feat: RBAC + SAML support

2025-11-20 21:46:04 -05:00 · 2025-04-05 12:44:21 +03:00
parent 8fecccce1c
commit 05414f66c7
158 changed files with 6423 additions and 106 deletions
--- a/identity_providers/migrations/0001_initial.py
+++ b/identity_providers/migrations/0001_initial.py
@@ -0,0 +1,87 @@
+# Generated by Django 5.1.6 on 2025-03-18 17:40
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    initial = True
+
+    dependencies = [
+        ('socialaccount', '0006_alter_socialaccount_extra_data'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='IdentityProviderUserLog',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('logs', models.TextField(blank=True, null=True)),
+                ('identity_provider', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='saml_logs', to='socialaccount.socialapp')),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='saml_logs', to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'verbose_name': 'Identity Provider User Log',
+                'verbose_name_plural': 'Identity Provider User Logs',
+                'ordering': ['-created_at'],
+            },
+        ),
+        migrations.CreateModel(
+            name='IdentityProviderCategoryMapping',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(help_text='Identity Provider group attribute value', max_length=100, verbose_name='Group Attribute Value')),
+                ('map_to', models.CharField(help_text='Category id', max_length=300)),
+                ('identity_provider', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='category_mapping', to='socialaccount.socialapp')),
+            ],
+            options={
+                'verbose_name': 'Identity Provider Category Mapping',
+                'verbose_name_plural': 'Identity Provider Category Mappings',
+                'unique_together': {('identity_provider', 'name')},
+            },
+        ),
+        migrations.CreateModel(
+            name='IdentityProviderGlobalRole',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(help_text='Identity Provider role attribute value', max_length=100, verbose_name='Global Role Mapping')),
+                (
+                    'map_to',
+                    models.CharField(
+                        choices=[
+                            ('user', 'Authenticated User'),
+                            ('advancedUser', 'Advanced User'),
+                            ('editor', 'MediaCMS Editor'),
+                            ('manager', 'MediaCMS Manager'),
+                            ('admin', 'MediaCMS Administrator'),
+                        ],
+                        help_text='MediaCMS Global Role',
+                        max_length=20,
+                    ),
+                ),
+                ('identity_provider', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='global_roles', to='socialaccount.socialapp')),
+            ],
+            options={
+                'verbose_name': 'Identity Provider Global Role Mapping',
+                'verbose_name_plural': 'Identity Provider Global Role Mappings',
+                'unique_together': {('identity_provider', 'name')},
+            },
+        ),
+        migrations.CreateModel(
+            name='IdentityProviderGroupRole',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(help_text='Identity Provider role attribute value', max_length=100, verbose_name='Group Role Mapping')),
+                ('map_to', models.CharField(choices=[('member', 'Member'), ('contributor', 'Contributor'), ('manager', 'Manager')], help_text='MediaCMS Group Role', max_length=20)),
+                ('identity_provider', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='group_roles', to='socialaccount.socialapp')),
+            ],
+            options={
+                'verbose_name': 'Identity Provider Group Role Mapping',
+                'verbose_name_plural': 'Identity Provider Group Role Mappings',
+                'unique_together': {('identity_provider', 'name')},
+            },
+        ),
+    ]
--- a/identity_providers/migrations/0002_loginoption.py
+++ b/identity_providers/migrations/0002_loginoption.py
@@ -0,0 +1,27 @@
+# Generated by Django 5.1.6 on 2025-03-20 18:00
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('identity_providers', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='LoginOption',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('title', models.CharField(help_text='Display name for this login option (e.g. Login through DEIC)', max_length=100)),
+                ('url', models.CharField(help_text='URL or path for this login option', max_length=255)),
+                ('ordering', models.PositiveIntegerField(default=0, help_text='Display order (smaller numbers appear first)')),
+                ('active', models.BooleanField(default=True, help_text='Whether this login option is currently active')),
+            ],
+            options={
+                'verbose_name': 'Login Option',
+                'verbose_name_plural': 'Login Options',
+                'ordering': ['ordering'],
+            },
+        ),
+    ]
--- a/identity_providers/migrations/0003_alter_identityprovidercategorymapping_unique_together.py
+++ b/identity_providers/migrations/0003_alter_identityprovidercategorymapping_unique_together.py
@@ -0,0 +1,16 @@
+# Generated by Django 5.1.6 on 2025-03-25 15:05
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('identity_providers', '0002_loginoption'),
+    ]
+
+    operations = [
+        migrations.AlterUniqueTogether(
+            name='identityprovidercategorymapping',
+            unique_together=set(),
+        ),
+    ]
--- a/identity_providers/migrations/0004_alter_identityprovidercategorymapping_map_to.py
+++ b/identity_providers/migrations/0004_alter_identityprovidercategorymapping_map_to.py
@@ -0,0 +1,19 @@
+# Generated by Django 5.1.6 on 2025-03-25 15:26
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('files', '0005_alter_category_uid'),
+        ('identity_providers', '0003_alter_identityprovidercategorymapping_unique_together'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='identityprovidercategorymapping',
+            name='map_to',
+            field=models.ForeignKey(help_text='Category id', on_delete=django.db.models.deletion.CASCADE, to='files.category'),
+        ),
+    ]
--- a/identity_providers/migrations/init.py
+++ b/identity_providers/migrations/init.py