202 lines
8.4 KiB
Python
202 lines
8.4 KiB
Python
from django.contrib import messages
|
|
from django.utils.translation import ugettext as _
|
|
from django.shortcuts import render_to_response
|
|
from django.template import RequestContext
|
|
from django.shortcuts import redirect
|
|
|
|
from django.views.decorators.csrf import csrf_exempt, csrf_protect
|
|
from django.views.decorators.cache import never_cache
|
|
|
|
import django.contrib.auth
|
|
|
|
from django.contrib.auth.forms import AuthenticationForm
|
|
from django.contrib.auth import login as auth_login
|
|
from django.utils.translation import gettext_noop
|
|
from django.http import HttpResponseRedirect
|
|
|
|
from core import *
|
|
from forms import *
|
|
|
|
def index(request):
|
|
if request.user.is_anonymous():
|
|
return redirect('/login')
|
|
|
|
tpl_parameters = {}
|
|
list_services = {}
|
|
list_services['run'] = "Ask for a decision"
|
|
if request.user.is_staff:
|
|
list_services['graph'] = "Display access control policy (graph)"
|
|
list_services['admin'] = "Administration"
|
|
tpl_parameters['authorized_services'] = list_services
|
|
|
|
return render_to_response('index.html',
|
|
tpl_parameters,
|
|
context_instance=RequestContext(request))
|
|
|
|
@csrf_exempt
|
|
@never_cache
|
|
def login(request):
|
|
form = None
|
|
if request.method == "POST":
|
|
form = AuthenticationForm(data=request.POST)
|
|
if form.is_valid():
|
|
auth_login(request, form.get_user())
|
|
return HttpResponseRedirect('/')
|
|
else:
|
|
form = AuthenticationForm()
|
|
|
|
return render_to_response('login.html',
|
|
{'form': form, },
|
|
context_instance=RequestContext(request))
|
|
|
|
def logout(request):
|
|
django.contrib.auth.logout(request)
|
|
return redirect('/login')
|
|
|
|
def returnResponseForm(request):
|
|
form = AskDecisionForm()
|
|
return render_to_response('ask_decision.html',
|
|
{'form': form, },
|
|
context_instance=RequestContext(request))
|
|
|
|
|
|
@csrf_exempt
|
|
def run(request):
|
|
if request.user.is_anonymous():
|
|
return redirect('/login')
|
|
|
|
#results = make_tests()
|
|
if request.method == 'POST':
|
|
form = AskDecisionForm(request.POST)
|
|
if form.is_valid():
|
|
|
|
who_target = None
|
|
who = form.cleaned_data['who']
|
|
if who == 'User':
|
|
entries = User.objects.filter(username=form.cleaned_data['who_user'])
|
|
if not entries or not entries[0]:
|
|
messages.add_message(request, messages.ERROR, _('User %s does not exist') %form.cleaned_data['who_user'])
|
|
return returnResponseForm(request)
|
|
who_target = entries[0]
|
|
elif who == 'Role':
|
|
entries = Role.objects.filter(name=form.cleaned_data['who_role'])
|
|
if not entries or not entries[0]:
|
|
messages.add_message(request, messages.ERROR, _('Role %s does not exist') %form.cleaned_data['who_role'])
|
|
return returnResponseForm(request)
|
|
who_target = entries[0]
|
|
else:
|
|
messages.add_message(request, messages.ERROR, _('Bad object type for Who'))
|
|
return returnResponseForm(request)
|
|
|
|
what_target = None
|
|
what = form.cleaned_data['what']
|
|
if what == 'AcsObject':
|
|
entries = AcsObject.objects.filter(name=form.cleaned_data['what_acs_object'])
|
|
if not entries or not entries[0]:
|
|
messages.add_message(
|
|
request,
|
|
messages.ERROR, _('User %s does not exist') %form.cleaned_data['what_acs_object'])
|
|
return returnResponseForm(request)
|
|
what_target = entries[0]
|
|
elif what == 'View':
|
|
entries = View.objects.filter(name=form.cleaned_data['what_view'])
|
|
if not entries or not entries[0]:
|
|
messages.add_message(
|
|
request,
|
|
messages.ERROR, _('User %s does not exist') %form.cleaned_data['what_view'])
|
|
return returnResponseForm(request)
|
|
what_target = entries[0]
|
|
elif what == 'User':
|
|
entries = User.objects.filter(username=form.cleaned_data['what_user'])
|
|
if not entries or not entries[0]:
|
|
messages.add_message(
|
|
request,
|
|
messages.ERROR, _('User %s does not exist') %form.cleaned_data['what_user'])
|
|
return returnResponseForm(request)
|
|
what_target = entries[0]
|
|
elif what == 'Role':
|
|
entries = Role.objects.filter(name=form.cleaned_data['what_role'])
|
|
if not entries or not entries[0]:
|
|
messages.add_message(
|
|
request,
|
|
messages.ERROR, _('Role %s does not exist') %form.cleaned_data['what_role'])
|
|
return returnResponseForm(request)
|
|
what_target = entries[0]
|
|
elif what == 'Action':
|
|
entries = Action.objects.filter(name=form.cleaned_data['what_action'])
|
|
if not entries or not entries[0]:
|
|
messages.add_message(
|
|
request,
|
|
messages.ERROR, _('Role %s does not exist') %form.cleaned_data['what_action'])
|
|
return returnResponseForm(request)
|
|
what_target = entries[0]
|
|
elif what == 'Activity':
|
|
entries = Activity.objects.filter(name=form.cleaned_data['what_activity'])
|
|
if not entries or not entries[0]:
|
|
messages.add_message(
|
|
request,
|
|
messages.ERROR, _('Role %s does not exist') %form.cleaned_data['what_activity'])
|
|
return returnResponseForm(request)
|
|
what_target = entries[0]
|
|
else:
|
|
messages.add_message(request, messages.ERROR, _('Bad object type for What'))
|
|
return returnResponseForm(request)
|
|
|
|
how_target = None
|
|
how = form.cleaned_data['how']
|
|
if how == 'Action':
|
|
entries = Action.objects.filter(name=form.cleaned_data['how_action'])
|
|
if not entries or not entries[0]:
|
|
messages.add_message(
|
|
request,
|
|
messages.ERROR, _('Role %s does not exist') %form.cleaned_data['how_action'])
|
|
return returnResponseForm(request)
|
|
how_target = entries[0]
|
|
elif how == 'Activity':
|
|
entries = Activity.objects.filter(name=form.cleaned_data['how_activity'])
|
|
if not entries or not entries[0]:
|
|
messages.add_message(
|
|
request,
|
|
messages.ERROR, _('Role %s does not exist') %form.cleaned_data['how_activity'])
|
|
return returnResponseForm(request)
|
|
how_target = entries[0]
|
|
else:
|
|
messages.add_message(request, messages.ERROR, _('Bad object type for How'))
|
|
return returnResponseForm(request)
|
|
|
|
results = []
|
|
perms = isAuthorizedRBAC2(who_target, what_target, how_target)
|
|
if perms and perms[0]:
|
|
if who_target.username :
|
|
results.append('%s is authorized to perform %s on %s' %(who_target.username, how_target.name, what_target.name))
|
|
results.append('Permission used: %s' %str(perms[0]))
|
|
else:
|
|
results.append('%s is authorized to perform %s on %s' %(who_target.name, how_target.name, what_target.name))
|
|
results.append('Permission used: %s' %str(perms[0]))
|
|
else:
|
|
if who_target.username :
|
|
results.append(who_target.username + ' is not authorized')
|
|
else:
|
|
results.append(who_target.user + ' is not authorized')
|
|
return render_to_response('result.html',
|
|
{'results': results, },
|
|
context_instance=RequestContext(request))
|
|
|
|
else:
|
|
form = AskDecisionForm()
|
|
|
|
return render_to_response('ask_decision.html',
|
|
{'form': form, },
|
|
context_instance=RequestContext(request))
|
|
|
|
def graph(request):
|
|
if request.user.is_anonymous() or not request.user.is_staff:
|
|
return redirect('/login')
|
|
|
|
draw_graph("acs/media/images/graph.png")
|
|
|
|
return render_to_response('graph.html',
|
|
{'graphs': ['graph.png'], },
|
|
context_instance=RequestContext(request))
|
|
|