Security Models

class registry.models.security.AllowedOperation(*args, **kwargs)

A AllowedOperation represents a security configuration for a given registry.models.service.Service.

Attr operations: django.db.models.fields.related.ManyToManyField field to configure allowed OGC operations.
Attr allowed_groups: django.db.models.fields.related.ManyToManyField field to configure allowed groups to access the configured service.
Attr allowed_area: (optional) django.contrib.gis.db.models.fields.MultiPolygonField to configure an allowed area. If set, only the configured area is allowed to request.
Attr secured_service: django.db.models.fields.related.ForeignKey field to configure the secured service.
Attr secured_layers: django.db.models.fields.related.ManyToManyField field to configure all secured layers.
Attr secured_feature_types: django.db.models.fields.related.ManyToManyField field to configure all secured feature types.
Attr description: django.db.models.fields.CharField short description for better administrating different AllowedOperation instances.

One allowed operation is a configuration to allow

a set of registry.models.security.ServiceAccessGroup
to access a set of registry.models.service.Layer or registry.models.FeatureType
for one configured registry.models.service.Service
limited by the configured registry.models.security.OGCOperation
and (optional) limited by a configured django.contrib.gis.geos.MultiPolygon

Warning

IF there are two AllowedOperation instances for the same set of operations and allowed_groups and one has no allowed area configured the one with allowed_area=None allows all areas.

exception DoesNotExist

exception MultipleObjectsReturned

save(*args, **kwargs): Custom save function to update related registry.models.security.ProxySetting instance. IF there is a related registry.models.security.ProxySetting instance, the ProxySetting.camouflage attribute is updated to the value True ELSE we create a new registry.models.security.ProxySetting instance with the initial camouflage=True attribute.

class registry.models.security.AllowedOperationGroupRelation(*args, **kwargs)

Custom M2M relation table model to protect referenced ServiceAccessGroup from deleting if they are referenced.

exception DoesNotExist

exception MultipleObjectsReturned

class registry.models.security.AnalyzedResponseLog(id, created_at, created_by_user, owner, last_modified_at, last_modified_by, response, entity_count, entity_total_count, entity_unit)

exception DoesNotExist

exception MultipleObjectsReturned

class registry.models.security.HttpRequestLog(id, timestamp, elapsed, method, url, body, headers, user, wms, wfs)

exception DoesNotExist

exception MultipleObjectsReturned

class registry.models.security.HttpResponseLog(id, status_code, reason, elapsed, headers, url, content, request)

exception DoesNotExist

exception MultipleObjectsReturned

save(*args, **kwargs)

Save the current instance. Override this in a subclass if you want to control the saving process.

The ‘force_insert’ and ‘force_update’ parameters can be used to insist that the “save” must be an SQL insert or update (or equivalent for non-SQL backends), respectively. Normally, they should not be set.

class registry.models.security.OGCOperation(operation)

exception DoesNotExist

exception MultipleObjectsReturned

class registry.models.security.ProxySetting(id, created_at, created_by_user, owner, last_modified_at, last_modified_by, camouflage, log_response, wms, wfs)

exception DoesNotExist

exception MultipleObjectsReturned

clean(): Hook for doing any extra model-wide validation after clean() has been called on every field by self.clean_fields. Any ValidationError raised by this method will not be associated with a particular field; it will have a special-case association with the field defined by NON_FIELD_ERRORS.

class registry.models.security.ServiceAccessGroup(id, name, group_ptr, created_at, created_by_user, owner, last_modified_at, last_modified_by, description)

exception DoesNotExist

exception MultipleObjectsReturned

class registry.models.security.ServiceAuthentication(id, created_at, created_by_user, owner, last_modified_at, last_modified_by, username, password, auth_type, key_file, service)

exception DoesNotExist

exception MultipleObjectsReturned

decrypt()

Decrypt the login credentials using the stored key

Returns:: username, password (tuple): the username and password in clear text

delete(*args, **kwargs)

Overwrites default delete function

Removes local stored file if it exists!

Args;: using: keep_parents:
Returns:: the deleted object

save(*args, **kwargs)

Save the current instance. Override this in a subclass if you want to control the saving process.

The ‘force_insert’ and ‘force_update’ parameters can be used to insist that the “save” must be an SQL insert or update (or equivalent for non-SQL backends), respectively. Normally, they should not be set.