diff options
| author | Leif Johansson <leifj@sunet.se> | 2011-05-02 14:43:23 +0200 |
|---|---|---|
| committer | Leif Johansson <leifj@sunet.se> | 2011-05-02 14:43:23 +0200 |
| commit | 1c3423d452d0ca1e20dff36ce05c2e35d2894f29 (patch) | |
| tree | dd52ff1e96b185f62bceef6e57f96d7e9bf6c9fe /src/meetingtools/apps | |
| parent | f936e1317c3ba08ab94a39ea99126c9d61337718 (diff) | |
new acl - first version
Diffstat (limited to 'src/meetingtools/apps')
| -rw-r--r-- | src/meetingtools/apps/auth/utils.py | 9 | ||||
| -rw-r--r-- | src/meetingtools/apps/auth/views.py | 72 | ||||
| -rw-r--r-- | src/meetingtools/apps/room/forms.py | 43 | ||||
| -rw-r--r-- | src/meetingtools/apps/room/models.py | 8 | ||||
| -rw-r--r-- | src/meetingtools/apps/room/views.py | 58 |
5 files changed, 132 insertions, 58 deletions
diff --git a/src/meetingtools/apps/auth/utils.py b/src/meetingtools/apps/auth/utils.py index 3a7efe6..1a0174c 100644 --- a/src/meetingtools/apps/auth/utils.py +++ b/src/meetingtools/apps/auth/utils.py @@ -14,13 +14,6 @@ def anonid(): def groups(request): groups = [] if request.user.is_authenticated(): - if request.session and request.session.has_key('entitlement'): - groups = groups + request.session['entitlement'] - - if '@' in request.user.username: - (local,domain) = request.user.username.split('@') - groups.append(domain) - for e in ('member','employee','student'): - groups.append("%s@%s" % (e,domain)) + groups = request.user.groups return groups
\ No newline at end of file diff --git a/src/meetingtools/apps/auth/views.py b/src/meetingtools/apps/auth/views.py index bbeb4be..fe2d97a 100644 --- a/src/meetingtools/apps/auth/views.py +++ b/src/meetingtools/apps/auth/views.py @@ -4,16 +4,18 @@ Created on Jul 5, 2010 @author: leifj ''' from django.http import HttpResponseRedirect -from django.contrib.auth.models import User +from django.contrib.auth.models import User, Group import datetime from django.views.decorators.cache import never_cache import logging from meetingtools.apps.userprofile.models import UserProfile from meetingtools.multiresponse import redirect_to, make_response_dict from meetingtools.apps.room.views import _acc_for_user -from meetingtools.ac import ac_api_client +from meetingtools.ac import ac_api_client, ac_api from django.shortcuts import render_to_response from django.contrib import auth +from django_co_connector.models import co_import_from_request, add_member,\ + remove_member def meta(request,attr): v = request.META.get(attr) @@ -30,15 +32,21 @@ def meta1(request,attr): return None def _localpart(a): + if hasattr(a,'name'): + a = a.name if '@' in a: (lp,dp) = a.split('@') a = lp return a -def _is_member_or_employee(affiliations): +def _is_member_or_employee_old(affiliations): lpa = map(_localpart,affiliations) return 'student' in lpa or 'staff' in lpa or ('member' in lpa and not 'student' in lpa) +def _is_member_or_employee(user): + lpa = map(_localpart,user.groups) + return 'student' in lpa or 'staff' in lpa or ('member' in lpa and not 'student' in lpa) + @never_cache def logout(request): auth.logout(request) @@ -48,6 +56,33 @@ def logout(request): def login(request): return render_to_response('apps/auth/login.html',make_response_dict(request,{'next': request.REQUEST.get("next")})); + +def join_group(group,**kwargs): + user = kwargs['user'] + acc = _acc_for_user(user) + connect_api = ac_api(acc) + + principal = connect_api.find_principal("login", user.username, "user") + if principal: + gp = connect_api.find_group(group.name) + if gp: + connect_api.add_member(principal.get('principal-id'),gp.get('principal-id')) + + +def leave_group(group,**kwargs): + user = kwargs['user'] + acc = _acc_for_user(user) + connect_api = ac_api(acc) + + principal = connect_api.find_principal("login", user.username, "user") + if principal: + gp = connect_api.find_group(group.name) + if gp: + connect_api.remove_member(principal.get('principal-id'),gp.get('principal-id')) + +add_member.connect(join_group,sender=Group) +remove_member.connect(leave_group,sender=Group) + def accounts_login_federated(request): if request.user.is_authenticated(): profile,created = UserProfile.objects.get_or_create(user=request.user) @@ -88,38 +123,33 @@ def accounts_login_federated(request): # Allow auto_now to kick in for the lastupdated field #profile.lastupdated = datetime.datetime.now() profile.save() - - epe = meta(request,'entitlement') - # XXX Do we really need thix? - if epe: - request.session['entitlement'] = epe - - affiliations = meta(request,'affiliation') acc = _acc_for_user(request.user) connect_api = ac_api_client(request, acc) - uid = request.user.username - principal = connect_api.find_or_create_principal("login", uid, "user", + # make sure the principal is created before shooting off + principal = connect_api.find_or_create_principal("login", request.user.username, "user", {'type': "user", 'has-children': "0", 'first-name':fn, 'last-name':ln, 'email':mail, - 'login':uid, - 'ext-login':uid}) + 'login':request.user.username, + 'ext-login':request.user.username}) + + co_import_from_request(request) - member_or_employee = _is_member_or_employee(affiliations) + member_or_employee = _is_member_or_employee(request.user) for gn in ('live-admins','seminar-admins'): group = connect_api.find_builtin(gn) if group: connect_api.add_remove_member(principal.get('principal-id'),group.get('principal-id'),member_or_employee) - (lp,domain) = uid.split('@') - for a in ('student','employee','member'): - affiliation = "%s@%s" % (a,domain) - group = connect_api.find_or_create_principal('name',affiliation,'group',{'type': 'group','has-children':'1','name': affiliation}) - member = affiliation in affiliations - connect_api.add_remove_member(principal.get('principal-id'),group.get('principal-id'),member) + #(lp,domain) = uid.split('@') + #for a in ('student','employee','member'): + # affiliation = "%s@%s" % (a,domain) + # group = connect_api.find_or_create_principal('name',affiliation,'group',{'type': 'group','has-children':'1','name': affiliation}) + # member = affiliation in affiliations + # connect_api.add_remove_member(principal.get('principal-id'),group.get('principal-id'),member) #for e in epe: # group = connect_api.find_or_create_principal('name',e,'group',{'type': 'group','has-children':'1','name': e}) diff --git a/src/meetingtools/apps/room/forms.py b/src/meetingtools/apps/room/forms.py index aef7d8d..a211b2d 100644 --- a/src/meetingtools/apps/room/forms.py +++ b/src/meetingtools/apps/room/forms.py @@ -3,21 +3,42 @@ Created on Feb 1, 2011 @author: leifj ''' -from django.forms.models import ModelForm +from django.forms.models import ModelChoiceField from meetingtools.apps.room.models import Room from django.forms.widgets import Select, TextInput -from django.forms.fields import ChoiceField, BooleanField +from django.forms.fields import BooleanField from django.forms.forms import Form from form_utils.forms import BetterModelForm +from django.contrib.auth.models import Group PUBLIC = 0 PROTECTED = 1 PRIVATE = 2 -class UpdateRoomForm(BetterModelForm): - #protection = ChoiceField(choices=((PUBLIC,'Anyone can enter the room.'), - # (PROTECTED,'Only group members and accepted guests can enter the room.'), - # (PRIVATE,'Only group members can enter.'))) +class ModifyRoomForm(BetterModelForm): + class Meta: + model = Room + fields = ['name','source_sco_id','self_cleaning'] + fieldsets = [('name',{'fields': ['name'], + 'classes': ['step'], + 'legend': 'Step 1: Room name', + 'description': 'The room name should be short and descriptive.' + }), + ('properties',{'fields': ['self_cleaning','urlpath','source_sco_id'], + 'classes': ['step'], + 'legend': 'Step 2: Room properties', + 'description': 'These are basic properties for your room. If you set your room to be self-cleaning it will be reset every time the last participant leaves the room.'}), + ] + widgets = {'source_sco_id': Select(), + 'urlpath': TextInput(attrs={'size': '40'}), + 'name': TextInput(attrs={'size': '40'})} + + +class CreateRoomForm(BetterModelForm): + + participants = ModelChoiceField(Group,required=False) + presenters = ModelChoiceField(Group,required=False) + hosts = ModelChoiceField(Group,required=False) class Meta: model = Room @@ -34,15 +55,11 @@ class UpdateRoomForm(BetterModelForm): ('rights',{'fields': ['participants','presenters','hosts'], 'classes': ['step','submit_step'], 'legend': 'Step 3: Room rights (optional)', - 'description': 'Define the groups that are to have access to your room.'}) + 'description': 'Define the groups that are to have access to your room. If you leave the <em>Participants</em> field empty that implies that anyone who knows the URL may enter the room.'}) ] - widgets = {'participants': Select(), - 'presenters': Select(), - 'hosts': Select(), - 'source_sco_id': Select(), + widgets = {'source_sco_id': Select(), 'urlpath': TextInput(attrs={'size': '40'}), - 'name': TextInput(attrs={'size': '40'}), - } + 'name': TextInput(attrs={'size': '40'})} class DeleteRoomForm(Form): confirm = BooleanField(label="Confirm remove room")
\ No newline at end of file diff --git a/src/meetingtools/apps/room/models.py b/src/meetingtools/apps/room/models.py index f0adb99..1c7f2cd 100644 --- a/src/meetingtools/apps/room/models.py +++ b/src/meetingtools/apps/room/models.py @@ -10,15 +10,17 @@ from django.db.models.fields.related import ForeignKey from django.contrib.auth.models import User from meetingtools.apps.cluster.models import ACCluster import time +from django_co_acls.models import AccessControlEntry class Room(models.Model): creator = ForeignKey(User,editable=False) name = CharField(max_length=128,unique=True) urlpath = CharField(max_length=128,unique=True) acc = ForeignKey(ACCluster,verbose_name="Adobe Connect Cluster",editable=False) - participants = CharField(max_length=255,blank=True,verbose_name="Participants") # populate from entitlement held by creator session - presenters = CharField(max_length=255,blank=True,verbose_name="Presenters") # populate from entitlement held by creator session - hosts = CharField(max_length=255,blank=True,verbose_name="Hosts") # populate from entitlement held by creator session + acl = ForeignKey(AccessControlEntry,blank=True,null=True) + #participants = CharField(max_length=255,blank=True,verbose_name="Participants") # populate from entitlement held by creator session + #presenters = CharField(max_length=255,blank=True,verbose_name="Presenters") # populate from entitlement held by creator session + #hosts = CharField(max_length=255,blank=True,verbose_name="Hosts") # populate from entitlement held by creator session self_cleaning = BooleanField(verbose_name="Clean-up when empty?") sco_id = IntegerField(verbose_name="Adobe Connect Room") source_sco_id = IntegerField(verbose_name="Template",blank=True,null=True) diff --git a/src/meetingtools/apps/room/views.py b/src/meetingtools/apps/room/views.py index 65e085b..0489d63 100644 --- a/src/meetingtools/apps/room/views.py +++ b/src/meetingtools/apps/room/views.py @@ -5,7 +5,8 @@ Created on Jan 31, 2011 ''' from meetingtools.apps.room.models import Room, ACCluster from meetingtools.multiresponse import respond_to, redirect_to -from meetingtools.apps.room.forms import UpdateRoomForm, DeleteRoomForm +from meetingtools.apps.room.forms import DeleteRoomForm,\ + CreateRoomForm, ModifyRoomForm from django.shortcuts import get_object_or_404 from meetingtools.ac import ac_api_client, api import re @@ -20,6 +21,7 @@ from meetingtools.settings import GRACE from django.utils.datetime_safe import datetime from django.http import HttpResponseRedirect from django.core.exceptions import ObjectDoesNotExist +from django_co_acls.models import allow, deny, acl def _acc_for_user(user): (local,domain) = user.username.split('@') @@ -115,13 +117,17 @@ def view(request,id): }) def _init_update_form(request,form,acc,my_meetings_sco_id): - form.fields['participants'].widget.choices = [('','-- anyone --')]+[(g,g) for g in groups(request)] - form.fields['presenters'].widget.choices = [('','-- nobody --')]+[(g,g) for g in groups(request)] - form.fields['hosts'].widget.choices = [('','-- nobody --')]+[(g,g) for g in groups(request)] - form.fields['source_sco_id'].widget.choices = [('','-- select template --')]+[r for r in _user_templates(request,acc,my_meetings_sco_id)] + if form.fields.has_key('participants'): + form.fields['participants'].queryset = request.user.groups + if form.fields.has_key('presenters'): + form.fields['presenters'].queryset = request.user.groups + if form.fields.has_key('hosts'): + form.fields['hosts'].queryset = request.user.groups + if form.fields.has_key('source_sco_id'): + form.fields['source_sco_id'].widget.choices = [('','-- select template --')]+[r for r in _user_templates(request,acc,my_meetings_sco_id)] @login_required -def _update_room(request, room): +def _update_room(request, room, form=None): api = ac_api_client(request, room.acc) params = {'type':'meeting', 'name':room.name, @@ -136,7 +142,29 @@ def _update_room(request, room): room.sco_id = r.et.find(".//sco").get('sco-id') room.source_sco_id = r.et.find(".//sco").get('sco-source-id') room.save() - #room = _import_room(params['sco-id'], params['name'], params['source-sco-id'], params['url-path'], request.user, acc) + logging.debug(pformat(room)) + + for (key,perm) in [('participants','view'),('presenters','mini-host'),('hosts','host')]: + if form.cleaned_data.has_key(key): + group = form.cleaned_data[key] + if not group and key == 'participants': + group = "anyone" + permission = "view-hidden" + + if group: + allow(room, group, permission) + else: + deny(room,group,permission) + + r = api.request('permissions-reset',{'acl-id': room.sco_id},True) + user_principal = api.find_user(request.user.username) + r = api.request('permissions-update',{'acl-id': room.sco_id,'principal-id': user_principal.get('principal-id'),'permission-id':'host'}) # owner is always host + for ace in acl(room): + principal_id = "public-access" + if ace.group: + principal_id = ace.group.name + r = api.request('permissions-update',{'acl-id': room.sco_id, 'principal-id': principal_id, 'permission-id': ace.permission},True) + return room @login_required @@ -158,17 +186,21 @@ def update(request,id=None): update = False if request.method == 'POST': - form = UpdateRoomForm(request.POST,instance=room) + if update: + form = ModifyRoomForm(request.POST,instance=room) + else: + form = CreateRoomForm(request.POST,instance=room) _init_update_form(request, form, acc, room.folder_sco_id) if form.is_valid(): - room = _update_room(request, room) + room = _update_room(request, room, form) room = form.save() return redirect_to("/rooms#%d" % room.id) else: - form = UpdateRoomForm(instance=room) - _init_update_form(request, form, acc, room.folder_sco_id) if update: - form.fields['urlpath'].widget.attrs['readonly'] = True + form = ModifyRoomForm(instance=room) + else: + form = CreateRoomForm(instance=room) + _init_update_form(request, form, acc, room.folder_sco_id) return respond_to(request,{'text/html':'apps/room/%s.html' % formname},{'form':form,'formtitle': title,'submitname':'%s Room' % what}) @@ -225,7 +257,7 @@ def list(request): ar.append(int(sco_id)) #logging.debug(pformat(ar)) - + for r in Room.objects.filter(creator=request.user).all(): #logging.debug(pformat(r)) if (not r.sco_id in ar) and (not r.self_cleaning): |