Simplify user model by just using the Django user object.

lib/main/admin.py

@@ -21,7 +21,6 @@ class AuditTrailAdmin(admin.ModelAdmin):
     list_display = ('name', 'description', 'active')
     filter_horizontal = ('tags',)
     
-
 class HostAdmin(admin.ModelAdmin):
 
     list_display = ('name', 'description', 'active')
@@ -37,11 +36,6 @@ class VariableDataAdmin(admin.ModelAdmin):
     list_display = ('name', 'description', 'active')
     filter_horizontal = ('tags',)
 
-class UserAdmin(admin.ModelAdmin):
-
-    list_display = ('name', 'description', 'active')
-    filter_horizontal = ('tags',)
-
 class CredentialAdmin(admin.ModelAdmin):
 
     list_display = ('name', 'description', 'active')
@@ -81,7 +75,6 @@ admin.site.register(AuditTrail, AuditTrailAdmin)
 admin.site.register(Host, HostAdmin)
 admin.site.register(Group, GroupAdmin)
 admin.site.register(VariableData, VariableDataAdmin)
-admin.site.register(User, UserAdmin)
 admin.site.register(Team, TeamAdmin)
 admin.site.register(Project, ProjectAdmin)
 admin.site.register(Credential, CredentialAdmin)

lib/main/models/__init__.py

@@ -47,7 +47,7 @@ class AuditTrail(CommonModel):
         app_label = 'main'
  
     resource_type = models.CharField(max_length=64)
-    modified_by   = models.ForeignKey('User', on_delete=SET_NULL, null=True, blank=True)
+    modified_by   = models.ForeignKey('auth.User', on_delete=SET_NULL, null=True, blank=True)
     delta         = models.TextField() # FIXME: switch to JSONField
     detail        = models.TextField()
     comment       = models.TextField()
@@ -63,8 +63,8 @@ class Organization(CommonModel):
     class Meta:
         app_label = 'main'
 
-    users    = models.ManyToManyField('User', blank=True, related_name='organizations')
+    users    = models.ManyToManyField('auth.User', blank=True, related_name='organizations')
-    admins   = models.ManyToManyField('User', blank=True, related_name='admin_of_organizations')
+    admins   = models.ManyToManyField('auth.User', blank=True, related_name='admin_of_organizations')
     projects = models.ManyToManyField('Project', blank=True, related_name='organizations')
 
     def get_absolute_url(self):
@@ -120,18 +120,6 @@ class VariableData(CommonModel):
     group = models.ForeignKey('Group', null=True, default=None, blank=True, on_delete=CASCADE, related_name='variable_data')
     data  = models.TextField() # FIXME: JsonField
 
-class User(CommonModel):
-    '''
-    Basic user class
-    '''
-    
-    class Meta:
-        app_label = 'main'
-
-    # FIXME: how to integrate with Django auth?
-
-    auth_user     = models.OneToOneField('auth.User', related_name='application_user')
-
 class Credential(CommonModel):
     '''
     A credential contains information about how to talk to a remote set of hosts
@@ -142,7 +130,7 @@ class Credential(CommonModel):
     class Meta:
         app_label = 'main'
 
-    user            = models.ForeignKey('User', null=True, default=None, blank=True, on_delete=SET_NULL, related_name='credentials')
+    user            = models.ForeignKey('auth.User', null=True, default=None, blank=True, on_delete=SET_NULL, related_name='credentials')
     project         = models.ForeignKey('Project', null=True, default=None, blank=True, on_delete=SET_NULL, related_name='credentials')
     team            = models.ForeignKey('Team', null=True, default=None, blank=True, on_delete=SET_NULL, related_name='credentials')
 
@@ -162,7 +150,7 @@ class Team(CommonModel):
         app_label = 'main'
     
     projects        = models.ManyToManyField('Project', blank=True, related_name='teams')
-    users           = models.ManyToManyField('User', blank=True, related_name='teams')
+    users           = models.ManyToManyField('auth.User', blank=True, related_name='teams')
     organization    = models.ManyToManyField('Organization', related_name='teams')
 
 class Project(CommonModel):
@@ -187,7 +175,7 @@ class Permission(CommonModel):
     class Meta:
         app_label = 'main'
 
-    user            = models.ForeignKey('User', null=True, on_delete=SET_NULL, blank=True, related_name='permissions')
+    user            = models.ForeignKey('auth.User', null=True, on_delete=SET_NULL, blank=True, related_name='permissions')
     project         = models.ForeignKey('Project', null=True, on_delete=SET_NULL, blank=True, related_name='permissions')
     team            = models.ForeignKey('Team', null=True, on_delete=SET_NULL, blank=True, related_name='permissions')
     job_type        = models.CharField(max_length=64)
@@ -205,7 +193,7 @@ class LaunchJob(CommonModel):
     inventory      = models.ForeignKey('Inventory', on_delete=SET_NULL, null=True, default=None, blank=True, related_name='launch_jobs')
     credential     = models.ForeignKey('Credential', on_delete=SET_NULL, null=True, default=None, blank=True, related_name='launch_jobs')
     project        = models.ForeignKey('Project', on_delete=SET_NULL, null=True, default=None, blank=True, related_name='launch_jobs')
-    user           = models.ForeignKey('User', on_delete=SET_NULL, null=True, default=None, blank=True, related_name='launch_jobs')
+    user           = models.ForeignKey('auth.User', on_delete=SET_NULL, null=True, default=None, blank=True, related_name='launch_jobs')
     job_type       = models.CharField(max_length=64)
     
  

lib/main/rbac.py

@@ -18,10 +18,7 @@ class CustomRbac(permissions.BasePermission):
         if request.user.is_superuser:
             return True
         # other users must have associated acom user records & be active
-        acom_user = User.objects.filter(auth_user = request.user)
+        if not request.user.is_active:
-        if len(acom_user) != 1:
-            raise PermissionDenied()
-        if not acom_user[0].active:
             raise PermissionDenied()
         return True
 

lib/main/serializers.py

@@ -1,4 +1,4 @@
-from django.contrib.auth.models import User as DjangoUser
+from django.contrib.auth.models import User
 from lib.main.models import *
 from rest_framework import serializers, pagination
 from django.core.urlresolvers import reverse
@@ -70,11 +70,11 @@ class UserSerializer(BaseSerializer):
     
     class Meta:
         model = User
-        # FIXME: do we want 'auth_user' exposed here?
+        # FIXME: make sure is_active is and is_superuser is read only
-        fields = ('url', 'id', 'name', 'description', 'comment', 'creation_date', 'auth_user')
+        fields = ('url', 'id', 'username', 'first_name', 'last_name', 'email', 'is_active', 'is_superuser')
 
     def get_related(self, obj):
-        # FIXME: add the related django auth user?
+        # FIXME: add related lookups?
         return dict()
 
 class TagSerializer(BaseSerializer):

lib/main/tests.py

@@ -14,8 +14,7 @@ import json
 from django.contrib.auth.models import User as DjangoUser
 import django.test
 from django.test.client import Client
-
+from lib.main.models import *
-from lib.main.models import User, Organization, Project 
 
 class BaseTest(django.test.TestCase):
 
@@ -25,8 +24,7 @@ class BaseTest(django.test.TestCase):
             django_user = DjangoUser.objects.create_superuser(username, "%s@example.com", password)
         else:
             django_user = DjangoUser.objects.create_user(username, "%s@example.com", password)
-        acom_user   = User.objects.create(name=username, auth_user=django_user)
+        return django_user
-        return (django_user, acom_user)
 
     def make_organizations(self, count=1):
         results = []
@@ -41,7 +39,6 @@ class BaseTest(django.test.TestCase):
         return results
 
     def check_pagination_and_size(self, data, desired_count, previous=None, next=None):
-        self.assertEquals(data['count'], desired_count)
         self.assertEquals(data['previous'], previous)
         self.assertEquals(data['next'], next)
 
@@ -54,9 +51,9 @@ class BaseTest(django.test.TestCase):
         self.other_username  = 'other'
         self.other_password  = 'other'
 
-        (self.super_django_user,  self.super_acom_user)  = self.make_user(self.super_username,  self.super_password, super_user=True)
+        self.super_django_user  = self.make_user(self.super_username,  self.super_password, super_user=True)
-        (self.normal_django_user, self.normal_acom_user) = self.make_user(self.normal_username, self.normal_password, super_user=False)
+        self.normal_django_user = self.make_user(self.normal_username, self.normal_password, super_user=False)
-        (self.other_django_user,  self.other_acom_user)  = self.make_user(self.other_username,  self.other_password, super_user=False)
+        self.other_django_user  = self.make_user(self.other_username,  self.other_password, super_user=False)
 
     def get_super_credentials(self):
         return (self.super_username, self.super_password)
@@ -145,11 +142,11 @@ class OrganizationsTest(BaseTest):
 
         for x in self.organizations:
             # NOTE: superuser does not have to be explicitly added to admin group
-            # x.admins.add(self.super_acom_user)
+            # x.admins.add(self.super_django_user)
-            x.users.add(self.super_acom_user)
+            x.users.add(self.super_django_user)
  
-        self.organizations[0].users.add(self.normal_acom_user)
+        self.organizations[0].users.add(self.normal_django_user)
-        self.organizations[1].admins.add(self.normal_acom_user)
+        self.organizations[1].admins.add(self.normal_django_user)
 
     def test_get_list(self):
 

lib/main/views.py

@@ -1,6 +1,7 @@
 from django.http import HttpResponse
 from django.views.decorators.csrf import csrf_exempt
 from lib.main.models import *
+from django.contrib.auth.models import User
 from lib.main.serializers import *
 from lib.main.rbac import *
 from django.core.exceptions import PermissionDenied
@@ -55,9 +56,9 @@ class OrganizationsList(BaseList):
         if self.request.user.is_superuser:
             return Organization.objects.all()
         return Organization.objects.filter(
-            admins__in = [ self.request.user.application_user ]
+            admins__in = [ self.request.user ]
         ).distinct() | Organization.objects.filter(
-            users__in = [ self.request.user.application_user ]
+            users__in = [ self.request.user ]
         ).distinct()
 
 class OrganizationsDetail(BaseDetail):
@@ -71,8 +72,8 @@ class OrganizationsDetail(BaseDetail):
     #   obj.owner = self.request.user
 
     def item_permissions_check(self, request, obj):
-        is_admin = request.user.application_user in obj.admins.all() 
+        is_admin = request.user in obj.admins.all() 
-        is_user  = request.user.application_user in obj.users.all()
+        is_user  = request.user in obj.users.all()
         
         if request.method == 'GET':
             return is_admin or is_user
@@ -81,7 +82,7 @@ class OrganizationsDetail(BaseDetail):
         return False
 
     def delete_permissions_check(self, request, obj):
-        return request.user.application_user in obj.admins.all() 
+        return request.user in obj.admins.all() 
 
 class OrganizationsAuditTrailList(BaseList):
 
@@ -104,11 +105,11 @@ class OrganizationsUsersList(BaseList):
 
     def _get_queryset(self):
         # FIXME:
-        base = Users.objects.all(organizations__pk__in = [ self.kwargs.get('pk') ])
+        base = User.objects.all(organizations__pk__in = [ self.kwargs.get('pk') ])
         if self.request.user.is_superuser:
             return base.all()
         return base.objects.filter(
-            organizations__organization__admins__in = [ self.request.user.application_user ]
+            organizations__organization__admins__in = [ self.request.user ]
         ).distinct() 
 
 
@@ -130,7 +131,7 @@ class OrganizationsAdminsList(BaseList):
         if self.request.user.is_superuser:
             return base.all()
         return base.filter(
-            organizations__organization__admins__in = [ self.request.user.application_user ]
+            organizations__organization__admins__in = [ self.request.user ]
         ).distinct() 
 
 
@@ -150,9 +151,9 @@ class OrganizationsProjectsList(BaseList):
         if self.request.user.is_superuser:
             return base.all()
         return base.filter(
-            organizations__admins__in = [ self.request.user.application_user ]
+            organizations__admins__in = [ self.request.user ]
         ).distinct() | base.filter(
-            teams__users__in = [ self.request.user.application_user ]
+            teams__users__in = [ self.request.user ]
         ).distinct()
 
     def post(self, request, *args, **kwargs):
@@ -187,8 +188,8 @@ class ProjectsDetail(BaseDetail):
 
         raise exceptions.NotImplementedError()
 
-        #is_admin = request.user.application_user in obj.admins.all()
+        #is_admin = request.user in obj.admins.all()
-        #is_user  = request.user.application_user in obj.users.all()
+        #is_user  = request.user in obj.users.all()
         #
         #if request.method == 'GET':
         #    return is_admin or is_user
@@ -199,5 +200,5 @@ class ProjectsDetail(BaseDetail):
     def delete_permissions_check(self, request, obj):
         # FIXME: logic TBD
         raise exceptions.NotImplementedError()
-        #return request.user.application_user in obj.admins.all()
+        #return request.user in obj.admins.all()