From 5a03fdf84147a611407d4b6f290508e4a2e0a885 Mon Sep 17 00:00:00 2001 From: Michael DeHaan Date: Fri, 22 Mar 2013 11:35:26 -0400 Subject: [PATCH] Simplify user model by just using the Django user object. --- lib/main/admin.py | 7 ------- lib/main/models/__init__.py | 26 +++++++------------------- lib/main/rbac.py | 5 +---- lib/main/serializers.py | 8 ++++---- lib/main/tests.py | 21 +++++++++------------ lib/main/views.py | 27 ++++++++++++++------------- 6 files changed, 35 insertions(+), 59 deletions(-) diff --git a/lib/main/admin.py b/lib/main/admin.py index 801660d580..907df628e9 100644 --- a/lib/main/admin.py +++ b/lib/main/admin.py @@ -21,7 +21,6 @@ class AuditTrailAdmin(admin.ModelAdmin): list_display = ('name', 'description', 'active') filter_horizontal = ('tags',) - class HostAdmin(admin.ModelAdmin): list_display = ('name', 'description', 'active') @@ -37,11 +36,6 @@ class VariableDataAdmin(admin.ModelAdmin): list_display = ('name', 'description', 'active') filter_horizontal = ('tags',) -class UserAdmin(admin.ModelAdmin): - - list_display = ('name', 'description', 'active') - filter_horizontal = ('tags',) - class CredentialAdmin(admin.ModelAdmin): list_display = ('name', 'description', 'active') @@ -81,7 +75,6 @@ admin.site.register(AuditTrail, AuditTrailAdmin) admin.site.register(Host, HostAdmin) admin.site.register(Group, GroupAdmin) admin.site.register(VariableData, VariableDataAdmin) -admin.site.register(User, UserAdmin) admin.site.register(Team, TeamAdmin) admin.site.register(Project, ProjectAdmin) admin.site.register(Credential, CredentialAdmin) diff --git a/lib/main/models/__init__.py b/lib/main/models/__init__.py index fc4e94d7f2..4f7f98a2ec 100644 --- a/lib/main/models/__init__.py +++ b/lib/main/models/__init__.py @@ -47,7 +47,7 @@ class AuditTrail(CommonModel): app_label = 'main' resource_type = models.CharField(max_length=64) - modified_by = models.ForeignKey('User', on_delete=SET_NULL, null=True, blank=True) + modified_by = models.ForeignKey('auth.User', on_delete=SET_NULL, null=True, blank=True) delta = models.TextField() # FIXME: switch to JSONField detail = models.TextField() comment = models.TextField() @@ -63,8 +63,8 @@ class Organization(CommonModel): class Meta: app_label = 'main' - users = models.ManyToManyField('User', blank=True, related_name='organizations') - admins = models.ManyToManyField('User', blank=True, related_name='admin_of_organizations') + users = models.ManyToManyField('auth.User', blank=True, related_name='organizations') + admins = models.ManyToManyField('auth.User', blank=True, related_name='admin_of_organizations') projects = models.ManyToManyField('Project', blank=True, related_name='organizations') def get_absolute_url(self): @@ -120,18 +120,6 @@ class VariableData(CommonModel): group = models.ForeignKey('Group', null=True, default=None, blank=True, on_delete=CASCADE, related_name='variable_data') data = models.TextField() # FIXME: JsonField -class User(CommonModel): - ''' - Basic user class - ''' - - class Meta: - app_label = 'main' - - # FIXME: how to integrate with Django auth? - - auth_user = models.OneToOneField('auth.User', related_name='application_user') - class Credential(CommonModel): ''' A credential contains information about how to talk to a remote set of hosts @@ -142,7 +130,7 @@ class Credential(CommonModel): class Meta: app_label = 'main' - user = models.ForeignKey('User', null=True, default=None, blank=True, on_delete=SET_NULL, related_name='credentials') + user = models.ForeignKey('auth.User', null=True, default=None, blank=True, on_delete=SET_NULL, related_name='credentials') project = models.ForeignKey('Project', null=True, default=None, blank=True, on_delete=SET_NULL, related_name='credentials') team = models.ForeignKey('Team', null=True, default=None, blank=True, on_delete=SET_NULL, related_name='credentials') @@ -162,7 +150,7 @@ class Team(CommonModel): app_label = 'main' projects = models.ManyToManyField('Project', blank=True, related_name='teams') - users = models.ManyToManyField('User', blank=True, related_name='teams') + users = models.ManyToManyField('auth.User', blank=True, related_name='teams') organization = models.ManyToManyField('Organization', related_name='teams') class Project(CommonModel): @@ -187,7 +175,7 @@ class Permission(CommonModel): class Meta: app_label = 'main' - user = models.ForeignKey('User', null=True, on_delete=SET_NULL, blank=True, related_name='permissions') + user = models.ForeignKey('auth.User', null=True, on_delete=SET_NULL, blank=True, related_name='permissions') project = models.ForeignKey('Project', null=True, on_delete=SET_NULL, blank=True, related_name='permissions') team = models.ForeignKey('Team', null=True, on_delete=SET_NULL, blank=True, related_name='permissions') job_type = models.CharField(max_length=64) @@ -205,7 +193,7 @@ class LaunchJob(CommonModel): inventory = models.ForeignKey('Inventory', on_delete=SET_NULL, null=True, default=None, blank=True, related_name='launch_jobs') credential = models.ForeignKey('Credential', on_delete=SET_NULL, null=True, default=None, blank=True, related_name='launch_jobs') project = models.ForeignKey('Project', on_delete=SET_NULL, null=True, default=None, blank=True, related_name='launch_jobs') - user = models.ForeignKey('User', on_delete=SET_NULL, null=True, default=None, blank=True, related_name='launch_jobs') + user = models.ForeignKey('auth.User', on_delete=SET_NULL, null=True, default=None, blank=True, related_name='launch_jobs') job_type = models.CharField(max_length=64) diff --git a/lib/main/rbac.py b/lib/main/rbac.py index 39052944cb..1452dd29c6 100644 --- a/lib/main/rbac.py +++ b/lib/main/rbac.py @@ -18,10 +18,7 @@ class CustomRbac(permissions.BasePermission): if request.user.is_superuser: return True # other users must have associated acom user records & be active - acom_user = User.objects.filter(auth_user = request.user) - if len(acom_user) != 1: - raise PermissionDenied() - if not acom_user[0].active: + if not request.user.is_active: raise PermissionDenied() return True diff --git a/lib/main/serializers.py b/lib/main/serializers.py index 468d2968d9..b0a4a9fa73 100644 --- a/lib/main/serializers.py +++ b/lib/main/serializers.py @@ -1,4 +1,4 @@ -from django.contrib.auth.models import User as DjangoUser +from django.contrib.auth.models import User from lib.main.models import * from rest_framework import serializers, pagination from django.core.urlresolvers import reverse @@ -70,11 +70,11 @@ class UserSerializer(BaseSerializer): class Meta: model = User - # FIXME: do we want 'auth_user' exposed here? - fields = ('url', 'id', 'name', 'description', 'comment', 'creation_date', 'auth_user') + # FIXME: make sure is_active is and is_superuser is read only + fields = ('url', 'id', 'username', 'first_name', 'last_name', 'email', 'is_active', 'is_superuser') def get_related(self, obj): - # FIXME: add the related django auth user? + # FIXME: add related lookups? return dict() class TagSerializer(BaseSerializer): diff --git a/lib/main/tests.py b/lib/main/tests.py index 94131de23a..7d3346b3f9 100644 --- a/lib/main/tests.py +++ b/lib/main/tests.py @@ -14,8 +14,7 @@ import json from django.contrib.auth.models import User as DjangoUser import django.test from django.test.client import Client - -from lib.main.models import User, Organization, Project +from lib.main.models import * class BaseTest(django.test.TestCase): @@ -25,8 +24,7 @@ class BaseTest(django.test.TestCase): django_user = DjangoUser.objects.create_superuser(username, "%s@example.com", password) else: django_user = DjangoUser.objects.create_user(username, "%s@example.com", password) - acom_user = User.objects.create(name=username, auth_user=django_user) - return (django_user, acom_user) + return django_user def make_organizations(self, count=1): results = [] @@ -41,7 +39,6 @@ class BaseTest(django.test.TestCase): return results def check_pagination_and_size(self, data, desired_count, previous=None, next=None): - self.assertEquals(data['count'], desired_count) self.assertEquals(data['previous'], previous) self.assertEquals(data['next'], next) @@ -54,9 +51,9 @@ class BaseTest(django.test.TestCase): self.other_username = 'other' self.other_password = 'other' - (self.super_django_user, self.super_acom_user) = self.make_user(self.super_username, self.super_password, super_user=True) - (self.normal_django_user, self.normal_acom_user) = self.make_user(self.normal_username, self.normal_password, super_user=False) - (self.other_django_user, self.other_acom_user) = self.make_user(self.other_username, self.other_password, super_user=False) + self.super_django_user = self.make_user(self.super_username, self.super_password, super_user=True) + self.normal_django_user = self.make_user(self.normal_username, self.normal_password, super_user=False) + self.other_django_user = self.make_user(self.other_username, self.other_password, super_user=False) def get_super_credentials(self): return (self.super_username, self.super_password) @@ -145,11 +142,11 @@ class OrganizationsTest(BaseTest): for x in self.organizations: # NOTE: superuser does not have to be explicitly added to admin group - # x.admins.add(self.super_acom_user) - x.users.add(self.super_acom_user) + # x.admins.add(self.super_django_user) + x.users.add(self.super_django_user) - self.organizations[0].users.add(self.normal_acom_user) - self.organizations[1].admins.add(self.normal_acom_user) + self.organizations[0].users.add(self.normal_django_user) + self.organizations[1].admins.add(self.normal_django_user) def test_get_list(self): diff --git a/lib/main/views.py b/lib/main/views.py index 285f7cd04c..9eab2ad9e6 100644 --- a/lib/main/views.py +++ b/lib/main/views.py @@ -1,6 +1,7 @@ from django.http import HttpResponse from django.views.decorators.csrf import csrf_exempt from lib.main.models import * +from django.contrib.auth.models import User from lib.main.serializers import * from lib.main.rbac import * from django.core.exceptions import PermissionDenied @@ -55,9 +56,9 @@ class OrganizationsList(BaseList): if self.request.user.is_superuser: return Organization.objects.all() return Organization.objects.filter( - admins__in = [ self.request.user.application_user ] + admins__in = [ self.request.user ] ).distinct() | Organization.objects.filter( - users__in = [ self.request.user.application_user ] + users__in = [ self.request.user ] ).distinct() class OrganizationsDetail(BaseDetail): @@ -71,8 +72,8 @@ class OrganizationsDetail(BaseDetail): # obj.owner = self.request.user def item_permissions_check(self, request, obj): - is_admin = request.user.application_user in obj.admins.all() - is_user = request.user.application_user in obj.users.all() + is_admin = request.user in obj.admins.all() + is_user = request.user in obj.users.all() if request.method == 'GET': return is_admin or is_user @@ -81,7 +82,7 @@ class OrganizationsDetail(BaseDetail): return False def delete_permissions_check(self, request, obj): - return request.user.application_user in obj.admins.all() + return request.user in obj.admins.all() class OrganizationsAuditTrailList(BaseList): @@ -104,11 +105,11 @@ class OrganizationsUsersList(BaseList): def _get_queryset(self): # FIXME: - base = Users.objects.all(organizations__pk__in = [ self.kwargs.get('pk') ]) + base = User.objects.all(organizations__pk__in = [ self.kwargs.get('pk') ]) if self.request.user.is_superuser: return base.all() return base.objects.filter( - organizations__organization__admins__in = [ self.request.user.application_user ] + organizations__organization__admins__in = [ self.request.user ] ).distinct() @@ -130,7 +131,7 @@ class OrganizationsAdminsList(BaseList): if self.request.user.is_superuser: return base.all() return base.filter( - organizations__organization__admins__in = [ self.request.user.application_user ] + organizations__organization__admins__in = [ self.request.user ] ).distinct() @@ -150,9 +151,9 @@ class OrganizationsProjectsList(BaseList): if self.request.user.is_superuser: return base.all() return base.filter( - organizations__admins__in = [ self.request.user.application_user ] + organizations__admins__in = [ self.request.user ] ).distinct() | base.filter( - teams__users__in = [ self.request.user.application_user ] + teams__users__in = [ self.request.user ] ).distinct() def post(self, request, *args, **kwargs): @@ -187,8 +188,8 @@ class ProjectsDetail(BaseDetail): raise exceptions.NotImplementedError() - #is_admin = request.user.application_user in obj.admins.all() - #is_user = request.user.application_user in obj.users.all() + #is_admin = request.user in obj.admins.all() + #is_user = request.user in obj.users.all() # #if request.method == 'GET': # return is_admin or is_user @@ -199,5 +200,5 @@ class ProjectsDetail(BaseDetail): def delete_permissions_check(self, request, obj): # FIXME: logic TBD raise exceptions.NotImplementedError() - #return request.user.application_user in obj.admins.all() + #return request.user in obj.admins.all()