def policy_changed_cache_handler(sender=None, instance=None, using=None, **kwargs):
"""Signal handler for Principal cache expiry on Policy deletion."""
logger.info('Handling signal for deleted policy %s - invalidating associated user cache keys', instance)
cache = AccessCache(connections[using].schema_name)
if instance.group:
for principal in instance.group.principals.all():
cache.delete_policy(principal.uuid)
def role_related_obj_change_cache_handler(sender=None, instance=None, using=None, **kwargs):
"""Signal handler for invalidating Principal cache on Role object change."""
logger.info(
"Handling signal for added/removed/changed role-related object %s - "
"invalidating associated user cache keys",
instance,
)
cache = AccessCache(connections[using].schema_name)
if instance.role:
for principal in Principal.objects.filter(group__policies__roles__pk=instance.role.pk):
cache.delete_policy(principal.uuid)
def group_deleted_cache_handler(sender=None,
instance=None,
using=None,
**kwargs):
"""Signal handler to purge principal caches when a Group is deleted."""
logger.info(
"Handling signal for deleted group %s - invalidating policy cache for users in group",
instance)
cache = AccessCache(connections[using].schema_name)
for principal in instance.principals.all():
cache.delete_policy(principal.uuid)
def principals_to_groups_cache_handler(sender=None,
instance=None,
action=None,
reverse=None,
model=None,
pk_set=None,
using=None,
**kwargs):
"""Signal handler to purge caches when Group membership changes."""
cache = AccessCache(connections[using].schema_name)
if action in ("post_add", "pre_remove"):
logger.info(
"Handling signal for %s group membership change - invalidating policy cache",
instance)
if isinstance(instance, Group):
# One or more principals was added to/removed from the group
for principal in Principal.objects.filter(pk__in=pk_set):
cache.delete_policy(principal.uuid)
elif isinstance(instance, Principal):
# One or more groups was added to/removed from the principal
cache.delete_policy(instance.uuid)
elif action == "pre_clear":
logger.info(
"Handling signal for %s group membership clearing - invalidating policy cache",
instance)
if isinstance(instance, Group):
# All principals are being removed from this group
for principal in instance.principals.all():
cache.delete_policy(principal.uuid)
elif isinstance(instance, Principal):
# All groups are being removed from this principal
cache.delete_policy(instance.uuid)
def policy_to_roles_cache_handler(sender=None, instance=None, action=None, # noqa: C901
reverse=None, model=None, pk_set=None, using=None,
**kwargs):
"""Signal handler for Principal cache expiry on Policy/Role m2m change."""
cache = AccessCache(connections[using].schema_name)
if action in ('post_add', 'pre_remove'):
logger.info('Handling signal for %s roles change - invalidating policy cache', instance)
if isinstance(instance, Policy):
# One or more roles was added to/removed from the policy
if instance.group:
for principal in instance.group.principals.all():
cache.delete_policy(principal.uuid)
elif isinstance(instance, Role):
# One or more policies was added to/removed from the role
for policy in Policy.objects.filter(pk__in=pk_set):
if policy.group:
for principal in policy.group.principals.all():
cache.delete_policy(principal.uuid)
elif action == 'pre_clear':
logger.info('Handling signal for %s policy-roles clearing - invalidating policy cache', instance)
if isinstance(instance, Policy):
# All roles are being removed from this policy
if instance.group:
for principal in instance.group.principals.all():
cache.delete_policy(principal.uuid)
elif isinstance(instance, Role):
# All policies are being removed from this role
for principal in Principal.objects.filter(group__policies__roles__pk=instance.pk):
cache.delete_policy(principal.uuid)
def policy_changed_cache_handler(sender=None,
instance=None,
using=None,
**kwargs):
"""Signal handler for Principal cache expiry on Policy deletion."""
logger.info(
"Handling signal for deleted policy %s - invalidating associated user cache keys",
instance)
cache = AccessCache(connections[using].schema_name)
if instance.group:
principals = instance.group.principals.all()
if instance.group.platform_default:
cache.delete_all_policies_for_tenant()
for principal in principals:
cache.delete_policy(principal.uuid)