entrouvert
/
veridic
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity
This repository has been archived on 2023-02-21. You can view files and clone it, but cannot push or open issues or pull requests.
veridic/acs/templates/add_abac_permission.html

536 lines
29 KiB
HTML
Raw Blame History

{% extends "base.html" %}
{% load i18n %}
{% load acs_filters %}
{% block content %}
{% if title %}
<h2>{{ title }}</h2>
{% endif %}
{% if messages %}
<p>
<ul class="messages">
{% for message in messages %}
<li{% if message.tags %} class="{{ message.tags }}"{% endif %}>{{ message }}</li>
{% endfor %}
</ul>
</p>
{% endif %}
<div>
<p>
<h3>{% trans "Predicate Definitions" %}</h3>
{% if working_predicate %}
<p>
<strong>{% trans "Define this predicate:" %}</strong>
{% if working_predicate.type == "urn:entrouvert:acs:constants:predicate-required" %}
{% if working_predicate.definition_name %}
<p>
{% trans "The working predicate is" %} <strong>{{ working_predicate.definition_name }} {% trans "is required" %}</strong>.
{% if working_predicate.singlevalued %}{% trans "The attribute must be single-valued." %}{% endif %}
</p>
{% else %}
<p>{% trans "The working predicate is of type" %} <strong>{% trans "predicate required" %}</strong>.</p>
{% endif %}
{% if working_predicate.definition_name %}
{% if working_predicate.singlevalued and not working_predicate.sources_selected or not working_predicate.singlevalued%}
<p>{% trans "Add a source:" %}
<form method="post" action="">
<select name="source_id" id="source">
{% for source in sources %}
<option value="{{ source.id }}">{{ source.name }}</option>
{% endfor %}
</select>
<input type="submit" name="select_source" value="{% trans "Add" %}"/>
</form>
</p>
{% endif %}
{% if working_predicate.sources_selected %}
<p>{% trans "Source already defined:" %}
<ul>
{% for s_id, s_name in working_predicate.sources_selected %}
<li><strong>{{ s_name }}</strong></option>
{% endfor %}
</ul>
</p>
<p>
<form method="post" action="">
<input type="submit" name="close_working_predicate" value="{% trans "Finish predicate" %}"/>
</form>
</p>
{% endif %}
{% else %}
<form method="post" action="">
<p>{% trans "Choose an attribute definition:" %}
<select name="attribute_definition_id" id="attribute_definition">
{% for attr_definition in attribute_definitions %}
<option value="{{ attr_definition.id }}">{{ attr_definition.attribute_name }}</option>
{% endfor %}
</select>
</p>
<p>
{% trans "You can indicate that an attribute might be provided by one source among many, it is a or statement. Then, you can't enforce that an attribute be provided by a unique source among multiple. You can not also enforce singlevalued attributes if you want to let the choice in the source. Then, if you want that an attribute be single-valued, you will only be authorized to select one source. If you want single-valued attribute but let the choice in the source, you have to declare multiple predicate." %}
</p>
<p>
<label>{% trans "Check the following box if you want to require that the attribute provided be single-valued." %}</label>
<input type="checkbox" name="singlevalued" value="singlevalued"/>
</p>
<p>
<input type="submit" name="select_attribute_definition" value="{% trans "Ok" %}"/>
</p>
</form>
{% endif %}
{% else %}
{% if working_predicate.type == "urn:entrouvert:acs:constants:predicate-role" %}
{% if working_predicate.role %}
<p>
{% trans "The working predicate is role" %} <strong>{{ working_predicate.role }} {% trans "is required" %}</strong>.
</p>
<p>
<form method="post" action="">
<input type="submit" name="close_working_predicate" value="{% trans "Finish predicate" %}"/>
</form>
</p>
{% else %}
<p>{% trans "The working predicate is of type" %} <strong>{% trans "role required" %}</strong>.</p>
<form method="post" action="">
<p>{% trans "Choose a role" %}:
<select name="role_id" id="role">
{% for role in roles %}
<option value="{{ role.id }}">{{ role.name }}</option>
{% endfor %}
</select>
<p>
<input type="submit" name="select_role" value="{% trans "Choose" %}"/>
</p>
</p>
</form>
{% endif %}
{% else %}
<p>{% trans "The working predicate is of type" %} <strong>{{ working_predicate.type_friendly }}</strong>.</p>
{% if not working_predicate.multivalues_step_one %}
<form method="post" action="">
<p>
{% trans "The predicate have two operands. The first one indicate an attribute expected from a source. The second one might be one or multiple values, or an a different attribute from the same source, or another attribute issued from a different source." %}
</p>
<p>
{% trans "You can indicate that an attribute might be provided by one source among many, it is a or statement. Then, you can't enforce that an attribute be provided by a unique source among multiple. You can not also enforce singlevalued attributes if you want to let the choice in the source. Then, if you want that an attribute be single-valued, you will only be authorized to select one source. If you want single-valued attribute but let the choice in the source, you have to declare multiple predicate." %}
</p>
<p>
{% trans "If you authorize that an attribute be multivalued or you to let the choice in sources, you will be prompt to choose how multivalues must be handled." %}
</p>
<p>
{% trans "By checking the following box you indicate that the operand one must be single-valued." %}
<input type="checkbox" name="operandone_singlevalued" value="singlevalued"/>
</p>
<p>
{% trans "By checking the following box you indicate that the opernad two must be single-valued or that you wish indicate a unique value of comparison." %}
<input type="checkbox" name="operandtwo_singlevalued" value="singlevalued"/>
</p>
<input type="submit" name="select_multivalue_step_one" value="{% trans "Ok" %}"/>
</form>
{% else %}
<p>
{% if working_predicate.operandone_singlevalued %}
{% trans "Operand one must be single-valued." %}
{% else %}
{% trans "Operand one may be multivalued." %}
{% endif %}
{% if working_predicate.operandtwo_singlevalued %}
{% trans "Operand two must be single-valued." %}
{% else %}
{% trans "Operand two may be multivalued." %}
{% endif %}
</p>
{% if not working_predicate.multivalues_step_two %}
<p>{% trans "Choose how multivalued attribued are compared:" %}
<form method="post" action="">
<select name="multivalues" id="multivalues">
{% for multivalue, f_multivalue in multivalues %}
<option value="{{ multivalue }}">{{ f_multivalue }}</option>
{% endfor %}
</select>
<input type="submit" name="select_multivalue_step_two" value="{% trans "Ok" %}"/>
</form>
</p>
{% else %}
<p>{{ working_predicate.multivalues_explanation }}</p>
{% if working_predicate.operand1_defined %}
<p>{% trans "Operand one is attribute" %} <strong>{{ working_predicate.operand1_defined.definition_name }}</strong>
{% if working_predicate.operand1_defined.type == "definition" %}
{% trans " from" %}(
{% for s_id, s_name in working_predicate.operand1_defined.sources_selected %}
<strong>{{ s_name }}</strong>,
{% endfor %})<p/>
{% else %}
{% trans "of values" %}(
{% for value in working_predicate.operand1_defined.values_selected %}
<strong>{{ value }}</strong>,
{% endfor %})<p/>
{% endif %}
{% endif %}
{% if working_predicate.operand2_defined %}
{% if working_predicate.operand2_defined.type == "definition" %}
<p>{% trans "Operand two is attribute" %} <strong>{{ working_predicate.operand2_defined.definition_name }}</strong>
{% trans " from" %}(
{% for s_id, s_name in working_predicate.operand2_defined.sources_selected %}
<strong>{{ s_name }}</strong>,
{% endfor %})<p/>
{% else %}
<p>{% trans "Compared with values" %}(
{% for value in working_predicate.operand2_defined.values_selected %}
<strong>{{ value }}</strong>,
{% endfor %})<p/>
{% endif %}
{% endif %}
{% if not working_predicate.operand1_defined or not working_predicate.operand2_defined %}
{% if not working_predicate.working_operand %}
<form method="post" action="">
<p>{% trans "Compared with" %}:</p>
<ul>
<li>
<p>{% trans "the same attribute from another source or a different attribute" %}</p>
<input type="submit" name="operand_is_definition" value="{% trans "Attribute" %}"/>
</li>
<li>
<p>{% trans "with one or multiple values" %}</p>
<input type="submit" name="operand_is_definition_data" value="{% trans "Value" %}"/>
</li>
</ul>
</form>
</p>
{% else %}
{% if not working_predicate.working_operand.definition_name %}
{% if not working_predicate.operand1_defined %}
<p>{% trans "Choose an attribute as operand one of the comparison:" %}
{% else %}
<p>{% trans "Choose an attribute as operand two of the comparison:" %}
{% endif %}
<form method="post" action="">
<select name="attribute_definition_id" id="attribute_definition">
{% for attr_definition in attribute_definitions %}
<option value="{{ attr_definition.id }}">{{ attr_definition.attribute_name }}</option>
{% endfor %}
</select>
<input type="submit" name="select_attribute_definition_operand" value="{% trans "Ok" %}"/>
</form>
</p>
{% else %}
{% if working_predicate.working_operand.type == "definition" %}
{% if not working_predicate.operand1_defined %}
<p>{% trans "Operand one is the attribute" %} <strong>{{ working_predicate.working_operand.definition_name }}</strong></p>
{% if working_predicate.operandone_singlevalued and not working_predicate.working_operand.sources_selected or not working_predicate.operandone_singlevalued%}
<p>{% trans "From:" %}
<form method="post" action="">
<select name="source_operand_id" id="source">
{% for source in sources %}
<option value="{{ source.id }}">{{ source.name }}</option>
{% endfor %}
</select>
<input type="submit" name="select_source_operand" value="{% trans "Add" %}"/>
</form>
</p>
{% endif %}
{% else %}
<p>{% trans "Operand two is the attribute" %} <strong>{{ working_predicate.working_operand.definition_name }}</strong></p>
{% if working_predicate.operandtwo_singlevalued and not working_predicate.working_operand.sources_selected or not working_predicate.operandtwo_singlevalued%}
<p>{% trans "From:" %}
<form method="post" action="">
<select name="source_operand_id" id="source">
{% for source in sources %}
<option value="{{ source.id }}">{{ source.name }}</option>
{% endfor %}
</select>
<input type="submit" name="select_source_operand" value="{% trans "Add" %}"/>
</form>
</p>
{% endif %}
{% endif %}
{% if working_predicate.working_operand.sources_selected %}
<p>{% trans "Sources already defined:" %}
<ul>
{% for s_id, s_name in working_predicate.working_operand.sources_selected %}
<li><strong>{{ s_name }}</strong></option>
{% endfor %}
</ul>
</p>
<p>
<form method="post" action="">
<input type="submit" name="close_working_operand" value="{% trans "Finish operand" %}"/>
</form>
</p>
{% endif %}
{% else %}
<p>{% trans "Compared with..." %}</p>
{% if not working_predicate.operand1_defined %}
{% if working_predicate.operandone_singlevalued and not working_predicate.working_operand.values_selected or not working_predicate.operandone_singlevalued%}
<p>{% trans "Add a value:" %}
<form method="post" action="">
<input type="text" name="value_operand" label="{% trans "Give a value to test" %}"/>
<input type="submit" name="value_operand_submitted" value="{% trans "Add" %}"/>
</form>
</p>
{% endif %}
{% else %}
{% if working_predicate.operandtwo_singlevalued and not working_predicate.working_operand.values_selected or not working_predicate.operandtwo_singlevalued%}
<p>{% trans "Add a value:" %}
<form method="post" action="">
<input type="text" name="value_operand" label="{% trans "Give a value to test" %}"/>
<input type="submit" name="value_operand_submitted" value="{% trans "Add" %}"/>
</form>
</p>
{% endif %}
{% endif %}
{% if working_predicate.working_operand.values_selected %}
<p>{% trans "Values already defined:" %}
<ul>
{% for v_value in working_predicate.working_operand.values_selected %}
<li><strong>{{ v_value }}</strong></option>
{% endfor %}
</ul>
</p>
<p>
<form method="post" action="">
<input type="submit" name="close_working_operand" value="{% trans "Finish operand" %}"/>
</form>
</p>
{% endif %}
{% endif %}
{% endif %}
<!--<p>
<br style="clear: both;"/>
<form method="post" action="">
<input type="submit" name="delete_working_operand" value="{% trans "Cancel operand" %}"/>
</form>
<p>-->
{% endif %}
{% else %}
<p>
<form method="post" action="">
<input type="submit" name="close_working_predicate" value="{% trans "Finish predicate" %}"/>
</form>
</p>
{% endif %}
{% endif %}
{% endif %}
{% endif %}
{% endif %}
<br style="clear: both;"/>
<form method="post" action="">
<input type="submit" name="delete_working_predicate" value="{% trans "Cancel predicate" %}"/>
</form>
</p>
{% endif %}
{% if predicates %}
<p>
<strong>{% trans "Predicates already defined:" %}</strong>
<ul>
{% for p_id, predicate in predicates %}
<li>
<ul>
<li>{% trans "Predicate identifier:" %} <strong>{{ p_id }}</strong></li>
<li>
{% if predicate.type == "urn:entrouvert:acs:constants:predicate-required" %}
{% trans "The predicate is " %} <strong>{% trans "attribute" %} {{ predicate.definition_name }} {% trans "is required." %}</strong>
{% if predicate.singlevalued %}{% trans "The attribute must be single-valued." %}{% endif %}
{% trans "It is expected from" %}(
{% for s_id, s_name in predicate.sources_selected %}
<strong>{{ s_name }}</strong>,
{% endfor %})
{% else %}
{% if predicate.type == "urn:entrouvert:acs:constants:predicate-role" %}
<p>
{% trans "The predicate is role" %} <strong>{{ predicate.role }} {% trans "is required" %}</strong>.
</p>
{% else %}
<p><strong>{{ predicate.type_friendly }}</strong><p/>
<p>
{% if predicate.operandone_singlevalued %}
{% trans "Operand one must be single-valued." %}
{% else %}
{% trans "Operand one may be multivalued." %}
{% endif %}
{% if predicate.operandtwo_singlevalued %}
{% trans "Operand two must be single-valued." %}
{% else %}
{% trans "Operand two may be multivalued." %}
{% endif %}
</p>
<p>{{ predicate.multivalues_explanation }}</p>
<p>{% trans "Operand one is attribute" %} <strong>{{ predicate.operand1_defined.definition_name }}</strong>
{% if predicate.operand1_defined.type == "definition" %}
{% trans " from" %}(
{% for s_id, s_name in predicate.operand1_defined.sources_selected %}
<strong>{{ s_name }}</strong>,
{% endfor %})<p/>
{% else %}
{% trans "of values" %}(
{% for value in predicate.operand1_defined.values_selected %}
<strong>{{ value }}</strong>,
{% endfor %})<p/>
{% endif %}
{% if predicate.operand2_defined.type == "definition" %}
<p>{% trans "Operand two is attribute" %} <strong>{{ predicate.operand2_defined.definition_name }}</strong>
{% trans " from" %}(
{% for s_id, s_name in predicate.operand2_defined.sources_selected %}
<strong>{{ s_name }}</strong>,
{% endfor %})<p/>
{% else %}
<p>{% trans "Compared with values" %}(
{% for value in predicate.operand2_defined.values_selected %}
<strong>{{ value }}</strong>,
{% endfor %})<p/>
{% endif %}
{% endif %}
{% endif %}
</li>
<br style="clear: both;"/>
<form method="post" action="">
<input type="hidden" name="predicate_id" value="{{ p_id }}"/>
<input type="submit" name="delete_predicate" value="{% trans "Delete" %}"/>
</form>
</ul>
</li>
<br style="clear: both;"/>
{% endfor %}
</ul>
</p>
{% endif %}
{% if predicate_types %}
<p>
<strong>{% trans "Add a new predicate:" %}</strong>
<br style="clear: both;"/>
<form method="post" action="">
<select name="predicate_type" id="id_new_predicate">
{% for predicate_type, friendly_name in predicate_types %}
<option value="{{ predicate_type }}">{{ friendly_name }}</option>
{% endfor %}
</select>
<input type="submit" name="new_predicate" value="{% trans "Add a predicate" %}"/>
</form>
</p>
{% endif %}
</p>
{% if predicates %}
<p>
<h3>{% trans "Define the logic expression combining predicates" %}</h3>
<strong>{% trans "Use the predicates identifier. AND is '&', OR is '|', NOT is '-'. Use parenthesis for priority." %} (e.g. (1&2)|(-3))</strong>
<br style="clear: both;"/>
<form method="post" action="">
<input type="text" name="rule_string" label="{% trans "Define rule" %}" {% if rule %}value="{{ rule }}"{% endif %}/>
<input type="submit" name="set_rule" value="{% trans "Set" %}"/>
</form>
<p>
{% if rule %}
{% if what_to_display and how_to_display %}
<form method="post" action="">
{% if who_to_display %}
<p>
<h3>{% trans "Who" %}</h3>
<p>{% trans "Usually an ABAC is set for 'Anybody' since the access is granted to anybody able to satisfy the abac rule, including having roles. However who may choos a user in the list below to indicate that you want to grant an access to a user only if the user also satisfy the rule." %}
</p>
<select name="who_matches" id="id_who_matches">
<option value="_">-- {% trans "Anybody" %} --</option>
{% for it in who_to_display %}
{% if it|klass == "UserAlias" %}
<option value="{{ it.id }}_{{ it|klass }}">{{ it.alias }}</option>
{% endif %}
{% endfor %}
</select>
</p>
{% endif %}
<p>
<h3>{% trans "What" %}</h3>
<select name="what_matches" id="id_what_matches">
{% for it in what_to_display %}
<option value="{{ it.id }}_{{ it|klass }}">{{ it.name }}</option>
{% endfor %}
</select>
</p>
<p>
<h3>{% trans "How" %}</h3>
<select name="how_matches" id="id_how_matches">
{% for it in how_to_display %}
<option value="{{ it.id }}_{{ it|klass }}">{{ it.name }}</option>
{% endfor %}
</select>
</p>
<p>
<br style="clear: both;"/>
<input type="submit" name="add_permission" value="{% trans "Add permission" %}"/>
</p>
</form>
{% else %}
{% if not working_predicate %}
<p>{% trans 'You have not enough rights or there is not enough material in the policy to set a to set a permission.' %}</p>
{% endif %}
{% endif %}
{% endif %}
<br style="clear: both;"/>
<form method="post" action="">
<input type="submit" name="cancel_all" value="{% trans "Cancel permission creation" %}"/>
</form>
{% endif %}
</div>
<div class="right">
<a class="back" href="/">{% trans "Back" %}</a>
</div>
{% endblock %}
View Git Blame Copy Permalink