authentic/src/authentic2/manager/tables.py

# authentic2 - versatile identity manager
# Copyright (C) 2010-2019 Entr'ouvert
#
# This program is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

from django.contrib.auth import get_user_model
from django.utils import html
from django.utils.translation import ugettext_lazy as _
from django.utils.translation import ugettext_noop

import django_tables2 as tables
from django_tables2.utils import A

from django_rbac.utils import get_role_model, get_permission_model, \
    get_ou_model

from authentic2.models import Service
from authentic2.middleware import StoreRequestMiddleware
from authentic2_idp_oidc.models import OIDCAuthorization

User = get_user_model()


class PermissionLinkColumn(tables.LinkColumn):
    def __init__(self, viewname, **kwargs):
        self.permission = kwargs.pop('permission', None)
        super(PermissionLinkColumn, self).__init__(viewname, **kwargs)

    def render(self, value, record, bound_column, **kwargs):
        if self.permission:
            request = StoreRequestMiddleware.get_request()
            if request and not request.user.has_perm(self.permission, record):
                return value
        return super(PermissionLinkColumn, self).render(value, record, bound_column)


class VerifiableEmailColumn(tables.Column):
    def render(self, **kwargs):
        user = kwargs['record']
        verified = user.email_verified
        value = user.email
        if value and verified:
            return html.format_html(
                    '<span class="verified">{value}</span>',
                    value=value)
        return value


class UserLinkColumn(PermissionLinkColumn):
    def render(self, **kwargs):
        user = kwargs['record']
        value = super().render(**kwargs)
        if not user.is_active:
            value = html.format_html(
                '<span class="disabled">{value} ({disabled})</span>',
                value=value, disabled=_('disabled'))
        return value



class UserTable(tables.Table):
    link = UserLinkColumn(
        viewname='a2-manager-user-detail',
        permission='custom_user.view_user',
        verbose_name=_('User'),
        accessor='get_full_name',
        order_by=('first_name', 'last_name', 'email', 'username'),
        kwargs={'pk': A('pk')})
    username = tables.Column()
    email = VerifiableEmailColumn()
    ou = tables.Column()

    class Meta:
        model = User
        attrs = {'class': 'main', 'id': 'user-table'}
        fields = ('username', 'email', 'first_name',
                  'last_name', 'ou')
        sequence = ('link', '...')
        empty_text = _('None')
        order_by = ('first_name', 'last_name', 'email', 'username')


class RoleMembersTable(UserTable):
    direct = tables.BooleanColumn(verbose_name=_('Direct member'),
                                  orderable=False)
    via = tables.TemplateColumn(
        '{% for role in record.via %}'
        '<a href="{% url "a2-manager-role-members" pk=role.pk %}">{{ role }}</a>{% if not forloop.last %}, {% endif %}'
        '{% endfor %}',
        verbose_name=_('Inherited from'), orderable=False)

    class Meta(UserTable.Meta):
        pass


class RoleTable(tables.Table):
    name = tables.LinkColumn(viewname='a2-manager-role-members',
                             kwargs={'pk': A('pk')},
                             accessor='name', verbose_name=_('label'))
    ou = tables.Column()
    member_count = tables.Column(verbose_name=_('Direct member count'),
                                 orderable=False)

    class Meta:
        models = get_role_model()
        attrs = {'class': 'main', 'id': 'role-table'}
        fields = ('name', 'ou', 'member_count')


class PermissionTable(tables.Table):
    operation = tables.Column()
    scope = tables.Column()
    target = tables.Column()

    class Meta:
        model = get_permission_model()
        attrs = {'class': 'main', 'id': 'role-table'}
        fields = ('operation', 'scope', 'target')
        empty_text = _('None')


class OUTable(tables.Table):
    name = tables.Column(verbose_name=_('label'))
    default = tables.BooleanColumn()

    class Meta:
        model = get_ou_model()
        attrs = {'class': 'main', 'id': 'ou-table'}
        fields = ('name', 'slug', 'default')
        empty_text = _('None')


class OuUserRolesTable(tables.Table):
    name = tables.LinkColumn(viewname='a2-manager-role-members',
                             kwargs={'pk': A('pk')},
                             accessor='name', verbose_name=_('label'))
    via = tables.TemplateColumn(
        '''{% for rel in record.via %}{{ rel.child }} {% if not forloop.last %}, {% endif %}{% endfor %}''',
        verbose_name=_('Inherited from'), orderable=False)
    member = tables.TemplateColumn(
        '{%% load i18n %%}<input class="role-member{%% if not record.member and record.via %%} '
        'indeterminate{%% endif %%}"'
        ' name="role-{{ record.pk }}" type="checkbox" {%% if record.member %%}checked{%% endif %%} '
        '{%% if not record.has_perm %%}disabled '
        'title="{%% trans "%s" %%}"{%% endif %%} '
        '{%% if not record.can_manage_members %%}disabled '
        'title="{%% trans "%s" %%}"{%% endif %%}/>' % (ugettext_noop('You are not authorized to manage this role'), ugettext_noop('This role is synchronised from LDAP, changing members is not allowed.')),
        verbose_name=_('Member'),
        order_by=('member', 'via', 'name'))

    class Meta:
        models = get_role_model()
        attrs = {'class': 'main', 'id': 'role-table'}
        empty_text = _('None')
        order_by = ('name',)


class UserRolesTable(tables.Table):
    name = tables.LinkColumn(viewname='a2-manager-role-members',
                             kwargs={'pk': A('pk')},
                             accessor='name', verbose_name=_('label'))
    ou = tables.Column()
    via = tables.TemplateColumn(
        '{% if not record.member %}{% for rel in record.child_relation.all %}'
        '{{ rel.child }} {% if not forloop.last %}, {% endif %}{% endfor %}'
        '{% endif %}',
        verbose_name=_('Inherited from'),
        orderable=False)

    class Meta:
        models = get_role_model()
        attrs = {'class': 'main', 'id': 'role-table'}
        fields = ('name', 'ou')
        empty_text = _('None')
        order_by = ('name', 'ou')


class ServiceTable(tables.Table):
    ou = tables.Column()
    name = tables.Column()
    slug = tables.Column()

    class Meta:
        models = Service
        attrs = {'class': 'main', 'id': 'service-table'}
        empty_text = _('None')
        order_by = ('ou', 'name', 'slug')


class ServiceRolesTable(tables.Table):
    name = tables.Column(accessor='name', verbose_name=_('name'))

    class Meta:
        models = get_role_model()
        attrs = {'class': 'main', 'id': 'service-role-table'}
        fields = ('name',)
        empty_text = _('No access restriction. All users are allowed to connect to this service.')


class UserAuthorizationsTable(tables.Table):
    client = tables.Column()
    created = tables.Column()
    expired = tables.Column()

    class Meta:
        model = OIDCAuthorization
        attrs = {'class': 'main', 'id': 'user-authorizations-table'}
        fields = ('client', 'created', 'expired')
        empty_text = _('This user has not granted profile data access to any service yet.')