Updates

2025-09-19 11:58:53 +03:00
parent 306b20e24a
commit 6b247e5b9f
11423 changed files with 1500615 additions and 778 deletions
--- a/ETB-API/security/management/init.py
+++ b/ETB-API/security/management/init.py
@@ -0,0 +1 @@
+# Management commands for security app
--- a/ETB-API/security/management/pycache/init.cpython-312.pyc
+++ b/ETB-API/security/management/pycache/init.cpython-312.pyc
--- a/ETB-API/security/management/commands/init.py
+++ b/ETB-API/security/management/commands/init.py
@@ -0,0 +1 @@
+# Management commands
--- a/ETB-API/security/management/commands/pycache/init.cpython-312.pyc
+++ b/ETB-API/security/management/commands/pycache/init.cpython-312.pyc
--- a/ETB-API/security/management/commands/pycache/setup_security.cpython-312.pyc
+++ b/ETB-API/security/management/commands/pycache/setup_security.cpython-312.pyc
--- a/ETB-API/security/management/commands/setup_security.py
+++ b/ETB-API/security/management/commands/setup_security.py
@@ -0,0 +1,201 @@
+"""
+Management command to set up initial security data
+"""
+from django.core.management.base import BaseCommand
+from django.contrib.auth.models import Permission, ContentType
+from django.contrib.contenttypes.models import ContentType
+
+from security.models import DataClassification, Role, User
+
+
+class Command(BaseCommand):
+    help = 'Set up initial security data (classifications, roles, permissions)'
+    
+    def handle(self, *args, **options):
+        self.stdout.write('Setting up security data...')
+        
+        # Create data classifications
+        self.create_data_classifications()
+        
+        # Create basic roles
+        self.create_basic_roles()
+        
+        # Create superuser if none exists
+        self.create_superuser()
+        
+        self.stdout.write(
+            self.style.SUCCESS('Security data setup completed successfully!')
+        )
+    
+    def create_data_classifications(self):
+        """Create data classification levels"""
+        classifications = [
+            {
+                'name': 'PUBLIC',
+                'level': 1,
+                'description': 'Public information that can be freely shared',
+                'color_code': '#28a745',
+                'requires_clearance': False
+            },
+            {
+                'name': 'INTERNAL',
+                'level': 2,
+                'description': 'Internal company information',
+                'color_code': '#17a2b8',
+                'requires_clearance': False
+            },
+            {
+                'name': 'CONFIDENTIAL',
+                'level': 3,
+                'description': 'Confidential information requiring protection',
+                'color_code': '#ffc107',
+                'requires_clearance': True
+            },
+            {
+                'name': 'RESTRICTED',
+                'level': 4,
+                'description': 'Restricted information with limited access',
+                'color_code': '#fd7e14',
+                'requires_clearance': True
+            },
+            {
+                'name': 'TOP_SECRET',
+                'level': 5,
+                'description': 'Top secret information with highest protection',
+                'color_code': '#dc3545',
+                'requires_clearance': True
+            }
+        ]
+        
+        for classification_data in classifications:
+            classification, created = DataClassification.objects.get_or_create(
+                name=classification_data['name'],
+                defaults=classification_data
+            )
+            
+            if created:
+                self.stdout.write(f'Created classification: {classification.name}')
+            else:
+                self.stdout.write(f'Classification already exists: {classification.name}')
+    
+    def create_basic_roles(self):
+        """Create basic roles with permissions"""
+        # Get content types for permissions
+        user_content_type = ContentType.objects.get_for_model(User)
+        classification_content_type = ContentType.objects.get_for_model(DataClassification)
+        role_content_type = ContentType.objects.get_for_model(Role)
+        
+        # Create permissions if they don't exist
+        permissions_data = [
+            ('view_user', 'Can view user', user_content_type),
+            ('add_user', 'Can add user', user_content_type),
+            ('change_user', 'Can change user', user_content_type),
+            ('delete_user', 'Can delete user', user_content_type),
+            ('view_classification', 'Can view data classification', classification_content_type),
+            ('add_classification', 'Can add data classification', classification_content_type),
+            ('change_classification', 'Can change data classification', classification_content_type),
+            ('delete_classification', 'Can delete data classification', classification_content_type),
+            ('view_role', 'Can view role', role_content_type),
+            ('add_role', 'Can add role', role_content_type),
+            ('change_role', 'Can change role', role_content_type),
+            ('delete_role', 'Can delete role', role_content_type),
+        ]
+        
+        permissions = {}
+        for codename, name, content_type in permissions_data:
+            permission, created = Permission.objects.get_or_create(
+                codename=codename,
+                content_type=content_type,
+                defaults={'name': name}
+            )
+            permissions[codename] = permission
+            
+            if created:
+                self.stdout.write(f'Created permission: {permission.name}')
+        
+        # Create roles
+        roles_data = [
+            {
+                'name': 'Incident Manager',
+                'description': 'Can manage incidents and assign to team members',
+                'permissions': ['view_user', 'view_classification', 'view_role'],
+                'classifications': ['PUBLIC', 'INTERNAL', 'CONFIDENTIAL']
+            },
+            {
+                'name': 'Security Admin',
+                'description': 'Can manage security settings and user access',
+                'permissions': [
+                    'view_user', 'add_user', 'change_user', 'delete_user',
+                    'view_classification', 'add_classification', 'change_classification', 'delete_classification',
+                    'view_role', 'add_role', 'change_role', 'delete_role'
+                ],
+                'classifications': ['PUBLIC', 'INTERNAL', 'CONFIDENTIAL', 'RESTRICTED']
+            },
+            {
+                'name': 'Analyst',
+                'description': 'Can view and analyze incidents',
+                'permissions': ['view_user', 'view_classification', 'view_role'],
+                'classifications': ['PUBLIC', 'INTERNAL']
+            },
+            {
+                'name': 'Viewer',
+                'description': 'Can view public and internal incidents only',
+                'permissions': ['view_classification'],
+                'classifications': ['PUBLIC', 'INTERNAL']
+            }
+        ]
+        
+        for role_data in roles_data:
+            role, created = Role.objects.get_or_create(
+                name=role_data['name'],
+                defaults={
+                    'description': role_data['description'],
+                    'is_active': True
+                }
+            )
+            
+            if created:
+                # Add permissions
+                role_permissions = [permissions[p] for p in role_data['permissions'] if p in permissions]
+                role.permissions.set(role_permissions)
+                
+                # Add data classifications
+                classifications = DataClassification.objects.filter(
+                    name__in=role_data['classifications']
+                )
+                role.data_classification_access.set(classifications)
+                
+                self.stdout.write(f'Created role: {role.name}')
+            else:
+                self.stdout.write(f'Role already exists: {role.name}')
+    
+    def create_superuser(self):
+        """Create superuser if none exists"""
+        if not User.objects.filter(is_superuser=True).exists():
+            self.stdout.write('Creating superuser...')
+            
+            # Get the highest clearance level
+            top_secret = DataClassification.objects.filter(name='TOP_SECRET').first()
+            
+            superuser = User.objects.create_superuser(
+                username='admin',
+                email='admin@etb-incident-management.com',
+                password='admin123',
+                first_name='System',
+                last_name='Administrator',
+                clearance_level=top_secret,
+                employee_id='ADMIN001'
+            )
+            
+            self.stdout.write(
+                self.style.WARNING(
+                    f'Created superuser: {superuser.username} (password: admin123)'
+                )
+            )
+            self.stdout.write(
+                self.style.WARNING(
+                    'Please change the default password immediately!'
+                )
+            )
+        else:
+            self.stdout.write('Superuser already exists')