Merge lp://qastaging/~rvb/maas/maas-security-model into lp://qastaging/~maas-committers/maas/trunk
Status: | Merged |
---|---|
Approved by: | Julian Edwards |
Approved revision: | no longer in the source branch. |
Merged at revision: | 42 |
Proposed branch: | lp://qastaging/~rvb/maas/maas-security-model |
Merge into: | lp://qastaging/~maas-committers/maas/trunk |
Diff against target: |
678 lines (+373/-29) 12 files modified
src/maas/development.py (+1/-0) src/maas/settings.py (+6/-0) src/maasserver/api.py (+3/-3) src/maasserver/middleware.py (+60/-0) src/maasserver/models.py (+54/-6) src/maasserver/templates/maasserver/index.html (+25/-0) src/maasserver/templates/registration/login.html (+29/-0) src/maasserver/testing/factory.py (+20/-1) src/maasserver/tests/test_api.py (+32/-12) src/maasserver/tests/test_auth.py (+113/-0) src/maasserver/urls.py (+23/-5) src/maasserver/views.py (+7/-2) |
To merge this branch: | bzr merge lp://qastaging/~rvb/maas/maas-security-model |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Gavin Panella (community) | Approve | ||
Review via email: mp+89800@code.qastaging.launchpad.net |
Commit message
Add security model.
Description of the change
This branch adds the security model to maas.
= Details =
The security model is this:
- the site (except login/logout/
- the admins have no restrictions
- only the Nodes are protected: all the Nodes are visible by anyone until the are in use by a user (at this stage the owner field is populated). When a Node becomes 'owned', it is only visible to its owner (and admins).
All the views (api, regular views [and static resources]) are protected by a middleware class (AccessMiddleware).
This branch also introduces a MaaSAuthorizati
Also, note that proper usage of the security model in view will be done in a followup branch. This branch focuses on the basic infrastructure and the api security.