add support for fine-grained field permissions for user model
diff --git a/planetstack/core/models/__init__.py b/planetstack/core/models/__init__.py
index f3991dd..2070e16 100644
--- a/planetstack/core/models/__init__.py
+++ b/planetstack/core/models/__init__.py
@@ -1,4 +1,4 @@
-from .plcorebase import PlCoreBase,PlCoreBaseManager,PlCoreBaseDeletionManager
+from .plcorebase import PlCoreBase,PlCoreBaseManager,PlCoreBaseDeletionManager,DiffModelMixIn
from .project import Project
from .singletonmodel import SingletonModel
from .service import Service
diff --git a/planetstack/core/models/plcorebase.py b/planetstack/core/models/plcorebase.py
index b9692c6..51049a4 100644
--- a/planetstack/core/models/plcorebase.py
+++ b/planetstack/core/models/plcorebase.py
@@ -48,7 +48,43 @@
def get_query_set(self):
return self.get_queryset()
-class PlCoreBase(models.Model):
+class DiffModelMixIn:
+ # Provides useful methods for computing which objects in a model have
+ # changed. Make sure to do self._initial = self._dict in the __init__
+ # method.
+
+ # This is broken out of PlCoreBase into a Mixin so the User model can
+ # also make use of it.
+
+ @property
+ def _dict(self):
+ return model_to_dict(self, fields=[field.name for field in
+ self._meta.fields])
+
+ @property
+ def diff(self):
+ d1 = self._initial
+ d2 = self._dict
+ diffs = [(k, (v, d2[k])) for k, v in d1.items() if v != d2[k]]
+ return dict(diffs)
+
+ @property
+ def has_changed(self):
+ return bool(self.diff)
+
+ @property
+ def changed_fields(self):
+ return self.diff.keys()
+
+ @property
+ def has_field_changed(self, field_name):
+ return field_name in self.diff.keys()
+
+ def get_field_diff(self, field_name):
+ return self.diff.get(field_name, None)
+
+
+class PlCoreBase(models.Model, DiffModelMixIn):
objects = PlCoreBaseManager()
deleted_objects = PlCoreBaseDeletionManager()
@@ -69,27 +105,9 @@
def __init__(self, *args, **kwargs):
super(PlCoreBase, self).__init__(*args, **kwargs)
- self.__initial = self._dict
+ self._initial = self._dict # for DiffModelMixIn
self.silent = False
- @property
- def diff(self):
- d1 = self.__initial
- d2 = self._dict
- diffs = [(k, (v, d2[k])) for k, v in d1.items() if v != d2[k]]
- return dict(diffs)
-
- @property
- def has_changed(self):
- return bool(self.diff)
-
- @property
- def changed_fields(self):
- return self.diff.keys()
-
- def get_field_diff(self, field_name):
- return self.diff.get(field_name, None)
-
def can_update(self, user):
if user.is_readonly:
return False
@@ -97,6 +115,11 @@
return True
return False
+ def can_update_field(self, user, fieldName):
+ # Give us the opportunity to implement fine-grained permission checking.
+ # Default to True, and let can_update() permit or deny the whole object.
+ return True
+
def delete(self, *args, **kwds):
# so we have something to give the observer
purge = kwds.get('purge',False)
@@ -131,6 +154,11 @@
def save_by_user(self, user, *args, **kwds):
if not self.can_update(user):
raise PermissionDenied("You do not have permission to update %s objects" % self.__class__.__name__)
+
+ for fieldName in self.changed_fields:
+ if not self.can_update_field(user, fieldName):
+ raise PermissionDenied("You do not have permission to update field %s in object %s" % (fieldName, self.__class__.__name__))
+
self.save(*args, **kwds)
def delete_by_user(self, user, *args, **kwds):
@@ -138,10 +166,6 @@
raise PermissionDenied("You do not have permission to delete %s objects" % self.__class__.__name__)
self.delete(*args, **kwds)
- @property
- def _dict(self):
- return model_to_dict(self, fields=[field.name for field in
- self._meta.fields])
diff --git a/planetstack/core/models/user.py b/planetstack/core/models/user.py
index 9a62e34..9b54da9 100644
--- a/planetstack/core/models/user.py
+++ b/planetstack/core/models/user.py
@@ -3,7 +3,7 @@
from collections import defaultdict
from django.db import models
from django.db.models import F, Q
-from core.models import PlCoreBase,Site, DashboardView
+from core.models import PlCoreBase,Site, DashboardView, DiffModelMixIn
from core.models.site import Deployment
from django.contrib.auth.models import AbstractBaseUser, BaseUserManager
from timezones.fields import TimeZoneField
@@ -11,6 +11,7 @@
from django.core.mail import EmailMultiAlternatives
from core.middleware import get_request
import model_policy
+from django.core.exceptions import PermissionDenied
# Create your models here.
class UserManager(BaseUserManager):
@@ -55,7 +56,7 @@
def get_query_set(self):
return self.get_queryset()
-class User(AbstractBaseUser):
+class User(AbstractBaseUser, DiffModelMixIn):
class Meta:
app_label = "core"
@@ -99,6 +100,10 @@
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['firstname', 'lastname']
+ def __init__(self, *args, **kwargs):
+ super(User, self).__init__(*args, **kwargs)
+ self._initial = self._dict # for DiffModelMixIn
+
def isReadOnlyUser(self):
return self.is_readonly
@@ -182,6 +187,8 @@
self.username = self.email
super(User, self).save(*args, **kwds)
+ self._initial = self._dict
+
def send_temporary_password(self):
password = User.objects.make_random_password()
self.set_password(password)
@@ -193,6 +200,41 @@
msg.attach_alternative(html_content, "text/html")
msg.send()
+ def can_update_field(self, user, fieldName):
+ from core.models import SitePrivilege
+ if (user.is_admin):
+ # admin can update anything
+ return True
+
+ # fields that a site PI can update
+ if fieldName in ["is_active", "is_readonly"]:
+ site_privs = SitePrivilege.objects.filter(user=user, site=self.site)
+ for site_priv in site_privs:
+ if site_priv.role.role == 'pi':
+ return True
+
+ # fields that a user cannot update in his/her own record
+ if fieldName in ["is_admin", "is_active", "site", "is_staff", "is_readonly"]:
+ return False
+
+ return True
+
+ def can_update(self, user):
+ from core.models import SitePrivilege
+ if user.is_readonly:
+ return False
+ if user.is_admin:
+ return True
+ if (user.id == self.id):
+ return True
+ # site pis can update
+ site_privs = SitePrivilege.objects.filter(user=user, site=self.site)
+ for site_priv in site_privs:
+ if site_priv.role.role == 'pi':
+ return True
+
+ return False
+
@staticmethod
def select_by_user(user):
if user.is_admin:
@@ -208,6 +250,21 @@
qs = User.objects.filter(Q(site__in=sites) | Q(id__in=user_ids))
return qs
+ def save_by_user(self, user, *args, **kwds):
+ if not self.can_update(user):
+ raise PermissionDenied("You do not have permission to update %s objects" % self.__class__.__name__)
+
+ for fieldName in self.changed_fields:
+ if not self.can_update_field(user, fieldName):
+ raise PermissionDenied("You do not have permission to update field %s in object %s" % (fieldName, self.__class__.__name__))
+
+ self.save(*args, **kwds)
+
+ def delete_by_user(self, user, *args, **kwds):
+ if not self.can_update(user):
+ raise PermissionDenied("You do not have permission to delete %s objects" % self.__class__.__name__)
+ self.delete(*args, **kwds)
+
class UserDashboardView(PlCoreBase):
user = models.ForeignKey(User, related_name="dashboardViews")
dashboardView = models.ForeignKey(DashboardView, related_name="dashboardViews")