nofusscomputing/centurion_erp
1
0
Fork 0
Code Issues Wiki Activity

docs: update and include permissions

Browse Source 
!1
This commit is contained in:
Jon Lockwood
2024-05-13 20:45:35 +09:30
parent 0d1b31f9f0
commit db5d7e18ad
5 changed files with 120 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
docs/projects/django-template/index.md Normal file
View File

@ -0,0 +1,54 @@
---
title: Django Template
description: No Fuss Computings NetBox Django Site Template
date: 2024-04-06
template: project.html
about: https://gitlab.com/nofusscomputing/infrastructure/configuration-management/django_app
---
This Django Project is designed to be a base template for Django applications. It's intent is to contain only the minimal functionality that is/would be common to all Django applications. for instance: base templates, auth and the functions required to make the site navigable. Currently the template style is that of the Red Hat echo system (AWX, Foreman, EDA, Cockpit etc).
This template has built into it multi-tenancy which can easily added to your django application if using this template.
## Features
- [Multi-Tenancy](permissions.md)
- Auto-Generated Navigation Menu
## Adding an Application
1. Install the django application with `pip <app-name>`
1. Update `app.settings.py`
``` python
INSTALLED_APPS = [
'<app name>.apps.<apps.py Class Name>', # Within project directory
'<app name>', # not in project directory
]
```
1. Update `itsm/urls.py`
``` python
urlpatterns = [
path("<url path>/", include("<app name>.urls")),
]
```
!!! tip
No url from the application will be visible without including the `name` parameter when calling the `path` function within the applications `url.py`. i.e. `urlpatterns[].path(name='<Navigation Name>')`. This is by design and when combined with a prefix of `_` provides the option to limit what URL's are displayed within the navigation menu. A name beginning with an underscore `_` will not be displayed in the menu.
Once you have completed the above list, your application will display collapsed within the navigation menu with the name of your application.

85
docs/projects/django-template/permissions.md Normal file
View File

@ -0,0 +1,85 @@
---
title: Permissions
description: No Fuss Computings Django Template Permissions
date: 2024-05-12
template: project.html
about: https://gitlab.com/nofusscomputing/infrastructure/configuration-management/django_app
---
The base django permissions have not been modified with this app providing Multi-Tenancy. This is done by a mixin, that checks if the item is apart of an organization, if it is; confirmation is made that the user is part of the same organization and as long as they have the correct permission within the organization, access is granted.
## How it works
The overall permissions system of django has not been modified with it remaining fully functional. The multi-tenancy has been setup based off of an organization with teams. A team to the underlying django system is an extension of the django auth group and for every team created a django auth group is created. THe group name is set using the following format: `<organization>_<team name>` and contains underscores `_` instead of spaces.
A User who is added to an team as a "Manager" can modify the team members or if they have permission `access.change_team` which also allows the changing of team permissions. Modification of an organization can be done by the django administrator (super user) or any user with permission `access._change_organization`.
## Multi-Tenancy workflow
The workflow is conducted as part of the view and has the following flow:
1. Checks if user is member of organization the object the action is being performed on.
1. Fetches all teams the user is part of.
1. obtains all permissions that are linked to the team.
1. checks if user has the required permission for the action.
1. confirms that the team the permission came from is part of the same organization as the object the action is being conducted on.
1. ONLY on success of the above items, grants access.
## Tenancy Setup
Within your view class include the mixin class `OrganizationPermission`, ensuring that you set the `permission_required` attribute.
### Model Setup
Any item you wish to be multi-tenant, ensure within your model you include the tenancy model abstract class. The class includes a field called `organization` which links directly to the organization model and is used by the tenancy permission check.
``` python title="<your app name>/models.py"
from access.models import TenancyObject
class YourObject(TenancyObject):
...
```
### View Setup
The mixin inlcuded in this template `OrganizationPermission` is designed to work with all django built in views and is what does the multi-tenancy permission checks.
``` python title="<your app name>/views.py"
from access.mixins import OrganizationPermission
class IndexView(OrganizationPermission, generic.ListView):
model = YourModel
permission_required = 'access.view_organization'
# Use this for static success url
success_url = f"/organization/" + pk_url_kwarg
# Use this to build dynamic success URL
def get_success_url(self, **kwargs):
return f"/organization/{self.kwargs['pk']}/"
def get_queryset(self):
return MyModel.objects.filter(organization__in=self.user_organizations())
```
Using a filter `pk__in=self.user_organizations()` for the queryset using the mixins function `user_organizations`, will limit the query set to only items where the user is a member of the organization.