Merge pull request #116 from arenaxr/namespace

feat: add namespace permissions model

Author: mwfarb

arena_account/settings.py

@@ -44,13 +44,13 @@
     "aframe",
     "apriltag",
     "ar",
-    "orchestrator",  # proxy
     "arts",
     "audio",
     "auth",  # proxy
     "build",
     "chat",
     "conf",
+    "dashboard",  # proxy
     "dist",
     "face-tracking",
     "files",
@@ -65,7 +65,9 @@
     "mqtt2",  # proxy
     "network",
     "node_modules",
+    "orchestrator",  # proxy
     "persist",  # proxy
+    "programs",  # proxy
     "public",  # public namespace (tentative)
     "pythonrt",  # proxy
     "runtime-mngr",

users/admin.py

@@ -1,12 +1,22 @@
 from django.contrib import admin
 
-from .models import Device, Scene
+from .models import Device, Namespace, Scene
+
+
+class NamespaceAdmin(admin.ModelAdmin):
+    list_display = ["name", "is_default"]
+    list_filter = ["editors", "viewers"]
+    search_fields = ["name"]
+    autocomplete_fields = ["owners", "editors", "viewers"]
 
 
 class SceneAdmin(admin.ModelAdmin):
-    list_display = ["name", "public_read", "public_write", "anonymous_users", "video_conference", "users"]
-    autocomplete_fields = ["editors"]
+    list_display = ["name", "is_default", "public_read", "public_write", "anonymous_users", "video_conference", "users"]
+    list_filter = ["public_read", "public_write", "anonymous_users", "video_conference", "users", "editors", "viewers"]
+    search_fields = ["name"]
+    autocomplete_fields = ["owners", "editors", "viewers"]
 
 
+admin.site.register(Namespace, NamespaceAdmin)
 admin.site.register(Scene, SceneAdmin)
 admin.site.register(Device)

users/forms.py

@@ -4,7 +4,9 @@
 from django.conf import settings
 from django.contrib.auth.models import User
 
-from .models import Device, Scene
+from .models import Device, Namespace, Scene
+from .mqtt import TOPIC_SUPPORTED_API_VERSIONS, all_scenes_read_token
+from .persistence import get_persist_scenes_ns
 
 
 class SocialSignupForm(_SocialSignupForm):
@@ -20,16 +22,31 @@ def clean(self):
         username = cleaned_data.get("username")
         # reject usernames in form on signup: settings.USERNAME_RESERVED
         if username in settings.USERNAME_RESERVED:
-            msg = f"Sorry, {username} is a reserved word for usernames."
+            msg = f"Sorry, '{username}' is a reserved word."
             self.add_error("username", msg)
-
+        # reject usernames in form on signup: Namespace exists in permissions
+        elif Namespace.objects.filter(name=username).exists():
+            msg = f"Sorry, '{username}' is a permissions namespace."
+            self.add_error("username", msg)
+        # reject usernames in form on signup: Namespace used in persist db
+        else:
+            version = TOPIC_SUPPORTED_API_VERSIONS[0]  # TODO (mwfarb): resolve missing request.version
+            token = all_scenes_read_token(version)
+            if len(get_persist_scenes_ns(token, username)) > 0:
+                msg = f"Sorry, '{username}' is a persistence namespace."
+                self.add_error("username", msg)
 
 class UpdateStaffForm(forms.Form):
     staff_username = forms.CharField(label="staff_username", required=True)
     is_staff = forms.BooleanField(
         label="is_staff", required=False, initial=False)
 
 
+class UpdateNamespaceForm(forms.Form):
+    add = forms.CharField(label="add", required=False)
+    edit = forms.CharField(label="edit", required=False)
+
+
 class UpdateSceneForm(forms.Form):
     add = forms.CharField(label="add", required=False)
     edit = forms.CharField(label="edit", required=False)
@@ -40,14 +57,35 @@ class UpdateDeviceForm(forms.Form):
     edit = forms.CharField(label="edit", required=False)
 
 
-class SceneForm(forms.ModelForm):
+class NamespaceForm(forms.ModelForm):
+    owners = forms.ModelMultipleChoiceField(
+        queryset=User.objects.all().order_by('username'),
+        widget=autocomplete.ModelSelect2Multiple(
+            url='users:user-autocomplete',
+            forward=(forward.Self(), ),
+            attrs={'data-minimum-input-length': 2},
+        ), required=False)
     editors = forms.ModelMultipleChoiceField(
         queryset=User.objects.all().order_by('username'),
         widget=autocomplete.ModelSelect2Multiple(
             url='users:user-autocomplete',
             forward=(forward.Self(), ),
             attrs={'data-minimum-input-length': 2},
         ), required=False)
+    viewers = forms.ModelMultipleChoiceField(
+        queryset=User.objects.all().order_by('username'),
+        widget=autocomplete.ModelSelect2Multiple(
+            url='users:user-autocomplete',
+            forward=(forward.Self(), ),
+            attrs={'data-minimum-input-length': 2},
+        ), required=False)
+
+    class Meta:
+        model = Namespace
+        fields = ("owners", "editors", "viewers")
+
+
+class SceneForm(forms.ModelForm):
     public_read = forms.BooleanField(
         widget=forms.CheckboxInput(attrs={"class": "form-check-input"}), required=False)
     public_write = forms.BooleanField(
@@ -58,11 +96,32 @@ class SceneForm(forms.ModelForm):
         widget=forms.CheckboxInput(attrs={"class": "form-check-input"}), required=False)
     users = forms.BooleanField(
         widget=forms.CheckboxInput(attrs={"class": "form-check-input"}), required=False)
+    owners = forms.ModelMultipleChoiceField(
+        queryset=User.objects.all().order_by('username'),
+        widget=autocomplete.ModelSelect2Multiple(
+            url='users:user-autocomplete',
+            forward=(forward.Self(), ),
+            attrs={'data-minimum-input-length': 2},
+        ), required=False)
+    editors = forms.ModelMultipleChoiceField(
+        queryset=User.objects.all().order_by('username'),
+        widget=autocomplete.ModelSelect2Multiple(
+            url='users:user-autocomplete',
+            forward=(forward.Self(), ),
+            attrs={'data-minimum-input-length': 2},
+        ), required=False)
+    viewers = forms.ModelMultipleChoiceField(
+        queryset=User.objects.all().order_by('username'),
+        widget=autocomplete.ModelSelect2Multiple(
+            url='users:user-autocomplete',
+            forward=(forward.Self(), ),
+            attrs={'data-minimum-input-length': 2},
+        ), required=False)
 
     class Meta:
         model = Scene
         fields = ("public_read", "public_write",
-                  "anonymous_users", "video_conference", "users", "editors")
+                  "anonymous_users", "video_conference", "users", "owners", "editors", "viewers")
 
 
 class DeviceForm(forms.ModelForm):

users/migrations/0008_auto_20250109_1916.py

@@ -0,0 +1,51 @@
+# Generated by Django 3.2.25 on 2025-01-09 19:16
+
+from django.conf import settings
+import django.core.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('users', '0007_scene_users'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='scene',
+            name='owners',
+            field=models.ManyToManyField(blank=True, related_name='scene_owners', to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.AddField(
+            model_name='scene',
+            name='viewers',
+            field=models.ManyToManyField(blank=True, related_name='scene_viewers', to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.AlterField(
+            model_name='device',
+            name='name',
+            field=models.CharField(max_length=200, unique=True, validators=[django.core.validators.RegexValidator('^[a-zA-Z0-9_-]+/[a-zA-Z0-9_-]+$', 'Only alphanumeric, underscore, hyphen, in namespace/idname format allowed.')]),
+        ),
+        migrations.AlterField(
+            model_name='scene',
+            name='editors',
+            field=models.ManyToManyField(blank=True, related_name='scene_editors', to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.AlterField(
+            model_name='scene',
+            name='name',
+            field=models.CharField(max_length=200, unique=True, validators=[django.core.validators.RegexValidator('^[a-zA-Z0-9_-]+/[a-zA-Z0-9_-]+$', 'Only alphanumeric, underscore, hyphen, in namespace/idname format allowed.')]),
+        ),
+        migrations.CreateModel(
+            name='Namespace',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=100, unique=True, validators=[django.core.validators.RegexValidator('^[a-zA-Z0-9_-]*$', 'Only alphanumeric, underscore, hyphen allowed.')])),
+                ('editors', models.ManyToManyField(blank=True, related_name='namespace_editors', to=settings.AUTH_USER_MODEL)),
+                ('owners', models.ManyToManyField(blank=True, related_name='namespace_owners', to=settings.AUTH_USER_MODEL)),
+                ('viewers', models.ManyToManyField(blank=True, related_name='namespace_viewers', to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]

users/models.py

@@ -1,5 +1,6 @@
 from django.contrib.auth.models import User
 from django.core.exceptions import ValidationError
+from django.core.validators import RegexValidator
 from django.db import models
 from django.urls import reverse
 
@@ -10,32 +11,86 @@
 SCENE_VIDEO_CONF_DEF = True
 SCENE_USERS_DEF = True
 
+RE_NS = r"^[a-zA-Z0-9_-]*$"
+RE_NS_SLASH_ID = r"^[a-zA-Z0-9_-]+/[a-zA-Z0-9_-]+$"
+
+ns_regex = RegexValidator(RE_NS, "Only alphanumeric, underscore, hyphen allowed.")
+ns_slash_id_regex = RegexValidator(
+    RE_NS_SLASH_ID, "Only alphanumeric, underscore, hyphen, in namespace/idname format allowed."
+)
+
+
+class NamespaceDefault:
+    def __init__(self, name=""):
+        self.name = name
+        self.owners = []
+        self.editors = []
+        self.viewers = []
+        self.is_default = True
+
+
+class Namespace(models.Model):
+    """Model representing a namespace's permissions."""
+
+    name = models.CharField(max_length=100, blank=False, unique=True, validators=[ns_regex])
+    owners = models.ManyToManyField(User, blank=True, related_name="namespace_owners")
+    editors = models.ManyToManyField(User, blank=True, related_name="namespace_editors")
+    viewers = models.ManyToManyField(User, blank=True, related_name="namespace_viewers")
+
+    def save(self, *args, **kwargs):
+        self.full_clean()  # performs regular validation then clean()
+        super(Namespace, self).save(*args, **kwargs)
+
+    def clean(self):
+        if self.name == "":
+            raise ValidationError("Empty namespace name!")
+        self.name = self.name.strip()
+
+    def __str__(self):
+        """String for representing the namespace object by name."""
+        return self.name
+
+    @property
+    def is_default(self):
+        return self.editors.count() == 0 and self.viewers.count() == 0
+
+
+class SceneDefault:
+    def __init__(self, name=""):
+        self.name = name
+        self.owners = []
+        self.editors = []
+        self.viewers = []
+        self.public_read = SCENE_PUBLIC_READ_DEF
+        self.public_write = SCENE_PUBLIC_WRITE_DEF
+        self.anonymous_users = SCENE_ANON_USERS_DEF
+        self.video_conference = SCENE_VIDEO_CONF_DEF
+        self.users = SCENE_USERS_DEF
+        self.is_default = True
+
 
 class Scene(models.Model):
-    """Model representing a scene's permissions."""
+    """Model representing a namespace/scene's permissions."""
 
-    name = models.CharField(max_length=200, blank=False, unique=True)
+    name = models.CharField(max_length=200, blank=False, unique=True, validators=[ns_slash_id_regex])
     summary = models.TextField(max_length=1000, blank=True)
-    editors = models.ManyToManyField(User, blank=True)
+    owners = models.ManyToManyField(User, blank=True, related_name="scene_owners")
+    editors = models.ManyToManyField(User, blank=True, related_name="scene_editors")
+    viewers = models.ManyToManyField(User, blank=True, related_name="scene_viewers")
     creation_date = models.DateTimeField(auto_now_add=True)
-    public_read = models.BooleanField(
-        default=SCENE_PUBLIC_READ_DEF, blank=True)
-    public_write = models.BooleanField(
-        default=SCENE_PUBLIC_WRITE_DEF, blank=True)
-    anonymous_users = models.BooleanField(
-        default=SCENE_ANON_USERS_DEF, blank=True)
-    video_conference = models.BooleanField(
-        default=SCENE_VIDEO_CONF_DEF, blank=True)
-    users = models.BooleanField(
-        default=SCENE_USERS_DEF, blank=True)
+    public_read = models.BooleanField(default=SCENE_PUBLIC_READ_DEF, blank=True)
+    public_write = models.BooleanField(default=SCENE_PUBLIC_WRITE_DEF, blank=True)
+    anonymous_users = models.BooleanField(default=SCENE_ANON_USERS_DEF, blank=True)
+    video_conference = models.BooleanField(default=SCENE_VIDEO_CONF_DEF, blank=True)
+    users = models.BooleanField(default=SCENE_USERS_DEF, blank=True)
 
     def save(self, *args, **kwargs):
         self.full_clean()  # performs regular validation then clean()
         super(Scene, self).save(*args, **kwargs)
 
     def clean(self):
         if self.name == "":
-            raise ValidationError("Empty scene name!")
+            raise ValidationError("Empty namespace/scene name!")
         self.name = self.name.strip()
 
     def __str__(self):
@@ -54,11 +109,23 @@ def namespace(self):
     def sceneid(self):
         return self.name.split("/")[1]
 
+    @property
+    def is_default(self):
+        return (
+            self.public_read is SCENE_PUBLIC_READ_DEF
+            and self.public_write is SCENE_PUBLIC_WRITE_DEF
+            and self.anonymous_users is SCENE_ANON_USERS_DEF
+            and self.video_conference is SCENE_VIDEO_CONF_DEF
+            and self.users is SCENE_USERS_DEF
+            and self.editors.count() == 0
+            and self.viewers.count() == 0
+        )
+
 
 class Device(models.Model):
-    """Model representing a device's permissions."""
+    """Model representing a namespace/device's permissions."""
 
-    name = models.CharField(max_length=200, blank=False, unique=True)
+    name = models.CharField(max_length=200, blank=False, unique=True, validators=[ns_slash_id_regex])
     summary = models.TextField(max_length=1000, blank=True)
     creation_date = models.DateTimeField(auto_now_add=True)
 
@@ -68,7 +135,7 @@ def save(self, *args, **kwargs):
 
     def clean(self):
         if self.name == "":
-            raise ValidationError("Empty device name!")
+            raise ValidationError("Empty namespace/device name!")
         self.name = self.name.strip()
 
     def __str__(self):
@@ -78,3 +145,7 @@ def __str__(self):
     @property
     def namespace(self):
         return self.name.split("/")[0]
+
+    @property
+    def deviceid(self):
+        return self.name.split("/")[1]

users/mqtt.py

@@ -12,6 +12,7 @@
     SCENE_PUBLIC_WRITE_DEF,
     SCENE_USERS_DEF,
     SCENE_VIDEO_CONF_DEF,
+    Namespace,
     Scene,
 )
 from .mqtt_match import topic_matches_sub
@@ -290,6 +291,12 @@ def set_scene_perms_api_v2(
             # scene owners have rights to their scene objects only
             topicv2_add_scene_reader(pubs, subs, realm, username, "+", ids)
             topicv2_add_scene_writer(pubs, subs, realm, username, "+", ids)
+            # add namespaces that have been granted by other owners
+            u_namespaces = Namespace.objects.filter(editors=user)
+            for u_namespace in u_namespaces:
+                if not sceneid or u_namespace.name == f"{namespace}":
+                    topicv2_add_scene_reader(pubs, subs, realm, u_namespace.name, "+", ids)
+                    topicv2_add_scene_writer(pubs, subs, realm, u_namespace.name, "+", ids)
             # add scenes that have been granted by other owners
             u_scenes = Scene.objects.filter(editors=user)
             for u_scene in u_scenes: