mirror of https://github.com/enpaul/keyosk.git
Refactor database module to have one class per file
This commit is contained in:
parent
440d6e68f4
commit
8de4da92ef
|
|
@ -28,10 +28,10 @@ from keyosk import datatypes
|
|||
from keyosk.database._shared import INTERFACE as interface
|
||||
from keyosk.database._shared import KeyoskBaseModel
|
||||
from keyosk.database.account import KeyoskAccount
|
||||
from keyosk.database.account import KeyoskAccountScope
|
||||
from keyosk.database.domain import KeyoskDomain
|
||||
from keyosk.database.domain import KeyoskDomainAccessList
|
||||
from keyosk.database.domain import KeyoskDomainPermission
|
||||
from keyosk.database.domain_access_list import KeyoskDomainAccessList
|
||||
from keyosk.database.domain_permission import KeyoskDomainPermission
|
||||
from keyosk.database.scope import KeyoskAccountScope
|
||||
from keyosk.database.token import Token
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -5,8 +5,6 @@ import json
|
|||
import peewee
|
||||
|
||||
from keyosk.database._shared import KeyoskBaseModel
|
||||
from keyosk.database.domain import KeyoskDomainAccessList
|
||||
from keyosk.database.domain import KeyoskDomainPermission
|
||||
from keyosk.datatypes import Extras
|
||||
|
||||
|
||||
|
|
@ -48,42 +46,3 @@ class KeyoskAccount(KeyoskBaseModel):
|
|||
|
||||
def __str__(self) -> str:
|
||||
return f"Account '{self.username}' ({self.uuid})"
|
||||
|
||||
|
||||
class KeyoskAccountScope(KeyoskBaseModel):
|
||||
"""Access control list entry model definition
|
||||
|
||||
:attribute account: Account the ACL entry applies to
|
||||
:attribute access_list: The access list the entry is for
|
||||
:attribute permission: The permission the entry is for
|
||||
:attribute with_server_secret: Whether the permission should be applied when the
|
||||
account authenticates with the account's
|
||||
server-set-secret
|
||||
:attribute with_client_secret: Whether the permission should be applied when the
|
||||
account authenticates with the account's
|
||||
client-set-secret
|
||||
|
||||
.. note:: Since permissions are by definition boolean, there is no need to store a
|
||||
value parameter with an ACL entry: if an entry exists for a given account
|
||||
for a given access list with a given permission, then that permission is
|
||||
granted on that access list to that account; similarly, if one does not
|
||||
exist then it is not granted.
|
||||
"""
|
||||
|
||||
class Meta: # pylint: disable=missing-docstring,too-few-public-methods
|
||||
table_name = "account_scope"
|
||||
|
||||
account = peewee.ForeignKeyField(
|
||||
KeyoskAccount, null=False, on_delete="CASCADE", backref="scopes"
|
||||
)
|
||||
access_list = peewee.ForeignKeyField(
|
||||
KeyoskDomainAccessList, null=False, on_delete="CASCADE"
|
||||
)
|
||||
permission = peewee.ForeignKeyField(
|
||||
KeyoskDomainPermission, null=False, on_delete="CASCADE"
|
||||
)
|
||||
with_server_secret = peewee.BooleanField(null=False)
|
||||
with_client_secret = peewee.BooleanField(null=False)
|
||||
|
||||
def __str__(self):
|
||||
return f"ACL {self.permission.name}@{self.access_list.name} (scope:{'+'.join([item for item in ['server' if self.with_server_secret else '', 'client' if self.with_client_secret else ''] if item])})"
|
||||
|
|
|
|||
|
|
@ -74,23 +74,3 @@ class KeyoskDomain(KeyoskBaseModel):
|
|||
|
||||
def __str__(self) -> str:
|
||||
return f"Domain '{self.name}' ({self.uuid})"
|
||||
|
||||
|
||||
class KeyoskDomainAccessList(KeyoskBaseModel):
|
||||
class Meta: # pylint: disable=too-few-public-methods,missing-docstring
|
||||
table_name = "domain_access_list"
|
||||
|
||||
domain = peewee.ForeignKeyField(
|
||||
KeyoskDomain, null=False, on_delete="CASCADE", backref="access_lists"
|
||||
)
|
||||
name = peewee.CharField(null=False)
|
||||
|
||||
|
||||
class KeyoskDomainPermission(KeyoskBaseModel):
|
||||
class Meta: # pylint: disable=too-few-public-methods,missing-docstring
|
||||
table_name = "domain_permission"
|
||||
|
||||
domain = peewee.ForeignKeyField(
|
||||
KeyoskDomain, null=False, on_delete="CASCADE", backref="permissions"
|
||||
)
|
||||
name = peewee.CharField(null=False)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,14 @@
|
|||
import peewee
|
||||
|
||||
from keyosk.database._shared import KeyoskBaseModel
|
||||
from keyosk.database.domain import KeyoskDomain
|
||||
|
||||
|
||||
class KeyoskDomainAccessList(KeyoskBaseModel):
|
||||
class Meta: # pylint: disable=too-few-public-methods,missing-docstring
|
||||
table_name = "domain_access_list"
|
||||
|
||||
domain = peewee.ForeignKeyField(
|
||||
KeyoskDomain, null=False, on_delete="CASCADE", backref="access_lists"
|
||||
)
|
||||
name = peewee.CharField(null=False)
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
import peewee
|
||||
|
||||
from keyosk.database._shared import KeyoskBaseModel
|
||||
from keyosk.database.domain import KeyoskDomain
|
||||
|
||||
|
||||
class KeyoskDomainPermission(KeyoskBaseModel):
|
||||
class Meta: # pylint: disable=too-few-public-methods,missing-docstring
|
||||
table_name = "domain_permission"
|
||||
|
||||
domain = peewee.ForeignKeyField(
|
||||
KeyoskDomain, null=False, on_delete="CASCADE", backref="permissions"
|
||||
)
|
||||
name = peewee.CharField(null=False)
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
import peewee
|
||||
|
||||
from keyosk.database._shared import KeyoskBaseModel
|
||||
from keyosk.database.account import KeyoskAccount
|
||||
from keyosk.database.domain_access_list import KeyoskDomainAccessList
|
||||
from keyosk.database.domain_permission import KeyoskDomainPermission
|
||||
|
||||
|
||||
class KeyoskAccountScope(KeyoskBaseModel):
|
||||
"""Access control list entry model definition
|
||||
|
||||
:attribute account: Account the ACL entry applies to
|
||||
:attribute access_list: The access list the entry is for
|
||||
:attribute permission: The permission the entry is for
|
||||
:attribute with_server_secret: Whether the permission should be applied when the
|
||||
account authenticates with the account's
|
||||
server-set-secret
|
||||
:attribute with_client_secret: Whether the permission should be applied when the
|
||||
account authenticates with the account's
|
||||
client-set-secret
|
||||
|
||||
.. note:: Since permissions are by definition boolean, there is no need to store a
|
||||
value parameter with an ACL entry: if an entry exists for a given account
|
||||
for a given access list with a given permission, then that permission is
|
||||
granted on that access list to that account; similarly, if one does not
|
||||
exist then it is not granted.
|
||||
"""
|
||||
|
||||
class Meta: # pylint: disable=missing-docstring,too-few-public-methods
|
||||
table_name = "account_scope"
|
||||
|
||||
account = peewee.ForeignKeyField(
|
||||
KeyoskAccount, null=False, on_delete="CASCADE", backref="scopes"
|
||||
)
|
||||
access_list = peewee.ForeignKeyField(
|
||||
KeyoskDomainAccessList, null=False, on_delete="CASCADE"
|
||||
)
|
||||
permission = peewee.ForeignKeyField(
|
||||
KeyoskDomainPermission, null=False, on_delete="CASCADE"
|
||||
)
|
||||
with_server_secret = peewee.BooleanField(null=False)
|
||||
with_client_secret = peewee.BooleanField(null=False)
|
||||
|
||||
def __str__(self):
|
||||
return f"ACL {self.permission.name}@{self.access_list.name} (scope:{'+'.join([item for item in ['server' if self.with_server_secret else '', 'client' if self.with_client_secret else ''] if item])})"
|
||||
Loading…
Reference in New Issue