From 9e18766081e01cb11da411648eda56db68d62812 Mon Sep 17 00:00:00 2001 From: Peter Hofmann Date: Wed, 27 May 2015 20:34:40 +0200 Subject: [PATCH] Make default access policy configurable --- src/teamvault/apps/secrets/models.py | 4 ++-- src/teamvault/apps/settings/config.py | 20 ++++++++++++++++++++ src/teamvault/settings.py | 5 +++++ src/teamvault/utils.py | 8 ++++++++ 4 files changed, 35 insertions(+), 2 deletions(-) diff --git a/src/teamvault/apps/secrets/models.py b/src/teamvault/apps/secrets/models.py index c32b0c31..60056776 100644 --- a/src/teamvault/apps/secrets/models.py +++ b/src/teamvault/apps/secrets/models.py @@ -15,7 +15,7 @@ from djorm_pgfulltext.fields import VectorField from hashids import Hashids -from ...utils import send_mail +from ...utils import send_mail, pick_constant from ..audit.auditlog import log from .exceptions import PermissionError @@ -295,7 +295,7 @@ class Secret(HashIDModel): access_policy = models.PositiveSmallIntegerField( choices=ACCESS_POLICY_CHOICES, - default=ACCESS_POLICY_REQUEST, + default=pick_constant(ACCESS_POLICY_CHOICES, settings.DEFAULT_ACCESS_POLICY), ) allowed_groups = models.ManyToManyField( Group, diff --git a/src/teamvault/apps/settings/config.py b/src/teamvault/apps/settings/config.py index 75f8ca68..24e6fd84 100644 --- a/src/teamvault/apps/settings/config.py +++ b/src/teamvault/apps/settings/config.py @@ -44,6 +44,23 @@ def configure_debugging(config, settings): settings.TEMPLATE_DEBUG = False +def configure_default_access_policy(config): + """ + Called directly from the Django settings module. + """ + factory_default = "request" + + pol = get_from_config(config, "teamvault", "default_access_policy", factory_default) + pol = pol.lower().strip() + + if pol == "everyone": + return pol + elif pol == "hidden": + return pol + else: + return factory_default + + def configure_django_secret_key(config): """ Called directly from the Django settings module. @@ -221,6 +238,9 @@ def create_default_config(filename): session_expire_at_browser_close = True session_cookie_secure = False +# One of "request", "everyone" or "hidden" +default_access_policy = request + [django] # This key has been generated for you, there is no need to change it secret_key = {django_key} diff --git a/src/teamvault/settings.py b/src/teamvault/settings.py index d0eff773..59dddf6c 100644 --- a/src/teamvault/settings.py +++ b/src/teamvault/settings.py @@ -2,6 +2,7 @@ from .apps.settings.config import ( configure_database, + configure_default_access_policy, configure_django_secret_key, configure_hashid, configure_logging, @@ -116,6 +117,10 @@ HASHID_MIN_LENGTH, HASHID_SALT = configure_hashid(CONFIG) +### Access Policies + +DEFAULT_ACCESS_POLICY = configure_default_access_policy(CONFIG) + ### REST Framework REST_FRAMEWORK = { diff --git a/src/teamvault/utils.py b/src/teamvault/utils.py index c6e3b4f2..fc4f303d 100644 --- a/src/teamvault/utils.py +++ b/src/teamvault/utils.py @@ -4,6 +4,14 @@ from django.utils import translation +def pick_constant(choices, chosen_description): + for constant, description in choices: + if description == chosen_description: + return constant + + raise KeyError("Can't find {} in {}".format(chosen_description, choices)) + + def send_mail(users_to, subject, template, user_from=None, context={}, lang="en", attachments=None):