""" Management command to set up initial security data """ from django.core.management.base import BaseCommand from django.contrib.auth.models import Permission, ContentType from django.contrib.contenttypes.models import ContentType from security.models import DataClassification, Role, User class Command(BaseCommand): help = 'Set up initial security data (classifications, roles, permissions)' def handle(self, *args, **options): self.stdout.write('Setting up security data...') # Create data classifications self.create_data_classifications() # Create basic roles self.create_basic_roles() # Create superuser if none exists self.create_superuser() self.stdout.write( self.style.SUCCESS('Security data setup completed successfully!') ) def create_data_classifications(self): """Create data classification levels""" classifications = [ { 'name': 'PUBLIC', 'level': 1, 'description': 'Public information that can be freely shared', 'color_code': '#28a745', 'requires_clearance': False }, { 'name': 'INTERNAL', 'level': 2, 'description': 'Internal company information', 'color_code': '#17a2b8', 'requires_clearance': False }, { 'name': 'CONFIDENTIAL', 'level': 3, 'description': 'Confidential information requiring protection', 'color_code': '#ffc107', 'requires_clearance': True }, { 'name': 'RESTRICTED', 'level': 4, 'description': 'Restricted information with limited access', 'color_code': '#fd7e14', 'requires_clearance': True }, { 'name': 'TOP_SECRET', 'level': 5, 'description': 'Top secret information with highest protection', 'color_code': '#dc3545', 'requires_clearance': True } ] for classification_data in classifications: classification, created = DataClassification.objects.get_or_create( name=classification_data['name'], defaults=classification_data ) if created: self.stdout.write(f'Created classification: {classification.name}') else: self.stdout.write(f'Classification already exists: {classification.name}') def create_basic_roles(self): """Create basic roles with permissions""" # Get content types for permissions user_content_type = ContentType.objects.get_for_model(User) classification_content_type = ContentType.objects.get_for_model(DataClassification) role_content_type = ContentType.objects.get_for_model(Role) # Create permissions if they don't exist permissions_data = [ ('view_user', 'Can view user', user_content_type), ('add_user', 'Can add user', user_content_type), ('change_user', 'Can change user', user_content_type), ('delete_user', 'Can delete user', user_content_type), ('view_classification', 'Can view data classification', classification_content_type), ('add_classification', 'Can add data classification', classification_content_type), ('change_classification', 'Can change data classification', classification_content_type), ('delete_classification', 'Can delete data classification', classification_content_type), ('view_role', 'Can view role', role_content_type), ('add_role', 'Can add role', role_content_type), ('change_role', 'Can change role', role_content_type), ('delete_role', 'Can delete role', role_content_type), ] permissions = {} for codename, name, content_type in permissions_data: permission, created = Permission.objects.get_or_create( codename=codename, content_type=content_type, defaults={'name': name} ) permissions[codename] = permission if created: self.stdout.write(f'Created permission: {permission.name}') # Create roles roles_data = [ { 'name': 'Incident Manager', 'description': 'Can manage incidents and assign to team members', 'permissions': ['view_user', 'view_classification', 'view_role'], 'classifications': ['PUBLIC', 'INTERNAL', 'CONFIDENTIAL'] }, { 'name': 'Security Admin', 'description': 'Can manage security settings and user access', 'permissions': [ 'view_user', 'add_user', 'change_user', 'delete_user', 'view_classification', 'add_classification', 'change_classification', 'delete_classification', 'view_role', 'add_role', 'change_role', 'delete_role' ], 'classifications': ['PUBLIC', 'INTERNAL', 'CONFIDENTIAL', 'RESTRICTED'] }, { 'name': 'Analyst', 'description': 'Can view and analyze incidents', 'permissions': ['view_user', 'view_classification', 'view_role'], 'classifications': ['PUBLIC', 'INTERNAL'] }, { 'name': 'Viewer', 'description': 'Can view public and internal incidents only', 'permissions': ['view_classification'], 'classifications': ['PUBLIC', 'INTERNAL'] } ] for role_data in roles_data: role, created = Role.objects.get_or_create( name=role_data['name'], defaults={ 'description': role_data['description'], 'is_active': True } ) if created: # Add permissions role_permissions = [permissions[p] for p in role_data['permissions'] if p in permissions] role.permissions.set(role_permissions) # Add data classifications classifications = DataClassification.objects.filter( name__in=role_data['classifications'] ) role.data_classification_access.set(classifications) self.stdout.write(f'Created role: {role.name}') else: self.stdout.write(f'Role already exists: {role.name}') def create_superuser(self): """Create superuser if none exists""" if not User.objects.filter(is_superuser=True).exists(): self.stdout.write('Creating superuser...') # Get the highest clearance level top_secret = DataClassification.objects.filter(name='TOP_SECRET').first() superuser = User.objects.create_superuser( username='admin', email='admin@etb-incident-management.com', password='admin123', first_name='System', last_name='Administrator', clearance_level=top_secret, employee_id='ADMIN001' ) self.stdout.write( self.style.WARNING( f'Created superuser: {superuser.username} (password: admin123)' ) ) self.stdout.write( self.style.WARNING( 'Please change the default password immediately!' ) ) else: self.stdout.write('Superuser already exists')