(self.none_user)
self.service = Phpbb3Service
add_permissions()
def test_has_account(self):
member = User.objects.get(username=self.member)
@ -47,11 +55,9 @@ class Phpbb3HooksTestCase(TestCase):
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(service.service_enabled_members())
self.assertTrue(service.service_enabled_blues())
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_FORUM)
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_FORUM)
self.assertTrue(service.service_active_for_user(member))
self.assertTrue(service.service_active_for_user(blue))
self.assertFalse(service.service_active_for_user(none_user))
@mock.patch(MODULE_PATH + '.tasks.Phpbb3Manager')
@ -136,6 +142,7 @@ class Phpbb3ViewsTestCase(TestCase):
self.member.email = 'auth_member@example.com'
self.member.save()
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
add_permissions()
def login(self):
self.client.login(username=self.member.username, password='password')

12
services/modules/phpbb3/views.py
View File

@ -1,7 +1,7 @@
from __future__ import unicode_literals
from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.contrib.auth.decorators import login_required, permission_required
from django.shortcuts import render, redirect
from authentication.decorators import members_and_blues
@ -16,9 +16,11 @@ import logging
logger = logging.getLogger(__name__)
ACCESS_PERM = 'phpbb3.access_phpbb3'
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def activate_forum(request):
logger.debug("activate_forum called by user %s" % request.user)
# Valid now we get the main characters
@ -46,7 +48,7 @@ def activate_forum(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def deactivate_forum(request):
logger.debug("deactivate_forum called by user %s" % request.user)
# false we failed
@ -60,7 +62,7 @@ def deactivate_forum(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def reset_forum_password(request):
logger.debug("reset_forum_password called by user %s" % request.user)
if Phpbb3Tasks.has_account(request.user):
@ -83,7 +85,7 @@ def reset_forum_password(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def set_forum_password(request):
logger.debug("set_forum_password called by user %s" % request.user)
if request.method == 'POST':

8
services/modules/smf/auth_hooks.py
View File

@ -20,6 +20,7 @@ class SmfService(ServicesHook):
self.name = 'smf'
self.urlpatterns = urlpatterns
self.service_url = settings.SMF_URL
self.access_perm = 'smf.access_smf'
@property
def title(self):
@ -43,11 +44,8 @@ class SmfService(ServicesHook):
logger.debug('Update all %s groups called' % self.name)
SmfTasks.update_all_groups.delay()
def service_enabled_members(self):
return settings.ENABLE_AUTH_SMF or False
def service_enabled_blues(self):
return settings.ENABLE_BLUE_SMF or False
def service_active_for_user(self, user):
return user.has_perm(self.access_perm)
def render_services_ctrl(self, request):
urls = self.Urls()

61
services/modules/smf/migrations/0002_service_permissions.py Normal file
View File

@ -0,0 +1,61 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.5 on 2017-02-02 05:59
from __future__ import unicode_literals
from django.db import migrations
from django.conf import settings
from django.core.exceptions import ObjectDoesNotExist
from django.contrib.auth.management import create_permissions
import logging
logger = logging.getLogger(__name__)
def migrate_service_enabled(apps, schema_editor):
for app_config in apps.get_app_configs():
app_config.models_module = True
create_permissions(app_config, apps=apps, verbosity=0)
app_config.models_module = None
Group = apps.get_model("auth", "Group")
Permission = apps.get_model("auth", "Permission")
SmfUser = apps.get_model("smf", "SmfUser")
perm = Permission.objects.get(codename='access_smf')
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
# Migrate members
if SmfUser.objects.filter(user__groups__name=member_group_name).exists() or \
getattr(settings, str('ENABLE_AUTH_SMF'), False):
try:
group = Group.objects.get(name=member_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_AUTH_SMF setting')
# Migrate blues
if SmfUser.objects.filter(user__groups__name=blue_group_name).exists() or \
getattr(settings, str('ENABLE_BLUE_SMF'), False):
try:
group = Group.objects.get(name=blue_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_BLUE_SMF setting')
class Migration(migrations.Migration):
dependencies = [
('smf', '0001_initial'),
]
operations = [
migrations.AlterModelOptions(
name='smfuser',
options={'permissions': (('access_smf', 'Can access the SMF service'),)},
),
migrations.RunPython(migrate_service_enabled),
]

5
services/modules/smf/models.py
View File

@ -13,3 +13,8 @@ class SmfUser(models.Model):
def __str__(self):
return self.username
class Meta:
permissions = (
("access_smf", u"Can access the SMF service"),
)

6
services/modules/smf/tasks.py
View File

@ -38,12 +38,6 @@ class SmfTasks:
@classmethod
def disable(cls):
if settings.ENABLE_AUTH_SMF:
logger.warn(
"ENABLE_AUTH_SMF still True, after disabling users will still be able to link smf accounts")
if settings.ENABLE_BLUE_SMF:
logger.warn(
"ENABLE_BLUE_SMF still True, after disabling blues will still be able to link smf accounts")
SmfUser.objects.all().delete()
@staticmethod

17
services/modules/smf/tests.py
View File

@ -10,7 +10,7 @@ except ImportError:
from django.test import TestCase, RequestFactory
from django.conf import settings
from django import urls
from django.contrib.auth.models import User
from django.contrib.auth.models import User, Group, Permission
from django.core.exceptions import ObjectDoesNotExist
from alliance_auth.tests.auth_utils import AuthUtils
@ -22,6 +22,13 @@ from .tasks import SmfTasks
MODULE_PATH = 'services.modules.smf'
def add_permissions():
permission = Permission.objects.get(codename='access_smf')
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
AuthUtils.add_permissions_to_groups([permission], [members, blues])
class SmfHooksTestCase(TestCase):
def setUp(self):
self.member = 'member_user'
@ -33,6 +40,7 @@ class SmfHooksTestCase(TestCase):
self.none_user = 'none_user'
none_user = AuthUtils.create_user(self.none_user)
self.service = SmfService
add_permissions()
def test_has_account(self):
member = User.objects.get(username=self.member)
@ -47,11 +55,9 @@ class SmfHooksTestCase(TestCase):
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(service.service_enabled_members())
self.assertTrue(service.service_enabled_blues())
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_SMF)
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_SMF)
self.assertTrue(service.service_active_for_user(member))
self.assertTrue(service.service_active_for_user(blue))
self.assertFalse(service.service_active_for_user(none_user))
@mock.patch(MODULE_PATH + '.tasks.SmfManager')
@ -136,6 +142,7 @@ class SmfViewsTestCase(TestCase):
self.member.email = 'auth_member@example.com'
self.member.save()
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
add_permissions()
def login(self):
self.client.login(username=self.member.username, password='password')

13
services/modules/smf/views.py
View File

@ -1,10 +1,9 @@
from __future__ import unicode_literals
from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.contrib.auth.decorators import login_required, permission_required
from django.shortcuts import render, redirect
from authentication.decorators import members_and_blues
from eveonline.managers import EveManager
from services.forms import ServicePasswordForm
@ -16,9 +15,11 @@ import logging
logger = logging.getLogger(__name__)
ACCESS_PERM = 'smf.access_smf'
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def activate_smf(request):
logger.debug("activate_smf called by user %s" % request.user)
# Valid now we get the main characters
@ -45,7 +46,7 @@ def activate_smf(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def deactivate_smf(request):
logger.debug("deactivate_smf called by user %s" % request.user)
result = SmfTasks.delete_user(request.user)
@ -60,7 +61,7 @@ def deactivate_smf(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def reset_smf_password(request):
logger.debug("reset_smf_password called by user %s" % request.user)
character = EveManager.get_main_character(request.user)
@ -82,7 +83,7 @@ def reset_smf_password(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def set_smf_password(request):
logger.debug("set_smf_password called by user %s" % request.user)
if request.method == 'POST':

8
services/modules/teamspeak3/auth_hooks.py
View File

@ -20,6 +20,7 @@ class Teamspeak3Service(ServicesHook):
self.name = 'teamspeak3'
self.urlpatterns = urlpatterns
self.service_ctrl_template = 'registered/teamspeak3_service_ctrl.html'
self.access_perm = 'teamspeak3.access_teamspeak3'
def delete_user(self, user, notify_user=False):
logger.debug('Deleting user %s %s account' % (user, self.name))
@ -38,11 +39,8 @@ class Teamspeak3Service(ServicesHook):
logger.debug('Update all %s groups called' % self.name)
Teamspeak3Tasks.update_all_groups.delay()
def service_enabled_members(self):
return settings.ENABLE_AUTH_TEAMSPEAK3 or False
def service_enabled_blues(self):
return settings.ENABLE_BLUE_TEAMSPEAK3 or False
def service_active_for_user(self, user):
return user.has_perm(self.access_perm)
def render_services_ctrl(self, request):
authinfo = {'teamspeak3_uid': '',

61
services/modules/teamspeak3/migrations/0004_service_permissions.py Normal file
View File

@ -0,0 +1,61 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.5 on 2017-02-02 05:59
from __future__ import unicode_literals
from django.db import migrations
from django.conf import settings
from django.core.exceptions import ObjectDoesNotExist
from django.contrib.auth.management import create_permissions
import logging
logger = logging.getLogger(__name__)
def migrate_service_enabled(apps, schema_editor):
for app_config in apps.get_app_configs():
app_config.models_module = True
create_permissions(app_config, apps=apps, verbosity=0)
app_config.models_module = None
Group = apps.get_model("auth", "Group")
Permission = apps.get_model("auth", "Permission")
Teamspeak3User = apps.get_model("teamspeak3", "Teamspeak3User")
perm = Permission.objects.get(codename='access_teamspeak3')
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
# Migrate members
if Teamspeak3User.objects.filter(user__groups__name=member_group_name).exists() or \
getattr(settings, str('ENABLE_AUTH_TEAMSPEAK3'), False):
try:
group = Group.objects.get(name=member_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_AUTH_TEAMSPEAK3 setting')
# Migrate blues
if Teamspeak3User.objects.filter(user__groups__name=blue_group_name).exists() or \
getattr(settings, str('ENABLE_BLUE_TEAMSPEAK3'), False):
try:
group = Group.objects.get(name=blue_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_BLUE_TEAMSPEAK3 setting')
class Migration(migrations.Migration):
dependencies = [
('teamspeak3', '0003_teamspeak3user'),
]
operations = [
migrations.AlterModelOptions(
name='teamspeak3user',
options={'permissions': (('access_teamspeak3', 'Can access the Teamspeak3 service'),)},
),
migrations.RunPython(migrate_service_enabled),
]

5
services/modules/teamspeak3/models.py
View File

@ -15,6 +15,11 @@ class Teamspeak3User(models.Model):
def __str__(self):
return self.uid
class Meta:
permissions = (
("access_teamspeak3", u"Can access the Teamspeak3 service"),
)
@python_2_unicode_compatible
class TSgroup(models.Model):

11
services/modules/teamspeak3/tasks.py
View File

@ -42,18 +42,11 @@ class Teamspeak3Tasks:
@staticmethod
@app.task()
def run_ts3_group_update():
if settings.ENABLE_AUTH_TEAMSPEAK3 or settings.ENABLE_BLUE_TEAMSPEAK3:
logger.debug("TS3 installed. Syncing local group objects.")
Teamspeak3Manager._sync_ts_group_db()
logger.debug("TS3 installed. Syncing local group objects.")
Teamspeak3Manager._sync_ts_group_db()
@staticmethod
def disable():
if settings.ENABLE_AUTH_TEAMSPEAK3:
logger.warn(
"ENABLE_AUTH_TEAMSPEAK3 still True, after disabling users will still be able to create teamspeak accounts")
if settings.ENABLE_BLUE_TEAMSPEAK3:
logger.warn(
"ENABLE_BLUE_TEAMSPEAK3 still True, after disabling blues will still be able to create teamspeak accounts")
logger.info("Deleting all Teamspeak3Users")
Teamspeak3User.objects.all().delete()
logger.info("Deleting all UserTSgroup models")

17
services/modules/teamspeak3/tests.py
View File

@ -10,7 +10,7 @@ except ImportError:
from django.test import TestCase, RequestFactory
from django.conf import settings
from django import urls
from django.contrib.auth.models import User, Group
from django.contrib.auth.models import User, Group, Permission
from django.core.exceptions import ObjectDoesNotExist
from django.db.models import signals
@ -24,6 +24,13 @@ from .signals import m2m_changed_authts_group, post_save_authts, post_delete_aut
MODULE_PATH = 'services.modules.teamspeak3'
def add_permissions():
permission = Permission.objects.get(codename='access_teamspeak3')
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
AuthUtils.add_permissions_to_groups([permission], [members, blues])
class Teamspeak3HooksTestCase(TestCase):
def setUp(self):
# Inert signals before setup begins
@ -46,6 +53,7 @@ class Teamspeak3HooksTestCase(TestCase):
m2m_blue_group.ts_group.add(ts_blue_group)
m2m_blue_group.save()
self.service = Teamspeak3Service
add_permissions()
def test_has_account(self):
member = User.objects.get(username=self.member)
@ -60,11 +68,9 @@ class Teamspeak3HooksTestCase(TestCase):
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(service.service_enabled_members())
self.assertTrue(service.service_enabled_blues())
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_TEAMSPEAK3)
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_TEAMSPEAK3)
self.assertTrue(service.service_active_for_user(member))
self.assertTrue(service.service_active_for_user(blue))
self.assertFalse(service.service_active_for_user(none_user))
@mock.patch(MODULE_PATH + '.tasks.Teamspeak3Manager')
@ -164,6 +170,7 @@ class Teamspeak3ViewsTestCase(TestCase):
m2m_blue = AuthTS.objects.create(auth_group=Group.objects.get(name='Blue'))
m2m_blue.ts_group.add(ts_blue_group)
m2m_blue.save()
add_permissions()
def login(self, user=None, password=None):
if user is None:

13
services/modules/teamspeak3/views.py
View File

@ -1,10 +1,9 @@
import logging
from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.contrib.auth.decorators import login_required, permission_required
from django.shortcuts import render, redirect
from authentication.decorators import members_and_blues
from authentication.states import BLUE_STATE
from authentication.models import AuthServicesInfo
from eveonline.managers import EveManager
@ -18,9 +17,11 @@ from .models import Teamspeak3User
logger = logging.getLogger(__name__)
ACCESS_PERM = 'teamspeak3.access_teamspeak3'
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def activate_teamspeak3(request):
logger.debug("activate_teamspeak3 called by user %s" % request.user)
@ -52,7 +53,7 @@ def activate_teamspeak3(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def verify_teamspeak3(request):
logger.debug("verify_teamspeak3 called by user %s" % request.user)
if not Teamspeak3Tasks.has_account(request.user):
@ -75,7 +76,7 @@ def verify_teamspeak3(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def deactivate_teamspeak3(request):
logger.debug("deactivate_teamspeak3 called by user %s" % request.user)
if Teamspeak3Tasks.has_account(request.user) and Teamspeak3Tasks.delete_user(request.user):
@ -87,7 +88,7 @@ def deactivate_teamspeak3(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def reset_teamspeak3_perm(request):
logger.debug("reset_teamspeak3_perm called by user %s" % request.user)
if not Teamspeak3Tasks.has_account(request.user):

8
services/modules/xenforo/auth_hooks.py
View File

@ -19,6 +19,7 @@ class XenforoService(ServicesHook):
ServicesHook.__init__(self)
self.name = 'xenforo'
self.urlpatterns = urlpatterns
self.access_perm = 'xenforo.access_xenforo'
@property
def title(self):
@ -33,11 +34,8 @@ class XenforoService(ServicesHook):
if XenforoTasks.has_account(user) and not self.service_active_for_user(user):
self.delete_user(user, notify_user=True)
def service_enabled_members(self):
return settings.ENABLE_AUTH_XENFORO or False
def service_enabled_blues(self):
return settings.ENABLE_BLUE_XENFORO or False
def service_active_for_user(self, user):
return user.has_perm(self.access_perm)
def render_services_ctrl(self, request):
urls = self.Urls()

61
services/modules/xenforo/migrations/0002_service_permissions.py Normal file
View File

@ -0,0 +1,61 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.5 on 2017-02-02 05:59
from __future__ import unicode_literals
from django.db import migrations
from django.conf import settings
from django.core.exceptions import ObjectDoesNotExist
from django.contrib.auth.management import create_permissions
import logging
logger = logging.getLogger(__name__)
def migrate_service_enabled(apps, schema_editor):
for app_config in apps.get_app_configs():
app_config.models_module = True
create_permissions(app_config, apps=apps, verbosity=0)
app_config.models_module = None
Group = apps.get_model("auth", "Group")
Permission = apps.get_model("auth", "Permission")
XenforoUser = apps.get_model("xenforo", "XenforoUser")
perm = Permission.objects.get(codename='access_xenforo')
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
# Migrate members
if XenforoUser.objects.filter(user__groups__name=member_group_name).exists() or \
getattr(settings, str('ENABLE_AUTH_XENFORO'), False):
try:
group = Group.objects.get(name=member_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_AUTH_XENFORO setting')
# Migrate blues
if XenforoUser.objects.filter(user__groups__name=blue_group_name).exists() or \
getattr(settings, str('ENABLE_BLUE_XENFORO'), False):
try:
group = Group.objects.get(name=blue_group_name)
group.permissions.add(perm)
except ObjectDoesNotExist:
logger.warning('Failed to migrate ENABLE_BLUE_XENFORO setting')
class Migration(migrations.Migration):
dependencies = [
('xenforo', '0001_initial'),
]
operations = [
migrations.AlterModelOptions(
name='xenforouser',
options={'permissions': (('access_xenforo', 'Can access the XenForo service'),)},
),
migrations.RunPython(migrate_service_enabled),
]

5
services/modules/xenforo/models.py
View File

@ -13,3 +13,8 @@ class XenforoUser(models.Model):
def __str__(self):
return self.username
class Meta:
permissions = (
("access_xenforo", u"Can access the XenForo service"),
)

6
services/modules/xenforo/tasks.py
View File

@ -36,11 +36,5 @@ class XenforoTasks:
@classmethod
def disable(cls):
if settings.ENABLE_AUTH_XENFORO:
logger.warn(
"ENABLE_AUTH_XENFORO still True, after disabling users will still be able to link XenForo accounts")
if settings.ENABLE_BLUE_XENFORO:
logger.warn(
"ENABLE_BLUE_XENFORO still True, after disabling blues will still be able to link XenForo accounts")
logger.debug("Deleting ALL XenForo users")
XenforoUser.objects.all().delete()

17
services/modules/xenforo/tests.py
View File

@ -10,7 +10,7 @@ except ImportError:
from django.test import TestCase, RequestFactory
from django.conf import settings
from django import urls
from django.contrib.auth.models import User
from django.contrib.auth.models import User, Group, Permission
from django.core.exceptions import ObjectDoesNotExist
from alliance_auth.tests.auth_utils import AuthUtils
@ -22,6 +22,13 @@ from .tasks import XenforoTasks
MODULE_PATH = 'services.modules.xenforo'
def add_permissions():
permission = Permission.objects.get(codename='access_xenforo')
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
AuthUtils.add_permissions_to_groups([permission], [members, blues])
class XenforoHooksTestCase(TestCase):
def setUp(self):
self.member = 'member_user'
@ -33,6 +40,7 @@ class XenforoHooksTestCase(TestCase):
self.none_user = 'none_user'
none_user = AuthUtils.create_user(self.none_user)
self.service = XenforoService
add_permissions()
def test_has_account(self):
member = User.objects.get(username=self.member)
@ -47,11 +55,9 @@ class XenforoHooksTestCase(TestCase):
member = User.objects.get(username=self.member)
blue = User.objects.get(username=self.blue)
none_user = User.objects.get(username=self.none_user)
self.assertTrue(service.service_enabled_members())
self.assertTrue(service.service_enabled_blues())
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_XENFORO)
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_XENFORO)
self.assertTrue(service.service_active_for_user(member))
self.assertTrue(service.service_active_for_user(blue))
self.assertFalse(service.service_active_for_user(none_user))
@mock.patch(MODULE_PATH + '.tasks.XenForoManager')
@ -112,6 +118,7 @@ class XenforoViewsTestCase(TestCase):
self.member.email = 'auth_member@example.com'
self.member.save()
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
add_permissions()
def login(self):
self.client.login(username=self.member.username, password='password')

14
services/modules/xenforo/views.py
View File

@ -3,10 +3,9 @@ from __future__ import unicode_literals
import logging
from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.contrib.auth.decorators import login_required, permission_required
from django.shortcuts import render, redirect
from authentication.decorators import members_and_blues
from eveonline.managers import EveManager
from services.forms import ServicePasswordForm
from .manager import XenForoManager
@ -15,8 +14,11 @@ from .tasks import XenforoTasks
logger = logging.getLogger(__name__)
ACCESS_PERM = 'xenforo.access_xenforo'
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def activate_xenforo_forum(request):
logger.debug("activate_xenforo_forum called by user %s" % request.user)
character = EveManager.get_main_character(request.user)
@ -41,7 +43,7 @@ def activate_xenforo_forum(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def deactivate_xenforo_forum(request):
logger.debug("deactivate_xenforo_forum called by user %s" % request.user)
if XenforoTasks.delete_user(request.user):
@ -53,7 +55,7 @@ def deactivate_xenforo_forum(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def reset_xenforo_password(request):
logger.debug("reset_xenforo_password called by user %s" % request.user)
if XenforoTasks.has_account(request.user):
@ -74,7 +76,7 @@ def reset_xenforo_password(request):
@login_required
@members_and_blues()
@permission_required(ACCESS_PERM)
def set_xenforo_password(request):
logger.debug("set_xenforo_password called by user %s" % request.user)
if request.method == 'POST':

63
services/signals.py
View File

@ -2,15 +2,17 @@ from __future__ import unicode_literals
import logging
from django.contrib.auth.models import User
from django.contrib.auth.models import User, Group, Permission
from django.db import transaction
from django.db.models.signals import m2m_changed
from django.db.models.signals import pre_delete
from django.db.models.signals import pre_save
from django.dispatch import receiver
from services.hooks import ServicesHook
from alliance_auth.hooks import get_hooks
from authentication.tasks import disable_user
from authentication.tasks import disable_member
from authentication.tasks import set_state
logger = logging.getLogger(__name__)
@ -23,10 +25,9 @@ def m2m_changed_user_groups(sender, instance, action, *args, **kwargs):
def trigger_service_group_update():
logger.debug("Triggering service group update for %s" % instance)
# Iterate through Service hooks
services = get_hooks('services_hook')
for fn in services:
svc = fn()
for svc in ServicesHook.get_services():
try:
svc.validate_user(instance)
svc.update_groups(instance)
except:
logger.exception('Exception running update_groups for services module %s on user %s' % (svc, instance))
@ -36,6 +37,60 @@ def m2m_changed_user_groups(sender, instance, action, *args, **kwargs):
transaction.on_commit(trigger_service_group_update)
@receiver(m2m_changed, sender=User.user_permissions.through)
def m2m_changed_user_permissions(sender, instance, action, *args, **kwargs):
logger.debug("Received m2m_changed from user %s permissions with action %s" % (instance, action))
logger.debug('sender: %s' % sender)
if instance.pk and (action == "post_remove" or action == "post_clear"):
logger.debug("Permissions changed for user {}, re-validating services".format(instance))
# Checking permissions for a single user is quite fast, so we don't need to validate
# That the permissions is a service permission, unlike groups.
def validate_all_services():
logger.debug("Validating all services for user {}".format(instance))
for svc in ServicesHook.get_services():
try:
svc.validate_user(instance)
except:
logger.exception(
'Exception running validate_user for services module {} on user {}'.format(svc, user))
transaction.on_commit(lambda: validate_all_services())
@receiver(m2m_changed, sender=Group.permissions.through)
def m2m_changed_group_permissions(sender, instance, action, pk_set, *args, **kwargs):
logger.debug("Received m2m_changed from group %s permissions with action %s" % (instance, action))
if instance.pk and (action == "post_remove" or action == "post_clear"):
logger.debug("Checking if service permission changed for group {}".format(instance))
# As validating an entire groups service could lead to many thousands of permission checks
# first we check that one of the permissions changed is, in fact, a service permission.
perms = Permission.objects.filter(pk__in=pk_set)
got_change = False
service_perms = [svc.access_perm for svc in ServicesHook.get_services()]
for perm in perms:
natural_key = perm.natural_key()
path_perm = "{}.{}".format(natural_key[1], natural_key[0])
if path_perm not in service_perms:
# Not a service permission, keep searching
continue
for svc in ServicesHook.get_services():
if svc.access_perm == path_perm:
logger.debug("Permissions changed for group {} on "
"service {}, re-validating services for groups users".format(instance, svc))
def validate_all_groups_users_for_service():
logger.debug("Performing validation for service {}".format(svc))
for user in instance.user_set.all():
svc.validate_user(user)
transaction.on_commit(validate_all_groups_users_for_service)
got_change = True
break # Found service, break out of services iteration and go back to permission iteration
if not got_change:
logger.debug("Permission change for group {} was not service permission, ignoring".format(instance))
@receiver(pre_delete, sender=User)
def pre_delete_user(sender, instance, *args, **kwargs):
logger.debug("Received pre_delete from %s" % instance)

37
services/tasks.py
View File

@ -2,11 +2,9 @@ from __future__ import unicode_literals
import logging
from celery import task
from alliance_auth.celeryapp import app
from alliance_auth.hooks import get_hooks
from authentication.states import MEMBER_STATE, BLUE_STATE
from notifications import notify
from services.hooks import ServicesHook
import redis
REDIS_CLIENT = redis.Redis()
@ -41,34 +39,11 @@ def only_one(function=None, key="", timeout=None):
return _dec(function) if function is not None else _dec
def deactivate_services(user):
change = False
logger.debug("Deactivating services for user %s" % user)
# Iterate through service hooks and disable users
for fn in get_hooks('services_hook'):
svc = fn()
try:
if svc.delete_user(user):
change = True
except:
logger.exception('Exception running delete_user for services module %s on user %s' % (svc, user))
if change:
notify(user, "Services Disabled", message="Your services accounts have been disabled.", level="danger")
@task(bind=True)
def validate_services(self, user, state):
if state == MEMBER_STATE:
setting_string = 'AUTH'
elif state == BLUE_STATE:
setting_string = 'BLUE'
else:
deactivate_services(user)
return
logger.debug('Ensuring user %s services are available to state %s' % (user, state))
@app.task(bind=True)
def validate_services(self, user):
logger.debug('Ensuring user %s has permissions for active services'.format(user))
# Iterate through services hooks and have them check the validity of the user
for fn in get_hooks('services_hook'):
svc = fn()
for svc in ServicesHook.get_services():
try:
svc.validate_user(user)
except:

78
services/tests/test_signals.py
View File

@ -8,7 +8,7 @@ except ImportError:
import mock
from django.test import TestCase
from django.contrib.auth.models import Group
from django.contrib.auth.models import Group, Permission
from alliance_auth.tests.auth_utils import AuthUtils
@ -19,15 +19,16 @@ class ServicesSignalsTestCase(TestCase):
self.none_user = AuthUtils.create_user('none_user', disconnect_signals=True)
@mock.patch('services.signals.transaction')
@mock.patch('services.signals.get_hooks')
def test_m2m_changed_user_groups(self, get_hooks, transaction):
@mock.patch('services.signals.ServicesHook')
def test_m2m_changed_user_groups(self, services_hook, transaction):
"""
Test that update_groups hook function is called on user groups change
"""
svc = mock.Mock()
svc.update_groups.return_value = None
svc.validate_user.return_value = None
get_hooks.return_value = [lambda: svc]
services_hook.get_services.return_value = [svc]
# Overload transaction.on_commit so everything happens synchronously
transaction.on_commit = lambda fn: fn()
@ -39,16 +40,20 @@ class ServicesSignalsTestCase(TestCase):
self.member.save()
# Assert
self.assertTrue(get_hooks.called)
args, kwargs = get_hooks.call_args
self.assertEqual('services_hook', args[0])
self.assertTrue(services_hook.get_services.called)
self.assertTrue(svc.update_groups.called)
args, kwargs = svc.update_groups.call_args
self.assertEqual(self.member, args[0])
self.assertTrue(svc.validate_user.called)
args, kwargs = svc.validate_user.call_args
self.assertEqual(self.member, args[0])
@mock.patch('services.signals.disable_user')
def test_pre_delete_user(self, disable_user):
"""
Test that disable_member is called when a user is deleted
"""
@ -89,3 +94,62 @@ class ServicesSignalsTestCase(TestCase):
self.assertTrue(set_state.called)
args, kwargs = set_state.call_args
self.assertEqual(self.member, args[0])
@mock.patch('services.signals.transaction')
@mock.patch('services.signals.ServicesHook')
def test_m2m_changed_group_permissions(self, services_hook, transaction):
from django.contrib.contenttypes.models import ContentType
svc = mock.Mock()
svc.validate_user.return_value = None
svc.access_perm = 'auth.access_testsvc'
services_hook.get_services.return_value = [svc]
# Overload transaction.on_commit so everything happens synchronously
transaction.on_commit = lambda fn: fn()
test_group = Group.objects.create(name="Test group")
AuthUtils.disconnect_signals()
self.member.groups.add(test_group)
AuthUtils.connect_signals()
ct = ContentType.objects.get(app_label='auth', model='permission')
perm = Permission.objects.create(name="Test perm", codename="access_testsvc", content_type=ct)
test_group.permissions.add(perm)
# Act, should trigger m2m change
test_group.permissions.remove(perm)
# Assert
self.assertTrue(services_hook.get_services.called)
self.assertTrue(svc.validate_user.called)
args, kwargs = svc.validate_user.call_args
self.assertEqual(self.member, args[0])
@mock.patch('services.signals.transaction')
@mock.patch('services.signals.ServicesHook')
def test_m2m_changed_user_permissions(self, services_hook, transaction):
from django.contrib.contenttypes.models import ContentType
svc = mock.Mock()
svc.validate_user.return_value = None
svc.access_perm = 'auth.access_testsvc'
services_hook.get_services.return_value = [svc]
# Overload transaction.on_commit so everything happens synchronously
transaction.on_commit = lambda fn: fn()
ct = ContentType.objects.get(app_label='auth', model='permission')
perm = Permission.objects.create(name="Test perm", codename="access_testsvc", content_type=ct)
self.member.user_permissions.add(perm)
# Act, should trigger m2m change
self.member.user_permissions.remove(perm)
# Assert
self.assertTrue(services_hook.get_services.called)
self.assertTrue(svc.validate_user.called)
args, kwargs = svc.validate_user.call_args
self.assertEqual(self.member, args[0])

59
services/tests/test_tasks.py
View File

@ -9,10 +9,9 @@ except ImportError:
from django.test import TestCase
from authentication.states import MEMBER_STATE, BLUE_STATE, NONE_STATE
from alliance_auth.tests.auth_utils import AuthUtils
from services.tasks import deactivate_services, validate_services
from services.tasks import validate_services
class ServicesTasksTestCase(TestCase):
@ -20,62 +19,16 @@ class ServicesTasksTestCase(TestCase):
self.member = AuthUtils.create_member('auth_member')
self.none_user = AuthUtils.create_user('none_user', disconnect_signals=True)
@mock.patch('services.tasks.get_hooks')
@mock.patch('services.tasks.deactivate_services')
def test_validate_services_deactivate(self, deactivate_services, get_hooks):
"""
Test validate services will call deactivate on a None state user
"""
validate_services.delay(user=self.none_user, state=NONE_STATE)
self.assertTrue(deactivate_services.called)
args, kwargs = deactivate_services.call_args
self.assertEqual(self.none_user, args[0]) # Assert correct user is passed
self.assertFalse(get_hooks.called)
@mock.patch('services.tasks.get_hooks')
@mock.patch('services.tasks.deactivate_services')
def test_validate_services_valid_member(self, deactivate_services, get_hooks):
"""
Test that validate_services is called for a valid member
"""
@mock.patch('services.tasks.ServicesHook')
def test_validate_services(self, services_hook):
svc = mock.Mock()
svc.validate_user.return_value = None
get_hooks.return_value = [lambda: svc]
services_hook.get_services.return_value = [svc]
validate_services.delay(user=self.member, state=MEMBER_STATE)
validate_services.delay(user=self.member)
self.assertTrue(get_hooks.called)
args, kwargs = get_hooks.call_args
self.assertEqual('services_hook', args[0])
self.assertTrue(services_hook.get_services.called)
self.assertTrue(svc.validate_user.called)
args, kwargs = svc.validate_user.call_args
self.assertEqual(self.member, args[0]) # Assert correct user is passed to service hook function
self.assertFalse(deactivate_services.called)
@mock.patch('services.tasks.notify')
@mock.patch('services.tasks.get_hooks')
def test_deactivate_services(self, get_hooks, notify):
"""
Test that hooks delete_user function is called by deactivate_services
"""
svc = mock.Mock()
svc.delete_user.return_value = True
get_hooks.return_value = [lambda: svc]
deactivate_services(self.member)
self.assertTrue(get_hooks.called)
args, kwargs = get_hooks.call_args
self.assertEqual('services_hook', args[0])
self.assertTrue(svc.delete_user.called)
args, kwargs = svc.delete_user.call_args
self.assertEqual(self.member, args[0]) # Assert correct user is passed to service hook function
self.assertTrue(notify.called)
args, kwargs = notify.call_args
self.assertEqual(self.member, args[0]) # Assert user is passed to the notification system
self.assertEqual("Services Disabled", args[1])
self.assertEqual("danger", kwargs['level'])

1
services/views.py
View File

@ -46,7 +46,6 @@ def fleet_formatter_view(request):
@login_required
@members_and_blues()
def services_view(request):
logger.debug("services_view called by user %s" % request.user)
auth = AuthServicesInfo.objects.get(user=request.user)

12
stock/templates/public/base.html
View File

@ -104,13 +104,11 @@
<li class="text-center divider-horizontal">
<h5>{% trans "Aux Navigation" %}</h5>
</li>
{% if STATE in MEMBER_BLUE_STATE or user.is_superuser %}
<li>
<a class="{% navactive request 'auth_services' %}" href="{% url 'auth_services' %}">
<i class="fa fa-cogs fa-fw grayiconecolor"></i>{% trans " Services" %}
</a>
</li>
{% endif %}
<li>
<a class="{% navactive request 'auth_services' %}" href="{% url 'auth_services' %}">
<i class="fa fa-cogs fa-fw grayiconecolor"></i>{% trans " Services" %}
</a>
</li>
{% if not STATE == MEMBER_STATE or perms.auth.human_resources %}
<li>