diff --git a/keyosk/database/__init__.py b/keyosk/database/__init__.py index 6aaced9..b0699a7 100644 --- a/keyosk/database/__init__.py +++ b/keyosk/database/__init__.py @@ -28,22 +28,18 @@ from keyosk import datatypes from keyosk.database._shared import INTERFACE as interface from keyosk.database._shared import KeyoskBaseModel from keyosk.database.account import Account -from keyosk.database.account import AccountAssignment from keyosk.database.account_acl import AccountACLEntry from keyosk.database.domain import Domain from keyosk.database.domain import DomainAccessList from keyosk.database.domain import DomainPermission -from keyosk.database.domain_admin import DomainAdmin MODELS: List[Type[KeyoskBaseModel]] = [ Account, DomainAccessList, DomainPermission, - DomainAdmin, Domain, AccountACLEntry, - AccountAssignment, ] diff --git a/keyosk/database/account.py b/keyosk/database/account.py index f5638ad..1f59476 100644 --- a/keyosk/database/account.py +++ b/keyosk/database/account.py @@ -90,17 +90,3 @@ class Account(KeyoskBaseModel): @staticmethod def dict_keys() -> List[str]: return ["uuid", "created", "updated", "username", "enabled", "extras"] - - -class AccountAssignment(KeyoskBaseModel): - """Many-to-many mapping for assigning accounts to domains - - :attribute account: Account to assign to a domain - :attribute domain: Domain to assign an account to - """ - - class Meta: # pylint: disable=missing-docstring,too-few-public-methods - table_name = "account_assignment" - - account = peewee.ForeignKeyField(Account) - domain = peewee.ForeignKeyField(Domain) diff --git a/keyosk/database/domain.py b/keyosk/database/domain.py index 4aff05f..c7de81a 100644 --- a/keyosk/database/domain.py +++ b/keyosk/database/domain.py @@ -63,11 +63,6 @@ class Domain(KeyoskBaseModel): """Return the list of permission names from the backref""" return [item.name for item in self._permissions] - @property - def administration(self): - """Return administration settings container""" - return self._administration[0] - @staticmethod def dict_keys() -> List[str]: return [ @@ -87,13 +82,8 @@ class Domain(KeyoskBaseModel): "lifespan_refresh", "access_list_names", "permission_names", - "administration", ] - @staticmethod - def foreign_ref() -> List[str]: - return ["administration"] - class DomainAccessList(KeyoskBaseModel): """Access list name model definition diff --git a/keyosk/database/domain_admin.py b/keyosk/database/domain_admin.py deleted file mode 100644 index 6e1d7d4..0000000 --- a/keyosk/database/domain_admin.py +++ /dev/null @@ -1,74 +0,0 @@ -"""Authentication domain meta admin settings model definition - -The domain administration settings allow access to be granted to accounts assigned to -the domain to manage the domain itself. This allows accounts to manage the parts of -Keyosk that they need to without granting permissions to every domain Keyosk knows -about. - -However, to avoid circular foreign key references, the admin settings need their own -relation tabel. If these settings were part of the main :class:`Domain` model then there -would be circular references between it and the :class:`DomainAccessList` and -:class:`DomainPermission` models. -""" -from typing import Generator -from typing import Tuple - -import peewee - -from keyosk.database._shared import KeyoskBaseModel -from keyosk.database.domain import Domain -from keyosk.database.domain import DomainAccessList -from keyosk.database.domain import DomainPermission - - -class DomainAdmin(KeyoskBaseModel): - """Authentication domain meta administration storage model - - :attribute access_list: The ACL that an account must have permissions for to manage - the domain settings - :attribute domain_read: Permission granted by the ACL entry that gives the assigned - account read access to the domain settings - :attribute domain_update: Permission granted by the ACL entry that gives the - assigned account update access to the domain settings - :attribute account_create: Permission granted by the ACL entry that gives the - assigned account access to create new accounts assigned - to the domain - :attribute account_read: Permission granted by the ACL entry that gives the - assigned account read access to the accounts assigned to - the domain - :attribute account_delete: Permission granted by the ACL entry that gives the - assigned account access to unassign an account from the - domain - - There are two permissions not available via this model that may make sense to - implement in the future: ``account_update`` and ``domain_delete``. The first is not - implemented due to the potential conflicts it causes: an account can be assigned to - multiple domains, so granting permissions on one domain to modify an account may - implicitly grant that same permission on one or more accounts assigned to another - domain; this seemed ill advised. The second is not implemented for no real good - reason, other than it seemed out of the inteneded usage of "domain management". - - .. note:: Both the permissions denoted above, as well as other permissions not - enumerated here, are available through the primary Keyosk authentication - domain. - """ - - class Meta: # pylint: disable=missing-docstring,too-few-public-methods - table_name = "domain_admin" - - domain = peewee.ForeignKeyField( - Domain, unique=True, null=False, backref="_administration" - ) - access_list = peewee.ForeignKeyField(DomainAccessList, null=True) - domain_read = peewee.ForeignKeyField(DomainPermission, null=True) - domain_update = peewee.ForeignKeyField(DomainPermission, null=True) - account_create = peewee.ForeignKeyField(DomainPermission, null=True) - account_read = peewee.ForeignKeyField(DomainPermission, null=True) - account_delete = peewee.ForeignKeyField(DomainPermission, null=True) - - def __iter__(self) -> Generator[Tuple[str, str], None, None]: - yield "access_list", self.access_list.name - yield "domain_read", self.domain_read.name - yield "account_create", self.account_create.name - yield "account_read", self.account_read.name - yield "account_delete", self.account_delete.name