diff --git a/acs/acs_administration_views.py b/acs/acs_administration_views.py
index f084108..323c76b 100644
--- a/acs/acs_administration_views.py
+++ b/acs/acs_administration_views.py
@@ -37,7 +37,8 @@ from decorators import prevent_access_to_not_policy_root_administrators
from models import UserAlias, Role, AcsObject, View, Action, Activity, \
Namespace, AcsPermission
-from forms import AddRoleForm, AddViewForm, RoleChangeForm, ViewChangeForm
+from forms import AddRoleForm, AddViewForm, RoleChangeForm, ViewChangeForm, \
+ AdminViewChangeForm
from views import return_add_any, return_list_any, return_mod_any, \
return_add_permission_form
@@ -178,9 +179,6 @@ def add_admin_role(request):
if form.is_valid():
role = form.save()
logger.debug('add_admin_role: admin role %s created' %role)
- role.namespace = Namespace.objects.get(name='Default')
- role.save()
- logger.debug('add_admin_role: Namespace changed: %s' %role)
policy.admin_roles.add(role)
logger.debug('add_admin_role: role added to %s' \
%policy.admin_roles)
@@ -189,10 +187,7 @@ def add_admin_role(request):
%policy.admin_view)
messages.add_message(request, messages.INFO,
_('Administration role %s added') %role)
- else:
- messages.add_message(request, messages.ERROR,
- _('Invalid form. Role not created.'))
- return HttpResponseRedirect('mod_policy?id=' + str(policy.id))
+ return HttpResponseRedirect('mod_policy?id=' + str(policy.id))
else:
form = AddRoleForm()
title = _('Add a new administration role in %s' %policy)
@@ -212,9 +207,6 @@ def add_admin_view(request):
if form.is_valid():
view = form.save()
logger.debug('add_admin_view: admin view %s created' %view)
- view.namespace = Namespace.objects.get(name='Default')
- view.save()
- logger.debug('add_admin_view: Namespace changed: %s' %view)
policy.admin_views.add(view)
logger.debug('add_admin_role: view added to %s' \
%policy.admin_views)
@@ -223,10 +215,7 @@ def add_admin_view(request):
%policy.admin_view)
messages.add_message(request, messages.INFO,
_('Administration view %s added') %view)
- else:
- messages.add_message(request, messages.ERROR,
- _('Invalid form. View not created.'))
- return HttpResponseRedirect('mod_policy?id=' + str(policy.id))
+ return HttpResponseRedirect('mod_policy?id=' + str(policy.id))
else:
form = AddViewForm()
title = _('Add a new administration view in %s' %policy)
@@ -341,11 +330,6 @@ def mod_admin_role(request):
form.fields["roles"].queryset = policy.admin_roles.all()
if form.is_valid():
- if form.cleaned_data['namespace'] \
- != Namespace.objects.get(name='Default'):
- messages.add_message(request, messages.ERROR,
- _('%s must stay in the Default policy') %role)
- return HttpResponseRedirect('/list_admin_roles')
'''Processing users modifications'''
users_registered = []
users_new = []
@@ -384,11 +368,6 @@ def mod_admin_role(request):
form.save()
messages.add_message(request, messages.INFO,
_('Role %s modified') %role)
- else:
- logger.error('mod_admin_role: form error in %s' %form)
- messages.add_message(request, messages.ERROR,
- _('Invalid form for %s') %role)
- return HttpResponseRedirect('/list_admin_roles')
else:
messages.add_message(request, messages.ERROR,
@@ -449,7 +428,7 @@ def mod_admin_view(request):
messages.add_message(request, messages.ERROR,
_('%s is not an administration view of %s') %(view, policy))
return HttpResponseRedirect('/list_admin_roles')
- form = ViewChangeForm(instance=view)
+ form = AdminViewChangeForm(instance=view)
form.fields["users"].queryset = \
UserAlias.objects.filter(namespace=policy.namespace)
form.fields["roles"].queryset = \
@@ -484,7 +463,7 @@ def mod_admin_view(request):
_('%s is not an administration view of %s') %(view, policy))
return HttpResponseRedirect('/list_admin_roles')
- form = ViewChangeForm(request.POST, instance=view)
+ form = AdminViewChangeForm(request.POST, instance=view)
form.fields["users"].queryset = \
UserAlias.objects.filter(namespace=policy.namespace)
form.fields["roles"].queryset = \
@@ -496,11 +475,6 @@ def mod_admin_view(request):
Activity.objects.filter(namespace=policy.namespace)
if form.is_valid():
- if form.cleaned_data['namespace'] \
- != Namespace.objects.get(name='Default'):
- messages.add_message(request, messages.ERROR,
- _('%s must stay in the Default policy') %view)
- return HttpResponseRedirect('/list_admin_roles')
'''Processing users modifications'''
users_registered = []
users_new = []
@@ -605,11 +579,6 @@ def mod_admin_view(request):
form.save()
messages.add_message(request, messages.INFO,
_('View %s modified') %view)
- else:
- logger.error('mod_admin_view: form error in %s' %form)
- messages.add_message(request, messages.ERROR,
- _('Invalid form for %s') %view)
- return HttpResponseRedirect('/list_admin_views')
else:
messages.add_message(request, messages.ERROR,
diff --git a/acs/forms.py b/acs/forms.py
index b2cdd5e..b3732bf 100644
--- a/acs/forms.py
+++ b/acs/forms.py
@@ -16,6 +16,7 @@
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see .
'''
+import logging
from django import forms
from django.utils.translation import ugettext_lazy as _
@@ -23,10 +24,12 @@ from django.forms.widgets import CheckboxSelectMultiple
from django.contrib.auth.models import User
from registration.forms import RegistrationForm
-from models import Action, Activity, AcsObject, Role, View
+from models import Action, Activity, AcsObject, Role, View, Namespace
from abac.models import Source, LdapSource
+logger = logging.getLogger('acs')
+
attrs_dict = {'class': 'required'}
@@ -111,14 +114,14 @@ class AddRoleForm(forms.ModelForm):
model = Role
fields = ("name",)
- def clean_name(self):
- name = self.cleaned_data["name"]
+ def validate_unique(self):
+ exclude = self._get_validation_exclusions()
+ exclude.remove('namespace') # allow checking against the missing attribute
+
try:
- Role.objects.get(name=name)
- except Role.DoesNotExist:
- return name
- raise forms.ValidationError(\
- _("A role with that name already exists."))
+ self.instance.validate_unique(exclude=exclude)
+ except forms.ValidationError, e:
+ self._update_errors(e.message_dict)
def save(self, commit=True):
role = super(AddRoleForm, self).save(commit=False)
@@ -139,16 +142,16 @@ class AddObjectForm(forms.ModelForm):
class Meta:
model = AcsObject
- fields = ("name",)
+ fields = ("name", "regex",)
-# def clean_name(self):
-# name = self.cleaned_data["name"]
-# try:
-# AcsObject.objects.get(name=name)
-# except AcsObject.DoesNotExist:
-# return name
-# raise forms.ValidationError(\
-# _("An object with that name already exists."))
+ def validate_unique(self):
+ exclude = self._get_validation_exclusions()
+ exclude.remove('namespace') # allow checking against the missing attribute
+
+ try:
+ self.instance.validate_unique(exclude=exclude)
+ except forms.ValidationError, e:
+ self._update_errors(e.message_dict)
def save(self, commit=True):
acs_object = super(AddObjectForm, self).save(commit=False)
@@ -170,14 +173,15 @@ class AddViewForm(forms.ModelForm):
model = View
fields = ("name",)
- def clean_name(self):
- name = self.cleaned_data["name"]
+ def validate_unique(self):
+ exclude = self._get_validation_exclusions()
+ exclude.remove('namespace') # allow checking against the missing attribute
+
try:
- View.objects.get(name=name)
- except View.DoesNotExist:
- return name
- raise forms.ValidationError(\
- _("A view with that name already exists."))
+ self.instance.validate_unique(exclude=exclude)
+ except forms.ValidationError, e:
+ self._update_errors(e.message_dict)
+
def save(self, commit=True):
view = super(AddViewForm, self).save(commit=False)
@@ -199,14 +203,15 @@ class AddActionForm(forms.ModelForm):
model = Action
fields = ("name",)
- def clean_name(self):
- name = self.cleaned_data["name"]
+ def validate_unique(self):
+ exclude = self._get_validation_exclusions()
+ exclude.remove('namespace') # allow checking against the missing attribute
+
try:
- Action.objects.get(name=name)
- except Action.DoesNotExist:
- return name
- raise forms.ValidationError(\
- _("An action with that name already exists."))
+ self.instance.validate_unique(exclude=exclude)
+ except forms.ValidationError, e:
+ self._update_errors(e.message_dict)
+
def save(self, commit=True):
action = super(AddActionForm, self).save(commit=False)
@@ -228,14 +233,15 @@ class AddActivityForm(forms.ModelForm):
model = Activity
fields = ("name",)
- def clean_name(self):
- name = self.cleaned_data["name"]
+ def validate_unique(self):
+ exclude = self._get_validation_exclusions()
+ exclude.remove('namespace') # allow checking against the missing attribute
+
try:
- Activity.objects.get(name=name)
- except Activity.DoesNotExist:
- return name
- raise forms.ValidationError(\
- _("An activity with that name already exists."))
+ self.instance.validate_unique(exclude=exclude)
+ except forms.ValidationError, e:
+ self._update_errors(e.message_dict)
+
def save(self, commit=True):
activity = super(AddActivityForm, self).save(commit=False)
@@ -244,6 +250,121 @@ class AddActivityForm(forms.ModelForm):
return activity
+class RoleChangeForm(forms.ModelForm):
+ name = forms.RegexField(label=_("name"),
+ max_length=30, regex=r'^[\w.@+-]+$',
+ help_text = \
+ _("30 characters or fewer. Letters, digits and @/./+/-/_ only."),
+ error_messages = \
+ {'invalid': _("This value may contain only letters, \
+ numbers and @/./+/-/_ characters.")})
+
+ def __init__(self, *args, **kwargs):
+ super(RoleChangeForm, self).__init__(*args, **kwargs)
+ self.fields["users"].widget = CheckboxSelectMultiple()
+ self.fields["users"].help_text = None
+ self.fields["roles"].widget = CheckboxSelectMultiple()
+ self.fields["roles"].help_text = None
+
+ class Meta:
+ model = Role
+ fields = ("name", "users", "roles")
+
+ def validate_unique(self):
+ exclude = self._get_validation_exclusions()
+ exclude.remove('namespace') # allow checking against the missing attribute
+
+ try:
+ self.instance.validate_unique(exclude=exclude)
+ except forms.ValidationError, e:
+ self._update_errors(e.message_dict)
+
+
+class ViewChangeForm(forms.ModelForm):
+
+ def __init__(self, *args, **kwargs):
+ super(ViewChangeForm, self).__init__(*args, **kwargs)
+ self.fields["acs_objects"].widget = CheckboxSelectMultiple()
+ self.fields["acs_objects"].help_text = None
+ self.fields["views"].widget = CheckboxSelectMultiple()
+ self.fields["views"].help_text = None
+
+ class Meta:
+ model = View
+ fields = ("name", "acs_objects", "views")
+
+ def validate_unique(self):
+ exclude = self._get_validation_exclusions()
+ exclude.remove('namespace') # allow checking against the missing attribute
+
+ try:
+ self.instance.validate_unique(exclude=exclude)
+ except forms.ValidationError, e:
+ self._update_errors(e.message_dict)
+
+
+class AdminViewChangeForm(forms.ModelForm):
+
+ def __init__(self, *args, **kwargs):
+ super(AdminViewChangeForm, self).__init__(*args, **kwargs)
+ self.fields["acs_objects"].widget = CheckboxSelectMultiple()
+ self.fields["acs_objects"].help_text = None
+ self.fields["views"].widget = CheckboxSelectMultiple()
+ self.fields["views"].help_text = None
+ self.fields["users"].widget = CheckboxSelectMultiple()
+ self.fields["users"].help_text = None
+ self.fields["roles"].widget = CheckboxSelectMultiple()
+ self.fields["roles"].help_text = None
+ self.fields["actions"].widget = CheckboxSelectMultiple()
+ self.fields["actions"].help_text = None
+ self.fields["activities"].widget = CheckboxSelectMultiple()
+ self.fields["activities"].help_text = None
+
+ class Meta:
+ model = View
+ fields = ("name", "acs_objects", "views", "users", "roles",
+ "actions", "activities")
+
+ def validate_unique(self):
+ exclude = self._get_validation_exclusions()
+ exclude.remove('namespace') # allow checking against the missing attribute
+
+ try:
+ self.instance.validate_unique(exclude=exclude)
+ except forms.ValidationError, e:
+ self._update_errors(e.message_dict)
+
+ def save(self, *args, **kwargs):
+ super(AdminViewChangeForm, self).save(*args, **kwargs)
+ self.instance.users = self.cleaned_data.get('users')
+ if len(args) > 0 and isinstance(args[0], User):
+ self.instance.users.add(args[0])
+ self.instance.save()
+
+
+class ActivityChangeForm(forms.ModelForm):
+
+ def __init__(self, *args, **kwargs):
+ super(ActivityChangeForm, self).__init__(*args, **kwargs)
+ self.fields["actions"].widget = CheckboxSelectMultiple()
+ self.fields["actions"].help_text = None
+ self.fields["activities"].widget = CheckboxSelectMultiple()
+ self.fields["activities"].help_text = None
+
+ class Meta:
+ model = Activity
+ fields = ("name", "actions", "activities")
+
+ def validate_unique(self):
+ exclude = self._get_validation_exclusions()
+ exclude.remove('namespace') # allow checking against the missing attribute
+
+ try:
+ self.instance.validate_unique(exclude=exclude)
+ except forms.ValidationError, e:
+ self._update_errors(e.message_dict)
+
+
class AddSourceForm(forms.ModelForm):
name = forms.RegexField(label=_("name"),
max_length=30, regex=r'^[\w.@+-]+$',
@@ -257,15 +378,6 @@ class AddSourceForm(forms.ModelForm):
model = Source
fields = ("name",)
- def clean_name(self):
- name = self.cleaned_data["name"]
- try:
- Source.objects.get(name=name)
- except Source.DoesNotExist:
- return name
- raise forms.ValidationError(\
- _("A source with that name already exists."))
-
def save(self, commit=True):
source = super(AddSourceForm, self).save(commit=False)
if commit:
@@ -327,69 +439,3 @@ _("Provide a user account if it is necessary to authenticate for binding."),
if commit:
source.save()
return source
-
-
-class RoleChangeForm(forms.ModelForm):
-
- def __init__(self, *args, **kwargs):
- super(RoleChangeForm, self).__init__(*args, **kwargs)
- self.fields["users"].widget = CheckboxSelectMultiple()
- self.fields["users"].help_text = None
- self.fields["roles"].widget = CheckboxSelectMultiple()
- self.fields["roles"].help_text = None
-
- class Meta:
- model = Role
-
-
-class AcsObjectChangeForm(forms.ModelForm):
-
- class Meta:
- model = AcsObject
-
-
-class ViewChangeForm(forms.ModelForm):
-
- def __init__(self, *args, **kwargs):
- super(ViewChangeForm, self).__init__(*args, **kwargs)
- self.fields["acs_objects"].widget = CheckboxSelectMultiple()
- self.fields["acs_objects"].help_text = None
- self.fields["views"].widget = CheckboxSelectMultiple()
- self.fields["views"].help_text = None
- self.fields["users"].widget = CheckboxSelectMultiple()
- self.fields["users"].help_text = None
- self.fields["roles"].widget = CheckboxSelectMultiple()
- self.fields["roles"].help_text = None
- self.fields["actions"].widget = CheckboxSelectMultiple()
- self.fields["actions"].help_text = None
- self.fields["activities"].widget = CheckboxSelectMultiple()
- self.fields["activities"].help_text = None
-
- class Meta:
- model = View
-
- def save(self, *args, **kwargs):
- super(ViewChangeForm, self).save(*args, **kwargs)
- self.instance.users = self.cleaned_data.get('users')
- if len(args) > 0 and isinstance(args[0], User):
- self.instance.users.add(args[0])
- self.instance.save()
-
-
-class ActionChangeForm(forms.ModelForm):
-
- class Meta:
- model = Action
-
-
-class ActivityChangeForm(forms.ModelForm):
-
- def __init__(self, *args, **kwargs):
- super(ActivityChangeForm, self).__init__(*args, **kwargs)
- self.fields["actions"].widget = CheckboxSelectMultiple()
- self.fields["actions"].help_text = None
- self.fields["activities"].widget = CheckboxSelectMultiple()
- self.fields["activities"].help_text = None
-
- class Meta:
- model = Activity
diff --git a/acs/main_views.py b/acs/main_views.py
index 62bc87c..8704a03 100644
--- a/acs/main_views.py
+++ b/acs/main_views.py
@@ -165,8 +165,8 @@ def index(request):
'add_abac_ldap_source': "Add a LDAP source of attributes"}
sources = Source.objects.all()
if sources:
- list_power_services['Generic user management']['list_abac_sources'] = \
- 'Modify a source of attributes'
+ list_power_services['Generic user management']\
+ ['list_abac_sources'] = 'Modify a source of attributes'
if policies or sources:
list_user_mgmt_services['list_users_for_aliases'] = \
'Manage user aliases or \
@@ -200,11 +200,14 @@ def index(request):
tpl_parameters['exploitation_services'] = list_exploitation_services
tpl_parameters['username'] = request.user.username
if is_root_administrator(request.user):
- tpl_parameters['special_role'] = _('You are a root administrator of A.C.S.')
+ tpl_parameters['special_role'] = \
+ _('You are a root administrator of A.C.S.')
elif is_user_administrator(request.user):
- tpl_parameters['special_role'] = _('You are a user administrator of A.C.S.')
+ tpl_parameters['special_role'] = \
+ _('You are a user administrator of A.C.S.')
elif is_abac_administrator(request.user):
- tpl_parameters['special_role'] = _('You are an abac administrator of A.C.S.')
+ tpl_parameters['special_role'] = \
+ _('You are an abac administrator of A.C.S.')
return render_to_response('index.html',
tpl_parameters,
context_instance=RequestContext(request))
@@ -341,7 +344,6 @@ def mod_policy(request):
'''Not just a self admin'''
list_user_services = {}
- list_abac_services = {}
list_object_services = {}
list_action_services = {}
list_services = {}
@@ -358,8 +360,8 @@ def mod_policy(request):
list_user_services['all_users_self_admin'] = \
"All users in this policy are set self administrators"
list_user_services['add_role'] = "Add a role"
- list_other_services['graph?type_graph=whole_policy'] = \
- "Display the whole policy"
+# list_other_services['graph?type_graph=whole_policy'] = \
+# "Display the whole policy"
if at_least_one_role_to_admin(request.user, policy):
list_user_services['list_roles'] = "Modify or delete a role"
@@ -369,7 +371,7 @@ def mod_policy(request):
list_object_services['add_view'] = "Add a view"
if at_least_one_object_to_admin(request.user, policy):
list_object_services['list_objects'] = \
- "Rename or delete an object"
+ "Modify or delete an object"
if at_least_one_view_to_admin(request.user, policy):
list_object_services['list_views'] = "Modify or delete a view"
@@ -472,13 +474,17 @@ def mod_policy(request):
else:
l = []
if is_policy_user_administrator(request.user, policy):
- l.append(_('User and Roles administrator of this policy.'))
+ l.append(\
+ _('User and Roles administrator of this policy.'))
if is_policy_abac_administrator(request.user, policy):
- l.append(_('ABAC administrator of this policy.'))
+ l.append(\
+ _('ABAC administrator of this policy.'))
if is_policy_object_creator(request.user, policy):
- l.append(_('Objects and Views administrator of this policy.'))
+ l.append(\
+ _('Objects and Views administrator of this policy.'))
if is_policy_action_creator(request.user, policy):
- l.append(_('Actions and Activities administrator of this policy.'))
+ l.append(\
+ _('Actions and Activities administrator of this policy.'))
if l:
tpl_parameters['special_roles'] = l
diff --git a/acs/models.py b/acs/models.py
index 2bd41a7..c9fa4a7 100644
--- a/acs/models.py
+++ b/acs/models.py
@@ -48,6 +48,7 @@ class UserAlias(models.Model):
class Meta:
verbose_name = _('alias')
verbose_name_plural = _('aliases')
+ unique_together = ("alias", "namespace")
def __unicode__(self):
if self.user:
@@ -71,7 +72,7 @@ class Role(models.Model):
class Meta:
verbose_name = _('role')
verbose_name_plural = _('roles')
- unique_together = (("name", "namespace"))
+ unique_together = ("name", "namespace")
def __unicode__(self):
return '%s in %s' %(self.name, self.namespace.name)
@@ -86,7 +87,7 @@ class Action(models.Model):
class Meta:
verbose_name = _('action')
verbose_name_plural = _('actions')
- unique_together = (("name", "namespace"))
+ unique_together = ("name", "namespace")
def __unicode__(self):
return '%s in %s' %(self.name, self.namespace.name)
@@ -106,7 +107,7 @@ class Activity(models.Model):
class Meta:
verbose_name = _('activity')
verbose_name_plural = _('activities')
- unique_together = (("name", "namespace"))
+ unique_together = ("name", "namespace")
def __unicode__(self):
return '%s in %s' %(self.name, self.namespace.name)
@@ -131,7 +132,7 @@ class AcsObject(models.Model):
class Meta:
verbose_name = _('object')
verbose_name_plural = _('objects')
- unique_together = (("name", "namespace"))
+ unique_together = ("name", "namespace")
def __unicode__(self):
if self.regex:
@@ -166,7 +167,7 @@ class View(models.Model):
class Meta:
verbose_name = _('view')
verbose_name_plural = _('views')
- unique_together = (("name", "namespace"))
+ unique_together = ("name", "namespace")
def __unicode__(self):
return '%s in %s' %(self.name, self.namespace.name)
diff --git a/acs/templates/add_alias_only.html b/acs/templates/add_alias_only.html
index 80d8f59..f69c087 100644
--- a/acs/templates/add_alias_only.html
+++ b/acs/templates/add_alias_only.html
@@ -21,6 +21,7 @@
diff --git a/acs/templates/list_abac_permissions.html b/acs/templates/list_abac_permissions.html
index a936ada..227e694 100644
--- a/acs/templates/list_abac_permissions.html
+++ b/acs/templates/list_abac_permissions.html
@@ -21,7 +21,7 @@
{% if list_any %}
{% for p in list_any %}
- -
+
-
{{ p }}