gnx/ETB
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6b247e5b9fd8ecc72c03c0c4638fde131185ffd3
ETB/ETB-API/security/management/commands/setup_security.py
Iliyan Angelov 6b247e5b9f Updates
2025-09-19 11:58:53 +03:00

202 lines
8.0 KiB
Python
Raw Blame History

"""
Management command to set up initial security data
"""
from django.core.management.base import BaseCommand
from django.contrib.auth.models import Permission, ContentType
from django.contrib.contenttypes.models import ContentType
from security.models import DataClassification, Role, User
class Command(BaseCommand):
help = 'Set up initial security data (classifications, roles, permissions)'
def handle(self, *args, **options):
self.stdout.write('Setting up security data...')
# Create data classifications
self.create_data_classifications()
# Create basic roles
self.create_basic_roles()
# Create superuser if none exists
self.create_superuser()
self.stdout.write(
self.style.SUCCESS('Security data setup completed successfully!')
)
def create_data_classifications(self):
"""Create data classification levels"""
classifications = [
{
'name': 'PUBLIC',
'level': 1,
'description': 'Public information that can be freely shared',
'color_code': '#28a745',
'requires_clearance': False
},
{
'name': 'INTERNAL',
'level': 2,
'description': 'Internal company information',
'color_code': '#17a2b8',
'requires_clearance': False
},
{
'name': 'CONFIDENTIAL',
'level': 3,
'description': 'Confidential information requiring protection',
'color_code': '#ffc107',
'requires_clearance': True
},
{
'name': 'RESTRICTED',
'level': 4,
'description': 'Restricted information with limited access',
'color_code': '#fd7e14',
'requires_clearance': True
},
{
'name': 'TOP_SECRET',
'level': 5,
'description': 'Top secret information with highest protection',
'color_code': '#dc3545',
'requires_clearance': True
}
]
for classification_data in classifications:
classification, created = DataClassification.objects.get_or_create(
name=classification_data['name'],
defaults=classification_data
)
if created:
self.stdout.write(f'Created classification: {classification.name}')
else:
self.stdout.write(f'Classification already exists: {classification.name}')
def create_basic_roles(self):
"""Create basic roles with permissions"""
# Get content types for permissions
user_content_type = ContentType.objects.get_for_model(User)
classification_content_type = ContentType.objects.get_for_model(DataClassification)
role_content_type = ContentType.objects.get_for_model(Role)
# Create permissions if they don't exist
permissions_data = [
('view_user', 'Can view user', user_content_type),
('add_user', 'Can add user', user_content_type),
('change_user', 'Can change user', user_content_type),
('delete_user', 'Can delete user', user_content_type),
('view_classification', 'Can view data classification', classification_content_type),
('add_classification', 'Can add data classification', classification_content_type),
('change_classification', 'Can change data classification', classification_content_type),
('delete_classification', 'Can delete data classification', classification_content_type),
('view_role', 'Can view role', role_content_type),
('add_role', 'Can add role', role_content_type),
('change_role', 'Can change role', role_content_type),
('delete_role', 'Can delete role', role_content_type),
]
permissions = {}
for codename, name, content_type in permissions_data:
permission, created = Permission.objects.get_or_create(
codename=codename,
content_type=content_type,
defaults={'name': name}
)
permissions[codename] = permission
if created:
self.stdout.write(f'Created permission: {permission.name}')
# Create roles
roles_data = [
{
'name': 'Incident Manager',
'description': 'Can manage incidents and assign to team members',
'permissions': ['view_user', 'view_classification', 'view_role'],
'classifications': ['PUBLIC', 'INTERNAL', 'CONFIDENTIAL']
},
{
'name': 'Security Admin',
'description': 'Can manage security settings and user access',
'permissions': [
'view_user', 'add_user', 'change_user', 'delete_user',
'view_classification', 'add_classification', 'change_classification', 'delete_classification',
'view_role', 'add_role', 'change_role', 'delete_role'
],
'classifications': ['PUBLIC', 'INTERNAL', 'CONFIDENTIAL', 'RESTRICTED']
},
{
'name': 'Analyst',
'description': 'Can view and analyze incidents',
'permissions': ['view_user', 'view_classification', 'view_role'],
'classifications': ['PUBLIC', 'INTERNAL']
},
{
'name': 'Viewer',
'description': 'Can view public and internal incidents only',
'permissions': ['view_classification'],
'classifications': ['PUBLIC', 'INTERNAL']
}
]
for role_data in roles_data:
role, created = Role.objects.get_or_create(
name=role_data['name'],
defaults={
'description': role_data['description'],
'is_active': True
}
)
if created:
# Add permissions
role_permissions = [permissions[p] for p in role_data['permissions'] if p in permissions]
role.permissions.set(role_permissions)
# Add data classifications
classifications = DataClassification.objects.filter(
name__in=role_data['classifications']
)
role.data_classification_access.set(classifications)
self.stdout.write(f'Created role: {role.name}')
else:
self.stdout.write(f'Role already exists: {role.name}')
def create_superuser(self):
"""Create superuser if none exists"""
if not User.objects.filter(is_superuser=True).exists():
self.stdout.write('Creating superuser...')
# Get the highest clearance level
top_secret = DataClassification.objects.filter(name='TOP_SECRET').first()
superuser = User.objects.create_superuser(
username='admin',
email='admin@etb-incident-management.com',
password='admin123',
first_name='System',
last_name='Administrator',
clearance_level=top_secret,
employee_id='ADMIN001'
)
self.stdout.write(
self.style.WARNING(
f'Created superuser: {superuser.username} (password: admin123)'
)
)
self.stdout.write(
self.style.WARNING(
'Please change the default password immediately!'
)
)
else:
self.stdout.write('Superuser already exists')
Reference in New Issue View Git Blame Copy Permalink