2019-05-08 10:56:49 +02:00
# authentic2 - versatile identity manager
# Copyright (C) 2010-2019 Entr'ouvert
#
# This program is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from django . contrib . auth import get_user_model
2020-07-25 16:36:34 +02:00
from django . utils import html
2014-07-18 20:31:53 +02:00
from django . utils . translation import ugettext_lazy as _
2019-08-16 16:21:46 +02:00
from django . utils . translation import ugettext_noop
2014-07-18 20:31:53 +02:00
import django_tables2 as tables
2015-06-23 15:59:17 +02:00
from django_tables2 . utils import A
2014-07-18 20:31:53 +02:00
2015-05-13 15:20:06 +02:00
from django_rbac . utils import get_role_model , get_permission_model , \
get_ou_model
2015-05-26 00:01:01 +02:00
from authentic2 . models import Service
2017-06-22 17:19:51 +02:00
from authentic2 . middleware import StoreRequestMiddleware
2020-09-10 12:31:53 +02:00
from authentic2_idp_oidc . models import OIDCAuthorization
2017-06-22 17:19:51 +02:00
2019-05-08 10:56:49 +02:00
User = get_user_model ( )
2017-06-22 17:19:51 +02:00
class PermissionLinkColumn ( tables . LinkColumn ) :
def __init__ ( self , viewname , * * kwargs ) :
self . permission = kwargs . pop ( ' permission ' , None )
super ( PermissionLinkColumn , self ) . __init__ ( viewname , * * kwargs )
2020-07-30 18:12:54 +02:00
def render ( self , value , record , bound_column , * * kwargs ) :
2017-06-22 17:19:51 +02:00
if self . permission :
request = StoreRequestMiddleware . get_request ( )
if request and not request . user . has_perm ( self . permission , record ) :
return value
return super ( PermissionLinkColumn , self ) . render ( value , record , bound_column )
2014-07-18 20:31:53 +02:00
2015-05-13 15:20:06 +02:00
2020-07-25 16:36:34 +02:00
class VerifiableEmailColumn ( tables . Column ) :
def render ( self , * * kwargs ) :
user = kwargs [ ' record ' ]
verified = user . email_verified
value = user . email
if value and verified :
return html . format_html (
' <span class= " verified " > {value} </span> ' ,
value = value )
return value
2020-07-30 18:12:54 +02:00
class UserLinkColumn ( PermissionLinkColumn ) :
def render ( self , * * kwargs ) :
user = kwargs [ ' record ' ]
value = super ( ) . render ( * * kwargs )
if not user . is_active :
value = html . format_html (
' <span class= " disabled " > {value} ( {disabled} )</span> ' ,
value = value , disabled = _ ( ' disabled ' ) )
return value
2014-07-18 20:31:53 +02:00
class UserTable ( tables . Table ) :
2020-07-30 18:12:54 +02:00
link = UserLinkColumn (
2017-06-22 17:19:51 +02:00
viewname = ' a2-manager-user-detail ' ,
permission = ' custom_user.view_user ' ,
2015-10-13 20:36:41 +02:00
verbose_name = _ ( ' User ' ) ,
2015-08-10 19:00:58 +02:00
accessor = ' get_full_name ' ,
order_by = ( ' first_name ' , ' last_name ' , ' email ' , ' username ' ) ,
2015-06-23 15:59:17 +02:00
kwargs = { ' pk ' : A ( ' pk ' ) } )
2015-05-13 15:20:06 +02:00
username = tables . Column ( )
2020-07-25 16:36:34 +02:00
email = VerifiableEmailColumn ( )
2015-08-10 19:01:44 +02:00
ou = tables . Column ( )
2015-05-13 15:20:06 +02:00
class Meta :
2019-05-08 10:56:49 +02:00
model = User
2015-05-13 15:20:06 +02:00
attrs = { ' class ' : ' main ' , ' id ' : ' user-table ' }
2015-09-17 15:57:54 +02:00
fields = ( ' username ' , ' email ' , ' first_name ' ,
2020-07-30 18:12:54 +02:00
' last_name ' , ' ou ' )
2015-09-17 15:57:54 +02:00
sequence = ( ' link ' , ' ... ' )
2015-05-13 15:20:06 +02:00
empty_text = _ ( ' None ' )
2015-08-10 19:02:04 +02:00
order_by = ( ' first_name ' , ' last_name ' , ' email ' , ' username ' )
2015-05-13 15:20:06 +02:00
class RoleMembersTable ( UserTable ) :
2015-06-23 15:59:17 +02:00
direct = tables . BooleanColumn ( verbose_name = _ ( ' Direct member ' ) ,
orderable = False )
2020-07-12 09:28:12 +02:00
via = tables . TemplateColumn (
' { % f or role in record.via % } '
' <a href= " { % u rl " a2-manager-role-members " pk=role.pk % } " > {{ role }}</a> { % i f not forloop.last % }, { % e ndif % } '
' { % e ndfor % } ' ,
verbose_name = _ ( ' Inherited from ' ) , orderable = False )
2014-07-18 20:31:53 +02:00
2015-06-23 15:59:17 +02:00
class Meta ( UserTable . Meta ) :
pass
2015-05-13 15:20:06 +02:00
class RoleTable ( tables . Table ) :
2015-06-23 15:59:17 +02:00
name = tables . LinkColumn ( viewname = ' a2-manager-role-members ' ,
kwargs = { ' pk ' : A ( ' pk ' ) } ,
2015-08-10 19:16:13 +02:00
accessor = ' name ' , verbose_name = _ ( ' label ' ) )
2015-05-13 15:20:06 +02:00
ou = tables . Column ( )
2017-10-12 18:37:04 +02:00
member_count = tables . Column ( verbose_name = _ ( ' Direct member count ' ) ,
2015-06-23 15:59:17 +02:00
orderable = False )
2015-05-13 15:20:06 +02:00
class Meta :
models = get_role_model ( )
attrs = { ' class ' : ' main ' , ' id ' : ' role-table ' }
2015-08-10 19:16:34 +02:00
fields = ( ' name ' , ' ou ' , ' member_count ' )
2015-05-13 15:20:06 +02:00
class PermissionTable ( tables . Table ) :
operation = tables . Column ( )
scope = tables . Column ( )
target = tables . Column ( )
class Meta :
model = get_permission_model ( )
attrs = { ' class ' : ' main ' , ' id ' : ' role-table ' }
fields = ( ' operation ' , ' scope ' , ' target ' )
2015-07-01 20:05:05 +02:00
empty_text = _ ( ' None ' )
2015-05-13 15:20:06 +02:00
class OUTable ( tables . Table ) :
2015-09-17 16:43:47 +02:00
name = tables . Column ( verbose_name = _ ( ' label ' ) )
2015-05-13 15:20:06 +02:00
default = tables . BooleanColumn ( )
class Meta :
model = get_ou_model ( )
attrs = { ' class ' : ' main ' , ' id ' : ' ou-table ' }
2020-09-22 12:35:31 +02:00
fields = ( ' name ' , ' slug ' , ' default ' )
2015-07-01 20:05:05 +02:00
empty_text = _ ( ' None ' )
2015-05-13 15:20:06 +02:00
2015-08-10 19:30:48 +02:00
class OuUserRolesTable ( tables . Table ) :
name = tables . LinkColumn ( viewname = ' a2-manager-role-members ' ,
kwargs = { ' pk ' : A ( ' pk ' ) } ,
accessor = ' name ' , verbose_name = _ ( ' label ' ) )
via = tables . TemplateColumn (
2018-08-01 15:51:58 +02:00
''' { % f or rel in record.via % } {{ rel.child }} { % i f not forloop.last % }, { % e ndif % } { % e ndfor % } ''' ,
2015-10-25 10:13:37 +01:00
verbose_name = _ ( ' Inherited from ' ) , orderable = False )
2019-05-08 10:56:49 +02:00
member = tables . TemplateColumn (
2019-08-16 16:21:46 +02:00
' { %% load i18n %% }<input class= " role-member { %% if not record.member and record.via %% } '
' indeterminate { %% endif %% } " '
' name= " role- {{ record.pk }} " type= " checkbox " { %% if record.member %% }checked { %% endif %% } '
' { %% if not record.has_perm %% }disabled '
2020-05-26 17:53:35 +02:00
' title= " { %% trans " %s " %% } " { %% endif %% } '
' { %% if not record.can_manage_members %% }disabled '
' title= " { %% trans " %s " %% } " { %% endif %% }/> ' % ( ugettext_noop ( ' You are not authorized to manage this role ' ) , ugettext_noop ( ' This role is synchronised from LDAP, changing members is not allowed. ' ) ) ,
2019-05-08 10:56:49 +02:00
verbose_name = _ ( ' Member ' ) ,
order_by = ( ' member ' , ' via ' , ' name ' ) )
2015-08-10 19:30:48 +02:00
class Meta :
models = get_role_model ( )
attrs = { ' class ' : ' main ' , ' id ' : ' role-table ' }
empty_text = _ ( ' None ' )
order_by = ( ' name ' , )
2015-05-21 11:08:33 +02:00
class UserRolesTable ( tables . Table ) :
2015-06-23 15:59:17 +02:00
name = tables . LinkColumn ( viewname = ' a2-manager-role-members ' ,
kwargs = { ' pk ' : A ( ' pk ' ) } ,
2015-08-10 19:30:48 +02:00
accessor = ' name ' , verbose_name = _ ( ' label ' ) )
2015-05-21 11:08:33 +02:00
ou = tables . Column ( )
via = tables . TemplateColumn (
2019-05-08 10:56:49 +02:00
' { % i f not record.member % } { % f or rel in record.child_relation.all % } '
' {{ rel.child }} { % i f not forloop.last % }, { % e ndif % } { % e ndfor % } '
' { % e ndif % } ' ,
verbose_name = _ ( ' Inherited from ' ) ,
orderable = False )
2015-05-21 11:08:33 +02:00
class Meta :
models = get_role_model ( )
attrs = { ' class ' : ' main ' , ' id ' : ' role-table ' }
2015-08-10 19:30:48 +02:00
fields = ( ' name ' , ' ou ' )
2015-07-01 20:05:05 +02:00
empty_text = _ ( ' None ' )
2015-08-10 19:30:48 +02:00
order_by = ( ' name ' , ' ou ' )
2015-05-26 00:01:01 +02:00
class ServiceTable ( tables . Table ) :
ou = tables . Column ( )
name = tables . Column ( )
slug = tables . Column ( )
class Meta :
models = Service
attrs = { ' class ' : ' main ' , ' id ' : ' service-table ' }
2015-07-01 20:05:05 +02:00
empty_text = _ ( ' None ' )
2016-11-13 11:28:05 +01:00
order_by = ( ' ou ' , ' name ' , ' slug ' )
2016-07-08 15:10:36 +02:00
2015-05-26 00:01:01 +02:00
class ServiceRolesTable ( tables . Table ) :
2015-08-03 18:04:21 +02:00
name = tables . Column ( accessor = ' name ' , verbose_name = _ ( ' name ' ) )
2015-05-26 00:01:01 +02:00
class Meta :
models = get_role_model ( )
attrs = { ' class ' : ' main ' , ' id ' : ' service-role-table ' }
fields = ( ' name ' , )
2017-06-11 10:43:29 +02:00
empty_text = _ ( ' No access restriction. All users are allowed to connect to this service. ' )
2020-09-10 12:31:53 +02:00
class UserAuthorizationsTable ( tables . Table ) :
client = tables . Column ( )
created = tables . Column ( )
expired = tables . Column ( )
class Meta :
model = OIDCAuthorization
attrs = { ' class ' : ' main ' , ' id ' : ' user-authorizations-table ' }
fields = ( ' client ' , ' created ' , ' expired ' )
empty_text = _ ( ' This user has not granted profile data access to any service yet. ' )