536 lines
29 KiB
HTML
536 lines
29 KiB
HTML
{% extends "base.html" %}
|
|
{% load i18n %}
|
|
{% load acs_filters %}
|
|
|
|
{% block content %}
|
|
|
|
{% if title %}
|
|
<h2>{{ title }}</h2>
|
|
{% endif %}
|
|
|
|
{% if messages %}
|
|
<p>
|
|
<ul class="messages">
|
|
{% for message in messages %}
|
|
<li{% if message.tags %} class="{{ message.tags }}"{% endif %}>{{ message }}</li>
|
|
{% endfor %}
|
|
</ul>
|
|
</p>
|
|
{% endif %}
|
|
|
|
<div>
|
|
<p>
|
|
<h3>{% trans "Predicate Definitions" %}</h3>
|
|
|
|
{% if working_predicate %}
|
|
<p>
|
|
<strong>{% trans "Define this predicate:" %}</strong>
|
|
|
|
{% if working_predicate.type == "urn:entrouvert:acs:constants:predicate-required" %}
|
|
|
|
{% if working_predicate.definition_name %}
|
|
<p>
|
|
{% trans "The working predicate is" %} <strong>{{ working_predicate.definition_name }} {% trans "is required" %}</strong>.
|
|
{% if working_predicate.singlevalued %}{% trans "The attribute must be single-valued." %}{% endif %}
|
|
</p>
|
|
{% else %}
|
|
<p>{% trans "The working predicate is of type" %} <strong>{% trans "predicate required" %}</strong>.</p>
|
|
{% endif %}
|
|
|
|
{% if working_predicate.definition_name %}
|
|
|
|
{% if working_predicate.singlevalued and not working_predicate.sources_selected or not working_predicate.singlevalued%}
|
|
<p>{% trans "Add a source:" %}
|
|
<form method="post" action="">
|
|
<select name="source_id" id="source">
|
|
{% for source in sources %}
|
|
<option value="{{ source.id }}">{{ source.name }}</option>
|
|
{% endfor %}
|
|
</select>
|
|
<input type="submit" name="select_source" value="{% trans "Add" %}"/>
|
|
</form>
|
|
</p>
|
|
{% endif %}
|
|
|
|
{% if working_predicate.sources_selected %}
|
|
<p>{% trans "Source already defined:" %}
|
|
<ul>
|
|
{% for s_id, s_name in working_predicate.sources_selected %}
|
|
<li><strong>{{ s_name }}</strong></option>
|
|
{% endfor %}
|
|
</ul>
|
|
</p>
|
|
<p>
|
|
<form method="post" action="">
|
|
<input type="submit" name="close_working_predicate" value="{% trans "Finish predicate" %}"/>
|
|
</form>
|
|
</p>
|
|
{% endif %}
|
|
|
|
{% else %}
|
|
|
|
<form method="post" action="">
|
|
<p>{% trans "Choose an attribute definition:" %}
|
|
<select name="attribute_definition_id" id="attribute_definition">
|
|
{% for attr_definition in attribute_definitions %}
|
|
<option value="{{ attr_definition.id }}">{{ attr_definition.attribute_name }}</option>
|
|
{% endfor %}
|
|
</select>
|
|
</p>
|
|
<p>
|
|
{% trans "You can indicate that an attribute might be provided by one source among many, it is a or statement. Then, you can't enforce that an attribute be provided by a unique source among multiple. You can not also enforce singlevalued attributes if you want to let the choice in the source. Then, if you want that an attribute be single-valued, you will only be authorized to select one source. If you want single-valued attribute but let the choice in the source, you have to declare multiple predicate." %}
|
|
</p>
|
|
<p>
|
|
<label>{% trans "Check the following box if you want to require that the attribute provided be single-valued." %}</label>
|
|
<input type="checkbox" name="singlevalued" value="singlevalued"/>
|
|
</p>
|
|
<p>
|
|
<input type="submit" name="select_attribute_definition" value="{% trans "Ok" %}"/>
|
|
</p>
|
|
</form>
|
|
|
|
{% endif %}
|
|
|
|
{% else %}
|
|
|
|
{% if working_predicate.type == "urn:entrouvert:acs:constants:predicate-role" %}
|
|
|
|
{% if working_predicate.role %}
|
|
<p>
|
|
{% trans "The working predicate is role" %} <strong>{{ working_predicate.role }} {% trans "is required" %}</strong>.
|
|
</p>
|
|
<p>
|
|
<form method="post" action="">
|
|
<input type="submit" name="close_working_predicate" value="{% trans "Finish predicate" %}"/>
|
|
</form>
|
|
</p>
|
|
{% else %}
|
|
<p>{% trans "The working predicate is of type" %} <strong>{% trans "role required" %}</strong>.</p>
|
|
<form method="post" action="">
|
|
<p>{% trans "Choose a role" %}:
|
|
<select name="role_id" id="role">
|
|
{% for role in roles %}
|
|
<option value="{{ role.id }}">{{ role.name }}</option>
|
|
{% endfor %}
|
|
</select>
|
|
<p>
|
|
<input type="submit" name="select_role" value="{% trans "Choose" %}"/>
|
|
</p>
|
|
</p>
|
|
</form>
|
|
{% endif %}
|
|
|
|
{% else %}
|
|
|
|
<p>{% trans "The working predicate is of type" %} <strong>{{ working_predicate.type_friendly }}</strong>.</p>
|
|
|
|
{% if not working_predicate.multivalues_step_one %}
|
|
|
|
<form method="post" action="">
|
|
<p>
|
|
{% trans "The predicate have two operands. The first one indicate an attribute expected from a source. The second one might be one or multiple values, or an a different attribute from the same source, or another attribute issued from a different source." %}
|
|
</p>
|
|
<p>
|
|
{% trans "You can indicate that an attribute might be provided by one source among many, it is a or statement. Then, you can't enforce that an attribute be provided by a unique source among multiple. You can not also enforce singlevalued attributes if you want to let the choice in the source. Then, if you want that an attribute be single-valued, you will only be authorized to select one source. If you want single-valued attribute but let the choice in the source, you have to declare multiple predicate." %}
|
|
</p>
|
|
<p>
|
|
{% trans "If you authorize that an attribute be multivalued or you to let the choice in sources, you will be prompt to choose how multivalues must be handled." %}
|
|
</p>
|
|
<p>
|
|
{% trans "By checking the following box you indicate that the operand one must be single-valued." %}
|
|
<input type="checkbox" name="operandone_singlevalued" value="singlevalued"/>
|
|
</p>
|
|
<p>
|
|
{% trans "By checking the following box you indicate that the opernad two must be single-valued or that you wish indicate a unique value of comparison." %}
|
|
<input type="checkbox" name="operandtwo_singlevalued" value="singlevalued"/>
|
|
</p>
|
|
<input type="submit" name="select_multivalue_step_one" value="{% trans "Ok" %}"/>
|
|
</form>
|
|
|
|
{% else %}
|
|
|
|
<p>
|
|
{% if working_predicate.operandone_singlevalued %}
|
|
{% trans "Operand one must be single-valued." %}
|
|
{% else %}
|
|
{% trans "Operand one may be multivalued." %}
|
|
{% endif %}
|
|
{% if working_predicate.operandtwo_singlevalued %}
|
|
{% trans "Operand two must be single-valued." %}
|
|
{% else %}
|
|
{% trans "Operand two may be multivalued." %}
|
|
{% endif %}
|
|
</p>
|
|
|
|
{% if not working_predicate.multivalues_step_two %}
|
|
<p>{% trans "Choose how multivalued attribued are compared:" %}
|
|
<form method="post" action="">
|
|
<select name="multivalues" id="multivalues">
|
|
{% for multivalue, f_multivalue in multivalues %}
|
|
<option value="{{ multivalue }}">{{ f_multivalue }}</option>
|
|
{% endfor %}
|
|
</select>
|
|
<input type="submit" name="select_multivalue_step_two" value="{% trans "Ok" %}"/>
|
|
</form>
|
|
</p>
|
|
{% else %}
|
|
|
|
<p>{{ working_predicate.multivalues_explanation }}</p>
|
|
|
|
{% if working_predicate.operand1_defined %}
|
|
<p>{% trans "Operand one is attribute" %} <strong>{{ working_predicate.operand1_defined.definition_name }}</strong>
|
|
{% if working_predicate.operand1_defined.type == "definition" %}
|
|
{% trans " from" %}(
|
|
{% for s_id, s_name in working_predicate.operand1_defined.sources_selected %}
|
|
<strong>{{ s_name }}</strong>,
|
|
{% endfor %})<p/>
|
|
{% else %}
|
|
{% trans "of values" %}(
|
|
{% for value in working_predicate.operand1_defined.values_selected %}
|
|
<strong>{{ value }}</strong>,
|
|
{% endfor %})<p/>
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if working_predicate.operand2_defined %}
|
|
{% if working_predicate.operand2_defined.type == "definition" %}
|
|
<p>{% trans "Operand two is attribute" %} <strong>{{ working_predicate.operand2_defined.definition_name }}</strong>
|
|
{% trans " from" %}(
|
|
{% for s_id, s_name in working_predicate.operand2_defined.sources_selected %}
|
|
<strong>{{ s_name }}</strong>,
|
|
{% endfor %})<p/>
|
|
{% else %}
|
|
<p>{% trans "Compared with values" %}(
|
|
{% for value in working_predicate.operand2_defined.values_selected %}
|
|
<strong>{{ value }}</strong>,
|
|
{% endfor %})<p/>
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if not working_predicate.operand1_defined or not working_predicate.operand2_defined %}
|
|
{% if not working_predicate.working_operand %}
|
|
<form method="post" action="">
|
|
<p>{% trans "Compared with" %}:</p>
|
|
<ul>
|
|
<li>
|
|
<p>{% trans "the same attribute from another source or a different attribute" %}</p>
|
|
<input type="submit" name="operand_is_definition" value="{% trans "Attribute" %}"/>
|
|
</li>
|
|
<li>
|
|
<p>{% trans "with one or multiple values" %}</p>
|
|
<input type="submit" name="operand_is_definition_data" value="{% trans "Value" %}"/>
|
|
</li>
|
|
</ul>
|
|
</form>
|
|
</p>
|
|
{% else %}
|
|
{% if not working_predicate.working_operand.definition_name %}
|
|
{% if not working_predicate.operand1_defined %}
|
|
<p>{% trans "Choose an attribute as operand one of the comparison:" %}
|
|
{% else %}
|
|
<p>{% trans "Choose an attribute as operand two of the comparison:" %}
|
|
{% endif %}
|
|
<form method="post" action="">
|
|
<select name="attribute_definition_id" id="attribute_definition">
|
|
{% for attr_definition in attribute_definitions %}
|
|
<option value="{{ attr_definition.id }}">{{ attr_definition.attribute_name }}</option>
|
|
{% endfor %}
|
|
</select>
|
|
<input type="submit" name="select_attribute_definition_operand" value="{% trans "Ok" %}"/>
|
|
</form>
|
|
</p>
|
|
{% else %}
|
|
{% if working_predicate.working_operand.type == "definition" %}
|
|
{% if not working_predicate.operand1_defined %}
|
|
<p>{% trans "Operand one is the attribute" %} <strong>{{ working_predicate.working_operand.definition_name }}</strong></p>
|
|
{% if working_predicate.operandone_singlevalued and not working_predicate.working_operand.sources_selected or not working_predicate.operandone_singlevalued%}
|
|
<p>{% trans "From:" %}
|
|
<form method="post" action="">
|
|
<select name="source_operand_id" id="source">
|
|
{% for source in sources %}
|
|
<option value="{{ source.id }}">{{ source.name }}</option>
|
|
{% endfor %}
|
|
</select>
|
|
<input type="submit" name="select_source_operand" value="{% trans "Add" %}"/>
|
|
</form>
|
|
</p>
|
|
{% endif %}
|
|
{% else %}
|
|
<p>{% trans "Operand two is the attribute" %} <strong>{{ working_predicate.working_operand.definition_name }}</strong></p>
|
|
{% if working_predicate.operandtwo_singlevalued and not working_predicate.working_operand.sources_selected or not working_predicate.operandtwo_singlevalued%}
|
|
<p>{% trans "From:" %}
|
|
<form method="post" action="">
|
|
<select name="source_operand_id" id="source">
|
|
{% for source in sources %}
|
|
<option value="{{ source.id }}">{{ source.name }}</option>
|
|
{% endfor %}
|
|
</select>
|
|
<input type="submit" name="select_source_operand" value="{% trans "Add" %}"/>
|
|
</form>
|
|
</p>
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if working_predicate.working_operand.sources_selected %}
|
|
<p>{% trans "Sources already defined:" %}
|
|
<ul>
|
|
{% for s_id, s_name in working_predicate.working_operand.sources_selected %}
|
|
<li><strong>{{ s_name }}</strong></option>
|
|
{% endfor %}
|
|
</ul>
|
|
</p>
|
|
<p>
|
|
<form method="post" action="">
|
|
<input type="submit" name="close_working_operand" value="{% trans "Finish operand" %}"/>
|
|
</form>
|
|
</p>
|
|
{% endif %}
|
|
|
|
{% else %}
|
|
<p>{% trans "Compared with..." %}</p>
|
|
|
|
{% if not working_predicate.operand1_defined %}
|
|
{% if working_predicate.operandone_singlevalued and not working_predicate.working_operand.values_selected or not working_predicate.operandone_singlevalued%}
|
|
<p>{% trans "Add a value:" %}
|
|
<form method="post" action="">
|
|
<input type="text" name="value_operand" label="{% trans "Give a value to test" %}"/>
|
|
<input type="submit" name="value_operand_submitted" value="{% trans "Add" %}"/>
|
|
</form>
|
|
</p>
|
|
{% endif %}
|
|
{% else %}
|
|
{% if working_predicate.operandtwo_singlevalued and not working_predicate.working_operand.values_selected or not working_predicate.operandtwo_singlevalued%}
|
|
<p>{% trans "Add a value:" %}
|
|
<form method="post" action="">
|
|
<input type="text" name="value_operand" label="{% trans "Give a value to test" %}"/>
|
|
<input type="submit" name="value_operand_submitted" value="{% trans "Add" %}"/>
|
|
</form>
|
|
</p>
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% if working_predicate.working_operand.values_selected %}
|
|
<p>{% trans "Values already defined:" %}
|
|
<ul>
|
|
{% for v_value in working_predicate.working_operand.values_selected %}
|
|
<li><strong>{{ v_value }}</strong></option>
|
|
{% endfor %}
|
|
</ul>
|
|
</p>
|
|
<p>
|
|
<form method="post" action="">
|
|
<input type="submit" name="close_working_operand" value="{% trans "Finish operand" %}"/>
|
|
</form>
|
|
</p>
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
{% endif %}
|
|
<!--<p>
|
|
<br style="clear: both;"/>
|
|
<form method="post" action="">
|
|
<input type="submit" name="delete_working_operand" value="{% trans "Cancel operand" %}"/>
|
|
</form>
|
|
<p>-->
|
|
{% endif %}
|
|
{% else %}
|
|
<p>
|
|
<form method="post" action="">
|
|
<input type="submit" name="close_working_predicate" value="{% trans "Finish predicate" %}"/>
|
|
</form>
|
|
</p>
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
|
|
<br style="clear: both;"/>
|
|
<form method="post" action="">
|
|
<input type="submit" name="delete_working_predicate" value="{% trans "Cancel predicate" %}"/>
|
|
</form>
|
|
</p>
|
|
{% endif %}
|
|
|
|
{% if predicates %}
|
|
<p>
|
|
<strong>{% trans "Predicates already defined:" %}</strong>
|
|
<ul>
|
|
{% for p_id, predicate in predicates %}
|
|
<li>
|
|
<ul>
|
|
<li>{% trans "Predicate identifier:" %} <strong>{{ p_id }}</strong></li>
|
|
<li>
|
|
{% if predicate.type == "urn:entrouvert:acs:constants:predicate-required" %}
|
|
{% trans "The predicate is " %} <strong>{% trans "attribute" %} {{ predicate.definition_name }} {% trans "is required." %}</strong>
|
|
{% if predicate.singlevalued %}{% trans "The attribute must be single-valued." %}{% endif %}
|
|
{% trans "It is expected from" %}(
|
|
{% for s_id, s_name in predicate.sources_selected %}
|
|
<strong>{{ s_name }}</strong>,
|
|
{% endfor %})
|
|
{% else %}
|
|
|
|
|
|
{% if predicate.type == "urn:entrouvert:acs:constants:predicate-role" %}
|
|
|
|
<p>
|
|
{% trans "The predicate is role" %} <strong>{{ predicate.role }} {% trans "is required" %}</strong>.
|
|
</p>
|
|
|
|
{% else %}
|
|
|
|
<p><strong>{{ predicate.type_friendly }}</strong><p/>
|
|
|
|
<p>
|
|
{% if predicate.operandone_singlevalued %}
|
|
{% trans "Operand one must be single-valued." %}
|
|
{% else %}
|
|
{% trans "Operand one may be multivalued." %}
|
|
{% endif %}
|
|
{% if predicate.operandtwo_singlevalued %}
|
|
{% trans "Operand two must be single-valued." %}
|
|
{% else %}
|
|
{% trans "Operand two may be multivalued." %}
|
|
{% endif %}
|
|
</p>
|
|
|
|
<p>{{ predicate.multivalues_explanation }}</p>
|
|
|
|
<p>{% trans "Operand one is attribute" %} <strong>{{ predicate.operand1_defined.definition_name }}</strong>
|
|
{% if predicate.operand1_defined.type == "definition" %}
|
|
{% trans " from" %}(
|
|
{% for s_id, s_name in predicate.operand1_defined.sources_selected %}
|
|
<strong>{{ s_name }}</strong>,
|
|
{% endfor %})<p/>
|
|
{% else %}
|
|
{% trans "of values" %}(
|
|
{% for value in predicate.operand1_defined.values_selected %}
|
|
<strong>{{ value }}</strong>,
|
|
{% endfor %})<p/>
|
|
{% endif %}
|
|
{% if predicate.operand2_defined.type == "definition" %}
|
|
<p>{% trans "Operand two is attribute" %} <strong>{{ predicate.operand2_defined.definition_name }}</strong>
|
|
{% trans " from" %}(
|
|
{% for s_id, s_name in predicate.operand2_defined.sources_selected %}
|
|
<strong>{{ s_name }}</strong>,
|
|
{% endfor %})<p/>
|
|
{% else %}
|
|
<p>{% trans "Compared with values" %}(
|
|
{% for value in predicate.operand2_defined.values_selected %}
|
|
<strong>{{ value }}</strong>,
|
|
{% endfor %})<p/>
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
</li>
|
|
<br style="clear: both;"/>
|
|
<form method="post" action="">
|
|
<input type="hidden" name="predicate_id" value="{{ p_id }}"/>
|
|
<input type="submit" name="delete_predicate" value="{% trans "Delete" %}"/>
|
|
</form>
|
|
</ul>
|
|
</li>
|
|
<br style="clear: both;"/>
|
|
{% endfor %}
|
|
</ul>
|
|
</p>
|
|
{% endif %}
|
|
|
|
{% if predicate_types %}
|
|
<p>
|
|
<strong>{% trans "Add a new predicate:" %}</strong>
|
|
<br style="clear: both;"/>
|
|
<form method="post" action="">
|
|
<select name="predicate_type" id="id_new_predicate">
|
|
{% for predicate_type, friendly_name in predicate_types %}
|
|
<option value="{{ predicate_type }}">{{ friendly_name }}</option>
|
|
{% endfor %}
|
|
</select>
|
|
<input type="submit" name="new_predicate" value="{% trans "Add a predicate" %}"/>
|
|
</form>
|
|
</p>
|
|
{% endif %}
|
|
</p>
|
|
|
|
{% if predicates %}
|
|
|
|
<p>
|
|
<h3>{% trans "Define the logic expression combining predicates" %}</h3>
|
|
<strong>{% trans "Use the predicates identifier. AND is '&', OR is '|', NOT is '-'. Use parenthesis for priority." %} (e.g. (1&2)|(-3))</strong>
|
|
<br style="clear: both;"/>
|
|
<form method="post" action="">
|
|
<input type="text" name="rule_string" label="{% trans "Define rule" %}" {% if rule %}value="{{ rule }}"{% endif %}/>
|
|
<input type="submit" name="set_rule" value="{% trans "Set" %}"/>
|
|
</form>
|
|
<p>
|
|
|
|
{% if rule %}
|
|
|
|
{% if what_to_display and how_to_display %}
|
|
|
|
<form method="post" action="">
|
|
{% if who_to_display %}
|
|
<p>
|
|
<h3>{% trans "Who" %}</h3>
|
|
<p>{% trans "Usually an ABAC is set for 'Anybody' since the access is granted to anybody able to satisfy the abac rule, including having roles. However who may choos a user in the list below to indicate that you want to grant an access to a user only if the user also satisfy the rule." %}
|
|
</p>
|
|
<select name="who_matches" id="id_who_matches">
|
|
<option value="_">-- {% trans "Anybody" %} --</option>
|
|
{% for it in who_to_display %}
|
|
{% if it|klass == "UserAlias" %}
|
|
<option value="{{ it.id }}_{{ it|klass }}">{{ it.alias }}</option>
|
|
{% endif %}
|
|
{% endfor %}
|
|
</select>
|
|
</p>
|
|
{% endif %}
|
|
<p>
|
|
<h3>{% trans "What" %}</h3>
|
|
<select name="what_matches" id="id_what_matches">
|
|
{% for it in what_to_display %}
|
|
<option value="{{ it.id }}_{{ it|klass }}">{{ it.name }}</option>
|
|
{% endfor %}
|
|
</select>
|
|
</p>
|
|
<p>
|
|
<h3>{% trans "How" %}</h3>
|
|
<select name="how_matches" id="id_how_matches">
|
|
{% for it in how_to_display %}
|
|
<option value="{{ it.id }}_{{ it|klass }}">{{ it.name }}</option>
|
|
{% endfor %}
|
|
</select>
|
|
</p>
|
|
<p>
|
|
<br style="clear: both;"/>
|
|
<input type="submit" name="add_permission" value="{% trans "Add permission" %}"/>
|
|
</p>
|
|
</form>
|
|
|
|
{% else %}
|
|
|
|
{% if not working_predicate %}
|
|
<p>{% trans 'You have not enough rights or there is not enough material in the policy to set a to set a permission.' %}</p>
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
|
|
<br style="clear: both;"/>
|
|
<form method="post" action="">
|
|
<input type="submit" name="cancel_all" value="{% trans "Cancel permission creation" %}"/>
|
|
</form>
|
|
|
|
{% endif %}
|
|
|
|
</div>
|
|
|
|
<div class="right">
|
|
<a class="back" href="/">{% trans "Back" %}</a>
|
|
</div>
|
|
|
|
{% endblock %}
|