CORD-1570: Re-implementation of XOS Security via xproto at the API boundary
Change-Id: I9cb6380b0798a5f4af2f0459c5decd0b9edbb317
diff --git a/lib/xos-genx/xosgenx/targets/django.xtarget b/lib/xos-genx/xosgenx/targets/django.xtarget
index e9a56ec..1c8ce93 100644
--- a/lib/xos-genx/xosgenx/targets/django.xtarget
+++ b/lib/xos-genx/xosgenx/targets/django.xtarget
@@ -4,13 +4,19 @@
{%- for l in m.links %}
{% if l.peer.name != m.name %}
-from core.models.{{ l.peer.name | lower }} import {{ l.peer.name }}
+from {{ l.peer.name | lower }} import {{ l.peer.name }}
{% endif %}
{%- endfor %}
+{% if m.name!='XOSBase' and 'Mixin' not in m.name %}
+import security
+{% if m.name!='Privilege' %}
+from privilege import Privilege
+{% endif %}
+{% endif %}
{% for b in m.bases %}
{% if b.name!='XOSBase' and 'Mixin' not in b.name %}
-from core.models.{{b.name | lower}} import {{ b.name }}
+from {{b.name | lower}} import {{ b.name }}
{% endif %}
{% endfor %}
@@ -57,6 +63,16 @@
policy_{{policy}}_validator(self, None)
{% endfor %}
super({{ m.name }}, self).save(*args, **kwds)
+
+ def can_access(self, ctx):
+ {% if m.policy %}
+ verdict = security.{{m.policy}}_security_check(self, ctx)
+ return verdict,"{{ m.policy }}"
+ {% else %}
+ verdict = XOS_GLOBAL_DEFAULT_SECURITY_POLICY
+ return verdict,"xos_default_policy"
+ {% endif %}
+
{% endif %}
{% if file_exists(xproto_base_name(m.name)|lower+'_bottom.py') -%}{{ include_file(xproto_base_name(m.name)|lower+'_bottom.py') }}{% endif %}