Updates
This commit is contained in:
Iliyan Angelov
201
ETB-API/security/management/commands/setup_security.py
Normal file
201
ETB-API/security/management/commands/setup_security.py
Normal file
@@ -0,0 +1,201 @@
|
||||
"""
|
||||
Management command to set up initial security data
|
||||
"""
|
||||
from django.core.management.base import BaseCommand
|
||||
from django.contrib.auth.models import Permission, ContentType
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
|
||||
from security.models import DataClassification, Role, User
|
||||
|
||||
|
||||
class Command(BaseCommand):
|
||||
help = 'Set up initial security data (classifications, roles, permissions)'
|
||||
|
||||
def handle(self, *args, **options):
|
||||
self.stdout.write('Setting up security data...')
|
||||
|
||||
# Create data classifications
|
||||
self.create_data_classifications()
|
||||
|
||||
# Create basic roles
|
||||
self.create_basic_roles()
|
||||
|
||||
# Create superuser if none exists
|
||||
self.create_superuser()
|
||||
|
||||
self.stdout.write(
|
||||
self.style.SUCCESS('Security data setup completed successfully!')
|
||||
)
|
||||
|
||||
def create_data_classifications(self):
|
||||
"""Create data classification levels"""
|
||||
classifications = [
|
||||
{
|
||||
'name': 'PUBLIC',
|
||||
'level': 1,
|
||||
'description': 'Public information that can be freely shared',
|
||||
'color_code': '#28a745',
|
||||
'requires_clearance': False
|
||||
},
|
||||
{
|
||||
'name': 'INTERNAL',
|
||||
'level': 2,
|
||||
'description': 'Internal company information',
|
||||
'color_code': '#17a2b8',
|
||||
'requires_clearance': False
|
||||
},
|
||||
{
|
||||
'name': 'CONFIDENTIAL',
|
||||
'level': 3,
|
||||
'description': 'Confidential information requiring protection',
|
||||
'color_code': '#ffc107',
|
||||
'requires_clearance': True
|
||||
},
|
||||
{
|
||||
'name': 'RESTRICTED',
|
||||
'level': 4,
|
||||
'description': 'Restricted information with limited access',
|
||||
'color_code': '#fd7e14',
|
||||
'requires_clearance': True
|
||||
},
|
||||
{
|
||||
'name': 'TOP_SECRET',
|
||||
'level': 5,
|
||||
'description': 'Top secret information with highest protection',
|
||||
'color_code': '#dc3545',
|
||||
'requires_clearance': True
|
||||
}
|
||||
]
|
||||
|
||||
for classification_data in classifications:
|
||||
classification, created = DataClassification.objects.get_or_create(
|
||||
name=classification_data['name'],
|
||||
defaults=classification_data
|
||||
)
|
||||
|
||||
if created:
|
||||
self.stdout.write(f'Created classification: {classification.name}')
|
||||
else:
|
||||
self.stdout.write(f'Classification already exists: {classification.name}')
|
||||
|
||||
def create_basic_roles(self):
|
||||
"""Create basic roles with permissions"""
|
||||
# Get content types for permissions
|
||||
user_content_type = ContentType.objects.get_for_model(User)
|
||||
classification_content_type = ContentType.objects.get_for_model(DataClassification)
|
||||
role_content_type = ContentType.objects.get_for_model(Role)
|
||||
|
||||
# Create permissions if they don't exist
|
||||
permissions_data = [
|
||||
('view_user', 'Can view user', user_content_type),
|
||||
('add_user', 'Can add user', user_content_type),
|
||||
('change_user', 'Can change user', user_content_type),
|
||||
('delete_user', 'Can delete user', user_content_type),
|
||||
('view_classification', 'Can view data classification', classification_content_type),
|
||||
('add_classification', 'Can add data classification', classification_content_type),
|
||||
('change_classification', 'Can change data classification', classification_content_type),
|
||||
('delete_classification', 'Can delete data classification', classification_content_type),
|
||||
('view_role', 'Can view role', role_content_type),
|
||||
('add_role', 'Can add role', role_content_type),
|
||||
('change_role', 'Can change role', role_content_type),
|
||||
('delete_role', 'Can delete role', role_content_type),
|
||||
]
|
||||
|
||||
permissions = {}
|
||||
for codename, name, content_type in permissions_data:
|
||||
permission, created = Permission.objects.get_or_create(
|
||||
codename=codename,
|
||||
content_type=content_type,
|
||||
defaults={'name': name}
|
||||
)
|
||||
permissions[codename] = permission
|
||||
|
||||
if created:
|
||||
self.stdout.write(f'Created permission: {permission.name}')
|
||||
|
||||
# Create roles
|
||||
roles_data = [
|
||||
{
|
||||
'name': 'Incident Manager',
|
||||
'description': 'Can manage incidents and assign to team members',
|
||||
'permissions': ['view_user', 'view_classification', 'view_role'],
|
||||
'classifications': ['PUBLIC', 'INTERNAL', 'CONFIDENTIAL']
|
||||
},
|
||||
{
|
||||
'name': 'Security Admin',
|
||||
'description': 'Can manage security settings and user access',
|
||||
'permissions': [
|
||||
'view_user', 'add_user', 'change_user', 'delete_user',
|
||||
'view_classification', 'add_classification', 'change_classification', 'delete_classification',
|
||||
'view_role', 'add_role', 'change_role', 'delete_role'
|
||||
],
|
||||
'classifications': ['PUBLIC', 'INTERNAL', 'CONFIDENTIAL', 'RESTRICTED']
|
||||
},
|
||||
{
|
||||
'name': 'Analyst',
|
||||
'description': 'Can view and analyze incidents',
|
||||
'permissions': ['view_user', 'view_classification', 'view_role'],
|
||||
'classifications': ['PUBLIC', 'INTERNAL']
|
||||
},
|
||||
{
|
||||
'name': 'Viewer',
|
||||
'description': 'Can view public and internal incidents only',
|
||||
'permissions': ['view_classification'],
|
||||
'classifications': ['PUBLIC', 'INTERNAL']
|
||||
}
|
||||
]
|
||||
|
||||
for role_data in roles_data:
|
||||
role, created = Role.objects.get_or_create(
|
||||
name=role_data['name'],
|
||||
defaults={
|
||||
'description': role_data['description'],
|
||||
'is_active': True
|
||||
}
|
||||
)
|
||||
|
||||
if created:
|
||||
# Add permissions
|
||||
role_permissions = [permissions[p] for p in role_data['permissions'] if p in permissions]
|
||||
role.permissions.set(role_permissions)
|
||||
|
||||
# Add data classifications
|
||||
classifications = DataClassification.objects.filter(
|
||||
name__in=role_data['classifications']
|
||||
)
|
||||
role.data_classification_access.set(classifications)
|
||||
|
||||
self.stdout.write(f'Created role: {role.name}')
|
||||
else:
|
||||
self.stdout.write(f'Role already exists: {role.name}')
|
||||
|
||||
def create_superuser(self):
|
||||
"""Create superuser if none exists"""
|
||||
if not User.objects.filter(is_superuser=True).exists():
|
||||
self.stdout.write('Creating superuser...')
|
||||
|
||||
# Get the highest clearance level
|
||||
top_secret = DataClassification.objects.filter(name='TOP_SECRET').first()
|
||||
|
||||
superuser = User.objects.create_superuser(
|
||||
username='admin',
|
||||
email='admin@etb-incident-management.com',
|
||||
password='admin123',
|
||||
first_name='System',
|
||||
last_name='Administrator',
|
||||
clearance_level=top_secret,
|
||||
employee_id='ADMIN001'
|
||||
)
|
||||
|
||||
self.stdout.write(
|
||||
self.style.WARNING(
|
||||
f'Created superuser: {superuser.username} (password: admin123)'
|
||||
)
|
||||
)
|
||||
self.stdout.write(
|
||||
self.style.WARNING(
|
||||
'Please change the default password immediately!'
|
||||
)
|
||||
)
|
||||
else:
|
||||
self.stdout.write('Superuser already exists')
|
||||
Reference in New Issue
Block a user