1
0
mirror of https://github.com/enpaul/keyosk.git synced 2024-12-26 01:33:33 +00:00

Refactor database module to have one class per file

This commit is contained in:
Ethan Paul 2020-03-08 23:04:36 -04:00
parent 440d6e68f4
commit 8de4da92ef
6 changed files with 76 additions and 64 deletions

View File

@ -28,10 +28,10 @@ from keyosk import datatypes
from keyosk.database._shared import INTERFACE as interface
from keyosk.database._shared import KeyoskBaseModel
from keyosk.database.account import KeyoskAccount
from keyosk.database.account import KeyoskAccountScope
from keyosk.database.domain import KeyoskDomain
from keyosk.database.domain import KeyoskDomainAccessList
from keyosk.database.domain import KeyoskDomainPermission
from keyosk.database.domain_access_list import KeyoskDomainAccessList
from keyosk.database.domain_permission import KeyoskDomainPermission
from keyosk.database.scope import KeyoskAccountScope
from keyosk.database.token import Token

View File

@ -5,8 +5,6 @@ import json
import peewee
from keyosk.database._shared import KeyoskBaseModel
from keyosk.database.domain import KeyoskDomainAccessList
from keyosk.database.domain import KeyoskDomainPermission
from keyosk.datatypes import Extras
@ -48,42 +46,3 @@ class KeyoskAccount(KeyoskBaseModel):
def __str__(self) -> str:
return f"Account '{self.username}' ({self.uuid})"
class KeyoskAccountScope(KeyoskBaseModel):
"""Access control list entry model definition
:attribute account: Account the ACL entry applies to
:attribute access_list: The access list the entry is for
:attribute permission: The permission the entry is for
:attribute with_server_secret: Whether the permission should be applied when the
account authenticates with the account's
server-set-secret
:attribute with_client_secret: Whether the permission should be applied when the
account authenticates with the account's
client-set-secret
.. note:: Since permissions are by definition boolean, there is no need to store a
value parameter with an ACL entry: if an entry exists for a given account
for a given access list with a given permission, then that permission is
granted on that access list to that account; similarly, if one does not
exist then it is not granted.
"""
class Meta: # pylint: disable=missing-docstring,too-few-public-methods
table_name = "account_scope"
account = peewee.ForeignKeyField(
KeyoskAccount, null=False, on_delete="CASCADE", backref="scopes"
)
access_list = peewee.ForeignKeyField(
KeyoskDomainAccessList, null=False, on_delete="CASCADE"
)
permission = peewee.ForeignKeyField(
KeyoskDomainPermission, null=False, on_delete="CASCADE"
)
with_server_secret = peewee.BooleanField(null=False)
with_client_secret = peewee.BooleanField(null=False)
def __str__(self):
return f"ACL {self.permission.name}@{self.access_list.name} (scope:{'+'.join([item for item in ['server' if self.with_server_secret else '', 'client' if self.with_client_secret else ''] if item])})"

View File

@ -74,23 +74,3 @@ class KeyoskDomain(KeyoskBaseModel):
def __str__(self) -> str:
return f"Domain '{self.name}' ({self.uuid})"
class KeyoskDomainAccessList(KeyoskBaseModel):
class Meta: # pylint: disable=too-few-public-methods,missing-docstring
table_name = "domain_access_list"
domain = peewee.ForeignKeyField(
KeyoskDomain, null=False, on_delete="CASCADE", backref="access_lists"
)
name = peewee.CharField(null=False)
class KeyoskDomainPermission(KeyoskBaseModel):
class Meta: # pylint: disable=too-few-public-methods,missing-docstring
table_name = "domain_permission"
domain = peewee.ForeignKeyField(
KeyoskDomain, null=False, on_delete="CASCADE", backref="permissions"
)
name = peewee.CharField(null=False)

View File

@ -0,0 +1,14 @@
import peewee
from keyosk.database._shared import KeyoskBaseModel
from keyosk.database.domain import KeyoskDomain
class KeyoskDomainAccessList(KeyoskBaseModel):
class Meta: # pylint: disable=too-few-public-methods,missing-docstring
table_name = "domain_access_list"
domain = peewee.ForeignKeyField(
KeyoskDomain, null=False, on_delete="CASCADE", backref="access_lists"
)
name = peewee.CharField(null=False)

View File

@ -0,0 +1,14 @@
import peewee
from keyosk.database._shared import KeyoskBaseModel
from keyosk.database.domain import KeyoskDomain
class KeyoskDomainPermission(KeyoskBaseModel):
class Meta: # pylint: disable=too-few-public-methods,missing-docstring
table_name = "domain_permission"
domain = peewee.ForeignKeyField(
KeyoskDomain, null=False, on_delete="CASCADE", backref="permissions"
)
name = peewee.CharField(null=False)

45
keyosk/database/scope.py Normal file
View File

@ -0,0 +1,45 @@
import peewee
from keyosk.database._shared import KeyoskBaseModel
from keyosk.database.account import KeyoskAccount
from keyosk.database.domain_access_list import KeyoskDomainAccessList
from keyosk.database.domain_permission import KeyoskDomainPermission
class KeyoskAccountScope(KeyoskBaseModel):
"""Access control list entry model definition
:attribute account: Account the ACL entry applies to
:attribute access_list: The access list the entry is for
:attribute permission: The permission the entry is for
:attribute with_server_secret: Whether the permission should be applied when the
account authenticates with the account's
server-set-secret
:attribute with_client_secret: Whether the permission should be applied when the
account authenticates with the account's
client-set-secret
.. note:: Since permissions are by definition boolean, there is no need to store a
value parameter with an ACL entry: if an entry exists for a given account
for a given access list with a given permission, then that permission is
granted on that access list to that account; similarly, if one does not
exist then it is not granted.
"""
class Meta: # pylint: disable=missing-docstring,too-few-public-methods
table_name = "account_scope"
account = peewee.ForeignKeyField(
KeyoskAccount, null=False, on_delete="CASCADE", backref="scopes"
)
access_list = peewee.ForeignKeyField(
KeyoskDomainAccessList, null=False, on_delete="CASCADE"
)
permission = peewee.ForeignKeyField(
KeyoskDomainPermission, null=False, on_delete="CASCADE"
)
with_server_secret = peewee.BooleanField(null=False)
with_client_secret = peewee.BooleanField(null=False)
def __str__(self):
return f"ACL {self.permission.name}@{self.access_list.name} (scope:{'+'.join([item for item in ['server' if self.with_server_secret else '', 'client' if self.with_client_secret else ''] if item])})"