Merge pull request #560 from jbernal0019/master

Implement groups and permissions
FNNDSC · Jul 12, 2024 · 6fafdef · 6fafdef
2 parents 8ada822 + 99cc0d0
commit 6fafdef
Show file tree

Hide file tree

Showing 57 changed files with 6,668 additions and 1,410 deletions.
diff --git a/chris_backend/config/settings/local.py b/chris_backend/config/settings/local.py
@@ -24,6 +24,9 @@
 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = 'w1kxu^l=@pnsf!5piqz6!!5kdcdpo79y6jebbp+2244yjm*#+k'
 
+# Superuser settings
+CHRIS_SUPERUSER_PASSWORD = 'chris1234'
+
 # Hosts/domain names that are valid for this site
 # See https://docs.djangoproject.com/en/4.2/ref/settings/#allowed-hosts
 ALLOWED_HOSTS = ['*']
@@ -189,7 +192,8 @@
         'last_name': 'sn',
         'email': 'mail'
     }
+
     AUTHENTICATION_BACKENDS = (
-        'django_auth_ldap.backend.LDAPBackend',
+        'users.models.CustomLDAPBackend',
         'django.contrib.auth.backends.ModelBackend',
     )
diff --git a/chris_backend/config/settings/production.py b/chris_backend/config/settings/production.py
@@ -35,6 +35,10 @@ def get_secret(setting, secret_type=env):
 SECRET_KEY = get_secret('DJANGO_SECRET_KEY')
 
 
+# SUPERUSER SETTINGS
+CHRIS_SUPERUSER_PASSWORD = get_secret('CHRIS_SUPERUSER_PASSWORD')
+
+
 # SITE CONFIGURATION
 # ------------------------------------------------------------------------------
 # Hosts/domain names that are valid for this site
@@ -162,7 +166,8 @@ def get_secret(setting, secret_type=env):
         'last_name': 'sn',
         'email': 'mail'
     }
+
     AUTHENTICATION_BACKENDS = (
-        'django_auth_ldap.backend.LDAPBackend',
+        'users.models.CustomLDAPBackend',
         'django.contrib.auth.backends.ModelBackend',
     )
diff --git a/chris_backend/config/urls.py b/chris_backend/config/urls.py
@@ -20,7 +20,6 @@
 from django.conf import settings
 
 from plugins import admin as plugin_admin_views
-from users import views as group_admin_views
 
 
 urlpatterns = [
@@ -39,26 +38,6 @@
          plugin_admin_views.ComputeResourceAdminDetail.as_view(),
          name='admin-computeresource-detail'),
 
-    path('chris-admin/api/v1/groups/',
-         group_admin_views.GroupList.as_view(),
-         name='group-list'),
-
-    path('chris-admin/api/v1/groups/search/',
-         group_admin_views.GroupListQuerySearch.as_view(),
-         name='group-list-query-search'),
-
-    path('chris-admin/api/v1/groups/<int:pk>/',
-         group_admin_views.GroupDetail.as_view(),
-         name='group-detail'),
-
-    path('chris-admin/api/v1/groups/<int:pk>/users/',
-         group_admin_views.GroupUserList.as_view(),
-         name='group-user-list'),
-
-    path('chris-admin/api/v1/groups/users/<int:pk>/',
-         group_admin_views.GroupUserDetail.as_view(),
-         name='user_groups-detail'),
-
     path('chris-admin/', admin.site.urls),
 
     path('api/', include('core.api')),

diff --git a/chris_backend/core/api.py b/chris_backend/core/api.py
@@ -31,6 +31,30 @@
     path('v1/users/<int:pk>/groups/',
          user_views.UserGroupList.as_view(), name='user-group-list'),
 
+    path('v1/groups/',
+         user_views.GroupList.as_view(),
+         name='group-list'),
+
+    path('v1/groups/search/',
+         user_views.GroupListQuerySearch.as_view(),
+         name='group-list-query-search'),
+
+    path('v1/groups/<int:pk>/',
+         user_views.GroupDetail.as_view(),
+         name='group-detail'),
+
+    path('v1/groups/<int:pk>/users/',
+         user_views.GroupUserList.as_view(),
+         name='group-user-list'),
+
+    path('v1/groups/<int:pk>/users/search/',
+         user_views.GroupUserListQuerySearch.as_view(),
+         name='group-user-list-query-search'),
+
+    path('v1/groups/users/<int:pk>/',
+         user_views.GroupUserDetail.as_view(),
+         name='user_groups-detail'),
+
 
     path('v1/downloadtokens/',
          core_views.FileDownloadTokenList.as_view(),
@@ -61,6 +85,30 @@
     path('v1/note<int:pk>/',
         feed_views.NoteDetail.as_view(), name='note-detail'),
 
+    path('v1/<int:pk>/grouppermissions/',
+         feed_views.FeedGroupPermissionList.as_view(),
+         name='feedgrouppermission-list'),
+
+    path('v1/<int:pk>/grouppermissions/search/',
+         feed_views.FeedGroupPermissionListQuerySearch.as_view(),
+         name='feedgrouppermission-list-query-search'),
+
+    path('v1/grouppermissions/<int:pk>/',
+         feed_views.FeedGroupPermissionDetail.as_view(),
+         name='feedgrouppermission-detail'),
+
+    path('v1/<int:pk>/userpermissions/',
+         feed_views.FeedUserPermissionList.as_view(),
+         name='feeduserpermission-list'),
+
+    path('v1/<int:pk>/userpermissions/search/',
+         feed_views.FeedUserPermissionListQuerySearch.as_view(),
+         name='feeduserpermission-list-query-search'),
+
+    path('v1/userpermissions/<int:pk>/',
+         feed_views.FeedUserPermissionDetail.as_view(),
+         name='feeduserpermission-detail'),
+
     path('v1/<int:pk>/comments/',
         feed_views.CommentList.as_view(), name='comment-list'),
 
@@ -358,26 +406,98 @@
          filebrowser_views.FileBrowserFolderChildList.as_view(),
          name='chrisfolder-child-list'),
 
+    path('v1/filebrowser/<int:pk>/grouppermissions/',
+         filebrowser_views.FileBrowserFolderGroupPermissionList.as_view(),
+         name='foldergrouppermission-list'),
+
+    path('v1/filebrowser/<int:pk>/grouppermissions/search/',
+         filebrowser_views.FileBrowserFolderGroupPermissionListQuerySearch.as_view(),
+         name='foldergrouppermission-list-query-search'),
+
+    path('v1/filebrowser/grouppermissions/<int:pk>/',
+         filebrowser_views.FileBrowserFolderGroupPermissionDetail.as_view(),
+         name='foldergrouppermission-detail'),
+
+    path('v1/filebrowser/<int:pk>/userpermissions/',
+         filebrowser_views.FileBrowserFolderUserPermissionList.as_view(),
+         name='folderuserpermission-list'),
+
+    path('v1/filebrowser/<int:pk>/userpermissions/search/',
+         filebrowser_views.FileBrowserFolderUserPermissionListQuerySearch.as_view(),
+         name='folderuserpermission-list-query-search'),
+
+    path('v1/filebrowser/userpermissions/<int:pk>/',
+         filebrowser_views.FileBrowserFolderUserPermissionDetail.as_view(),
+         name='folderuserpermission-detail'),
+
     path('v1/filebrowser/<int:pk>/files/',
          filebrowser_views.FileBrowserFolderFileList.as_view(),
          name='chrisfolder-file-list'),
 
-    path('v1/filebrowser/<int:pk>/linkfiles/',
-         filebrowser_views.FileBrowserFolderLinkFileList.as_view(),
-         name='chrisfolder-linkfile-list'),
-
     path('v1/filebrowser/files/<int:pk>/',
          filebrowser_views.FileBrowserFileDetail.as_view(),
          name='chrisfile-detail'),
 
+    path('v1/filebrowser/files/<int:pk>/grouppermissions/',
+         filebrowser_views.FileBrowserFileGroupPermissionList.as_view(),
+         name='filegrouppermission-list'),
+
+    path('v1/filebrowser/files/<int:pk>/grouppermissions/search/',
+         filebrowser_views.FileBrowserFileGroupPermissionListQuerySearch.as_view(),
+         name='filegrouppermission-list-query-search'),
+
+    path('v1/filebrowser/files/grouppermissions/<int:pk>/',
+         filebrowser_views.FileBrowserFileGroupPermissionDetail.as_view(),
+         name='filegrouppermission-detail'),
+
+    path('v1/filebrowser/files/<int:pk>/userpermissions/',
+         filebrowser_views.FileBrowserFileUserPermissionList.as_view(),
+         name='fileuserpermission-list'),
+
+    path('v1/filebrowser/files/<int:pk>/userpermissions/search/',
+         filebrowser_views.FileBrowserFileUserPermissionListQuerySearch.as_view(),
+         name='fileuserpermission-list-query-search'),
+
+    path('v1/filebrowser/files/userpermissions/<int:pk>/',
+         filebrowser_views.FileBrowserFileUserPermissionDetail.as_view(),
+         name='fileuserpermission-detail'),
+
     re_path(r'^v1/filebrowser/files/(?P<pk>[0-9]+)/.*$',
             filebrowser_views.FileBrowserFileResource.as_view(),
             name='chrisfile-resource'),
 
+    path('v1/filebrowser/<int:pk>/linkfiles/',
+         filebrowser_views.FileBrowserFolderLinkFileList.as_view(),
+         name='chrisfolder-linkfile-list'),
+
     path('v1/filebrowser/linkfiles/<int:pk>/',
          filebrowser_views.FileBrowserLinkFileDetail.as_view(),
          name='chrislinkfile-detail'),
 
+    path('v1/filebrowser/linkfiles/<int:pk>/grouppermissions/',
+         filebrowser_views.FileBrowserLinkFileGroupPermissionList.as_view(),
+         name='linkfilegrouppermission-list'),
+
+    path('v1/filebrowser/linkfiles/<int:pk>/grouppermissions/search/',
+         filebrowser_views.FileBrowserLinkFileGroupPermissionListQuerySearch.as_view(),
+         name='linkfilegrouppermission-list-query-search'),
+
+    path('v1/filebrowser/linkfiles/grouppermissions/<int:pk>/',
+         filebrowser_views.FileBrowserLinkFileGroupPermissionDetail.as_view(),
+         name='linkfilegrouppermission-detail'),
+
+    path('v1/filebrowser/linkfiles/<int:pk>/userpermissions/',
+         filebrowser_views.FileBrowserLinkFileUserPermissionList.as_view(),
+         name='linkfileuserpermission-list'),
+
+    path('v1/filebrowser/linkfiles/<int:pk>/userpermissions/search/',
+         filebrowser_views.FileBrowserLinkFileUserPermissionListQuerySearch.as_view(),
+         name='linkfileuserpermission-list-query-search'),
+
+    path('v1/filebrowser/linkfiles/userpermissions/<int:pk>/',
+         filebrowser_views.FileBrowserLinkFileUserPermissionDetail.as_view(),
+         name='linkfileuserpermission-detail'),
+
     re_path(r'^v1/filebrowser/linkfiles/(?P<pk>[0-9]+)/.*$',
             filebrowser_views.FileBrowserLinkFileResource.as_view(),
             name='chrislinkfile-resource')

diff --git a/chris_backend/core/apps.py b/chris_backend/core/apps.py
@@ -1,5 +1,52 @@
+
 from django.apps import AppConfig
+from django.db.models.signals import post_migrate
+
+
+def setup_chris(sender, **kwargs):
+    from django.contrib.auth.models import User, Group
+    from django.conf import settings
+    from .models import ChrisInstance, ChrisFolder
+
+    ChrisInstance.load()  # create the ChRIS instance singleton
+
+    # create superuser chris
+    try:
+        chris_user = User.objects.get(username='chris')
+    except User.DoesNotExist:
+        chris_user = User.objects.create_superuser('chris', '[email protected]',
+                                                   settings.CHRIS_SUPERUSER_PASSWORD)
+    # create required groups
+    (all_grp, _) = Group.objects.get_or_create(name='all_users')
+    (pacs_grp, _) = Group.objects.get_or_create(name='pacs_users')
+
+    # create top level folders and their permissions
+    (folder, _) = ChrisFolder.objects.get_or_create(path='', owner=chris_user,
+                                                    public=True)
+
+    (folder, _) = ChrisFolder.objects.get_or_create(path='home', owner=chris_user)
+    if not folder.has_group_permission(all_grp):
+        folder.grant_group_permission(all_grp, 'r')
+
+    (folder, _) = ChrisFolder.objects.get_or_create(path='SHARED', owner=chris_user)
+    if not folder.has_group_permission(all_grp):
+        folder.grant_group_permission(all_grp, 'r')
+
+    ChrisFolder.objects.get_or_create(path='PUBLIC', owner=chris_user, public=True)
+    ChrisFolder.objects.get_or_create(path='PIPELINES', owner=chris_user, public=True)
+
+    (folder, _) = ChrisFolder.objects.get_or_create(path='SERVICES', owner=chris_user)
+    if not folder.has_group_permission(all_grp):
+        folder.grant_group_permission(all_grp, 'r')
+
+    (folder, _) = ChrisFolder.objects.get_or_create(path='SERVICES/PACS',
+                                                    owner=chris_user)
+    if not folder.has_group_permission(pacs_grp):
+        folder.grant_group_permission(pacs_grp, 'r')
 
 
 class Core(AppConfig):
     name = 'core'
+
+    def ready(self):
+        post_migrate.connect(setup_chris, sender=self)