mirror of
https://github.com/enpaul/keyosk.git
synced 2024-11-24 23:47:49 +00:00
Add model for account ACL entries
This commit is contained in:
parent
fc4eb38c9e
commit
f1254c4704
43
keyosk/database/account_acl.py
Normal file
43
keyosk/database/account_acl.py
Normal file
@ -0,0 +1,43 @@
|
||||
"""Account access control list entry model definition
|
||||
|
||||
Access Control Lists (ACLs) are entities that can have permissions assigned to them
|
||||
under certain conditions. Permissions are the possible permissions that can be granted-
|
||||
or not granted- to an ACL. An entry in an ACL comprises the ACL identifier, the
|
||||
permission to grant, and the identity that should be granted the permission.
|
||||
"""
|
||||
import peewee
|
||||
|
||||
from keyosk.database._shared import KeyoskBaseModel
|
||||
from keyosk.database.account import Account
|
||||
from keyosk.database.domain import DomainAccessList
|
||||
from keyosk.database.domain import DomainPermission
|
||||
|
||||
|
||||
class AccountACLEntry(KeyoskBaseModel):
|
||||
"""Access control list entry model definition
|
||||
|
||||
:attribute account: Account the ACL entry applies to
|
||||
:attribute access_list: The access list the entry is for
|
||||
:attribute permission: The permission the entry is for
|
||||
:attribute with_server_secret: Whether the permission should be applied when the
|
||||
account authenticates with the account's
|
||||
server-set-secret
|
||||
:attribute with_client_secret: Whether the permission should be applied when the
|
||||
account authenticates with the account's
|
||||
client-set-secret
|
||||
|
||||
.. note:: Since permissions are by definition boolean, there is no need to store a
|
||||
value parameter with an ACL entry: if an entry exists for a given account
|
||||
for a given access list with a given permission, then that permission is
|
||||
granted on that access list to that account; similarly, if one does not
|
||||
exist then it is not granted.
|
||||
"""
|
||||
|
||||
class Meta: # pylint: disable=missing-docstring,too-few-public-methods
|
||||
table_name = "account_acl"
|
||||
|
||||
account = peewee.ForeignKeyField(Account, backref="acls")
|
||||
access_list = peewee.ForeignKeyField(DomainAccessList)
|
||||
permission = peewee.ForeignKeyField(DomainPermission)
|
||||
with_server_secret = peewee.BooleanField(null=False)
|
||||
with_client_secret = peewee.BooleanField(null=False)
|
Loading…
Reference in New Issue
Block a user