class TeamClientPermissions(BaseMixin, db.Model):
__tablename__ = 'teamclientpermissions'
#: Team which has these permissions
team_id = db.Column(db.Integer, db.ForeignKey('team.id'), nullable=False)
team = db.relationship(Team,
primaryjoin=team_id == Team.id,
backref=db.backref('client_permissions',
cascade='all, delete-orphan'))
#: Client app they are assigned on
client_id = db.Column(db.Integer,
db.ForeignKey('client.id'),
nullable=False)
client = db.relationship(Client,
primaryjoin=client_id == Client.id,
backref=db.backref('team_permissions',
cascade="all, delete-orphan"))
#: The permissions as a string of tokens
access_permissions = db.Column('permissions',
db.Unicode(250),
default=u'',
nullable=False)
# Only one assignment per team and client
__table_args__ = (db.UniqueConstraint("team_id", "client_id"), {})
@property
def pickername(self):
return self.team.pickername
@property
def userid(self):
return self.team.userid
class ResourceAction(BaseMixin, db.Model):
"""
Actions that can be performed on resources. There should always be at minimum
a 'read' action.
"""
__tablename__ = 'resourceaction'
name = db.Column(db.Unicode(20), nullable=False)
resource_id = db.Column(db.Integer,
db.ForeignKey('resource.id'),
nullable=False)
resource = db.relationship(Resource,
primaryjoin=resource_id == Resource.id,
backref=db.backref(
'actions', cascade="all, delete-orphan"))
title = db.Column(db.Unicode(250), nullable=False)
description = db.Column(db.UnicodeText, default=u'', nullable=False)
# Action names are unique per client app
__table_args__ = (db.UniqueConstraint("name", "resource_id"), {})
def permissions(self, user, inherited=None):
perms = super(ResourceAction, self).permissions(user, inherited)
if user and self.resource.client.owner_is(user):
perms.add('edit')
perms.add('delete')
return perms
class UserExternalId(BaseMixin, db.Model):
__tablename__ = 'userexternalid'
user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
user = db.relationship(User, primaryjoin=user_id == User.id,
backref=db.backref('externalids', cascade="all, delete-orphan"))
service = db.Column(db.String(20), nullable=False)
userid = db.Column(db.String(250), nullable=False) # Unique id (or OpenID)
username = db.Column(db.Unicode(80), nullable=True)
oauth_token = db.Column(db.String(250), nullable=True)
oauth_token_secret = db.Column(db.String(250), nullable=True)
oauth_token_type = db.Column(db.String(250), nullable=True)
__table_args__ = (db.UniqueConstraint("service", "userid"), {})
class AuthToken(BaseMixin, db.Model):
"""Access tokens for access to data."""
__tablename__ = 'authtoken'
user_id = db.Column(db.Integer, db.ForeignKey('user.id'),
nullable=True) # Null for client-only tokens
user = db.relationship(User, primaryjoin=user_id == User.id)
client_id = db.Column(db.Integer,
db.ForeignKey('client.id'),
nullable=False)
client = db.relationship(Client,
primaryjoin=client_id == Client.id,
backref=db.backref("authtokens",
cascade="all, delete-orphan"))
token = db.Column(db.String(22),
default=newid,
nullable=False,
unique=True)
token_type = db.Column(db.String(250), default='bearer',
nullable=False) # 'bearer', 'mac' or a URL
secret = db.Column(db.String(44), nullable=True)
_algorithm = db.Column('algorithm', db.String(20), nullable=True)
_scope = db.Column('scope', db.Unicode(250), nullable=False)
validity = db.Column(db.Integer, nullable=False,
default=0) # Validity period in seconds
refresh_token = db.Column(db.String(22), nullable=True, unique=True)
# Only one authtoken per user and client. Add to scope as needed
__table_args__ = (db.UniqueConstraint("user_id", "client_id"), {})
def __init__(self, **kwargs):
super(AuthToken, self).__init__(**kwargs)
self.token = newid()
if self.user:
self.refresh_token = newid()
self.secret = newsecret()
def refresh(self):
"""
Create a new token while retaining the refresh token.
"""
if self.refresh_token is not None:
self.token = newid()
self.secret = newsecret()
@property
def scope(self):
return self._scope.split(u' ')
@scope.setter
def scope(self, value):
self._scope = u' '.join(value)
scope = db.synonym('_scope', descriptor=scope)
def add_scope(self, additional):
if isinstance(additional, basestring):
additional = [additional]
self.scope = list(set(self.scope).union(set(additional)))
@property
def algorithm(self):
return self._algorithm
@algorithm.setter
def algorithm(self, value):
if value is None:
self._algorithm = None
self.secret = None
elif value in ['hmac-sha-1', 'hmac-sha-256']:
self._algorithm = value
else:
raise ValueError("Unrecognized algorithm '%s'" % value)
algorithm = db.synonym('_algorithm', descriptor=algorithm)