PrimAITE/src/primaite/simulator/domain/controller.py

from enum import Enum
from typing import Dict, Final, List, Literal, Tuple

from primaite.simulator.core import ActionPermissionValidator, SimComponent
from primaite.simulator.domain.account import Account, AccountType


# placeholder while these objects don't yet exist
class temp_node:
    """Placeholder for node class for type hinting purposes."""

    pass


class temp_application:
    """Placeholder for application class for type hinting purposes."""

    pass


class temp_folder:
    """Placeholder for folder class for type hinting purposes."""

    pass


class temp_file:
    """Placeholder for file class for type hinting purposes."""

    pass


class AccountGroup(Enum):
    """Permissions are set at group-level and accounts can belong to these groups."""

    local_user = 1
    "For performing basic actions on a node"
    domain_user = 2
    "For performing basic actions to the domain"
    local_admin = 3
    "For full access to actions on a node"
    domain_admin = 4
    "For full access"


class GroupMembershipValidator(ActionPermissionValidator):
    """Permit actions based on group membership."""

    def __init__(self, allowed_groups: List[AccountGroup]) -> None:
        """Store a list of groups that should be granted permission.

        :param allowed_groups: List of AccountGroups that are permitted to perform some action.
        :type allowed_groups: List[AccountGroup]
        """
        self.allowed_groups = allowed_groups

    def __call__(self, request: List[str], context: Dict) -> bool:
        """Permit the action if the request comes from an account which belongs to the right group."""
        # if context request source is part of any groups mentioned in self.allow_groups, return true, otherwise false
        requestor_groups: List[str] = context["request_source"]["groups"]
        for allowed_group in self.allowed_groups:
            if allowed_group.name in requestor_groups:
                return True
        return False


class DomainController(SimComponent):
    """Main object for controlling the domain."""

    # owned objects
    accounts: Dict[str, Account] = {}
    groups: Final[List[AccountGroup]] = list(AccountGroup)

    domain_group_membership: Dict[Literal[AccountGroup.domain_admin, AccountGroup.domain_user], List[Account]] = {}
    local_group_membership: Dict[
        Tuple[temp_node, Literal[AccountGroup.local_admin, AccountGroup.local_user]], List[Account]
    ] = {}

    # references to non-owned objects. Not sure if all are needed here.
    nodes: Dict[str, temp_node] = {}
    applications: Dict[str, temp_application] = {}
    folders: List[temp_folder] = {}
    files: List[temp_file] = {}

    def _register_account(self, account: Account) -> None:
        """TODO."""
        ...

    def _deregister_account(self, account: Account) -> None:
        """TODO."""
        ...

    def create_account(self, username: str, password: str, account_type: AccountType) -> Account:
        """TODO."""
        ...

    def delete_account(self, account: Account) -> None:
        """TODO."""
        ...

    def rotate_all_credentials(self) -> None:
        """TODO."""
        ...

    def rotate_account_credentials(self, account: Account) -> None:
        """TODO."""
        ...

    def add_account_to_group(self, account: Account, group: AccountGroup) -> None:
        """TODO."""
        ...

    def remove_account_from_group(self, account: Account, group: AccountGroup) -> None:
        """TODO."""
        ...

    def check_account_permissions(self, account: Account, node: temp_node) -> List[AccountGroup]:
        """Return a list of permission groups that this account has on this node."""
        ...

    def register_node(self, node: temp_node) -> None:
        """TODO."""
        ...

    def deregister_node(self, node: temp_node) -> None:
        """TODO."""
        ...
Test my validators 2023-08-03 16:26:33 +01:00			`from enum import Enum`
Add docs and tests 2023-08-07 10:55:29 +01:00			`from typing import Dict, Final, List, Literal, Tuple`
Test my validators 2023-08-03 16:26:33 +01:00
			`from primaite.simulator.core import ActionPermissionValidator, SimComponent`
			`from primaite.simulator.domain.account import Account, AccountType`
Make some progress on accounts 2023-08-02 13:43:31 +01:00

Overhaul sim component for permission management. 2023-08-03 13:09:04 +01:00			`# placeholder while these objects don't yet exist`
Test my validators 2023-08-03 16:26:33 +01:00			`class temp_node:`
Add docs and tests 2023-08-07 10:55:29 +01:00			`"""Placeholder for node class for type hinting purposes."""`

Test my validators 2023-08-03 16:26:33 +01:00			`pass`


			`class temp_application:`
Add docs and tests 2023-08-07 10:55:29 +01:00			`"""Placeholder for application class for type hinting purposes."""`

Test my validators 2023-08-03 16:26:33 +01:00			`pass`


			`class temp_folder:`
Add docs and tests 2023-08-07 10:55:29 +01:00			`"""Placeholder for folder class for type hinting purposes."""`

Test my validators 2023-08-03 16:26:33 +01:00			`pass`


			`class temp_file:`
Add docs and tests 2023-08-07 10:55:29 +01:00			`"""Placeholder for file class for type hinting purposes."""`

Test my validators 2023-08-03 16:26:33 +01:00			`pass`


			`class AccountGroup(Enum):`
			`"""Permissions are set at group-level and accounts can belong to these groups."""`

			`local_user = 1`
			`"For performing basic actions on a node"`
			`domain_user = 2`
			`"For performing basic actions to the domain"`
			`local_admin = 3`
			`"For full access to actions on a node"`
			`domain_admin = 4`
			`"For full access"`


			`class GroupMembershipValidator(ActionPermissionValidator):`
			`"""Permit actions based on group membership."""`

			`def __init__(self, allowed_groups: List[AccountGroup]) -> None:`
Update code based on PR comments. 2023-08-07 17:24:14 +01:00			`"""Store a list of groups that should be granted permission.`

			`:param allowed_groups: List of AccountGroups that are permitted to perform some action.`
			`:type allowed_groups: List[AccountGroup]`
			`"""`
Test my validators 2023-08-03 16:26:33 +01:00			`self.allowed_groups = allowed_groups`

			`def __call__(self, request: List[str], context: Dict) -> bool:`
			`"""Permit the action if the request comes from an account which belongs to the right group."""`
			`# if context request source is part of any groups mentioned in self.allow_groups, return true, otherwise false`
			`requestor_groups: List[str] = context["request_source"]["groups"]`
			`for allowed_group in self.allowed_groups:`
			`if allowed_group.name in requestor_groups:`
			`return True`
			`return False`
Make some progress on accounts 2023-08-02 13:43:31 +01:00

			`class DomainController(SimComponent):`
			`"""Main object for controlling the domain."""`

Overhaul sim component for permission management. 2023-08-03 13:09:04 +01:00			`# owned objects`
Update code based on PR comments. 2023-08-07 17:24:14 +01:00			`accounts: Dict[str, Account] = {}`
Overhaul sim component for permission management. 2023-08-03 13:09:04 +01:00			`groups: Final[List[AccountGroup]] = list(AccountGroup)`

Add docs and tests 2023-08-07 10:55:29 +01:00			`domain_group_membership: Dict[Literal[AccountGroup.domain_admin, AccountGroup.domain_user], List[Account]] = {}`
			`local_group_membership: Dict[`
Merge dev into feature/1716-accounts-and-groups 2023-08-09 09:18:06 +01:00			`Tuple[temp_node, Literal[AccountGroup.local_admin, AccountGroup.local_user]], List[Account]`
Add docs and tests 2023-08-07 10:55:29 +01:00			`] = {}`
Overhaul sim component for permission management. 2023-08-03 13:09:04 +01:00
Add docs and tests 2023-08-07 10:55:29 +01:00			`# references to non-owned objects. Not sure if all are needed here.`
Update code based on PR comments. 2023-08-07 17:24:14 +01:00			`nodes: Dict[str, temp_node] = {}`
			`applications: Dict[str, temp_application] = {}`
			`folders: List[temp_folder] = {}`
			`files: List[temp_file] = {}`
Overhaul sim component for permission management. 2023-08-03 13:09:04 +01:00
Make register and deregister acct private 2023-08-03 13:24:27 +01:00			`def _register_account(self, account: Account) -> None:`
Overhaul sim component for permission management. 2023-08-03 13:09:04 +01:00			`"""TODO."""`
			`...`

Make register and deregister acct private 2023-08-03 13:24:27 +01:00			`def _deregister_account(self, account: Account) -> None:`
Overhaul sim component for permission management. 2023-08-03 13:09:04 +01:00			`"""TODO."""`
			`...`

			`def create_account(self, username: str, password: str, account_type: AccountType) -> Account:`
			`"""TODO."""`
			`...`

Add docs and tests 2023-08-07 10:55:29 +01:00			`def delete_account(self, account: Account) -> None:`
			`"""TODO."""`
			`...`

Overhaul sim component for permission management. 2023-08-03 13:09:04 +01:00			`def rotate_all_credentials(self) -> None:`
			`"""TODO."""`
			`...`

			`def rotate_account_credentials(self, account: Account) -> None:`
			`"""TODO."""`
			`...`

			`def add_account_to_group(self, account: Account, group: AccountGroup) -> None:`
			`"""TODO."""`
			`...`

			`def remove_account_from_group(self, account: Account, group: AccountGroup) -> None:`
			`"""TODO."""`
			`...`
Add docs and tests 2023-08-07 10:55:29 +01:00
			`def check_account_permissions(self, account: Account, node: temp_node) -> List[AccountGroup]:`
			`"""Return a list of permission groups that this account has on this node."""`
			`...`

			`def register_node(self, node: temp_node) -> None:`
			`"""TODO."""`
			`...`

			`def deregister_node(self, node: temp_node) -> None:`
			`"""TODO."""`
			`...`