From a62daad87bf19d10718676e23bb9268101a2d008 Mon Sep 17 00:00:00 2001 From: Real-Gecko Date: Wed, 27 May 2020 18:46:37 +0600 Subject: [PATCH] Added change password permission Replaces SHOW_PROFILE_EDIT_PASSWORD option Can be set on per user or per group basis --- accounts/migrations/0003_permissionset.py | 24 +++++++++ .../migrations/0004_apply_change_password.py | 25 ++++++++++ accounts/models.py | 50 +++++++++++++++---- accounts/templates/profile.html | 2 +- accounts/views.py | 1 - webvirtcloud/settings.py.template | 1 - 6 files changed, 90 insertions(+), 13 deletions(-) create mode 100644 accounts/migrations/0003_permissionset.py create mode 100644 accounts/migrations/0004_apply_change_password.py diff --git a/accounts/migrations/0003_permissionset.py b/accounts/migrations/0003_permissionset.py new file mode 100644 index 0000000..d7cf465 --- /dev/null +++ b/accounts/migrations/0003_permissionset.py @@ -0,0 +1,24 @@ +# Generated by Django 2.2.12 on 2020-05-27 12:29 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('accounts', '0002_addAdmin'), + ] + + operations = [ + migrations.CreateModel( + name='PermissionSet', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ], + options={ + 'permissions': (('change_password', 'Can change password'),), + 'managed': False, + 'default_permissions': (), + }, + ), + ] diff --git a/accounts/migrations/0004_apply_change_password.py b/accounts/migrations/0004_apply_change_password.py new file mode 100644 index 0000000..f313b7e --- /dev/null +++ b/accounts/migrations/0004_apply_change_password.py @@ -0,0 +1,25 @@ +from django.db import migrations + + +def apply_change_password(apps, schema_editor): + from django.conf import settings + from django.contrib.auth.models import User, Permission + + if hasattr(settings, 'SHOW_PROFILE_EDIT_PASSWORD'): + if settings.SHOW_PROFILE_EDIT_PASSWORD: + permission = Permission.objects.get(codename='change_password') + users = User.objects.all() + user: User + for user in users: + user.user_permissions.add(permission) + + +class Migration(migrations.Migration): + + dependencies = [ + ('accounts', '0003_permissionset'), + ] + + operations = [ + migrations.RunPython(apply_change_password), + ] diff --git a/accounts/models.py b/accounts/models.py index 77cf81a..97a6740 100644 --- a/accounts/models.py +++ b/accounts/models.py @@ -1,10 +1,11 @@ -from django.db.models import Model, BooleanField, IntegerField, CharField -from django.db.models import ForeignKey, OneToOneField -from django.db.models import CASCADE, DO_NOTHING -from django.contrib.auth.models import User from django.conf import settings -from instances.models import Instance +from django.contrib.auth.models import User from django.core.validators import MinValueValidator +from django.db.models import (CASCADE, DO_NOTHING, BooleanField, CharField, + ForeignKey, IntegerField, Model, OneToOneField) +from django.utils.translation import ugettext_lazy as _ + +from instances.models import Instance class UserInstance(Model): @@ -30,10 +31,26 @@ class UserSSHKey(Model): class UserAttributes(Model): user = OneToOneField(User, on_delete=CASCADE) can_clone_instances = BooleanField(default=True) - max_instances = IntegerField(default=1, help_text="-1 for unlimited. Any integer value", validators=[MinValueValidator(-1), ]) - max_cpus = IntegerField(default=1, help_text="-1 for unlimited. Any integer value", validators=[MinValueValidator(-1)]) - max_memory = IntegerField(default=2048, help_text="-1 for unlimited. Any integer value", validators=[MinValueValidator(-1)]) - max_disk_size = IntegerField(default=20, help_text="-1 for unlimited. Any integer value", validators=[MinValueValidator(-1)]) + max_instances = IntegerField(default=1, + help_text="-1 for unlimited. Any integer value", + validators=[ + MinValueValidator(-1), + ]) + max_cpus = IntegerField( + default=1, + help_text="-1 for unlimited. Any integer value", + validators=[MinValueValidator(-1)], + ) + max_memory = IntegerField( + default=2048, + help_text="-1 for unlimited. Any integer value", + validators=[MinValueValidator(-1)], + ) + max_disk_size = IntegerField( + default=20, + help_text="-1 for unlimited. Any integer value", + validators=[MinValueValidator(-1)], + ) @staticmethod def create_missing_userattributes(user): @@ -51,7 +68,7 @@ class UserAttributes(Model): instance = Instance.objects.get(name=instance_name) user_instance = UserInstance(user=user, instance=instance) user_instance.save() - + @staticmethod def configure_user(user): UserAttributes.create_missing_userattributes(user) @@ -59,3 +76,16 @@ class UserAttributes(Model): def __unicode__(self): return self.user.username + + +class PermissionSet(Model): + """ + Dummy model for holding set of permissions we need to be automatically added by Django + """ + class Meta: + default_permissions = () + permissions = ( + ('change_password', _('Can change password')), + ) + + managed = False diff --git a/accounts/templates/profile.html b/accounts/templates/profile.html index d2213b4..e5888ff 100644 --- a/accounts/templates/profile.html +++ b/accounts/templates/profile.html @@ -41,7 +41,7 @@ - {% if show_profile_edit_password %} + {% if perms.accounts.change_password %}
{% csrf_token %}
diff --git a/accounts/views.py b/accounts/views.py index 0664741..9a58e03 100644 --- a/accounts/views.py +++ b/accounts/views.py @@ -20,7 +20,6 @@ def profile(request): error_messages = [] # user = User.objects.get(id=request.user.id) publickeys = UserSSHKey.objects.filter(user_id=request.user.id) - show_profile_edit_password = settings.SHOW_PROFILE_EDIT_PASSWORD if request.method == 'POST': if 'username' in request.POST: diff --git a/webvirtcloud/settings.py.template b/webvirtcloud/settings.py.template index 339fcba..e6d57e7 100644 --- a/webvirtcloud/settings.py.template +++ b/webvirtcloud/settings.py.template @@ -171,7 +171,6 @@ QUOTA_DEBUG = True ALLOW_EMPTY_PASSWORD = True SHOW_ACCESS_ROOT_PASSWORD = False SHOW_ACCESS_SSH_KEYS = False -SHOW_PROFILE_EDIT_PASSWORD = False # available list style: default (grouped), nongrouped VIEW_INSTANCES_LIST_STYLE = 'grouped'