entrouvert
/
veridic
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity
This repository has been archived on 2023-02-21. You can view files and clone it, but cannot push or open issues or pull requests.
veridic/acs/management/commands/initialize-acs.py

227 lines
7.8 KiB
Python
Raw Blame History

'''
VERIDIC - Towards a centralized access control system
Copyright (C) 2011 Mikael Ates
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
'''
import getpass
from optparse import make_option
from django.db import transaction
from django.core.management.base import BaseCommand, CommandError
from django.contrib.auth.models import User
from acs.models import View, AcsPermission, Namespace, Action, \
UserAlias, Role
class Command(BaseCommand):
'''
Initialization script:
- Initialize Acs.
- Create a root user with all rights.
Run with:
python manage.py initialize-acs <username> [--existing]
--existing
The user already exists in the database.
Else, the user is created.
Reinitialization:
python manage.py sqlclear acs | python manage.py dbshell \
&& python manage.py syncdb \
&& python manage.py initialize-acs <username> [--existing]
If you want to clear all the attribute definitions use
python manage.py sqlclear abac
WARNING: The reinitialization, or re-running the initialization
script, assume that you want to reset ACS and you will loose all
policies.
Objects with their names hardly encoded in the script and created in
the database:
Namespace: 'Default',
Action: 'administration',
Roles: 'root_admin_role', 'root_user_administrator_role',
'root_abac_administrator_role'
View: 'root_admin_view'
'''
can_import_django_settings = True
output_transaction = True
requires_model_validation = True
option_list = BaseCommand.option_list + (
make_option('--existing',
action='store_true',
dest='existing',
default=False,
help='Indicate if it is an existing user'),
)
args = '<username>'
help = \
'Initialize the application with a root user, a new one or existing.'
@transaction.commit_manually
def handle(self, *args, **options):
try:
if not args:
raise CommandError('No username on the command line')
username = args[0]
user = None
if options['existing']:
print 'Look for the existing user %s' %username
try:
user = User.objects.get(username=username)
print 'User found: %s' %user
except:
raise CommandError('Unable to get existing user %s' \
%username)
else:
print 'Creation of user %s' %username
try:
user = User.objects.get(username=username)
except:
pass
if user:
raise CommandError('Already existing user %s' %user)
MAX_TRIES = 3
count = 0
p1, p2 = 1, 2
while p1 != p2 and count < MAX_TRIES:
p1 = getpass.getpass(prompt="Password: ")
if not p1:
raise CommandError("aborted")
p2 = getpass.getpass(prompt="Password (again): ")
if not p2:
raise CommandError("aborted")
if p1 != p2:
print "Passwords do not match. Please try again."
count = count + 1
if count == MAX_TRIES:
raise CommandError("Aborting creation of user '%s' after \
%s attempts" % (username, count))
try:
user = User(username=username)
user.set_password(p1)
user.save()
print 'User created: %s' %user
except:
raise CommandError('Unable to create user %s' %username)
ns = None
try:
ns = Namespace(name='Default')
ns.save()
print 'Default namespace created: %s' %ns
except:
raise CommandError('Unable to create the default namespace')
alias = None
try:
'''The alias in Default has the username as name'''
alias = UserAlias(alias=user.username,
user=user, namespace=ns)
alias.save()
print 'Default alias created: %s' %alias
except:
raise CommandError('Unable to create the default alias')
#view_name = user.username+'_admin_view'
view_name = 'root_admin_view'
view = None
try:
view = View(name=view_name, namespace=ns)
view.save()
print 'Root system view created: %s' %view
except:
raise CommandError('Unable to create root system view')
view.users.add(alias)
print \
'Default alias of the root user added to its root system view'
#role_name = user.username+'_admin_role'
role_name = 'root_admin_role'
role=None
try:
role = Role(name=role_name, namespace=ns)
role.save()
print 'Root system role created: %s' %role
except:
raise CommandError('Unable to create root system role')
view.roles.add(role)
print 'Default role added to the root system view'
a = None
try:
a = Action(name='administration')
a.save()
print 'Administration action created: %s' %a
except:
raise \
CommandError('Unable to create the administration action')
p = None
try:
p = AcsPermission(who=role, what=view, how=a)
p.save()
print 'Root administration permission created: %s' %p
except:
raise \
CommandError('Unable to create the root administration \
permission for the root administration role')
role.users.add(alias)
print 'User added to the root role'
ua = None
try:
ua = Role(name='root_user_administrator_role')
ua.save()
print 'Special role user administrator created: %s' %ua
except:
raise \
CommandError('Unable to create special \
role user administrator')
ua = None
try:
ua = Role(name='root_abac_administrator_role')
ua.save()
print 'Special role abac administrator created: %s' %ua
except:
raise \
CommandError('Unable to create special \
role abac administrator')
except:
transaction.rollback()
raise
else:
transaction.commit()
print '---> Successful main initialization'
View Git Blame Copy Permalink