mirror of
https://gitlab.com/allianceauth/allianceauth.git
synced 2026-02-05 22:56:20 +01:00
Grant service access by permissions (#692)
* Add service access permissions and migration `ENABLE_AUTH_<servicename> = True` will have the new permission applied to the settings configured `DEFAULT_AUTH_GROUP` group or `Member` if none is configured. `ENABLE_BLUE_<servicename> = True` will have the new permission applied to the settings configured `DEFAULT_BLUE_GROUP` group or `Blue` if none is configured. * Move views and hooks to permissions based access * Remove access restriction to services view Hypothetically non-member/blues could be granted permission to access services manually as desired now. A user that has no permissions to access any services will see a blank services list. * Remove obsolete service settings * Remove references to obsolete settings * Adjusted tests to support permissions based access * Fix incorrectly named permissions * Add simple get_services generator function * Added signals for user and groups perm changes * Update validate_services to support permissions deactivate_services removed as its surplus to requirements. * Removed state parameter from validate_services calls * Update tests to support signals changes * Fix incorrect call to validate_services task * Fix validate_services and test * Add validate_user to changed user groups signal * Added tests for new signals * Remove unnecessary post_add signals * Added documentation for service permissions * Added detection for members with service active If there are any service users in the Member or Blue groups active, then the permission will be added to the respective Member or Blue group. This means its no longer necessary to maintain the service enablesettings to migrate to permissions based service. Remove obsolete state based status checking
This commit is contained in:
Basraah
Adarnof
@@ -19,6 +19,7 @@ class DiscordService(ServicesHook):
|
||||
self.urlpatterns = urlpatterns
|
||||
self.name = 'discord'
|
||||
self.service_ctrl_template = 'registered/discord_service_ctrl.html'
|
||||
self.access_perm = 'discord.access_discord'
|
||||
|
||||
def delete_user(self, user, notify_user=False):
|
||||
logger.debug('Deleting user %s %s account' % (user, self.name))
|
||||
@@ -42,11 +43,8 @@ class DiscordService(ServicesHook):
|
||||
logger.debug('Update all %s groups called' % self.name)
|
||||
DiscordTasks.update_all_groups.delay()
|
||||
|
||||
def service_enabled_members(self):
|
||||
return settings.ENABLE_AUTH_DISCORD or False
|
||||
|
||||
def service_enabled_blues(self):
|
||||
return settings.ENABLE_BLUE_DISCORD or False
|
||||
def service_active_for_user(self, user):
|
||||
return user.has_perm(self.access_perm)
|
||||
|
||||
def render_services_ctrl(self, request):
|
||||
return render_to_string(self.service_ctrl_template, {
|
||||
|
||||
@@ -0,0 +1,61 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.10.5 on 2017-02-02 05:59
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
from django.contrib.auth.management import create_permissions
|
||||
|
||||
import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def migrate_service_enabled(apps, schema_editor):
|
||||
for app_config in apps.get_app_configs():
|
||||
app_config.models_module = True
|
||||
create_permissions(app_config, apps=apps, verbosity=0)
|
||||
app_config.models_module = None
|
||||
|
||||
Group = apps.get_model("auth", "Group")
|
||||
Permission = apps.get_model("auth", "Permission")
|
||||
DiscordUser = apps.get_model("discord", "DiscordUser")
|
||||
|
||||
perm = Permission.objects.get(codename='access_discord')
|
||||
|
||||
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
|
||||
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
|
||||
|
||||
# Migrate members
|
||||
if DiscordUser.objects.filter(user__groups__name=member_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_AUTH_DISCORD'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=member_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_AUTH_DISCORD setting')
|
||||
|
||||
# Migrate blues
|
||||
if DiscordUser.objects.filter(user__groups__name=blue_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_BLUE_DISCORD'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=blue_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_BLUE_DISCORD setting')
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('discord', '0001_initial'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='discorduser',
|
||||
options={'permissions': (('access_discord', 'Can access the Discord service'),)},
|
||||
),
|
||||
migrations.RunPython(migrate_service_enabled),
|
||||
]
|
||||
@@ -4,6 +4,7 @@ from django.contrib.auth.models import User
|
||||
from django.db import models
|
||||
|
||||
|
||||
@python_2_unicode_compatible
|
||||
class DiscordUser(models.Model):
|
||||
user = models.OneToOneField(User,
|
||||
primary_key=True,
|
||||
@@ -13,3 +14,8 @@ class DiscordUser(models.Model):
|
||||
|
||||
def __str__(self):
|
||||
return "{} - {}".format(self.user.username, self.uid)
|
||||
|
||||
class Meta:
|
||||
permissions = (
|
||||
("access_discord", u"Can access the Discord service"),
|
||||
)
|
||||
|
||||
@@ -122,10 +122,4 @@ class DiscordTasks:
|
||||
|
||||
@classmethod
|
||||
def disable(cls):
|
||||
if settings.ENABLE_AUTH_DISCORD:
|
||||
logger.warn(
|
||||
"ENABLE_AUTH_DISCORD still True, after disabling users will still be able to link Discord accounts")
|
||||
if settings.ENABLE_BLUE_DISCORD:
|
||||
logger.warn(
|
||||
"ENABLE_BLUE_DISCORD still True, after disabling blues will still be able to link Discord accounts")
|
||||
DiscordUser.objects.all().delete()
|
||||
|
||||
@@ -9,7 +9,7 @@ except ImportError:
|
||||
|
||||
from django.test import TestCase, RequestFactory
|
||||
from django.conf import settings
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.auth.models import User, Group, Permission
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
|
||||
from alliance_auth.tests.auth_utils import AuthUtils
|
||||
@@ -21,6 +21,13 @@ from .tasks import DiscordTasks
|
||||
MODULE_PATH = 'services.modules.discord'
|
||||
|
||||
|
||||
def add_permissions():
|
||||
permission = Permission.objects.get(codename='access_discord')
|
||||
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
|
||||
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
|
||||
AuthUtils.add_permissions_to_groups([permission], [members, blues])
|
||||
|
||||
|
||||
class DiscordHooksTestCase(TestCase):
|
||||
def setUp(self):
|
||||
self.member = 'member_user'
|
||||
@@ -32,6 +39,7 @@ class DiscordHooksTestCase(TestCase):
|
||||
self.none_user = 'none_user'
|
||||
none_user = AuthUtils.create_user(self.none_user)
|
||||
self.service = DiscordService
|
||||
add_permissions()
|
||||
|
||||
def test_has_account(self):
|
||||
member = User.objects.get(username=self.member)
|
||||
@@ -46,8 +54,6 @@ class DiscordHooksTestCase(TestCase):
|
||||
member = User.objects.get(username=self.member)
|
||||
blue = User.objects.get(username=self.blue)
|
||||
none_user = User.objects.get(username=self.none_user)
|
||||
self.assertTrue(service.service_enabled_members())
|
||||
self.assertTrue(service.service_enabled_blues())
|
||||
|
||||
self.assertTrue(service.service_active_for_user(member))
|
||||
self.assertTrue(service.service_active_for_user(blue))
|
||||
@@ -147,6 +153,7 @@ class DiscordViewsTestCase(TestCase):
|
||||
self.member = AuthUtils.create_member('auth_member')
|
||||
self.member.set_password('password')
|
||||
self.member.save()
|
||||
add_permissions()
|
||||
|
||||
def login(self):
|
||||
self.client.login(username=self.member.username, password='password')
|
||||
|
||||
@@ -5,9 +5,9 @@ import logging
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.contrib.auth.decorators import user_passes_test
|
||||
from django.contrib.auth.decorators import permission_required
|
||||
from django.shortcuts import redirect
|
||||
|
||||
from authentication.decorators import members_and_blues
|
||||
from .manager import DiscordOAuthManager
|
||||
from .tasks import DiscordTasks
|
||||
from services.views import superuser_test
|
||||
@@ -15,9 +15,11 @@ from services.views import superuser_test
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
ACCESS_PERM = 'discord.access_discord'
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def deactivate_discord(request):
|
||||
logger.debug("deactivate_discord called by user %s" % request.user)
|
||||
if DiscordTasks.delete_user(request.user):
|
||||
@@ -30,7 +32,7 @@ def deactivate_discord(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def reset_discord(request):
|
||||
logger.debug("reset_discord called by user %s" % request.user)
|
||||
if DiscordTasks.delete_user(request.user):
|
||||
@@ -42,14 +44,14 @@ def reset_discord(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def activate_discord(request):
|
||||
logger.debug("activate_discord called by user %s" % request.user)
|
||||
return redirect(DiscordOAuthManager.generate_oauth_redirect_url())
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def discord_callback(request):
|
||||
logger.debug("Received Discord callback for activation of user %s" % request.user)
|
||||
code = request.GET.get('code', None)
|
||||
|
||||
@@ -21,6 +21,7 @@ class DiscourseService(ServicesHook):
|
||||
self.urlpatterns = urlpatterns
|
||||
self.name = 'discourse'
|
||||
self.service_ctrl_template = 'registered/discourse_service_ctrl.html'
|
||||
self.access_perm = 'discourse.access_discourse'
|
||||
|
||||
def delete_user(self, user, notify_user=False):
|
||||
logger.debug('Deleting user %s %s account' % (user, self.name))
|
||||
@@ -40,11 +41,8 @@ class DiscourseService(ServicesHook):
|
||||
logger.debug('Update all %s groups called' % self.name)
|
||||
DiscourseTasks.update_all_groups.delay()
|
||||
|
||||
def service_enabled_members(self):
|
||||
return settings.ENABLE_AUTH_DISCOURSE or False
|
||||
|
||||
def service_enabled_blues(self):
|
||||
return settings.ENABLE_BLUE_DISCOURSE or False
|
||||
def service_active_for_user(self, user):
|
||||
return user.has_perm(self.access_perm)
|
||||
|
||||
def render_services_ctrl(self, request):
|
||||
return render_to_string(self.service_ctrl_template, {
|
||||
|
||||
@@ -0,0 +1,62 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.10.5 on 2017-02-02 05:59
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
from django.contrib.auth.management import create_permissions
|
||||
|
||||
import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def migrate_service_enabled(apps, schema_editor):
|
||||
for app_config in apps.get_app_configs():
|
||||
app_config.models_module = True
|
||||
create_permissions(app_config, apps=apps, verbosity=0)
|
||||
app_config.models_module = None
|
||||
|
||||
Group = apps.get_model("auth", "Group")
|
||||
Permission = apps.get_model("auth", "Permission")
|
||||
DiscourseUser = apps.get_model("discourse", "DiscourseUser")
|
||||
|
||||
perm = Permission.objects.get(codename='access_discourse')
|
||||
|
||||
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
|
||||
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
|
||||
|
||||
# Migrate members
|
||||
if DiscourseUser.objects.filter(user__groups__name=member_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_AUTH_DISCOURSE'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=member_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_AUTH_DISCOURSE setting')
|
||||
|
||||
# Migrate blues
|
||||
if DiscourseUser.objects.filter(user__groups__name=blue_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_BLUE_DISCOURSE'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=blue_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_BLUE_DISCOURSE setting')
|
||||
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('discourse', '0001_initial'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='discourseuser',
|
||||
options={'permissions': (('access_discourse', 'Can access the Discourse service'),)},
|
||||
),
|
||||
migrations.RunPython(migrate_service_enabled),
|
||||
]
|
||||
@@ -4,6 +4,7 @@ from django.contrib.auth.models import User
|
||||
from django.db import models
|
||||
|
||||
|
||||
@python_2_unicode_compatible
|
||||
class DiscourseUser(models.Model):
|
||||
user = models.OneToOneField(User,
|
||||
primary_key=True,
|
||||
@@ -13,3 +14,8 @@ class DiscourseUser(models.Model):
|
||||
|
||||
def __str__(self):
|
||||
return self.user.username
|
||||
|
||||
class Meta:
|
||||
permissions = (
|
||||
("access_discourse", u"Can access the Discourse service"),
|
||||
)
|
||||
|
||||
@@ -9,7 +9,7 @@ except ImportError:
|
||||
|
||||
from django.test import TestCase, RequestFactory
|
||||
from django.conf import settings
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.auth.models import User, Group, Permission
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
|
||||
from alliance_auth.tests.auth_utils import AuthUtils
|
||||
@@ -21,6 +21,13 @@ from .tasks import DiscourseTasks
|
||||
MODULE_PATH = 'services.modules.discourse'
|
||||
|
||||
|
||||
def add_permissions():
|
||||
permission = Permission.objects.get(codename='access_discourse')
|
||||
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
|
||||
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
|
||||
AuthUtils.add_permissions_to_groups([permission], [members, blues])
|
||||
|
||||
|
||||
class DiscourseHooksTestCase(TestCase):
|
||||
def setUp(self):
|
||||
self.member = 'member_user'
|
||||
@@ -32,6 +39,7 @@ class DiscourseHooksTestCase(TestCase):
|
||||
self.none_user = 'none_user'
|
||||
none_user = AuthUtils.create_user(self.none_user)
|
||||
self.service = DiscourseService
|
||||
add_permissions()
|
||||
|
||||
def test_has_account(self):
|
||||
member = User.objects.get(username=self.member)
|
||||
@@ -46,11 +54,9 @@ class DiscourseHooksTestCase(TestCase):
|
||||
member = User.objects.get(username=self.member)
|
||||
blue = User.objects.get(username=self.blue)
|
||||
none_user = User.objects.get(username=self.none_user)
|
||||
self.assertTrue(service.service_enabled_members())
|
||||
self.assertTrue(service.service_enabled_blues())
|
||||
|
||||
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_DISCOURSE)
|
||||
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_DISCOURSE)
|
||||
self.assertTrue(service.service_active_for_user(member))
|
||||
self.assertTrue(service.service_active_for_user(blue))
|
||||
self.assertFalse(service.service_active_for_user(none_user))
|
||||
|
||||
@mock.patch(MODULE_PATH + '.tasks.DiscourseManager')
|
||||
@@ -124,6 +130,7 @@ class DiscourseViewsTestCase(TestCase):
|
||||
self.member.set_password('password')
|
||||
self.member.save()
|
||||
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
|
||||
add_permissions()
|
||||
|
||||
@mock.patch(MODULE_PATH + '.tasks.DiscourseManager')
|
||||
def test_sso_member(self, manager):
|
||||
|
||||
@@ -31,20 +31,16 @@ import logging
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
ACCESS_PERM = 'discourse.access_discourse'
|
||||
|
||||
|
||||
@login_required
|
||||
def discourse_sso(request):
|
||||
|
||||
## Check if user has access
|
||||
|
||||
auth = AuthServicesInfo.objects.get(user=request.user)
|
||||
if not request.user.is_superuser:
|
||||
if not settings.ENABLE_AUTH_DISCOURSE and auth.state == MEMBER_STATE:
|
||||
messages.error(request, 'Members are not authorized to access Discourse.')
|
||||
return redirect('auth_dashboard')
|
||||
elif not settings.ENABLE_BLUE_DISCOURSE and auth.state == BLUE_STATE:
|
||||
messages.error(request, 'Blues are not authorized to access Discourse.')
|
||||
return redirect('auth_dashboard')
|
||||
elif auth.state == NONE_STATE:
|
||||
if not request.user.has_perm(ACCESS_PERM):
|
||||
messages.error(request, 'You are not authorized to access Discourse.')
|
||||
return redirect('auth_dashboard')
|
||||
|
||||
|
||||
@@ -20,6 +20,7 @@ class IpboardService(ServicesHook):
|
||||
self.name = 'ipboard'
|
||||
self.service_url = settings.IPBOARD_ENDPOINT
|
||||
self.urlpatterns = urlpatterns
|
||||
self.access_perm = 'ipboard.access_ipboard'
|
||||
|
||||
@property
|
||||
def title(self):
|
||||
@@ -43,11 +44,8 @@ class IpboardService(ServicesHook):
|
||||
logger.debug('Update all %s groups called' % self.name)
|
||||
IpboardTasks.update_all_groups.delay()
|
||||
|
||||
def service_enabled_members(self):
|
||||
return settings.ENABLE_AUTH_IPBOARD or False
|
||||
|
||||
def service_enabled_blues(self):
|
||||
return settings.ENABLE_BLUE_IPBOARD or False
|
||||
def service_active_for_user(self, user):
|
||||
return user.has_perm(self.access_perm)
|
||||
|
||||
def render_services_ctrl(self, request):
|
||||
urls = self.Urls()
|
||||
|
||||
@@ -0,0 +1,61 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.10.5 on 2017-02-02 05:59
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
from django.contrib.auth.management import create_permissions
|
||||
|
||||
import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def migrate_service_enabled(apps, schema_editor):
|
||||
for app_config in apps.get_app_configs():
|
||||
app_config.models_module = True
|
||||
create_permissions(app_config, apps=apps, verbosity=0)
|
||||
app_config.models_module = None
|
||||
|
||||
Group = apps.get_model("auth", "Group")
|
||||
Permission = apps.get_model("auth", "Permission")
|
||||
IpboardUser = apps.get_model("ipboard", "IpboardUser")
|
||||
|
||||
perm = Permission.objects.get(codename='access_ipboard')
|
||||
|
||||
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
|
||||
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
|
||||
|
||||
# Migrate members
|
||||
if IpboardUser.objects.filter(user__groups__name=member_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_AUTH_IPBOARD'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=member_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_AUTH_IPBOARD setting')
|
||||
|
||||
# Migrate blues
|
||||
if IpboardUser.objects.filter(user__groups__name=blue_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_BLUE_IPBOARD'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=blue_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_BLUE_IPBOARD setting')
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('ipboard', '0001_initial'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='ipboarduser',
|
||||
options={'permissions': (('access_ipboard', 'Can access the IPBoard service'),)},
|
||||
),
|
||||
migrations.RunPython(migrate_service_enabled),
|
||||
]
|
||||
@@ -14,3 +14,8 @@ class IpboardUser(models.Model):
|
||||
|
||||
def __str__(self):
|
||||
return self.username
|
||||
|
||||
class Meta:
|
||||
permissions = (
|
||||
("access_ipboard", u"Can access the IPBoard service"),
|
||||
)
|
||||
|
||||
@@ -62,11 +62,5 @@ class IpboardTasks:
|
||||
|
||||
@staticmethod
|
||||
def disable():
|
||||
if settings.ENABLE_AUTH_IPBOARD:
|
||||
logger.warn(
|
||||
"ENABLE_AUTH_IPBOARD still True, after disabling users will still be able to create IPBoard accounts")
|
||||
if settings.ENABLE_BLUE_IPBOARD:
|
||||
logger.warn(
|
||||
"ENABLE_BLUE_IPBOARD still True, after disabling blues will still be able to create IPBoard accounts")
|
||||
logger.debug("Deleting all Ipboard Users")
|
||||
IpboardUser.objects.all().delete()
|
||||
|
||||
@@ -9,7 +9,7 @@ except ImportError:
|
||||
|
||||
from django.test import TestCase, RequestFactory
|
||||
from django.conf import settings
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.auth.models import User, Group, Permission
|
||||
from django import urls
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
|
||||
@@ -23,6 +23,13 @@ from .manager import IPBoardManager
|
||||
MODULE_PATH = 'services.modules.ipboard'
|
||||
|
||||
|
||||
def add_permissions():
|
||||
permission = Permission.objects.get(codename='access_ipboard')
|
||||
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
|
||||
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
|
||||
AuthUtils.add_permissions_to_groups([permission], [members, blues])
|
||||
|
||||
|
||||
class IpboardHooksTestCase(TestCase):
|
||||
def setUp(self):
|
||||
self.member = 'member_user'
|
||||
@@ -34,6 +41,7 @@ class IpboardHooksTestCase(TestCase):
|
||||
self.none_user = 'none_user'
|
||||
none_user = AuthUtils.create_user(self.none_user)
|
||||
self.service = IpboardService
|
||||
add_permissions()
|
||||
|
||||
def test_has_account(self):
|
||||
member = User.objects.get(username=self.member)
|
||||
@@ -48,11 +56,9 @@ class IpboardHooksTestCase(TestCase):
|
||||
member = User.objects.get(username=self.member)
|
||||
blue = User.objects.get(username=self.blue)
|
||||
none_user = User.objects.get(username=self.none_user)
|
||||
self.assertTrue(service.service_enabled_members())
|
||||
self.assertTrue(service.service_enabled_blues())
|
||||
|
||||
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_IPBOARD)
|
||||
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_IPBOARD)
|
||||
self.assertTrue(service.service_active_for_user(member))
|
||||
self.assertTrue(service.service_active_for_user(blue))
|
||||
self.assertFalse(service.service_active_for_user(none_user))
|
||||
|
||||
@mock.patch(MODULE_PATH + '.tasks.IPBoardManager')
|
||||
@@ -133,6 +139,7 @@ class IpboardViewsTestCase(TestCase):
|
||||
self.member.email = 'auth_member@example.com'
|
||||
self.member.save()
|
||||
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
|
||||
add_permissions()
|
||||
|
||||
def login(self):
|
||||
self.client.login(username=self.member.username, password='password')
|
||||
|
||||
@@ -1,10 +1,9 @@
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.contrib.auth.decorators import login_required, permission_required
|
||||
from django.shortcuts import render, redirect
|
||||
|
||||
from authentication.decorators import members_and_blues
|
||||
from services.forms import ServicePasswordForm
|
||||
from eveonline.managers import EveManager
|
||||
|
||||
@@ -16,9 +15,11 @@ import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
ACCESS_PERM = 'ipboard.access_ipboard'
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def activate_ipboard_forum(request):
|
||||
logger.debug("activate_ipboard_forum called by user %s" % request.user)
|
||||
character = EveManager.get_main_character(request.user)
|
||||
@@ -46,7 +47,7 @@ def activate_ipboard_forum(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def deactivate_ipboard_forum(request):
|
||||
logger.debug("deactivate_ipboard_forum called by user %s" % request.user)
|
||||
# false we failed
|
||||
@@ -60,7 +61,7 @@ def deactivate_ipboard_forum(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def set_ipboard_password(request):
|
||||
logger.debug("set_ipboard_password called by user %s" % request.user)
|
||||
error = None
|
||||
@@ -90,7 +91,7 @@ def set_ipboard_password(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def reset_ipboard_password(request):
|
||||
logger.debug("reset_ipboard_password called by user %s" % request.user)
|
||||
if IpboardTasks.has_account(request.user):
|
||||
|
||||
@@ -16,16 +16,14 @@ class Ips4Service(ServicesHook):
|
||||
self.name = 'ips4'
|
||||
self.urlpatterns = urlpatterns
|
||||
self.service_url = settings.IPS4_URL
|
||||
self.access_perm = 'ips4.access_ips4'
|
||||
|
||||
@property
|
||||
def title(self):
|
||||
return 'IPS4'
|
||||
|
||||
def service_enabled_members(self):
|
||||
return settings.ENABLE_AUTH_IPS4 or False
|
||||
|
||||
def service_enabled_blues(self):
|
||||
return settings.ENABLE_BLUE_IPS4 or False
|
||||
def service_active_for_user(self, user):
|
||||
return user.has_perm(self.access_perm)
|
||||
|
||||
def render_services_ctrl(self, request):
|
||||
"""
|
||||
|
||||
61
services/modules/ips4/migrations/0002_service_permissions.py
Normal file
61
services/modules/ips4/migrations/0002_service_permissions.py
Normal file
@@ -0,0 +1,61 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.10.5 on 2017-02-02 05:59
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
from django.contrib.auth.management import create_permissions
|
||||
|
||||
import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def migrate_service_enabled(apps, schema_editor):
|
||||
for app_config in apps.get_app_configs():
|
||||
app_config.models_module = True
|
||||
create_permissions(app_config, apps=apps, verbosity=0)
|
||||
app_config.models_module = None
|
||||
|
||||
Group = apps.get_model("auth", "Group")
|
||||
Permission = apps.get_model("auth", "Permission")
|
||||
Ips4User = apps.get_model("ips4", "Ips4User")
|
||||
|
||||
perm = Permission.objects.get(codename='access_ips4')
|
||||
|
||||
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
|
||||
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
|
||||
|
||||
# Migrate members
|
||||
if Ips4User.objects.filter(user__groups__name=member_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_AUTH_IPS4'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=member_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_AUTH_IPS4 setting')
|
||||
|
||||
# Migrate blues
|
||||
if Ips4User.objects.filter(user__groups__name=blue_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_BLUE_IPS4'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=blue_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_BLUE_IPS4 setting')
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('ips4', '0001_initial'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='ips4user',
|
||||
options={'permissions': (('access_ips4', 'Can access the IPS4 service'),)},
|
||||
),
|
||||
migrations.RunPython(migrate_service_enabled),
|
||||
]
|
||||
@@ -15,3 +15,8 @@ class Ips4User(models.Model):
|
||||
|
||||
def __str__(self):
|
||||
return self.username
|
||||
|
||||
class Meta:
|
||||
permissions = (
|
||||
("access_ips4", u"Can access the IPS4 service"),
|
||||
)
|
||||
|
||||
@@ -33,11 +33,5 @@ class Ips4Tasks:
|
||||
|
||||
@staticmethod
|
||||
def disable():
|
||||
if settings.ENABLE_AUTH_IPS4:
|
||||
logger.warn(
|
||||
"ENABLE_AUTH_IPS4 still True, after disabling users will still be able to create IPS4 accounts")
|
||||
if settings.ENABLE_BLUE_IPS4:
|
||||
logger.warn(
|
||||
"ENABLE_BLUE_IPS4 still True, after disabling blues will still be able to create IPS4 accounts")
|
||||
logging.debug("Deleting all IPS4 users")
|
||||
Ips4User.objects.all().delete()
|
||||
|
||||
@@ -10,7 +10,7 @@ except ImportError:
|
||||
from django.test import TestCase, RequestFactory
|
||||
from django.conf import settings
|
||||
from django import urls
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.auth.models import User, Group, Permission
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
|
||||
from alliance_auth.tests.auth_utils import AuthUtils
|
||||
@@ -22,6 +22,13 @@ from .tasks import Ips4Tasks
|
||||
MODULE_PATH = 'services.modules.ips4'
|
||||
|
||||
|
||||
def add_permissions():
|
||||
permission = Permission.objects.get(codename='access_ips4')
|
||||
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
|
||||
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
|
||||
AuthUtils.add_permissions_to_groups([permission], [members, blues])
|
||||
|
||||
|
||||
class Ips4HooksTestCase(TestCase):
|
||||
def setUp(self):
|
||||
self.member = 'member_user'
|
||||
@@ -33,6 +40,7 @@ class Ips4HooksTestCase(TestCase):
|
||||
self.none_user = 'none_user'
|
||||
none_user = AuthUtils.create_user(self.none_user)
|
||||
self.service = Ips4Service
|
||||
add_permissions()
|
||||
|
||||
def test_has_account(self):
|
||||
member = User.objects.get(username=self.member)
|
||||
@@ -47,11 +55,9 @@ class Ips4HooksTestCase(TestCase):
|
||||
member = User.objects.get(username=self.member)
|
||||
blue = User.objects.get(username=self.blue)
|
||||
none_user = User.objects.get(username=self.none_user)
|
||||
self.assertTrue(service.service_enabled_members())
|
||||
self.assertTrue(service.service_enabled_blues())
|
||||
|
||||
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_IPS4)
|
||||
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_IPS4)
|
||||
self.assertTrue(service.service_active_for_user(member))
|
||||
self.assertTrue(service.service_active_for_user(blue))
|
||||
self.assertFalse(service.service_active_for_user(none_user))
|
||||
|
||||
def test_render_services_ctrl(self):
|
||||
@@ -81,6 +87,7 @@ class Ips4ViewsTestCase(TestCase):
|
||||
self.member.email = 'auth_member@example.com'
|
||||
self.member.save()
|
||||
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
|
||||
add_permissions()
|
||||
|
||||
def login(self):
|
||||
self.client.login(username=self.member.username, password='password')
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.contrib.auth.decorators import login_required, permission_required
|
||||
from django.shortcuts import render, redirect
|
||||
|
||||
from authentication.decorators import members_and_blues
|
||||
@@ -16,9 +16,11 @@ import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
ACCESS_PERM = 'ips4.access_ips4'
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def activate_ips4(request):
|
||||
logger.debug("activate_ips4 called by user %s" % request.user)
|
||||
character = EveManager.get_main_character(request.user)
|
||||
@@ -44,7 +46,7 @@ def activate_ips4(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def reset_ips4_password(request):
|
||||
logger.debug("reset_ips4_password called by user %s" % request.user)
|
||||
if Ips4Tasks.has_account(request.user):
|
||||
@@ -66,7 +68,7 @@ def reset_ips4_password(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def set_ips4_password(request):
|
||||
logger.debug("set_ips4_password called by user %s" % request.user)
|
||||
if request.method == 'POST':
|
||||
@@ -94,7 +96,7 @@ def set_ips4_password(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def deactivate_ips4(request):
|
||||
logger.debug("deactivate_ips4 called by user %s" % request.user)
|
||||
if Ips4Tasks.delete_user(request.user):
|
||||
|
||||
@@ -20,6 +20,7 @@ class MarketService(ServicesHook):
|
||||
self.name = 'market'
|
||||
self.urlpatterns = urlpatterns
|
||||
self.service_url = settings.MARKET_URL
|
||||
self.access_perm = 'market.access_market'
|
||||
|
||||
@property
|
||||
def title(self):
|
||||
@@ -31,14 +32,11 @@ class MarketService(ServicesHook):
|
||||
|
||||
def validate_user(self, user):
|
||||
logger.debug('Validating user %s %s account' % (user, self.name))
|
||||
if MarketTasks.has_account(user) and self.service_active_for_user(user):
|
||||
if MarketTasks.has_account(user) and not self.service_active_for_user(user):
|
||||
self.delete_user(user)
|
||||
|
||||
def service_enabled_members(self):
|
||||
return settings.ENABLE_AUTH_MARKET or False
|
||||
|
||||
def service_enabled_blues(self):
|
||||
return settings.ENABLE_BLUE_MARKET or False
|
||||
def service_active_for_user(self, user):
|
||||
return user.has_perm(self.access_perm)
|
||||
|
||||
def render_services_ctrl(self, request):
|
||||
urls = self.Urls()
|
||||
|
||||
@@ -0,0 +1,61 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.10.5 on 2017-02-02 05:59
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
from django.contrib.auth.management import create_permissions
|
||||
|
||||
import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def migrate_service_enabled(apps, schema_editor):
|
||||
for app_config in apps.get_app_configs():
|
||||
app_config.models_module = True
|
||||
create_permissions(app_config, apps=apps, verbosity=0)
|
||||
app_config.models_module = None
|
||||
|
||||
Group = apps.get_model("auth", "Group")
|
||||
Permission = apps.get_model("auth", "Permission")
|
||||
MarketUser = apps.get_model("market", "MarketUser")
|
||||
|
||||
perm = Permission.objects.get(codename='access_market')
|
||||
|
||||
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
|
||||
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
|
||||
|
||||
# Migrate members
|
||||
if MarketUser.objects.filter(user__groups__name=member_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_AUTH_MARKET'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=member_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_AUTH_MARKET setting')
|
||||
|
||||
# Migrate blues
|
||||
if MarketUser.objects.filter(user__groups__name=blue_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_BLUE_MARKET'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=blue_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_BLUE_MARKET setting')
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('market', '0001_initial'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='marketuser',
|
||||
options={'permissions': (('access_market', 'Can access the Evernus Market service'),)},
|
||||
),
|
||||
migrations.RunPython(migrate_service_enabled),
|
||||
]
|
||||
@@ -14,3 +14,8 @@ class MarketUser(models.Model):
|
||||
|
||||
def __str__(self):
|
||||
return self.username
|
||||
|
||||
class Meta:
|
||||
permissions = (
|
||||
("access_market", u"Can access the Evernus Market service"),
|
||||
)
|
||||
|
||||
@@ -37,8 +37,4 @@ class MarketTasks:
|
||||
|
||||
@staticmethod
|
||||
def disable():
|
||||
if settings.ENABLE_AUTH_MARKET:
|
||||
logger.warn("ENABLE_AUTH_MARKET still True, after disabling users will still be able to activate Market accounts")
|
||||
if settings.ENABLE_BLUE_MARKET:
|
||||
logger.warn("ENABLE_BLUE_MARKET still True, after disabling blues will still be able to activate Market accounts")
|
||||
MarketUser.objects.all().delete()
|
||||
|
||||
@@ -10,7 +10,7 @@ except ImportError:
|
||||
from django.test import TestCase, RequestFactory
|
||||
from django.conf import settings
|
||||
from django import urls
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.auth.models import User, Group, Permission
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
|
||||
from alliance_auth.tests.auth_utils import AuthUtils
|
||||
@@ -22,6 +22,13 @@ from .tasks import MarketTasks
|
||||
MODULE_PATH = 'services.modules.market'
|
||||
|
||||
|
||||
def add_permissions():
|
||||
permission = Permission.objects.get(codename='access_market')
|
||||
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
|
||||
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
|
||||
AuthUtils.add_permissions_to_groups([permission], [members, blues])
|
||||
|
||||
|
||||
class MarketHooksTestCase(TestCase):
|
||||
def setUp(self):
|
||||
self.member = 'member_user'
|
||||
@@ -33,6 +40,7 @@ class MarketHooksTestCase(TestCase):
|
||||
self.none_user = 'none_user'
|
||||
none_user = AuthUtils.create_user(self.none_user)
|
||||
self.service = MarketService
|
||||
add_permissions()
|
||||
|
||||
def test_has_account(self):
|
||||
member = User.objects.get(username=self.member)
|
||||
@@ -47,11 +55,9 @@ class MarketHooksTestCase(TestCase):
|
||||
member = User.objects.get(username=self.member)
|
||||
blue = User.objects.get(username=self.blue)
|
||||
none_user = User.objects.get(username=self.none_user)
|
||||
self.assertTrue(service.service_enabled_members())
|
||||
self.assertTrue(service.service_enabled_blues())
|
||||
|
||||
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_MARKET)
|
||||
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_MARKET)
|
||||
self.assertTrue(service.service_active_for_user(member))
|
||||
self.assertTrue(service.service_active_for_user(blue))
|
||||
self.assertFalse(service.service_active_for_user(none_user))
|
||||
|
||||
@mock.patch(MODULE_PATH + '.tasks.MarketManager')
|
||||
@@ -66,6 +72,22 @@ class MarketHooksTestCase(TestCase):
|
||||
with self.assertRaises(ObjectDoesNotExist):
|
||||
market_user = User.objects.get(username=self.member).market
|
||||
|
||||
@mock.patch(MODULE_PATH + '.tasks.MarketManager')
|
||||
def test_validate_user(self, manager):
|
||||
service = self.service()
|
||||
# Test member is not deleted
|
||||
member = User.objects.get(username=self.member)
|
||||
service.validate_user(member)
|
||||
self.assertTrue(User.objects.get(username=self.member).market)
|
||||
|
||||
# Test none user is deleted
|
||||
none_user = User.objects.get(username=self.none_user)
|
||||
MarketUser.objects.create(user=none_user, username='abc123')
|
||||
service.validate_user(none_user)
|
||||
self.assertTrue(manager.disable_user.called)
|
||||
with self.assertRaises(ObjectDoesNotExist):
|
||||
none_svc = User.objects.get(username=self.none_user).market
|
||||
|
||||
def test_render_services_ctrl(self):
|
||||
service = self.service()
|
||||
member = User.objects.get(username=self.member)
|
||||
@@ -93,6 +115,7 @@ class MarketViewsTestCase(TestCase):
|
||||
self.member.email = 'auth_member@example.com'
|
||||
self.member.save()
|
||||
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
|
||||
add_permissions()
|
||||
|
||||
def login(self):
|
||||
self.client.login(username=self.member.username, password='password')
|
||||
|
||||
@@ -1,10 +1,9 @@
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.contrib.auth.decorators import login_required, permission_required
|
||||
from django.shortcuts import render, redirect
|
||||
|
||||
from authentication.decorators import members_and_blues
|
||||
from services.forms import ServicePasswordForm
|
||||
from eveonline.managers import EveManager
|
||||
|
||||
@@ -16,9 +15,11 @@ import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
ACCESS_PERM = 'market.access_market'
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def activate_market(request):
|
||||
logger.debug("activate_market called by user %s" % request.user)
|
||||
character = EveManager.get_main_character(request.user)
|
||||
@@ -44,7 +45,7 @@ def activate_market(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def deactivate_market(request):
|
||||
logger.debug("deactivate_market called by user %s" % request.user)
|
||||
# false we failed
|
||||
@@ -58,7 +59,7 @@ def deactivate_market(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def reset_market_password(request):
|
||||
logger.debug("reset_market_password called by user %s" % request.user)
|
||||
if MarketTasks.has_account(request.user):
|
||||
@@ -80,7 +81,7 @@ def reset_market_password(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def set_market_password(request):
|
||||
logger.debug("set_market_password called by user %s" % request.user)
|
||||
if request.method == 'POST':
|
||||
|
||||
@@ -20,6 +20,7 @@ class MumbleService(ServicesHook):
|
||||
self.name = 'mumble'
|
||||
self.urlpatterns = urlpatterns
|
||||
self.service_url = settings.MUMBLE_URL
|
||||
self.access_perm = 'mumble.access_mumble'
|
||||
|
||||
def delete_user(self, user, notify_user=False):
|
||||
logging.debug("Deleting user %s %s account" % (user, self.name))
|
||||
@@ -42,11 +43,8 @@ class MumbleService(ServicesHook):
|
||||
logger.debug("Updating all %s groups" % self.name)
|
||||
MumbleTasks.update_all_groups.delay()
|
||||
|
||||
def service_enabled_members(self):
|
||||
return settings.ENABLE_AUTH_MUMBLE or False
|
||||
|
||||
def service_enabled_blues(self):
|
||||
return settings.ENABLE_BLUE_MUMBLE or False
|
||||
def service_active_for_user(self, user):
|
||||
return user.has_perm(self.access_perm)
|
||||
|
||||
def render_services_ctrl(self, request):
|
||||
urls = self.Urls()
|
||||
|
||||
@@ -0,0 +1,61 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.10.5 on 2017-02-02 05:59
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
from django.contrib.auth.management import create_permissions
|
||||
|
||||
import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def migrate_service_enabled(apps, schema_editor):
|
||||
for app_config in apps.get_app_configs():
|
||||
app_config.models_module = True
|
||||
create_permissions(app_config, apps=apps, verbosity=0)
|
||||
app_config.models_module = None
|
||||
|
||||
Group = apps.get_model("auth", "Group")
|
||||
Permission = apps.get_model("auth", "Permission")
|
||||
MumbleUser = apps.get_model("mumble", "MumbleUser")
|
||||
|
||||
perm = Permission.objects.get(codename='access_mumble')
|
||||
|
||||
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
|
||||
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
|
||||
|
||||
# Migrate members
|
||||
if MumbleUser.objects.filter(user__groups__name=member_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_AUTH_MUMBLE'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=member_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_AUTH_MUMBLE setting')
|
||||
|
||||
# Migrate blues
|
||||
if MumbleUser.objects.filter(user__groups__name=blue_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_BLUE_MUMBLE'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=blue_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_BLUE_MUMBLE setting')
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('mumble', '0005_mumbleuser_hashfn'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='mumbleuser',
|
||||
options={'permissions': (('access_mumble', 'Can access the Mumble service'),)},
|
||||
),
|
||||
migrations.RunPython(migrate_service_enabled),
|
||||
]
|
||||
@@ -13,3 +13,8 @@ class MumbleUser(models.Model):
|
||||
|
||||
def __str__(self):
|
||||
return self.username
|
||||
|
||||
class Meta:
|
||||
permissions = (
|
||||
("access_mumble", u"Can access the Mumble service"),
|
||||
)
|
||||
|
||||
@@ -26,10 +26,6 @@ class MumbleTasks:
|
||||
|
||||
@staticmethod
|
||||
def disable_mumble():
|
||||
if settings.ENABLE_AUTH_MUMBLE:
|
||||
logger.warn("ENABLE_AUTH_MUMBLE still True, after disabling users will still be able to create mumble accounts")
|
||||
if settings.ENABLE_BLUE_MUMBLE:
|
||||
logger.warn("ENABLE_BLUE_MUMBLE still True, after disabling blues will still be able to create mumble accounts")
|
||||
logger.info("Deleting all MumbleUser models")
|
||||
MumbleUser.objects.all().delete()
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ except ImportError:
|
||||
from django.test import TestCase, RequestFactory
|
||||
from django.conf import settings
|
||||
from django import urls
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.auth.models import User, Group, Permission
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
|
||||
from alliance_auth.tests.auth_utils import AuthUtils
|
||||
@@ -22,6 +22,13 @@ from .tasks import MumbleTasks
|
||||
MODULE_PATH = 'services.modules.mumble'
|
||||
|
||||
|
||||
def add_permissions():
|
||||
permission = Permission.objects.get(codename='access_mumble')
|
||||
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
|
||||
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
|
||||
AuthUtils.add_permissions_to_groups([permission], [members, blues])
|
||||
|
||||
|
||||
class MumbleHooksTestCase(TestCase):
|
||||
def setUp(self):
|
||||
self.member = 'member_user'
|
||||
@@ -33,6 +40,7 @@ class MumbleHooksTestCase(TestCase):
|
||||
self.none_user = 'none_user'
|
||||
none_user = AuthUtils.create_user(self.none_user)
|
||||
self.service = MumbleService
|
||||
add_permissions()
|
||||
|
||||
def test_has_account(self):
|
||||
member = User.objects.get(username=self.member)
|
||||
@@ -47,11 +55,9 @@ class MumbleHooksTestCase(TestCase):
|
||||
member = User.objects.get(username=self.member)
|
||||
blue = User.objects.get(username=self.blue)
|
||||
none_user = User.objects.get(username=self.none_user)
|
||||
self.assertTrue(service.service_enabled_members())
|
||||
self.assertTrue(service.service_enabled_blues())
|
||||
|
||||
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_MUMBLE)
|
||||
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_MUMBLE)
|
||||
self.assertTrue(service.service_active_for_user(member))
|
||||
self.assertTrue(service.service_active_for_user(blue))
|
||||
self.assertFalse(service.service_active_for_user(none_user))
|
||||
|
||||
@mock.patch(MODULE_PATH + '.tasks.MumbleManager')
|
||||
@@ -133,6 +139,7 @@ class MumbleViewsTestCase(TestCase):
|
||||
self.member.save()
|
||||
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation',
|
||||
corp_ticker='TESTR')
|
||||
add_permissions()
|
||||
|
||||
def login(self):
|
||||
self.client.login(username=self.member.username, password='password')
|
||||
|
||||
@@ -1,9 +1,8 @@
|
||||
from __future__ import unicode_literals
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.contrib.auth.decorators import login_required, permission_required
|
||||
from django.shortcuts import render, redirect
|
||||
from django.contrib import messages
|
||||
|
||||
from authentication.decorators import members_and_blues
|
||||
from eveonline.managers import EveManager
|
||||
from eveonline.models import EveAllianceInfo
|
||||
from authentication.states import MEMBER_STATE, BLUE_STATE, NONE_STATE
|
||||
@@ -19,9 +18,11 @@ import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
ACCESS_PERM = 'mumble.access_mumble'
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def activate_mumble(request):
|
||||
logger.debug("activate_mumble called by user %s" % request.user)
|
||||
authinfo = AuthServicesInfo.objects.get(user=request.user)
|
||||
@@ -57,7 +58,7 @@ def activate_mumble(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def deactivate_mumble(request):
|
||||
logger.debug("deactivate_mumble called by user %s" % request.user)
|
||||
# if we successfully remove the user or the user is already removed
|
||||
@@ -71,7 +72,7 @@ def deactivate_mumble(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def reset_mumble_password(request):
|
||||
logger.debug("reset_mumble_password called by user %s" % request.user)
|
||||
result = MumbleManager.update_user_password(request.user)
|
||||
@@ -93,7 +94,7 @@ def reset_mumble_password(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def set_mumble_password(request):
|
||||
logger.debug("set_mumble_password called by user %s" % request.user)
|
||||
if request.method == 'POST':
|
||||
|
||||
@@ -20,6 +20,7 @@ class OpenfireService(ServicesHook):
|
||||
self.name = 'openfire'
|
||||
self.urlpatterns = urlpatterns
|
||||
self.service_url = settings.JABBER_URL
|
||||
self.access_perm = 'openfire.access_openfire'
|
||||
|
||||
@property
|
||||
def title(self):
|
||||
@@ -43,11 +44,8 @@ class OpenfireService(ServicesHook):
|
||||
logger.debug('Update all %s groups called' % self.name)
|
||||
OpenfireTasks.update_all_groups.delay()
|
||||
|
||||
def service_enabled_members(self):
|
||||
return settings.ENABLE_AUTH_JABBER or False # TODO: Rename this setting
|
||||
|
||||
def service_enabled_blues(self):
|
||||
return settings.ENABLE_BLUE_JABBER or False # TODO: Rename this setting
|
||||
def service_active_for_user(self, user):
|
||||
return user.has_perm(self.access_perm)
|
||||
|
||||
def render_services_ctrl(self, request):
|
||||
"""
|
||||
|
||||
@@ -0,0 +1,61 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.10.5 on 2017-02-02 05:59
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
from django.contrib.auth.management import create_permissions
|
||||
|
||||
import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def migrate_service_enabled(apps, schema_editor):
|
||||
for app_config in apps.get_app_configs():
|
||||
app_config.models_module = True
|
||||
create_permissions(app_config, apps=apps, verbosity=0)
|
||||
app_config.models_module = None
|
||||
|
||||
Group = apps.get_model("auth", "Group")
|
||||
Permission = apps.get_model("auth", "Permission")
|
||||
OpenfireUser = apps.get_model("openfire", "OpenfireUser")
|
||||
|
||||
perm = Permission.objects.get(codename='access_openfire')
|
||||
|
||||
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
|
||||
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
|
||||
|
||||
# Migrate members
|
||||
if OpenfireUser.objects.filter(user__groups__name=member_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_AUTH_JABBER'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=member_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_AUTH_JABBER setting')
|
||||
|
||||
# Migrate blues
|
||||
if OpenfireUser.objects.filter(user__groups__name=blue_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_BLUE_JABBER'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=blue_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_BLUE_JABBER setting')
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('openfire', '0001_initial'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='openfireuser',
|
||||
options={'permissions': (('access_openfire', 'Can access the Openfire service'),)},
|
||||
),
|
||||
migrations.RunPython(migrate_service_enabled),
|
||||
]
|
||||
@@ -13,3 +13,8 @@ class OpenfireUser(models.Model):
|
||||
|
||||
def __str__(self):
|
||||
return self.username
|
||||
|
||||
class Meta:
|
||||
permissions = (
|
||||
("access_openfire", u"Can access the Openfire service"),
|
||||
)
|
||||
|
||||
@@ -39,10 +39,6 @@ class OpenfireTasks:
|
||||
|
||||
@staticmethod
|
||||
def disable_jabber():
|
||||
if settings.ENABLE_AUTH_JABBER:
|
||||
logger.warn("ENABLE_AUTH_JABBER still True, after disabling users will still be able to create jabber accounts")
|
||||
if settings.ENABLE_BLUE_JABBER:
|
||||
logger.warn("ENABLE_BLUE_JABBER still True, after disabling blues will still be able to create jabber accounts")
|
||||
logging.debug("Deleting all Openfire users")
|
||||
OpenfireUser.objects.all().delete()
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ except ImportError:
|
||||
from django.test import TestCase, RequestFactory
|
||||
from django.conf import settings
|
||||
from django import urls
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.auth.models import User, Group, Permission
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
|
||||
from alliance_auth.tests.auth_utils import AuthUtils
|
||||
@@ -22,6 +22,13 @@ from .tasks import OpenfireTasks
|
||||
MODULE_PATH = 'services.modules.openfire'
|
||||
|
||||
|
||||
def add_permissions():
|
||||
permission = Permission.objects.get(codename='access_openfire')
|
||||
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
|
||||
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
|
||||
AuthUtils.add_permissions_to_groups([permission], [members, blues])
|
||||
|
||||
|
||||
class OpenfireHooksTestCase(TestCase):
|
||||
def setUp(self):
|
||||
self.member = 'member_user'
|
||||
@@ -33,6 +40,7 @@ class OpenfireHooksTestCase(TestCase):
|
||||
self.none_user = 'none_user'
|
||||
none_user = AuthUtils.create_user(self.none_user)
|
||||
self.service = OpenfireService
|
||||
add_permissions()
|
||||
|
||||
def test_has_account(self):
|
||||
member = User.objects.get(username=self.member)
|
||||
@@ -47,11 +55,9 @@ class OpenfireHooksTestCase(TestCase):
|
||||
member = User.objects.get(username=self.member)
|
||||
blue = User.objects.get(username=self.blue)
|
||||
none_user = User.objects.get(username=self.none_user)
|
||||
self.assertTrue(service.service_enabled_members())
|
||||
self.assertTrue(service.service_enabled_blues())
|
||||
|
||||
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_JABBER)
|
||||
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_JABBER)
|
||||
self.assertTrue(service.service_active_for_user(member))
|
||||
self.assertTrue(service.service_active_for_user(blue))
|
||||
self.assertFalse(service.service_active_for_user(none_user))
|
||||
|
||||
@mock.patch(MODULE_PATH + '.tasks.OpenfireManager')
|
||||
@@ -136,6 +142,7 @@ class OpenfireViewsTestCase(TestCase):
|
||||
self.member.email = 'auth_member@example.com'
|
||||
self.member.save()
|
||||
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
|
||||
add_permissions()
|
||||
|
||||
def login(self):
|
||||
self.client.login(username=self.member.username, password='password')
|
||||
|
||||
@@ -21,9 +21,11 @@ import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
ACCESS_PERM = 'openfire.access_openfire'
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def activate_jabber(request):
|
||||
logger.debug("activate_jabber called by user %s" % request.user)
|
||||
character = EveManager.get_main_character(request.user)
|
||||
@@ -49,7 +51,7 @@ def activate_jabber(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def deactivate_jabber(request):
|
||||
logger.debug("deactivate_jabber called by user %s" % request.user)
|
||||
if OpenfireTasks.has_account(request.user) and OpenfireTasks.delete_user(request.user):
|
||||
@@ -62,7 +64,7 @@ def deactivate_jabber(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def reset_jabber_password(request):
|
||||
logger.debug("reset_jabber_password called by user %s" % request.user)
|
||||
if OpenfireTasks.has_account(request.user):
|
||||
@@ -133,7 +135,7 @@ def jabber_broadcast_view(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def set_jabber_password(request):
|
||||
logger.debug("set_jabber_password called by user %s" % request.user)
|
||||
if request.method == 'POST':
|
||||
|
||||
@@ -20,6 +20,7 @@ class Phpbb3Service(ServicesHook):
|
||||
self.name = 'phpbb3'
|
||||
self.urlpatterns = urlpatterns
|
||||
self.service_url = settings.FORUM_URL # TODO: This needs to be renamed at some point...
|
||||
self.access_perm = 'phpbb3.access_phpbb3'
|
||||
|
||||
@property
|
||||
def title(self):
|
||||
@@ -43,11 +44,8 @@ class Phpbb3Service(ServicesHook):
|
||||
logger.debug('Update all %s groups called' % self.name)
|
||||
Phpbb3Tasks.update_all_groups.delay()
|
||||
|
||||
def service_enabled_members(self):
|
||||
return settings.ENABLE_AUTH_FORUM or False # TODO: Rename this setting
|
||||
|
||||
def service_enabled_blues(self):
|
||||
return settings.ENABLE_BLUE_FORUM or False # TODO: Rename this setting
|
||||
def service_active_for_user(self, user):
|
||||
return user.has_perm(self.access_perm)
|
||||
|
||||
def render_services_ctrl(self, request):
|
||||
urls = self.Urls()
|
||||
|
||||
@@ -0,0 +1,61 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.10.5 on 2017-02-02 05:59
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
from django.contrib.auth.management import create_permissions
|
||||
|
||||
import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def migrate_service_enabled(apps, schema_editor):
|
||||
for app_config in apps.get_app_configs():
|
||||
app_config.models_module = True
|
||||
create_permissions(app_config, apps=apps, verbosity=0)
|
||||
app_config.models_module = None
|
||||
|
||||
Group = apps.get_model("auth", "Group")
|
||||
Permission = apps.get_model("auth", "Permission")
|
||||
Phpbb3User = apps.get_model("phpbb3", "Phpbb3User")
|
||||
|
||||
perm = Permission.objects.get(codename='access_phpbb3')
|
||||
|
||||
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
|
||||
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
|
||||
|
||||
# Migrate members
|
||||
if Phpbb3User.objects.filter(user__groups__name=member_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_AUTH_FORUM'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=member_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_AUTH_FORUM setting')
|
||||
|
||||
# Migrate blues
|
||||
if Phpbb3User.objects.filter(user__groups__name=blue_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_BLUE_FORUM'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=blue_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_BLUE_FORUM setting')
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('phpbb3', '0001_initial'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='phpbb3user',
|
||||
options={'permissions': (('access_phpbb3', 'Can access the phpBB3 service'),)},
|
||||
),
|
||||
migrations.RunPython(migrate_service_enabled),
|
||||
]
|
||||
@@ -13,3 +13,8 @@ class Phpbb3User(models.Model):
|
||||
|
||||
def __str__(self):
|
||||
return self.username
|
||||
|
||||
class Meta:
|
||||
permissions = (
|
||||
("access_phpbb3", u"Can access the phpBB3 service"),
|
||||
)
|
||||
|
||||
@@ -66,8 +66,4 @@ class Phpbb3Tasks:
|
||||
|
||||
@staticmethod
|
||||
def disable():
|
||||
if settings.ENABLE_AUTH_FORUM:
|
||||
logger.warn("ENABLE_AUTH_FORUM still True, after disabling users will still be able to create forum accounts")
|
||||
if settings.ENABLE_BLUE_FORUM:
|
||||
logger.warn("ENABLE_BLUE_FORUM still True, after disabling blues will still be able to create forum accounts")
|
||||
Phpbb3User.objects.all().delete()
|
||||
|
||||
@@ -10,7 +10,7 @@ except ImportError:
|
||||
from django.test import TestCase, RequestFactory
|
||||
from django.conf import settings
|
||||
from django import urls
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.auth.models import User, Group, Permission
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
|
||||
from alliance_auth.tests.auth_utils import AuthUtils
|
||||
@@ -22,6 +22,13 @@ from .tasks import Phpbb3Tasks
|
||||
MODULE_PATH = 'services.modules.phpbb3'
|
||||
|
||||
|
||||
def add_permissions():
|
||||
permission = Permission.objects.get(codename='access_phpbb3')
|
||||
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
|
||||
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
|
||||
AuthUtils.add_permissions_to_groups([permission], [members, blues])
|
||||
|
||||
|
||||
class Phpbb3HooksTestCase(TestCase):
|
||||
def setUp(self):
|
||||
self.member = 'member_user'
|
||||
@@ -33,6 +40,7 @@ class Phpbb3HooksTestCase(TestCase):
|
||||
self.none_user = 'none_user'
|
||||
none_user = AuthUtils.create_user(self.none_user)
|
||||
self.service = Phpbb3Service
|
||||
add_permissions()
|
||||
|
||||
def test_has_account(self):
|
||||
member = User.objects.get(username=self.member)
|
||||
@@ -47,11 +55,9 @@ class Phpbb3HooksTestCase(TestCase):
|
||||
member = User.objects.get(username=self.member)
|
||||
blue = User.objects.get(username=self.blue)
|
||||
none_user = User.objects.get(username=self.none_user)
|
||||
self.assertTrue(service.service_enabled_members())
|
||||
self.assertTrue(service.service_enabled_blues())
|
||||
|
||||
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_FORUM)
|
||||
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_FORUM)
|
||||
self.assertTrue(service.service_active_for_user(member))
|
||||
self.assertTrue(service.service_active_for_user(blue))
|
||||
self.assertFalse(service.service_active_for_user(none_user))
|
||||
|
||||
@mock.patch(MODULE_PATH + '.tasks.Phpbb3Manager')
|
||||
@@ -136,6 +142,7 @@ class Phpbb3ViewsTestCase(TestCase):
|
||||
self.member.email = 'auth_member@example.com'
|
||||
self.member.save()
|
||||
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
|
||||
add_permissions()
|
||||
|
||||
def login(self):
|
||||
self.client.login(username=self.member.username, password='password')
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.contrib.auth.decorators import login_required, permission_required
|
||||
from django.shortcuts import render, redirect
|
||||
|
||||
from authentication.decorators import members_and_blues
|
||||
@@ -16,9 +16,11 @@ import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
ACCESS_PERM = 'phpbb3.access_phpbb3'
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def activate_forum(request):
|
||||
logger.debug("activate_forum called by user %s" % request.user)
|
||||
# Valid now we get the main characters
|
||||
@@ -46,7 +48,7 @@ def activate_forum(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def deactivate_forum(request):
|
||||
logger.debug("deactivate_forum called by user %s" % request.user)
|
||||
# false we failed
|
||||
@@ -60,7 +62,7 @@ def deactivate_forum(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def reset_forum_password(request):
|
||||
logger.debug("reset_forum_password called by user %s" % request.user)
|
||||
if Phpbb3Tasks.has_account(request.user):
|
||||
@@ -83,7 +85,7 @@ def reset_forum_password(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def set_forum_password(request):
|
||||
logger.debug("set_forum_password called by user %s" % request.user)
|
||||
if request.method == 'POST':
|
||||
|
||||
@@ -20,6 +20,7 @@ class SmfService(ServicesHook):
|
||||
self.name = 'smf'
|
||||
self.urlpatterns = urlpatterns
|
||||
self.service_url = settings.SMF_URL
|
||||
self.access_perm = 'smf.access_smf'
|
||||
|
||||
@property
|
||||
def title(self):
|
||||
@@ -43,11 +44,8 @@ class SmfService(ServicesHook):
|
||||
logger.debug('Update all %s groups called' % self.name)
|
||||
SmfTasks.update_all_groups.delay()
|
||||
|
||||
def service_enabled_members(self):
|
||||
return settings.ENABLE_AUTH_SMF or False
|
||||
|
||||
def service_enabled_blues(self):
|
||||
return settings.ENABLE_BLUE_SMF or False
|
||||
def service_active_for_user(self, user):
|
||||
return user.has_perm(self.access_perm)
|
||||
|
||||
def render_services_ctrl(self, request):
|
||||
urls = self.Urls()
|
||||
|
||||
61
services/modules/smf/migrations/0002_service_permissions.py
Normal file
61
services/modules/smf/migrations/0002_service_permissions.py
Normal file
@@ -0,0 +1,61 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.10.5 on 2017-02-02 05:59
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
from django.contrib.auth.management import create_permissions
|
||||
|
||||
import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def migrate_service_enabled(apps, schema_editor):
|
||||
for app_config in apps.get_app_configs():
|
||||
app_config.models_module = True
|
||||
create_permissions(app_config, apps=apps, verbosity=0)
|
||||
app_config.models_module = None
|
||||
|
||||
Group = apps.get_model("auth", "Group")
|
||||
Permission = apps.get_model("auth", "Permission")
|
||||
SmfUser = apps.get_model("smf", "SmfUser")
|
||||
|
||||
perm = Permission.objects.get(codename='access_smf')
|
||||
|
||||
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
|
||||
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
|
||||
|
||||
# Migrate members
|
||||
if SmfUser.objects.filter(user__groups__name=member_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_AUTH_SMF'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=member_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_AUTH_SMF setting')
|
||||
|
||||
# Migrate blues
|
||||
if SmfUser.objects.filter(user__groups__name=blue_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_BLUE_SMF'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=blue_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_BLUE_SMF setting')
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('smf', '0001_initial'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='smfuser',
|
||||
options={'permissions': (('access_smf', 'Can access the SMF service'),)},
|
||||
),
|
||||
migrations.RunPython(migrate_service_enabled),
|
||||
]
|
||||
@@ -13,3 +13,8 @@ class SmfUser(models.Model):
|
||||
|
||||
def __str__(self):
|
||||
return self.username
|
||||
|
||||
class Meta:
|
||||
permissions = (
|
||||
("access_smf", u"Can access the SMF service"),
|
||||
)
|
||||
|
||||
@@ -38,12 +38,6 @@ class SmfTasks:
|
||||
|
||||
@classmethod
|
||||
def disable(cls):
|
||||
if settings.ENABLE_AUTH_SMF:
|
||||
logger.warn(
|
||||
"ENABLE_AUTH_SMF still True, after disabling users will still be able to link smf accounts")
|
||||
if settings.ENABLE_BLUE_SMF:
|
||||
logger.warn(
|
||||
"ENABLE_BLUE_SMF still True, after disabling blues will still be able to link smf accounts")
|
||||
SmfUser.objects.all().delete()
|
||||
|
||||
@staticmethod
|
||||
|
||||
@@ -10,7 +10,7 @@ except ImportError:
|
||||
from django.test import TestCase, RequestFactory
|
||||
from django.conf import settings
|
||||
from django import urls
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.auth.models import User, Group, Permission
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
|
||||
from alliance_auth.tests.auth_utils import AuthUtils
|
||||
@@ -22,6 +22,13 @@ from .tasks import SmfTasks
|
||||
MODULE_PATH = 'services.modules.smf'
|
||||
|
||||
|
||||
def add_permissions():
|
||||
permission = Permission.objects.get(codename='access_smf')
|
||||
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
|
||||
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
|
||||
AuthUtils.add_permissions_to_groups([permission], [members, blues])
|
||||
|
||||
|
||||
class SmfHooksTestCase(TestCase):
|
||||
def setUp(self):
|
||||
self.member = 'member_user'
|
||||
@@ -33,6 +40,7 @@ class SmfHooksTestCase(TestCase):
|
||||
self.none_user = 'none_user'
|
||||
none_user = AuthUtils.create_user(self.none_user)
|
||||
self.service = SmfService
|
||||
add_permissions()
|
||||
|
||||
def test_has_account(self):
|
||||
member = User.objects.get(username=self.member)
|
||||
@@ -47,11 +55,9 @@ class SmfHooksTestCase(TestCase):
|
||||
member = User.objects.get(username=self.member)
|
||||
blue = User.objects.get(username=self.blue)
|
||||
none_user = User.objects.get(username=self.none_user)
|
||||
self.assertTrue(service.service_enabled_members())
|
||||
self.assertTrue(service.service_enabled_blues())
|
||||
|
||||
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_SMF)
|
||||
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_SMF)
|
||||
self.assertTrue(service.service_active_for_user(member))
|
||||
self.assertTrue(service.service_active_for_user(blue))
|
||||
self.assertFalse(service.service_active_for_user(none_user))
|
||||
|
||||
@mock.patch(MODULE_PATH + '.tasks.SmfManager')
|
||||
@@ -136,6 +142,7 @@ class SmfViewsTestCase(TestCase):
|
||||
self.member.email = 'auth_member@example.com'
|
||||
self.member.save()
|
||||
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
|
||||
add_permissions()
|
||||
|
||||
def login(self):
|
||||
self.client.login(username=self.member.username, password='password')
|
||||
|
||||
@@ -1,10 +1,9 @@
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.contrib.auth.decorators import login_required, permission_required
|
||||
from django.shortcuts import render, redirect
|
||||
|
||||
from authentication.decorators import members_and_blues
|
||||
from eveonline.managers import EveManager
|
||||
from services.forms import ServicePasswordForm
|
||||
|
||||
@@ -16,9 +15,11 @@ import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
ACCESS_PERM = 'smf.access_smf'
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def activate_smf(request):
|
||||
logger.debug("activate_smf called by user %s" % request.user)
|
||||
# Valid now we get the main characters
|
||||
@@ -45,7 +46,7 @@ def activate_smf(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def deactivate_smf(request):
|
||||
logger.debug("deactivate_smf called by user %s" % request.user)
|
||||
result = SmfTasks.delete_user(request.user)
|
||||
@@ -60,7 +61,7 @@ def deactivate_smf(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def reset_smf_password(request):
|
||||
logger.debug("reset_smf_password called by user %s" % request.user)
|
||||
character = EveManager.get_main_character(request.user)
|
||||
@@ -82,7 +83,7 @@ def reset_smf_password(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def set_smf_password(request):
|
||||
logger.debug("set_smf_password called by user %s" % request.user)
|
||||
if request.method == 'POST':
|
||||
|
||||
@@ -20,6 +20,7 @@ class Teamspeak3Service(ServicesHook):
|
||||
self.name = 'teamspeak3'
|
||||
self.urlpatterns = urlpatterns
|
||||
self.service_ctrl_template = 'registered/teamspeak3_service_ctrl.html'
|
||||
self.access_perm = 'teamspeak3.access_teamspeak3'
|
||||
|
||||
def delete_user(self, user, notify_user=False):
|
||||
logger.debug('Deleting user %s %s account' % (user, self.name))
|
||||
@@ -38,11 +39,8 @@ class Teamspeak3Service(ServicesHook):
|
||||
logger.debug('Update all %s groups called' % self.name)
|
||||
Teamspeak3Tasks.update_all_groups.delay()
|
||||
|
||||
def service_enabled_members(self):
|
||||
return settings.ENABLE_AUTH_TEAMSPEAK3 or False
|
||||
|
||||
def service_enabled_blues(self):
|
||||
return settings.ENABLE_BLUE_TEAMSPEAK3 or False
|
||||
def service_active_for_user(self, user):
|
||||
return user.has_perm(self.access_perm)
|
||||
|
||||
def render_services_ctrl(self, request):
|
||||
authinfo = {'teamspeak3_uid': '',
|
||||
|
||||
@@ -0,0 +1,61 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.10.5 on 2017-02-02 05:59
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
from django.contrib.auth.management import create_permissions
|
||||
|
||||
import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def migrate_service_enabled(apps, schema_editor):
|
||||
for app_config in apps.get_app_configs():
|
||||
app_config.models_module = True
|
||||
create_permissions(app_config, apps=apps, verbosity=0)
|
||||
app_config.models_module = None
|
||||
|
||||
Group = apps.get_model("auth", "Group")
|
||||
Permission = apps.get_model("auth", "Permission")
|
||||
Teamspeak3User = apps.get_model("teamspeak3", "Teamspeak3User")
|
||||
|
||||
perm = Permission.objects.get(codename='access_teamspeak3')
|
||||
|
||||
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
|
||||
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
|
||||
|
||||
# Migrate members
|
||||
if Teamspeak3User.objects.filter(user__groups__name=member_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_AUTH_TEAMSPEAK3'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=member_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_AUTH_TEAMSPEAK3 setting')
|
||||
|
||||
# Migrate blues
|
||||
if Teamspeak3User.objects.filter(user__groups__name=blue_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_BLUE_TEAMSPEAK3'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=blue_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_BLUE_TEAMSPEAK3 setting')
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('teamspeak3', '0003_teamspeak3user'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='teamspeak3user',
|
||||
options={'permissions': (('access_teamspeak3', 'Can access the Teamspeak3 service'),)},
|
||||
),
|
||||
migrations.RunPython(migrate_service_enabled),
|
||||
]
|
||||
@@ -15,6 +15,11 @@ class Teamspeak3User(models.Model):
|
||||
def __str__(self):
|
||||
return self.uid
|
||||
|
||||
class Meta:
|
||||
permissions = (
|
||||
("access_teamspeak3", u"Can access the Teamspeak3 service"),
|
||||
)
|
||||
|
||||
|
||||
@python_2_unicode_compatible
|
||||
class TSgroup(models.Model):
|
||||
|
||||
@@ -42,18 +42,11 @@ class Teamspeak3Tasks:
|
||||
@staticmethod
|
||||
@app.task()
|
||||
def run_ts3_group_update():
|
||||
if settings.ENABLE_AUTH_TEAMSPEAK3 or settings.ENABLE_BLUE_TEAMSPEAK3:
|
||||
logger.debug("TS3 installed. Syncing local group objects.")
|
||||
Teamspeak3Manager._sync_ts_group_db()
|
||||
logger.debug("TS3 installed. Syncing local group objects.")
|
||||
Teamspeak3Manager._sync_ts_group_db()
|
||||
|
||||
@staticmethod
|
||||
def disable():
|
||||
if settings.ENABLE_AUTH_TEAMSPEAK3:
|
||||
logger.warn(
|
||||
"ENABLE_AUTH_TEAMSPEAK3 still True, after disabling users will still be able to create teamspeak accounts")
|
||||
if settings.ENABLE_BLUE_TEAMSPEAK3:
|
||||
logger.warn(
|
||||
"ENABLE_BLUE_TEAMSPEAK3 still True, after disabling blues will still be able to create teamspeak accounts")
|
||||
logger.info("Deleting all Teamspeak3Users")
|
||||
Teamspeak3User.objects.all().delete()
|
||||
logger.info("Deleting all UserTSgroup models")
|
||||
|
||||
@@ -10,7 +10,7 @@ except ImportError:
|
||||
from django.test import TestCase, RequestFactory
|
||||
from django.conf import settings
|
||||
from django import urls
|
||||
from django.contrib.auth.models import User, Group
|
||||
from django.contrib.auth.models import User, Group, Permission
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
from django.db.models import signals
|
||||
|
||||
@@ -24,6 +24,13 @@ from .signals import m2m_changed_authts_group, post_save_authts, post_delete_aut
|
||||
MODULE_PATH = 'services.modules.teamspeak3'
|
||||
|
||||
|
||||
def add_permissions():
|
||||
permission = Permission.objects.get(codename='access_teamspeak3')
|
||||
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
|
||||
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
|
||||
AuthUtils.add_permissions_to_groups([permission], [members, blues])
|
||||
|
||||
|
||||
class Teamspeak3HooksTestCase(TestCase):
|
||||
def setUp(self):
|
||||
# Inert signals before setup begins
|
||||
@@ -46,6 +53,7 @@ class Teamspeak3HooksTestCase(TestCase):
|
||||
m2m_blue_group.ts_group.add(ts_blue_group)
|
||||
m2m_blue_group.save()
|
||||
self.service = Teamspeak3Service
|
||||
add_permissions()
|
||||
|
||||
def test_has_account(self):
|
||||
member = User.objects.get(username=self.member)
|
||||
@@ -60,11 +68,9 @@ class Teamspeak3HooksTestCase(TestCase):
|
||||
member = User.objects.get(username=self.member)
|
||||
blue = User.objects.get(username=self.blue)
|
||||
none_user = User.objects.get(username=self.none_user)
|
||||
self.assertTrue(service.service_enabled_members())
|
||||
self.assertTrue(service.service_enabled_blues())
|
||||
|
||||
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_TEAMSPEAK3)
|
||||
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_TEAMSPEAK3)
|
||||
self.assertTrue(service.service_active_for_user(member))
|
||||
self.assertTrue(service.service_active_for_user(blue))
|
||||
self.assertFalse(service.service_active_for_user(none_user))
|
||||
|
||||
@mock.patch(MODULE_PATH + '.tasks.Teamspeak3Manager')
|
||||
@@ -164,6 +170,7 @@ class Teamspeak3ViewsTestCase(TestCase):
|
||||
m2m_blue = AuthTS.objects.create(auth_group=Group.objects.get(name='Blue'))
|
||||
m2m_blue.ts_group.add(ts_blue_group)
|
||||
m2m_blue.save()
|
||||
add_permissions()
|
||||
|
||||
def login(self, user=None, password=None):
|
||||
if user is None:
|
||||
|
||||
@@ -1,10 +1,9 @@
|
||||
import logging
|
||||
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.contrib.auth.decorators import login_required, permission_required
|
||||
from django.shortcuts import render, redirect
|
||||
|
||||
from authentication.decorators import members_and_blues
|
||||
from authentication.states import BLUE_STATE
|
||||
from authentication.models import AuthServicesInfo
|
||||
from eveonline.managers import EveManager
|
||||
@@ -18,9 +17,11 @@ from .models import Teamspeak3User
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
ACCESS_PERM = 'teamspeak3.access_teamspeak3'
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def activate_teamspeak3(request):
|
||||
logger.debug("activate_teamspeak3 called by user %s" % request.user)
|
||||
|
||||
@@ -52,7 +53,7 @@ def activate_teamspeak3(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def verify_teamspeak3(request):
|
||||
logger.debug("verify_teamspeak3 called by user %s" % request.user)
|
||||
if not Teamspeak3Tasks.has_account(request.user):
|
||||
@@ -75,7 +76,7 @@ def verify_teamspeak3(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def deactivate_teamspeak3(request):
|
||||
logger.debug("deactivate_teamspeak3 called by user %s" % request.user)
|
||||
if Teamspeak3Tasks.has_account(request.user) and Teamspeak3Tasks.delete_user(request.user):
|
||||
@@ -87,7 +88,7 @@ def deactivate_teamspeak3(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def reset_teamspeak3_perm(request):
|
||||
logger.debug("reset_teamspeak3_perm called by user %s" % request.user)
|
||||
if not Teamspeak3Tasks.has_account(request.user):
|
||||
|
||||
@@ -19,6 +19,7 @@ class XenforoService(ServicesHook):
|
||||
ServicesHook.__init__(self)
|
||||
self.name = 'xenforo'
|
||||
self.urlpatterns = urlpatterns
|
||||
self.access_perm = 'xenforo.access_xenforo'
|
||||
|
||||
@property
|
||||
def title(self):
|
||||
@@ -33,11 +34,8 @@ class XenforoService(ServicesHook):
|
||||
if XenforoTasks.has_account(user) and not self.service_active_for_user(user):
|
||||
self.delete_user(user, notify_user=True)
|
||||
|
||||
def service_enabled_members(self):
|
||||
return settings.ENABLE_AUTH_XENFORO or False
|
||||
|
||||
def service_enabled_blues(self):
|
||||
return settings.ENABLE_BLUE_XENFORO or False
|
||||
def service_active_for_user(self, user):
|
||||
return user.has_perm(self.access_perm)
|
||||
|
||||
def render_services_ctrl(self, request):
|
||||
urls = self.Urls()
|
||||
|
||||
@@ -0,0 +1,61 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.10.5 on 2017-02-02 05:59
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
from django.contrib.auth.management import create_permissions
|
||||
|
||||
import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def migrate_service_enabled(apps, schema_editor):
|
||||
for app_config in apps.get_app_configs():
|
||||
app_config.models_module = True
|
||||
create_permissions(app_config, apps=apps, verbosity=0)
|
||||
app_config.models_module = None
|
||||
|
||||
Group = apps.get_model("auth", "Group")
|
||||
Permission = apps.get_model("auth", "Permission")
|
||||
XenforoUser = apps.get_model("xenforo", "XenforoUser")
|
||||
|
||||
perm = Permission.objects.get(codename='access_xenforo')
|
||||
|
||||
member_group_name = getattr(settings, str('DEFAULT_AUTH_GROUP'), 'Member')
|
||||
blue_group_name = getattr(settings, str('DEFAULT_BLUE_GROUP'), 'Blue')
|
||||
|
||||
# Migrate members
|
||||
if XenforoUser.objects.filter(user__groups__name=member_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_AUTH_XENFORO'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=member_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_AUTH_XENFORO setting')
|
||||
|
||||
# Migrate blues
|
||||
if XenforoUser.objects.filter(user__groups__name=blue_group_name).exists() or \
|
||||
getattr(settings, str('ENABLE_BLUE_XENFORO'), False):
|
||||
try:
|
||||
group = Group.objects.get(name=blue_group_name)
|
||||
group.permissions.add(perm)
|
||||
except ObjectDoesNotExist:
|
||||
logger.warning('Failed to migrate ENABLE_BLUE_XENFORO setting')
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('xenforo', '0001_initial'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='xenforouser',
|
||||
options={'permissions': (('access_xenforo', 'Can access the XenForo service'),)},
|
||||
),
|
||||
migrations.RunPython(migrate_service_enabled),
|
||||
]
|
||||
@@ -13,3 +13,8 @@ class XenforoUser(models.Model):
|
||||
|
||||
def __str__(self):
|
||||
return self.username
|
||||
|
||||
class Meta:
|
||||
permissions = (
|
||||
("access_xenforo", u"Can access the XenForo service"),
|
||||
)
|
||||
|
||||
@@ -36,11 +36,5 @@ class XenforoTasks:
|
||||
|
||||
@classmethod
|
||||
def disable(cls):
|
||||
if settings.ENABLE_AUTH_XENFORO:
|
||||
logger.warn(
|
||||
"ENABLE_AUTH_XENFORO still True, after disabling users will still be able to link XenForo accounts")
|
||||
if settings.ENABLE_BLUE_XENFORO:
|
||||
logger.warn(
|
||||
"ENABLE_BLUE_XENFORO still True, after disabling blues will still be able to link XenForo accounts")
|
||||
logger.debug("Deleting ALL XenForo users")
|
||||
XenforoUser.objects.all().delete()
|
||||
|
||||
@@ -10,7 +10,7 @@ except ImportError:
|
||||
from django.test import TestCase, RequestFactory
|
||||
from django.conf import settings
|
||||
from django import urls
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.auth.models import User, Group, Permission
|
||||
from django.core.exceptions import ObjectDoesNotExist
|
||||
|
||||
from alliance_auth.tests.auth_utils import AuthUtils
|
||||
@@ -22,6 +22,13 @@ from .tasks import XenforoTasks
|
||||
MODULE_PATH = 'services.modules.xenforo'
|
||||
|
||||
|
||||
def add_permissions():
|
||||
permission = Permission.objects.get(codename='access_xenforo')
|
||||
members = Group.objects.get(name=settings.DEFAULT_AUTH_GROUP)
|
||||
blues = Group.objects.get(name=settings.DEFAULT_BLUE_GROUP)
|
||||
AuthUtils.add_permissions_to_groups([permission], [members, blues])
|
||||
|
||||
|
||||
class XenforoHooksTestCase(TestCase):
|
||||
def setUp(self):
|
||||
self.member = 'member_user'
|
||||
@@ -33,6 +40,7 @@ class XenforoHooksTestCase(TestCase):
|
||||
self.none_user = 'none_user'
|
||||
none_user = AuthUtils.create_user(self.none_user)
|
||||
self.service = XenforoService
|
||||
add_permissions()
|
||||
|
||||
def test_has_account(self):
|
||||
member = User.objects.get(username=self.member)
|
||||
@@ -47,11 +55,9 @@ class XenforoHooksTestCase(TestCase):
|
||||
member = User.objects.get(username=self.member)
|
||||
blue = User.objects.get(username=self.blue)
|
||||
none_user = User.objects.get(username=self.none_user)
|
||||
self.assertTrue(service.service_enabled_members())
|
||||
self.assertTrue(service.service_enabled_blues())
|
||||
|
||||
self.assertEqual(service.service_active_for_user(member), settings.ENABLE_AUTH_XENFORO)
|
||||
self.assertEqual(service.service_active_for_user(blue), settings.ENABLE_BLUE_XENFORO)
|
||||
self.assertTrue(service.service_active_for_user(member))
|
||||
self.assertTrue(service.service_active_for_user(blue))
|
||||
self.assertFalse(service.service_active_for_user(none_user))
|
||||
|
||||
@mock.patch(MODULE_PATH + '.tasks.XenForoManager')
|
||||
@@ -112,6 +118,7 @@ class XenforoViewsTestCase(TestCase):
|
||||
self.member.email = 'auth_member@example.com'
|
||||
self.member.save()
|
||||
AuthUtils.add_main_character(self.member, 'auth_member', '12345', corp_id='111', corp_name='Test Corporation')
|
||||
add_permissions()
|
||||
|
||||
def login(self):
|
||||
self.client.login(username=self.member.username, password='password')
|
||||
|
||||
@@ -3,10 +3,9 @@ from __future__ import unicode_literals
|
||||
import logging
|
||||
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.contrib.auth.decorators import login_required, permission_required
|
||||
from django.shortcuts import render, redirect
|
||||
|
||||
from authentication.decorators import members_and_blues
|
||||
from eveonline.managers import EveManager
|
||||
from services.forms import ServicePasswordForm
|
||||
from .manager import XenForoManager
|
||||
@@ -15,8 +14,11 @@ from .tasks import XenforoTasks
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
ACCESS_PERM = 'xenforo.access_xenforo'
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def activate_xenforo_forum(request):
|
||||
logger.debug("activate_xenforo_forum called by user %s" % request.user)
|
||||
character = EveManager.get_main_character(request.user)
|
||||
@@ -41,7 +43,7 @@ def activate_xenforo_forum(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def deactivate_xenforo_forum(request):
|
||||
logger.debug("deactivate_xenforo_forum called by user %s" % request.user)
|
||||
if XenforoTasks.delete_user(request.user):
|
||||
@@ -53,7 +55,7 @@ def deactivate_xenforo_forum(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def reset_xenforo_password(request):
|
||||
logger.debug("reset_xenforo_password called by user %s" % request.user)
|
||||
if XenforoTasks.has_account(request.user):
|
||||
@@ -74,7 +76,7 @@ def reset_xenforo_password(request):
|
||||
|
||||
|
||||
@login_required
|
||||
@members_and_blues()
|
||||
@permission_required(ACCESS_PERM)
|
||||
def set_xenforo_password(request):
|
||||
logger.debug("set_xenforo_password called by user %s" % request.user)
|
||||
if request.method == 'POST':
|
||||
|
||||
Reference in New Issue
Block a user