CORD-1570: Re-implementation of XOS Security via xproto at the API boundary
Change-Id: I9cb6380b0798a5f4af2f0459c5decd0b9edbb317
diff --git a/lib/xos-genx/xosgenx/targets/django-split.xtarget b/lib/xos-genx/xosgenx/targets/django-split.xtarget
index 5260e85..60cf9de 100644
--- a/lib/xos-genx/xosgenx/targets/django-split.xtarget
+++ b/lib/xos-genx/xosgenx/targets/django-split.xtarget
@@ -4,13 +4,17 @@
{%- for l in m.links %}
{% if l.peer.name != m.name %}
-from core.models.{{ l.peer.name | lower }} import {{ l.peer.name }}
+from {{ l.peer.name | lower }} import {{ l.peer.name }}
{% endif %}
{%- endfor %}
+{% if m.name!='XOSBase' and 'Mixin' not in m.name %}
+import security
+from privilege import Privilege
+{% endif %}
{% for b in m.bases %}
{% if b.name!='XOSBase' and 'Mixin' not in b.name %}
-from core.models.{{b.name | lower}} import {{ b.name }}
+from {{b.name | lower}} import {{ b.name }}
{% endif %}
{% endfor %}
@@ -40,9 +44,9 @@
unique_together = {{ xproto_tuplify(uniques) }}
{%- endif %}
{% if file_exists(m.name|lower + '_model.py') -%}{{ include_file(m.name|lower + '_model.py') | indent(width=2)}}{%- endif %}
+ pass
{% if m.name!='XOSBase' and 'Mixin' not in m.name %}
-
# Generated methods
def save(self, *args, **kwds):
if not self.leaf_model_name:
@@ -58,7 +62,17 @@
{% endfor %}
super({{ m.name }}, self).save(*args, **kwds)
+ def can_access(self, ctx):
+ {% if m.policy %}
+ verdict = security.{{m.policy}}_security_check(self, ctx)
+ return verdict,"{{ m.policy }}"
+ {% else %}
+ verdict = XOS_GLOBAL_DEFAULT_SECURITY_POLICY
+ return verdict,"xos_default_policy"
+ {% endif %}
+
{% endif %}
+
{% if file_exists(xproto_base_name(m.name)|lower+'_bottom.py') -%}{{ include_file(xproto_base_name(m.name)|lower+'_bottom.py') }}{% endif %}
+++ {{m.name|lower}}.py
{% endif %}{% endfor %}