From 21a842202116a90c2f78a5f13e7c686c2f39ab2f Mon Sep 17 00:00:00 2001
From: Peter Hofmann <scm@uninformativ.de>
Date: Wed, 27 May 2015 19:34:56 +0200
Subject: [PATCH 1/2] Rename access policy "default" to "request"

---
 .../apps/secrets/templates/secrets/secret_addedit.html        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/teamvault/apps/secrets/templates/secrets/secret_addedit.html b/src/teamvault/apps/secrets/templates/secrets/secret_addedit.html
index 4f39cc29..70bbd30a 100644
--- a/src/teamvault/apps/secrets/templates/secrets/secret_addedit.html
+++ b/src/teamvault/apps/secrets/templates/secrets/secret_addedit.html
@@ -110,7 +110,7 @@ <h3 class="panel-title">
 							<div class="col-sm-4">
 								<div id="id_access_policy">
 									<div class="radio">
-										<label for="id_access_policy_1"><input {% if form.access_policy.value|slugify == ACCESS_POLICY_REQUEST %}checked="checked"{% endif %} id="id_access_policy_1" name="access_policy" required="required" title="" value="1" type="radio"> {% trans "default" %}
+										<label for="id_access_policy_1"><input {% if form.access_policy.value|slugify == ACCESS_POLICY_REQUEST %}checked="checked"{% endif %} id="id_access_policy_1" name="access_policy" required="required" title="" value="1" type="radio"> {% trans "request" %}
 										</label>
 									</div>
 									<div class="radio">
@@ -126,7 +126,7 @@ <h3 class="panel-title">
 								</div>
 							</div>
 							<div class="col-sm-6">
-								<p class="form-control-static">{% trans "By <em>default</em>, the secret will show up in search results for all users, but they will have to request access if they're not included in the list of groups and users below.<br><br><em>Everyone</em> will let all users access the secret without the need to grant access below.<br><br><em>Hidden</em> will reveal the existence of the secret and its contents only to users who have been granted access." %}</p>
+								<p class="form-control-static">{% trans "If <em>request</em> is used, the secret will show up in search results for all users, but they will have to request access if they're not included in the list of groups and users below.<br><br><em>Everyone</em> will let all users access the secret without the need to grant access below.<br><br><em>Hidden</em> will reveal the existence of the secret and its contents only to users who have been granted access." %}</p>
 							</div>
 						</div>
 

From 9e18766081e01cb11da411648eda56db68d62812 Mon Sep 17 00:00:00 2001
From: Peter Hofmann <scm@uninformativ.de>
Date: Wed, 27 May 2015 20:34:40 +0200
Subject: [PATCH 2/2] Make default access policy configurable

---
 src/teamvault/apps/secrets/models.py  |  4 ++--
 src/teamvault/apps/settings/config.py | 20 ++++++++++++++++++++
 src/teamvault/settings.py             |  5 +++++
 src/teamvault/utils.py                |  8 ++++++++
 4 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/src/teamvault/apps/secrets/models.py b/src/teamvault/apps/secrets/models.py
index c32b0c31..60056776 100644
--- a/src/teamvault/apps/secrets/models.py
+++ b/src/teamvault/apps/secrets/models.py
@@ -15,7 +15,7 @@
 from djorm_pgfulltext.fields import VectorField
 from hashids import Hashids
 
-from ...utils import send_mail
+from ...utils import send_mail, pick_constant
 from ..audit.auditlog import log
 from .exceptions import PermissionError
 
@@ -295,7 +295,7 @@ class Secret(HashIDModel):
 
     access_policy = models.PositiveSmallIntegerField(
         choices=ACCESS_POLICY_CHOICES,
-        default=ACCESS_POLICY_REQUEST,
+        default=pick_constant(ACCESS_POLICY_CHOICES, settings.DEFAULT_ACCESS_POLICY),
     )
     allowed_groups = models.ManyToManyField(
         Group,
diff --git a/src/teamvault/apps/settings/config.py b/src/teamvault/apps/settings/config.py
index 75f8ca68..24e6fd84 100644
--- a/src/teamvault/apps/settings/config.py
+++ b/src/teamvault/apps/settings/config.py
@@ -44,6 +44,23 @@ def configure_debugging(config, settings):
         settings.TEMPLATE_DEBUG = False
 
 
+def configure_default_access_policy(config):
+    """
+    Called directly from the Django settings module.
+    """
+    factory_default = "request"
+
+    pol = get_from_config(config, "teamvault", "default_access_policy", factory_default)
+    pol = pol.lower().strip()
+
+    if pol == "everyone":
+        return pol
+    elif pol == "hidden":
+        return pol
+    else:
+        return factory_default
+
+
 def configure_django_secret_key(config):
     """
     Called directly from the Django settings module.
@@ -221,6 +238,9 @@ def create_default_config(filename):
 session_expire_at_browser_close = True
 session_cookie_secure = False
 
+# One of "request", "everyone" or "hidden"
+default_access_policy = request
+
 [django]
 # This key has been generated for you, there is no need to change it
 secret_key = {django_key}
diff --git a/src/teamvault/settings.py b/src/teamvault/settings.py
index d0eff773..59dddf6c 100644
--- a/src/teamvault/settings.py
+++ b/src/teamvault/settings.py
@@ -2,6 +2,7 @@
 
 from .apps.settings.config import (
     configure_database,
+    configure_default_access_policy,
     configure_django_secret_key,
     configure_hashid,
     configure_logging,
@@ -116,6 +117,10 @@
 
 HASHID_MIN_LENGTH, HASHID_SALT = configure_hashid(CONFIG)
 
+### Access Policies
+
+DEFAULT_ACCESS_POLICY = configure_default_access_policy(CONFIG)
+
 ### REST Framework
 
 REST_FRAMEWORK = {
diff --git a/src/teamvault/utils.py b/src/teamvault/utils.py
index c6e3b4f2..fc4f303d 100644
--- a/src/teamvault/utils.py
+++ b/src/teamvault/utils.py
@@ -4,6 +4,14 @@
 from django.utils import translation
 
 
+def pick_constant(choices, chosen_description):
+    for constant, description in choices:
+        if description == chosen_description:
+            return constant
+
+    raise KeyError("Can't find {} in {}".format(chosen_description, choices))
+
+
 def send_mail(users_to, subject, template,
               user_from=None, context={}, lang="en",
               attachments=None):