feat: RBAC + SAML support

2025-11-20 21:46:04 -05:00 · 2025-04-05 12:44:21 +03:00
parent 8fecccce1c
commit 05414f66c7
158 changed files with 6423 additions and 106 deletions
--- a/rbac/migrations/0001_initial.py
+++ b/rbac/migrations/0001_initial.py
@@ -0,0 +1,63 @@
+# Generated by Django 5.1.6 on 2025-03-18 17:40
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    initial = True
+
+    dependencies = [
+        ('files', '0004_alter_subtitle_options_category_identity_provider_and_more'),
+        ('socialaccount', '0006_alter_socialaccount_extra_data'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='RBACGroup',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('uid', models.CharField(help_text='Unique identifier for the RBAC group (unique per identity provider)', max_length=255)),
+                ('name', models.CharField(max_length=100, help_text='MediaCMS Group name')),
+                ('description', models.TextField(blank=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+                ('categories', models.ManyToManyField(blank=True, help_text='Categories this RBAC group has access to', related_name='rbac_groups', to='files.category')),
+                (
+                    'identity_provider',
+                    models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='rbac_groups', to='socialaccount.socialapp', verbose_name='IDP Config Name'),
+                ),
+            ],
+            options={
+                'verbose_name': 'RBAC Group',
+                'verbose_name_plural': 'RBAC Groups',
+            },
+        ),
+        migrations.CreateModel(
+            name='RBACMembership',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('role', models.CharField(choices=[('member', 'Member'), ('contributor', 'Contributor'), ('manager', 'Manager')], default='member', max_length=20)),
+                ('joined_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+                ('rbac_group', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='memberships', to='rbac.rbacgroup')),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='rbac_memberships', to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'verbose_name': 'RBAC Membership',
+                'verbose_name_plural': 'RBAC Memberships',
+                'unique_together': {('user', 'rbac_group', 'role')},
+            },
+        ),
+        migrations.AddField(
+            model_name='rbacgroup',
+            name='members',
+            field=models.ManyToManyField(related_name='rbac_groups', through='rbac.RBACMembership', to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.AlterUniqueTogether(
+            name='rbacgroup',
+            unique_together={('name', 'identity_provider'), ('uid', 'identity_provider')},
+        ),
+    ]