Make default access policy configurable

seibert-media · May 27, 2015 · 9e18766 · 9e18766
1 parent 21a8422
commit 9e18766
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 2 deletions.
diff --git a/src/teamvault/apps/secrets/models.py b/src/teamvault/apps/secrets/models.py
@@ -15,7 +15,7 @@
 from djorm_pgfulltext.fields import VectorField
 from hashids import Hashids
 
-from ...utils import send_mail
+from ...utils import send_mail, pick_constant
 from ..audit.auditlog import log
 from .exceptions import PermissionError
 
@@ -295,7 +295,7 @@ class Secret(HashIDModel):
 
     access_policy = models.PositiveSmallIntegerField(
         choices=ACCESS_POLICY_CHOICES,
-        default=ACCESS_POLICY_REQUEST,
+        default=pick_constant(ACCESS_POLICY_CHOICES, settings.DEFAULT_ACCESS_POLICY),
     )
     allowed_groups = models.ManyToManyField(
         Group,

diff --git a/src/teamvault/apps/settings/config.py b/src/teamvault/apps/settings/config.py
@@ -44,6 +44,23 @@ def configure_debugging(config, settings):
         settings.TEMPLATE_DEBUG = False
 
 
+def configure_default_access_policy(config):
+    """
+    Called directly from the Django settings module.
+    """
+    factory_default = "request"
+
+    pol = get_from_config(config, "teamvault", "default_access_policy", factory_default)
+    pol = pol.lower().strip()
+
+    if pol == "everyone":
+        return pol
+    elif pol == "hidden":
+        return pol
+    else:
+        return factory_default
+
+
 def configure_django_secret_key(config):
     """
     Called directly from the Django settings module.
@@ -221,6 +238,9 @@ def create_default_config(filename):
 session_expire_at_browser_close = True
 session_cookie_secure = False
 
+# One of "request", "everyone" or "hidden"
+default_access_policy = request
+
 [django]
 # This key has been generated for you, there is no need to change it
 secret_key = {django_key}

diff --git a/src/teamvault/settings.py b/src/teamvault/settings.py
@@ -2,6 +2,7 @@
 
 from .apps.settings.config import (
     configure_database,
+    configure_default_access_policy,
     configure_django_secret_key,
     configure_hashid,
     configure_logging,
@@ -116,6 +117,10 @@
 
 HASHID_MIN_LENGTH, HASHID_SALT = configure_hashid(CONFIG)
 
+### Access Policies
+
+DEFAULT_ACCESS_POLICY = configure_default_access_policy(CONFIG)
+
 ### REST Framework
 
 REST_FRAMEWORK = {

diff --git a/src/teamvault/utils.py b/src/teamvault/utils.py
@@ -4,6 +4,14 @@
 from django.utils import translation
 
 
+def pick_constant(choices, chosen_description):
+    for constant, description in choices:
+        if description == chosen_description:
+            return constant
+
+    raise KeyError("Can't find {} in {}".format(chosen_description, choices))
+
+
 def send_mail(users_to, subject, template,
               user_from=None, context={}, lang="en",
               attachments=None):