coip/apps/userprofile/models.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

'''
Created on Jul 5, 2010

@author: leifj
'''
from django.db import models
from django.contrib.auth.models import User
from django.dispatch.dispatcher import receiver
from django.db.models.signals import post_save
from coip.apps.name.models import Name, lookup
from coip.apps.membership.models import add_member

class UserProfile(models.Model):
    
    INTERNAL = 0
    ENTITY = 1
    SSHKEY = 2
    GRIDCERT = 3
    FEDID = 4
    
    #
    # User content
    # 0 (internal) - normal
    # 1 (entity)   - username=entity:sha1(entityID), profile.display_name = display or entityID, profile.identifier = ssh key
    # 2 (sshkey)   - username=sshkey:fingerprint, profile.display_name = key alias or "SSH Key with fingerprint ..."
    # 3 (gridcert) - username=x509:sha1-fingerprint, profile.display_name = dn, profile.identifier = PEM
    # 4 (fedid)    - username=eppn or equiv (REMOTE_USER),profile.display_name = display or eppn, profile.identifier = eppn, profile.authority = idp
    #
    
    user = models.OneToOneField(User)
    home = models.ForeignKey(Name,blank=True,null=True)
    display_name = models.CharField(max_length=255,blank=True,null=True)
    type = models.SmallIntegerField(choices=((ENTITY,"Connected Service"),
                                             (INTERNAL,"System User"),
                                             (SSHKEY,"SSH Key"),
                                             (GRIDCERT,"eScience Certificate"),
                                             (FEDID,"User Identity")))
    
    authority = models.CharField(max_length=255,blank=True,null=True)
    identifier = models.CharField(max_length=1023,blank=True,null=True)
    
    timecreated = models.DateTimeField(auto_now_add=True)
    lastupdated = models.DateTimeField(auto_now=True)
    
    def __unicode__(self):
        return "%s [%s] - %s" % (self.identifier,self.user.username,self.display_name)

def import_sshkey(keyfile):
    fingerprint = "xxx"
    user = User.objects.get_or_create(username="sshkey:%s" % fingerprint)

def home_name(user,short=None,autocreate=False):
    if short == None:
        short = user.username
    urn = lookup("urn",True)
    anyuser = lookup("system:anyuser",True)
    urn.setacl(anyuser,'rl')
    
    home = lookup('user:'+user.username,autocreate=autocreate)
    add_member(home,user,hidden=True)
    home.setpacl(home, "rwlida")
    home.setacl(home,"rwlia") #don't allow users to delete or reset acls on their home, nor invite members - that would be confusing as hell
    home.short = short
    home.save()
    
    return home

@receiver(post_save,sender=User)
def _create_profile(sender,**kwargs):
    user = kwargs['instance']
    profile,created = UserProfile.objects.get_or_create(user=user)
    if profile.home == None:
        profile.home = home_name(user,autocreate=True)
        profile.save()