Scripts to manage access control import and export (refs #3591)

2 files changed, 195 insertions, 0 deletions

diff --git a/ishtar_common/management/commands/export_access_controls.py b/ishtar_common/management/commands/export_access_controls.py
new file mode 100644
index 000000000..87b4819b9
--- /dev/null
+++ b/ishtar_common/management/commands/export_access_controls.py
@@ -0,0 +1,89 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# Copyright (C) 2017  Étienne Loks  <etienne.loks_AT_peacefrogsDOTnet>
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# See the file COPYING for details.
+
+import json
+import sys
+
+from django.core.management.base import BaseCommand
+
+from django.contrib.auth.models import Permission, Group
+from django.contrib.contenttypes.models import ContentType
+from ishtar_common.models import PersonType
+
+
+class Command(BaseCommand):
+    args = ''
+    help = 'Export access controls'
+
+    def handle(self, *args, **options):
+        result = {
+            'content_types': [],
+            'permissions': [],
+            'groups': [],
+            'group_perms': [],
+            'person_types': [],
+            'person_type_groups': [],
+        }
+
+        dct_ct = {}
+        for content_type in ContentType.objects.all():
+            value = {'app_label': content_type.app_label,
+                     'model': content_type.model,
+                     'name': content_type.name
+                     }
+            result['content_types'].append(value)
+            dct_ct[content_type.pk] = (content_type.app_label,
+                                       content_type.model)
+
+        dct_perm = {}
+        for perm in Permission.objects.all():
+            value = {'content_type': dct_ct[perm.content_type_id],
+                     'codename': perm.codename,
+                     'name': perm.name}
+            result['permissions'].append(value)
+            dct_perm[perm.pk] = perm.codename
+
+        dct_groups = {}
+        for grp in Group.objects.all():
+            value = {
+                "name": grp.name
+            }
+            result['groups'].append(value)
+            dct_groups[grp.pk] = grp
+            for perm in grp.permissions.all():
+                result['group_perms'].append(
+                    {'group': grp.name, 'permission': dct_perm[perm.pk]})
+
+        dct_pts = {}
+        for pt in PersonType.objects.all():
+            value = {
+                "label": pt.label,
+                "txt_idx": pt.txt_idx,
+                "comment": pt.comment,
+                "available": pt.available
+            }
+            result["person_types"].append(value)
+            dct_pts[pt.pk] = pt.txt_idx
+            for ptgp in pt.groups.all():
+                result['person_type_groups'].append(
+                    {"person_type": pt.txt_idx, "group": ptgp.name}
+                )
+
+        data = json.dumps(result)
+        sys.stdout.write(data)
\ No newline at end of file
diff --git a/ishtar_common/management/commands/import_access_controls.py b/ishtar_common/management/commands/import_access_controls.py
new file mode 100644
index 000000000..62692485d
--- /dev/null
+++ b/ishtar_common/management/commands/import_access_controls.py
@@ -0,0 +1,106 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# Copyright (C) 2017  Étienne Loks  <etienne.loks_AT_peacefrogsDOTnet>
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# See the file COPYING for details.
+
+import json
+
+from django.core.management.base import BaseCommand
+
+from django.contrib.auth.models import Permission, Group
+from django.contrib.contenttypes.models import ContentType
+
+from ishtar_common.models import PersonType
+
+class Command(BaseCommand):
+    args = '<access control file>'
+    help = 'Import access controls'
+
+    def handle(self, *args, **options):
+        f = open(args[0])
+        data = json.loads(f.read())
+
+        res = {'content_types': {},
+               'permissions': {},
+               'groups': {},
+               'person_types': {}
+        }
+        for content_type in data['content_types']:
+            q = ContentType.objects.filter(
+                app_label=content_type['app_label'],
+                model=content_type['model'])
+            if not q.count():
+                ct = ContentType.objects.create(
+                    app_label=content_type['app_label'],
+                    model=content_type['model'],
+                    name=content_type['name']
+                )
+                print("created", ct)
+            else:
+                ct = q.all()[0]
+            res['content_types'][(ct.app_label,
+                                  ct.model)] = ct
+
+        for perm in data['permissions']:
+            app_label, model = perm['content_type']
+            q = Permission.objects.filter(
+                codename=perm['codename'],
+                content_type__app_label=app_label,
+                content_type__model= model
+            )
+            if q.count():
+                p = q.all()[0]
+            else:
+                p = Permission.objects.create(
+                    name=perm['name'], codename=perm['codename'],
+                    content_type=res['content_types'][(app_label, model)])
+                print("created", p)
+            res['permissions'][perm['codename']] = p
+
+        for gp in data['groups']:
+            q = Group.objects.filter(name=gp['name'])
+            if q.count():
+                g = q.all()[0]
+            else:
+                g = Group.objects.create(name=gp['name'])
+                print("created", g)
+            res['groups'][gp['name']] = g
+            g.permissions.clear()
+
+        for gperm in data['group_perms']:
+            g = res['groups'][gperm['group']]
+            g.permissions.add(res['permissions'][gperm['permission']])
+
+        for pt in data['person_types']:
+            q = PersonType.objects.filter(txt_idx=pt['txt_idx'])
+            if q.count():
+                pt = q.all()[0]
+            else:
+                pt = PersonType.objects.create(
+                    label=pt['label'],
+                    txt_idx=pt['txt_idx'],
+                    comment=pt['comment'],
+                    available=pt['available']
+                )
+                print("created", pt)
+            res['person_types'][pt.txt_idx] = pt
+            pt.groups.clear()
+
+        for ptgp in data['person_type_groups']:
+            pt = res['person_types'][ptgp['person_type']]
+            gp = res['groups'][ptgp['group']]
+            pt.groups.add(gp)