Add model for account ACL entries

2024-11-24 23:47:49 +00:00 · 2020-02-22 20:55:22 -05:00 · 2020-02-22 20:55:22 -05:00 · f1254c4704
commit f1254c4704
parent fc4eb38c9e
1 changed files with 43 additions and 0 deletions
--- a/keyosk/database/account_acl.py
+++ b/keyosk/database/account_acl.py
@ -0,0 +1,43 @@
+"""Account access control list entry model definition
+
+Access Control Lists (ACLs) are entities that can have permissions assigned to them
+under certain conditions. Permissions are the possible permissions that can be granted-
+or not granted- to an ACL. An entry in an ACL comprises the ACL identifier, the
+permission to grant, and the identity that should be granted the permission.
+"""
+import peewee
+
+from keyosk.database._shared import KeyoskBaseModel
+from keyosk.database.account import Account
+from keyosk.database.domain import DomainAccessList
+from keyosk.database.domain import DomainPermission
+
+
+class AccountACLEntry(KeyoskBaseModel):
+    """Access control list entry model definition
+
+    :attribute account: Account the ACL entry applies to
+    :attribute access_list: The access list the entry is for
+    :attribute permission: The permission the entry is for
+    :attribute with_server_secret: Whether the permission should be applied when the
+                                   account authenticates with the account's
+                                   server-set-secret
+    :attribute with_client_secret: Whether the permission should be applied when the
+                                   account authenticates with the account's
+                                   client-set-secret
+
+    .. note:: Since permissions are by definition boolean, there is no need to store a
+              value parameter with an ACL entry: if an entry exists for a given account
+              for a given access list with a given permission, then that permission is
+              granted on that access list to that account; similarly, if one does not
+              exist then it is not granted.
+    """
+
+    class Meta:  # pylint: disable=missing-docstring,too-few-public-methods
+        table_name = "account_acl"
+
+    account = peewee.ForeignKeyField(Account, backref="acls")
+    access_list = peewee.ForeignKeyField(DomainAccessList)
+    permission = peewee.ForeignKeyField(DomainPermission)
+    with_server_secret = peewee.BooleanField(null=False)
+    with_client_secret = peewee.BooleanField(null=False)