diff --git a/src/teamvault/apps/secrets/models.py b/src/teamvault/apps/secrets/models.py index c32b0c31..60056776 100644 --- a/src/teamvault/apps/secrets/models.py +++ b/src/teamvault/apps/secrets/models.py @@ -15,7 +15,7 @@ from djorm_pgfulltext.fields import VectorField from hashids import Hashids -from ...utils import send_mail +from ...utils import send_mail, pick_constant from ..audit.auditlog import log from .exceptions import PermissionError @@ -295,7 +295,7 @@ class Secret(HashIDModel): access_policy = models.PositiveSmallIntegerField( choices=ACCESS_POLICY_CHOICES, - default=ACCESS_POLICY_REQUEST, + default=pick_constant(ACCESS_POLICY_CHOICES, settings.DEFAULT_ACCESS_POLICY), ) allowed_groups = models.ManyToManyField( Group, diff --git a/src/teamvault/apps/secrets/templates/secrets/secret_addedit.html b/src/teamvault/apps/secrets/templates/secrets/secret_addedit.html index 4f39cc29..70bbd30a 100644 --- a/src/teamvault/apps/secrets/templates/secrets/secret_addedit.html +++ b/src/teamvault/apps/secrets/templates/secrets/secret_addedit.html @@ -110,7 +110,7 @@

-
@@ -126,7 +126,7 @@

-

{% trans "By default, the secret will show up in search results for all users, but they will have to request access if they're not included in the list of groups and users below.

Everyone will let all users access the secret without the need to grant access below.

Hidden will reveal the existence of the secret and its contents only to users who have been granted access." %}

+

{% trans "If request is used, the secret will show up in search results for all users, but they will have to request access if they're not included in the list of groups and users below.

Everyone will let all users access the secret without the need to grant access below.

Hidden will reveal the existence of the secret and its contents only to users who have been granted access." %}

diff --git a/src/teamvault/apps/settings/config.py b/src/teamvault/apps/settings/config.py index 75f8ca68..24e6fd84 100644 --- a/src/teamvault/apps/settings/config.py +++ b/src/teamvault/apps/settings/config.py @@ -44,6 +44,23 @@ def configure_debugging(config, settings): settings.TEMPLATE_DEBUG = False +def configure_default_access_policy(config): + """ + Called directly from the Django settings module. + """ + factory_default = "request" + + pol = get_from_config(config, "teamvault", "default_access_policy", factory_default) + pol = pol.lower().strip() + + if pol == "everyone": + return pol + elif pol == "hidden": + return pol + else: + return factory_default + + def configure_django_secret_key(config): """ Called directly from the Django settings module. @@ -221,6 +238,9 @@ def create_default_config(filename): session_expire_at_browser_close = True session_cookie_secure = False +# One of "request", "everyone" or "hidden" +default_access_policy = request + [django] # This key has been generated for you, there is no need to change it secret_key = {django_key} diff --git a/src/teamvault/settings.py b/src/teamvault/settings.py index d0eff773..59dddf6c 100644 --- a/src/teamvault/settings.py +++ b/src/teamvault/settings.py @@ -2,6 +2,7 @@ from .apps.settings.config import ( configure_database, + configure_default_access_policy, configure_django_secret_key, configure_hashid, configure_logging, @@ -116,6 +117,10 @@ HASHID_MIN_LENGTH, HASHID_SALT = configure_hashid(CONFIG) +### Access Policies + +DEFAULT_ACCESS_POLICY = configure_default_access_policy(CONFIG) + ### REST Framework REST_FRAMEWORK = { diff --git a/src/teamvault/utils.py b/src/teamvault/utils.py index c6e3b4f2..fc4f303d 100644 --- a/src/teamvault/utils.py +++ b/src/teamvault/utils.py @@ -4,6 +4,14 @@ from django.utils import translation +def pick_constant(choices, chosen_description): + for constant, description in choices: + if description == chosen_description: + return constant + + raise KeyError("Can't find {} in {}".format(chosen_description, choices)) + + def send_mail(users_to, subject, template, user_from=None, context={}, lang="en", attachments=None):