1
0
mirror of https://github.com/enpaul/keyosk.git synced 2024-12-26 01:33:33 +00:00

Add model for account ACL entries

This commit is contained in:
Ethan Paul 2020-02-22 20:55:22 -05:00
parent fc4eb38c9e
commit f1254c4704

View File

@ -0,0 +1,43 @@
"""Account access control list entry model definition
Access Control Lists (ACLs) are entities that can have permissions assigned to them
under certain conditions. Permissions are the possible permissions that can be granted-
or not granted- to an ACL. An entry in an ACL comprises the ACL identifier, the
permission to grant, and the identity that should be granted the permission.
"""
import peewee
from keyosk.database._shared import KeyoskBaseModel
from keyosk.database.account import Account
from keyosk.database.domain import DomainAccessList
from keyosk.database.domain import DomainPermission
class AccountACLEntry(KeyoskBaseModel):
"""Access control list entry model definition
:attribute account: Account the ACL entry applies to
:attribute access_list: The access list the entry is for
:attribute permission: The permission the entry is for
:attribute with_server_secret: Whether the permission should be applied when the
account authenticates with the account's
server-set-secret
:attribute with_client_secret: Whether the permission should be applied when the
account authenticates with the account's
client-set-secret
.. note:: Since permissions are by definition boolean, there is no need to store a
value parameter with an ACL entry: if an entry exists for a given account
for a given access list with a given permission, then that permission is
granted on that access list to that account; similarly, if one does not
exist then it is not granted.
"""
class Meta: # pylint: disable=missing-docstring,too-few-public-methods
table_name = "account_acl"
account = peewee.ForeignKeyField(Account, backref="acls")
access_list = peewee.ForeignKeyField(DomainAccessList)
permission = peewee.ForeignKeyField(DomainPermission)
with_server_secret = peewee.BooleanField(null=False)
with_client_secret = peewee.BooleanField(null=False)