* infrastructure for authkit

* menu generation code
* improved templates
* database and basic role setup in websetup.py

gnuviechadminweb/model/GVAUsers.py

@@ -0,0 +1,200 @@
+# -*- coding: utf-8 -*-
+from authkit.users import Users
+from gnuviechadminweb.model.user import Group, Role, User
+from paste.util.import_string import eval_import
+import logging
+
+log = logging.getLogger(__name__)
+
+def needsConnection(func):
+    def wrapper(*__args, **__kw):
+        from sqlalchemy.orm import create_session
+        engine = __args[0].meta.engine
+        conn = engine.contextual_connect()
+        if conn.closed:
+            conn = engine.connect()
+            __args[0].session = create_session(bind=conn)
+            try:
+                return func(*__args, **__kw)
+            finally:
+                conn.close()
+        else:
+            __args[0].session = create_session(bind=conn)
+            return func(*__args, **__kw)
+    return wrapper
+
+class GVAUsers(Users):
+    def __init__(self, data, encrypt = None):
+        Users.__init__(self, data, encrypt)
+        log.debug("in __init__")
+        self.meta = eval_import(self.data)
+        self.session = self.meta.Session
+
+    @needsConnection
+    def _getSession(self):
+        return self.session
+
+    def _get_group(self, groupname):
+        return self._getSession().query(Group).filter_by(name=groupname).one()
+
+    def _get_user(self, username):
+        return self._getSession().query(User).filter_by(name=username).one()
+
+    def _get_role(self, rolename):
+        return self._getSession().query(Role).filter_by(name=rolename).one()
+
+    # Create Methods
+    def user_create(self, username, password, group=None):
+        n_user = User()
+        n_user.name = username
+        n_user.password = self.encrypt(password)
+        if group:
+            n_user.group = self._get_group(group)
+        self._getSession().save(n_user)
+        self._getSession().commit()
+
+    def role_create(self, role):
+        n_role = Role()
+        n_role.name = role
+        self._getSession().save(n_role)
+        self._getSession().commit()
+    
+    def group_create(self, group):
+        n_group = Group()
+        n_group.name = group
+        self._getSession().save(n_group)
+        self._getSession().commit()
+
+    # Delete Methods
+    def user_delete(self, username):
+        self._getSession().delete(self._get_user(username))
+        self._getSession().commit()
+    
+    def role_delete(self, role):
+        self._getSession().delete(self._get_role(role))
+        self._getSession().commit()
+    
+    def group_delete(self, group):
+        self._getSession().delete(self._get_group())
+        self._getSession().commit()
+    
+    # Delete Cascade Methods
+    def role_delete_cascade(self, role):
+        n_role = self._get_role(role)
+        for user in self._getSession().query(User).roles.any(name=role).all():
+            del user.roles[n_role.id]
+        self._getSession().delete(n_role)
+        self._getSession().commit()
+    
+    def group_delete_cascade(self, group):
+        n_group = self._get_group(group)
+        self._getSession().delete(self._getSession().query(User).filter_by(
+                User.group==n_group))
+        self._getSession().delete(n_group)
+        self._getSession().commit()
+
+    # Existence Methods
+    def user_exists(self, username):
+        return self._getSession().query(User).filter_by(
+            name=username).count() == 1
+
+    def role_exists(self, role):
+        return self._getSession().query(Role).filter_by(
+            name=role).count() == 1
+
+    def group_exists(self, group):
+        return self._getSession().query(Group).filter_by(
+            name=group).count() == 1
+
+    # List Methods
+    def list_roles(self):
+        return [role.name.lower() for role in self._getSession().query(
+                Role).all()]
+    
+    def list_users(self):
+        return [user.name.lower() for user in self._getSession().query(
+                User).all()]
+
+    def list_groups(self):
+        return [group.name.lower() for group in self._getSession().query(
+                Group).all()]
+
+    # User Methods
+    def user(self, username):
+        user = self._get_user(username)
+        roles = [role.name.lower() for role in user.roles]
+        roles.sort()
+        return {
+            'username' : user.name,
+            'group'    : None if user.group is None else user.group.name,
+            'password' : user.password,
+            'roles'    : roles
+            }
+
+    def user_roles(self, username):
+        user = self._get_user(username)
+        roles = [role.name.lower() for role in user.roles]
+        roles.sort()
+        return roles
+
+    def user_group(self, username):
+        user = self._get_user(username)
+        return None if user.group is None else user.group.name
+
+    def user_password(self, username):
+        user = self._get_user(username)
+        return user.password
+
+    def user_has_role(self, username, role):
+        user = self._get_user(username)
+        return role in [role.name for role in user.roles]
+
+    def user_has_group(self, username, group):
+        user = self._get_user(username)
+        return (group is None and user.group is None) or \
+            (group is not None and user.group is not None and \
+                 group == user.group.name)
+
+    def user_has_password(self, username, password):
+        user = self._get_user(username)
+        return user.password == self.encrypt(password)
+
+    def user_set_username(self, username, new_username):
+        user = self._get_user(username)
+        user.name = new_username
+        self._getSession().update(user)
+        self._getSession().commit()
+
+    def user_set_group(self, username, group, add_if_necessary=False):
+        if add_if_necessary and self._getSession().query(Group).filter_by(
+            name=group).count() == 0:
+            self.group_create(group)
+        groupobj = self._get_group(group)
+        user = self._get_user(user)
+        user.group = groupobj
+        self._getSession().update(user)
+        self._getSession().commit()
+    
+    def user_add_role(self, username, role, add_if_necessary=False):
+        if add_if_necessary and self._getSession().query(Role).filter_by(
+            name=role).count() == 0:
+            self.role_create(role)
+        roleobj = self._get_role(role)
+        user = self._get_user(username)
+        if not roleobj in user.roles:
+            user.roles.append(roleobj)
+        self._getSession().update(user)
+        self._getSession().commit()
+
+    def user_remove_role(self, username, role):
+        roleobj = self._get_role(role)
+        user = self._get_user(username)
+        if roleobj in user.roles:
+            del user.roles[roleobj.id]
+        self._getSession().commit()
+
+    def user_remove_group(self, username):
+        user = self._get_user(username)
+        user.group = None
+        self._getSession().update(user)
+        self._getSession().commit()

gnuviechadminweb/model/__init__.py

@@ -11,5 +11,6 @@ def init_model(engine):
     meta.engine = engine
     meta.Session = orm.scoped_session(sm)
 
-from gnuviechadminweb.model import menu
-from gnuviechadminweb.model.menu import Menu, User, Role
+from gnuviechadminweb.model.user import Group, Role, User
+from gnuviechadminweb.model.GVAUsers import GVAUsers
+from gnuviechadminweb.model.menu import Menu

gnuviechadminweb/model/menu.py

@@ -1,64 +1,36 @@
-# -*- python -*-
 # -*- coding: utf-8 -*-
-import sqlalchemy as sa
-from sqlalchemy import orm
-
-from gnuviechadminweb.model import meta
-
-t_menu = \
-    sa.Table("menu", meta.metadata,
-             sa.Column("id", sa.types.Integer, primary_key=True),
-             sa.Column("title", sa.types.String(40), nullable=False),
-             sa.Column("controller", sa.types.String(40), nullable=False),
-             sa.Column("action", sa.types.String(40), nullable=False)
-             )
-
-t_user = \
-    sa.Table("user", meta.metadata,
-             sa.Column("id", sa.types.Integer, primary_key=True),
-             sa.Column("name", sa.types.String(40), nullable=False),
-             sa.Column("password", sa.types.String(128), nullable=False)
-             )
-
-t_role = \
-    sa.Table("role", meta.metadata,
-             sa.Column("id", sa.types.Integer, primary_key=True),
-             sa.Column("name", sa.types.String(40), nullable=False)
-             )
-
-t_menu_role = \
-    sa.Table("menu_role", meta.metadata,
-             sa.Column("id", sa.types.Integer, primary_key=True),
-             sa.Column("menu_id", sa.types.Integer, sa.ForeignKey(t_menu.c.id)),
-             sa.Column("role_id", sa.types.Integer, sa.ForeignKey(t_role.c.id))
-             )
-
-t_user_role = \
-    sa.Table("user_role", meta.metadata,
-             sa.Column("id", sa.types.Integer, primary_key=True),
-             sa.Column("user_id", sa.types.Integer, sa.ForeignKey(t_user.c.id)),
-             sa.Column("role_id", sa.types.Integer, sa.ForeignKey(t_role.c.id))
-             )         
 
 class Menu(object):
-  @classmethod
-  def allowed(cls, user=None):
-    menu_q = meta.Session.query(cls)
-    return menu_q.all()
+    menuitems = [
+        ('Main page', 'gva', 'index', None),
+        ('Login', 'login', 'login', []),
+        ('Logout', 'login', 'logout', ['*']),
+        ('Admin', 'gva', 'index', ['admin'])
+        ]
 
-class User(object):
-  pass
+    @classmethod
+    def allowed(cls, roles=[]):
+        items = []
+        for item in cls.menuitems:
+            additem = False
+            if item[3] is None:
+                additem = True
+            elif len(item[3]) == 0 and len(roles) == 0:
+                additem = True
+            elif len(roles) > 0:
+                for role in item[3]:
+                    if role in roles or role == '*':
+                        additem = True
+                        break
+            if additem:
+                items.append(Menu(item[0], item[1], item[2]))
+        return items
 
-class Role(object):
-  pass
+    def __init__(self, title, controller, action):
+        self.title = title
+        self.controller = controller
+        self.action = action
 
-orm.mapper(Menu, t_menu, {
-    'roles' : orm.relation(Role, secondary = t_menu_role),
-    })
-orm.mapper(Role, t_role, properties = {
-    'users' : orm.relation(User, secondary = t_user_role),
-    'menus' : orm.relation(Menu, secondary = t_menu_role),
-    })
-orm.mapper(User, t_role, properties = {
-    'roles' : orm.relation(User, secondary = t_user_role)
-    })
+            
+        
+    

gnuviechadminweb/model/tables.py

@@ -0,0 +1,34 @@
+# -*- python -*-
+# -*- coding: utf-8 -*-
+import sqlalchemy as sa
+
+from gnuviechadminweb.model import meta
+
+t_group = \
+    sa.Table("group", meta.metadata,
+             sa.Column("id", sa.types.Integer, primary_key=True),
+             sa.Column("name", sa.types.String(40), nullable=False,
+                       unique=True),
+             )
+
+t_role = \
+    sa.Table("role", meta.metadata,
+             sa.Column("id", sa.types.Integer, primary_key=True),
+             sa.Column("name", sa.types.String(40), nullable=False)
+             )
+
+t_user = \
+    sa.Table("user", meta.metadata,
+             sa.Column("id", sa.types.Integer, primary_key=True),
+             sa.Column("name", sa.types.String(40), nullable=False),
+             sa.Column("password", sa.types.String(128), nullable=False),
+             sa.Column("group_id", sa.types.Integer,
+                       sa.ForeignKey(t_group.c.id))
+             )
+
+t_user_role = \
+    sa.Table("user_role", meta.metadata,
+             sa.Column("id", sa.types.Integer, primary_key=True),
+             sa.Column("user_id", sa.types.Integer, sa.ForeignKey(t_user.c.id)),
+             sa.Column("role_id", sa.types.Integer, sa.ForeignKey(t_role.c.id))
+             )         

gnuviechadminweb/model/user.py

@@ -0,0 +1,30 @@
+# -*- python -*-
+# -*- coding: utf-8 -*-
+from sqlalchemy import orm
+
+from gnuviechadminweb.model.tables import *
+import logging
+
+log = logging.getLogger(__name__)
+
+class Group(object):
+  pass
+
+class Role(object):
+  pass
+
+class User(object):
+  pass
+
+orm.mapper(Group, t_group, {
+    'users' : orm.relation(User),
+    })
+
+orm.mapper(Role, t_role, properties = {
+    'users' : orm.relation(User, secondary = t_user_role),
+    })
+
+orm.mapper(User, t_user, properties = {
+    'roles' : orm.relation(Role, secondary = t_user_role),
+    'group' : orm.relation(Group)
+    })