Merge branch 'release/0.1.5'

clinicedc · Sep 6, 2018 · d18b3d1 · d18b3d1
2 parents 058a039 + 96623a1
commit d18b3d1
Show file tree

Hide file tree

Showing 19 changed files with 621 additions and 396 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.1.4
+0.1.5
diff --git a/crypto_fields/user-aes-local.key b/crypto_fields/user-aes-local.key
diff --git a/crypto_fields/user-aes-restricted.key b/crypto_fields/user-aes-restricted.key
@@ -0,0 +1 @@
+g�@���8`6��Q���բ���~6��R`@K����!�gP���e�A��&1�-�z��\r����<���L�MQiu�F#�K�T��;��O��6���[���)4��8��v�T�Pd�Le"ۆ�X}��ћ��H����'4��ɇ��Z����	@Dy��t@�y��ByU���I-��5����l����\;�5����g�h��]�L�`-ִ�.�	���aB��3�yS�;G�m6ԗ�^������zT
diff --git a/crypto_fields/user-rsa-local-private.pem b/crypto_fields/user-rsa-local-private.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAphLSwjjsgT1bVzeGDCboGl2+L5hqh1WkXiAASYp3NO00bNhU
+KzQEDab9D0hmAdhiMwn+Bs62PnQD1SHS36XCefr5k2IuaPLdBrnVN/glhfnVcJ6q
+uaOfZls7b/GL/ArTuEBQs8Xa6mhy13KWBXsHca1nqqZcJYt2KDrWaD7z2DuflZNF
+SGYZS+skdjHyjrI0F2Etazf+f7Pv2qSBQ3hCFRxBrhv3gfHJQykVf9PmYqC6AgSk
+eG/7Zt3pQZ1VzM9tyHbSY1fRImQ7JjKpwGgqqGBl9g2QTRchaCmda2BCBPzj+kYM
+bYD2kIx7woJt4kCECe+RAQ4+gNHpqenVu8b20wIDAQABAoIBAHWAQfA7WFKEt/i4
+hzZX3May5tpEC7NfS+Fw4OMnffpLjlkoojzDG88RBGFoxwutLqWP/1SPsu/zI7cL
+rGiinjux8B1wTQfiNbIJj6t+/gWR44tAJ+katLA2ApLMo0+b1Xq6vp7DcYWCiyaW
+o0CTcIvktcFO3UmPJ/WE06iESgEF4oc+YTDrx3Cu5HcOJfRQX7cWU4BTjZjQl41h
+d/1kwqaooEeaGrWONQ8RrPXVHMhQSFxbepmG6dHgCmZc2lEq5khf31MAcum1rq2Q
+iK3HF4lZ1Jdenv+L30ezO0MWtkw/iagP8UGCVmutlPkkgdS0ZpNDuOxQQqEz74tY
+XQsHWFkCgYEAxt7SPwGqlsi1zLsO9W1u19dO0GAtgu3yjStbIvOmTP0kuF3t6qdK
+8NHjyW/YqT/MRImcCnQTrNnL8kqGelyzpgYl3KoIDn+HgNhXrGfvADQKKDmDr+1Y
+4n7lntMcFVZtSI64DlM0GUO28iyomuJZk4iPKok0z5kY79HvI1hpI7cCgYEA1cgU
+RbAjYlWBGDUc2uAi7LsAIrdncc0BRvVw4TEUu5ip7z1GK2AtBz3qnZ1jeeFoEuKV
+HfvZmM8I9s2IJ2lMzb4CUkcGJ934thF192AxXUnpeqoTTpOL97Rgtu/W5YoVyGVV
+tHe0oXbWXKsotRja/ZpVxX0asOCyYqbFkRhDXcUCgYAEkR9g5Qfm2IscPXt1dWLj
+QAWGUX8aD57PURyRq+i4weNy/G03Q0o8R4WknZXrJRTqygI0V0AQaxv832tBKhnS
+CTgbXig7NQCGm/E/e0+IwKkvDUsR4jB1Wxao1A5ECy0NSoG9inmazuxHmXDxxZrr
+AWrQPkBhOBHTiA2m0SPw9wKBgQCMz4fCyxzTZVxttHY4GNAIO7gAJeumApEnyvy5
+51kvo4OzCBoS8ftWvMqvXH6sRfMGFWaA5GVUCHJwFbrrsqkbD196EDwWwFdUnTWl
+Zh+9wbRezm1/ISJdWtslQ965PHXSlCSahQpeG+dgDID4n9GGn0SFmzycarQ01IJn
+aqLcvQKBgQCWdZp26xeXI1MtaXsdiF+nk1WgT2DniUCQQICnYa52Vc2PwBMpZTOm
+mxhAgMqyUQyQ9jNuVp6H0Ofp8yN37Mqbhn80w/YMHAX6DdO5z11+TjSW6uEbfuN5
+oevaLBOQW9nzqeIdD5XPSQcgLtwnao2ayPvToPj+/P40K6LH1xEHyA==
+-----END RSA PRIVATE KEY-----
diff --git a/crypto_fields/user-rsa-local-public.pem b/crypto_fields/user-rsa-local-public.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphLSwjjsgT1bVzeGDCbo
+Gl2+L5hqh1WkXiAASYp3NO00bNhUKzQEDab9D0hmAdhiMwn+Bs62PnQD1SHS36XC
+efr5k2IuaPLdBrnVN/glhfnVcJ6quaOfZls7b/GL/ArTuEBQs8Xa6mhy13KWBXsH
+ca1nqqZcJYt2KDrWaD7z2DuflZNFSGYZS+skdjHyjrI0F2Etazf+f7Pv2qSBQ3hC
+FRxBrhv3gfHJQykVf9PmYqC6AgSkeG/7Zt3pQZ1VzM9tyHbSY1fRImQ7JjKpwGgq
+qGBl9g2QTRchaCmda2BCBPzj+kYMbYD2kIx7woJt4kCECe+RAQ4+gNHpqenVu8b2
+0wIDAQAB
+-----END PUBLIC KEY-----
diff --git a/crypto_fields/user-rsa-restricted-private.pem b/crypto_fields/user-rsa-restricted-private.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAuXqqPtlHYf0TiZ7GhuNjtu1PIYgHASG+0AJ+Xfo+Vig1ixhf
+RRVkr9syV63ADx93d4U97aM/ZjWVtlvHcVtEwuc6erT6rqxG8AiqYb5Pl5WRFRMH
+6CiFengcP6qQ7Z6MuaD6XDeLcPqVB1brPMdCsxNQh1pxvUuHIsdKGdAblK3dCrzD
++bkcFX7TqDaD+qS5yA6+ZKSi58JYBO9yZNdGMwf2udcNJadoESTnUDeUbV1Mf3Kj
+iaTiYHZMKznv1FjAaebFypvHykpK1v2ikg8jm31LVfxmbxHItz3MLQyqp5+s4Uak
+OcdtfgrdfCdW48LyTBQgZFJ+RP8cX8PDROHlTQIDAQABAoIBAQCcPDtTnWqHm8nt
+TpUj4j6IQ/U35YEg7u/v/2m6d6QypsQTWoBFjPO3Pgh12qHBG1xijRXRKoWo7tIh
+PcYOMjcFhgi4e+H9aJiIcIQ0uT4KDa6b9d/fKuLkenAxINfbkIYxhuvc6dzHWgxW
+llyoYaBJf6eBnCnardgy73P3sljJLwsiw/mqxbYBj3915HoJy3p6NYMXyDmHnNr7
+CH9PRajWiPZD3c+ZhoiLEWQ2kOjkwu8iW+AVogaHuuQIK39H17f+HizFQGgBMRQR
+F6x7zq484a5i3RCEXnPUAgvxu46jlpDw5J884YrEd4e7teHkcSXOgyd8COL7GCN3
+IgfXx8iBAoGBAM3ONykTQdsLRsWMzq8YJIhu5xw4dUpjxcBSXymYtEH41Rj94XVK
+HlrjoYbDvSYKGsXzhXkVsooj/tJySfMQUafLT1nEBWsrEn8+RtAQJNoZGJdNjqbR
+1+Crpatr9NJjuxdDjjYibGQ4/KIC3BELEdjOghwprSphVcRIxTU8sC0JAoGBAOa3
+V2pFA9FSBEKwJ0LyPf0fudoqzAH7xHy6K9jfG7nhabtEAAn59woqVRALbMzHHKqx
+flcrIWwYLXItWwUUM+mIW/nzH6PTWvDHKbp4SrwERslX+JMuhzzltS0u8eQaim6X
+OIzNUkhUDSfQorUKCaAWHbPgfn1nJMKC0KGcnAslAoGAC3JFtR4iEom9BO3A7RId
+rgzlA7fMJjgIXpr2Of0JQYYSbBJqwLg/mfSBHlqyoXP8azgRG1vukypPWOsMW91z
+fS6cmjSBzKUXoUYYcCgFtK+io3+nyHVxWUiSrUcS1cTAOhoCxdYCS0y0GFqqXLRN
+6M4LhH945xuExqb5eO2IKukCgYAiQOInkuuILkcXp5OMqu5tIEK1k1kKiliXtARC
+hI1XQZIzDVt8H7J/vd03LpsOpBkrdoKtamfh5o0IwJcc3+z9JROSvnfaGM0NpmQZ
+nTZrR69CwV7UazoE3o3RkYC0PwSCes0YintG5cO2P5GIk17ud5odVJ0y/RdGEanr
+9JZuSQKBgEPC4pGbljDu+0rXJ3cj4ajY31E41yIOLn1Heg38b1FQlV5bJMP94zkE
+T0mKJfEpcYFJFuf1dljMmTDwkRwyLrnVkCE++PzjDH7HFE3TIopzxDj7Jt97W5/v
+Q7pXPjnWqC9elu6Pq9NVmjbomysZh/pS19XfF+KTIAE/RAuMjBtn
+-----END RSA PRIVATE KEY-----
diff --git a/crypto_fields/user-rsa-restricted-public.pem b/crypto_fields/user-rsa-restricted-public.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXqqPtlHYf0TiZ7GhuNj
+tu1PIYgHASG+0AJ+Xfo+Vig1ixhfRRVkr9syV63ADx93d4U97aM/ZjWVtlvHcVtE
+wuc6erT6rqxG8AiqYb5Pl5WRFRMH6CiFengcP6qQ7Z6MuaD6XDeLcPqVB1brPMdC
+sxNQh1pxvUuHIsdKGdAblK3dCrzD+bkcFX7TqDaD+qS5yA6+ZKSi58JYBO9yZNdG
+Mwf2udcNJadoESTnUDeUbV1Mf3KjiaTiYHZMKznv1FjAaebFypvHykpK1v2ikg8j
+m31LVfxmbxHItz3MLQyqp5+s4UakOcdtfgrdfCdW48LyTBQgZFJ+RP8cX8PDROHl
+TQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/crypto_fields/user-salt-local.key b/crypto_fields/user-salt-local.key
@@ -0,0 +1,2 @@
+zX��h�X�NA[������z0����>��_�rDL�-,��Y!,�2o��^�<t�Fld����-��2&V��'Ĩ��86�j)��W5d�u=������HW�[��=$��0��,A�э?H��q�
+C�,�U��<N�Zl�=��8��+�(�S���8{H�t@�a�.,����.P�|�匣�m9lo�ME��|{O��Q������%+�#K���k~͔6��"�%���q�]_'�4�g�5�d

diff --git a/crypto_fields/user-salt-restricted.key b/crypto_fields/user-salt-restricted.key
@@ -0,0 +1,3 @@
+Jj"㬥[�;W�d,��j�z���y�ʇ����|̿%�>x@���{~���T���܋+��G��QmF�1_���"��D���4G�ZbG�[�m!g��{��r�mQ�Q�L��9T�� W��j
+������g���-J�,���(�\(��y��	pa�*��Z<��Ig���1�_��Y;���=���콀:n��)��?�x
+���-VP1�����8�>%]�ؗf�[P���}��3�(�fl�`�%
diff --git a/edc_permissions/constants/__init__.py b/edc_permissions/constants/__init__.py
@@ -0,0 +1,21 @@
+from .codenames import DEFAULT_CODENAMES
+from .group_names import (
+    ACCOUNT_MANAGER, ADMINISTRATION,
+    EVERYONE, AUDITOR, CLINIC, LAB, PHARMACY, PII)
+
+
+DEFAULT_AUDITOR_APP_LABELS = ['edc_lab', 'edc_offstudy']
+
+DEFAULT_GROUP_NAMES = [
+    ACCOUNT_MANAGER,
+    ADMINISTRATION,
+    AUDITOR,
+    CLINIC,
+    EVERYONE,
+    LAB,
+    PHARMACY,
+    PII]
+
+DEFAULT_PII_MODELS = [
+    'edc_locator.subjectlocator',
+    'edc_registration.registeredsubject']
diff --git a/edc_permissions/constants/codenames.py b/edc_permissions/constants/codenames.py
@@ -0,0 +1,192 @@
+from .group_names import (
+    ACCOUNT_MANAGER, ADMINISTRATION,
+    EVERYONE, AUDITOR, CLINIC, LAB, PHARMACY, PII)
+
+DEFAULT_CODENAMES = {
+    ACCOUNT_MANAGER: [
+        'add_group',
+        'add_permission',
+        'add_user',
+        'add_userprofile',
+        'change_group',
+        'change_permission',
+        'change_user',
+        'change_userprofile',
+        'delete_group',
+        'delete_permission',
+        'delete_user',
+        'delete_userprofile',
+        'view_group',
+        'view_permission',
+        'view_user',
+        'view_userprofile'],
+    ADMINISTRATION: ['nav_administration'],
+    AUDITOR: [
+        'nav_lab_requisition',
+        'nav_lab_section',
+        'view_actionitem',
+        'view_actionitemupdate',
+        'view_actiontype',
+        'view_aliquot',
+        'view_appointment',
+        'view_box',
+        'view_boxitem',
+        'view_boxtype',
+        'view_consignee',
+        'view_historicalactionitem',
+        'view_historicalactionitemupdate',
+        'view_historicalaliquot',
+        'view_historicalappointment',
+        'view_historicalbox',
+        'view_historicalboxitem',
+        'view_historicalconsignee',
+        'view_historicalmanifest',
+        'view_historicalorder',
+        'view_historicalresult',
+        'view_historicalresultitem',
+        'view_historicalshipper',
+        'view_manifest',
+        'view_manifestitem',
+        'view_order',
+        'view_panel',
+        'view_reference',
+        'view_registeredsubject',
+        'view_result',
+        'view_resultitem',
+        'view_shipper',
+        'view_subjectlocator',
+        'view_subjectoffstudy'],
+    CLINIC: [
+        'add_actionitem',
+        'add_actionitemupdate',
+        'add_actiontype',
+        'add_appointment',
+        'add_reference',
+        'change_actionitem',
+        'change_actionitemupdate',
+        'change_actiontype',
+        'change_appointment',
+        'change_reference',
+        'delete_actionitem',
+        'delete_actionitemupdate',
+        'delete_actiontype',
+        'delete_reference',
+        'nav_lab_requisition',
+        'nav_lab_section',
+        'view_actionitem',
+        'view_actionitemupdate',
+        'view_actiontype',
+        'view_appointment',
+        'view_historicalactionitem',
+        'view_historicalactionitemupdate',
+        'view_historicalappointment',
+        'view_reference'],
+    EVERYONE: [
+        'view_group',
+        'view_logentry',
+        'view_permission',
+        'view_site',
+        'view_user',
+        'view_userprofile'],
+    LAB: [
+        'add_aliquot',
+        'add_box',
+        'add_boxitem',
+        'add_boxtype',
+        'add_consignee',
+        'add_manifest',
+        'add_manifestitem',
+        'add_order',
+        'add_panel',
+        'add_result',
+        'add_resultitem',
+        'add_shipper',
+        'change_aliquot',
+        'change_box',
+        'change_boxitem',
+        'change_boxtype',
+        'change_consignee',
+        'change_manifest',
+        'change_manifestitem',
+        'change_order',
+        'change_panel',
+        'change_result',
+        'change_resultitem',
+        'change_shipper',
+        'delete_aliquot',
+        'delete_box',
+        'delete_boxitem',
+        'delete_boxtype',
+        'delete_consignee',
+        'delete_manifest',
+        'delete_manifestitem',
+        'delete_order',
+        'delete_panel',
+        'delete_result',
+        'delete_resultitem',
+        'delete_shipper',
+        'nav_lab_aliquot',
+        'nav_lab_manifest',
+        'nav_lab_pack',
+        'nav_lab_process',
+        'nav_lab_receive',
+        'nav_lab_requisition',
+        'nav_lab_section',
+        'view_aliquot',
+        'view_box',
+        'view_boxitem',
+        'view_boxtype',
+        'view_consignee',
+        'view_historicalaliquot',
+        'view_historicalbox',
+        'view_historicalboxitem',
+        'view_historicalconsignee',
+        'view_historicalmanifest',
+        'view_historicalorder',
+        'view_historicalresult',
+        'view_historicalresultitem',
+        'view_historicalshipper',
+        'view_manifest',
+        'view_manifestitem',
+        'view_order',
+        'view_panel',
+        'view_result',
+        'view_resultitem',
+        'view_shipper'],
+    PHARMACY: [
+        'add_appointment',
+        'add_dispenseditem',
+        'add_dosageguideline',
+        'add_medication',
+        'add_prescription',
+        'add_prescriptionitem',
+        'change_appointment',
+        'change_dispenseditem',
+        'change_dosageguideline',
+        'change_medication',
+        'change_prescription',
+        'change_prescriptionitem',
+        'delete_appointment',
+        'delete_dispenseditem',
+        'delete_dosageguideline',
+        'delete_medication',
+        'delete_prescription',
+        'delete_prescriptionitem',
+        'nav_pharmacy_section',
+        'view_appointment',
+        'view_dispenseditem',
+        'view_dosageguideline',
+        'view_medication',
+        'view_prescription',
+        'view_prescriptionitem'],
+    PII: ['add_subjectlocator',
+          'change_subjectlocator',
+          'delete_subjectlocator',
+          'display_dob',
+          'display_firstname',
+          'display_identity',
+          'display_initials',
+          'display_lastname',
+          'view_registeredsubject',
+          'view_subjectlocator'],
+}
diff --git a/edc_permissions/constants/group_names.py b/edc_permissions/constants/group_names.py
@@ -0,0 +1,8 @@
+ACCOUNT_MANAGER = 'ACCOUNT_MANAGER'
+ADMINISTRATION = 'ADMINISTRATION'
+AUDITOR = 'AUDITOR'
+CLINIC = 'CLINIC'
+EVERYONE = 'EVERYONE'
+LAB = 'LAB'
+PHARMACY = 'PHARMACY'
+PII = 'PII'
diff --git a/edc_permissions/permissions_inspector.py b/edc_permissions/permissions_inspector.py
@@ -0,0 +1,79 @@
+from copy import copy
+from django.contrib.auth.models import Group
+from django.core.exceptions import ObjectDoesNotExist, ValidationError
+from edc_permissions.constants import DEFAULT_CODENAMES, DEFAULT_PII_MODELS
+
+from .constants import DEFAULT_GROUP_NAMES
+
+INVALID_GROUP_NAME = 'invalid_group_name'
+MISSING_DEFAULT_CODENAME = 'missing default codename'
+MISSING_DEFAULT_GROUP = 'missing default group'
+
+
+class PermissionsInspectorError(ValidationError):
+    pass
+
+
+class PermissionsInspector:
+
+    def __init__(self, extra_group_names=None, extra_pii_models=None, manually_validate=None):
+        self.permissions = {}
+
+        self.group_names = [key for key in DEFAULT_GROUP_NAMES]
+        self.group_names.extend(extra_group_names or [])
+        self.group_names = list(set(self.group_names))
+        self.group_names.sort()
+
+        groups = Group.objects.filter(name__in=self.group_names)
+        for group in groups:
+            codenames = [
+                p.codename for p in group.permissions.all().order_by('codename')]
+            self.permissions.update({group.name: codenames})
+
+        self.pii_models = copy(DEFAULT_PII_MODELS)
+        self.pii_models.extend(extra_pii_models or [])
+        self.pii_models = list(set(self.pii_models))
+        self.pii_models.sort()
+
+        if not manually_validate:
+            self.validate_default_groups()
+            self.validate_default_codenames()
+
+    def get_codenames(self, group_name=None):
+        """Returns an ordered list of current codenames from
+        Group.permissions for a given group_name.
+        """
+        if group_name not in self.group_names:
+            raise PermissionsInspectorError(
+                f'Invalid group name. Expected one of {self.group_names}. '
+                f'Got {group_name}.', code=INVALID_GROUP_NAME)
+        codenames = [x for x in self.permissions.get(group_name)]
+        codenames.sort()
+        return codenames
+
+    def validate_default_groups(self):
+        """Raises an exception if a default Edc group does not exist.
+        """
+        for group_name in DEFAULT_GROUP_NAMES:
+            try:
+                Group.objects.get(name=group_name)
+            except ObjectDoesNotExist:
+                raise PermissionsInspectorError(
+                    f'Default group does not exist. Got {group_name}',
+                    code=MISSING_DEFAULT_GROUP)
+
+    def validate_default_codenames(self):
+        """Raises an exception if a default codename for a
+        default Edc group does not exist.
+        """
+        for group_name in DEFAULT_GROUP_NAMES:
+            for codename in DEFAULT_CODENAMES.get(group_name):
+                try:
+                    Group.objects.get(name=group_name).permissions.get(
+                        codename=codename)
+                except ObjectDoesNotExist:
+                    raise PermissionsInspectorError(
+                        f'Default codename does not exist for group. '
+                        f'Group name is {group_name}. '
+                        f'Got {codename}.',
+                        code=MISSING_DEFAULT_CODENAME)