gnx/ETB
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6b247e5b9fd8ecc72c03c0c4638fde131185ffd3
ETB/ETB-API/security/migrations/0001_initial.py
Iliyan Angelov 6b247e5b9f Updates
2025-09-19 11:58:53 +03:00

169 lines
12 KiB
Python
Raw Blame History

# Generated by Django 5.2.6 on 2025-09-18 14:49
import django.contrib.auth.models
import django.contrib.auth.validators
import django.db.models.deletion
import django.utils.timezone
import uuid
from django.conf import settings
from django.db import migrations, models
class Migration(migrations.Migration):
initial = True
dependencies = [
('auth', '0012_alter_user_first_name_max_length'),
]
operations = [
migrations.CreateModel(
name='AccessPolicy',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('name', models.CharField(max_length=100, unique=True)),
('description', models.TextField()),
('policy_type', models.CharField(choices=[('ALLOW', 'Allow'), ('DENY', 'Deny')], max_length=10)),
('conditions', models.JSONField(help_text='JSON conditions for policy evaluation')),
('resource_type', models.CharField(blank=True, max_length=100)),
('actions', models.JSONField(default=list, help_text='List of actions this policy applies to')),
('priority', models.IntegerField(default=100, help_text='Lower numbers have higher priority')),
('is_active', models.BooleanField(default=True)),
('created_at', models.DateTimeField(auto_now_add=True)),
('updated_at', models.DateTimeField(auto_now=True)),
],
options={
'verbose_name_plural': 'Access Policies',
'ordering': ['priority', 'name'],
},
),
migrations.CreateModel(
name='DataClassification',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('name', models.CharField(choices=[('PUBLIC', 'Public'), ('INTERNAL', 'Internal'), ('CONFIDENTIAL', 'Confidential'), ('RESTRICTED', 'Restricted'), ('TOP_SECRET', 'Top Secret')], max_length=20, unique=True)),
('level', models.IntegerField(help_text='Numeric level for comparison (higher = more sensitive)', unique=True)),
('description', models.TextField()),
('color_code', models.CharField(default='#000000', help_text='Hex color code for UI', max_length=7)),
('requires_clearance', models.BooleanField(default=False)),
('created_at', models.DateTimeField(auto_now_add=True)),
('updated_at', models.DateTimeField(auto_now=True)),
],
options={
'verbose_name': 'Data Classification',
'verbose_name_plural': 'Data Classifications',
'ordering': ['level'],
},
),
migrations.CreateModel(
name='SSOProvider',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('name', models.CharField(max_length=100, unique=True)),
('provider_type', models.CharField(choices=[('SAML', 'SAML'), ('OAUTH2', 'OAuth 2.0'), ('OIDC', 'OpenID Connect'), ('LDAP', 'LDAP')], max_length=20)),
('is_active', models.BooleanField(default=True)),
('configuration', models.JSONField(default=dict)),
('attribute_mapping', models.JSONField(default=dict, help_text='Mapping of SSO attributes to user fields')),
('created_at', models.DateTimeField(auto_now_add=True)),
('updated_at', models.DateTimeField(auto_now=True)),
],
options={
'ordering': ['name'],
},
),
migrations.CreateModel(
name='Role',
fields=[
('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('name', models.CharField(max_length=100, unique=True)),
('description', models.TextField()),
('is_active', models.BooleanField(default=True)),
('created_at', models.DateTimeField(auto_now_add=True)),
('updated_at', models.DateTimeField(auto_now=True)),
('data_classification_access', models.ManyToManyField(blank=True, help_text='Maximum data classification level this role can access', to='security.dataclassification')),
('permissions', models.ManyToManyField(blank=True, to='auth.permission')),
],
options={
'ordering': ['name'],
},
),
migrations.CreateModel(
name='User',
fields=[
('password', models.CharField(max_length=128, verbose_name='password')),
('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')),
('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
('username', models.CharField(error_messages={'unique': 'A user with that username already exists.'}, help_text='Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.', max_length=150, unique=True, validators=[django.contrib.auth.validators.UnicodeUsernameValidator()], verbose_name='username')),
('first_name', models.CharField(blank=True, max_length=150, verbose_name='first name')),
('last_name', models.CharField(blank=True, max_length=150, verbose_name='last name')),
('email', models.EmailField(blank=True, max_length=254, verbose_name='email address')),
('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
('is_active', models.BooleanField(default=True, help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.', verbose_name='active')),
('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')),
('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
('employee_id', models.CharField(blank=True, max_length=50, null=True, unique=True)),
('department', models.CharField(blank=True, max_length=100)),
('attributes', models.JSONField(blank=True, default=dict)),
('mfa_enabled', models.BooleanField(default=False)),
('mfa_secret', models.CharField(blank=True, max_length=32)),
('last_login_ip', models.GenericIPAddressField(blank=True, null=True)),
('failed_login_attempts', models.IntegerField(default=0)),
('account_locked_until', models.DateTimeField(blank=True, null=True)),
('sso_provider', models.CharField(blank=True, max_length=50, null=True)),
('sso_identifier', models.CharField(blank=True, max_length=255, null=True)),
('created_at', models.DateTimeField(auto_now_add=True)),
('updated_at', models.DateTimeField(auto_now=True)),
('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.group', verbose_name='groups')),
('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.permission', verbose_name='user permissions')),
('clearance_level', models.ForeignKey(blank=True, help_text="User's security clearance level", null=True, on_delete=django.db.models.deletion.SET_NULL, to='security.dataclassification')),
('roles', models.ManyToManyField(blank=True, to='security.role')),
],
options={
'ordering': ['username'],
},
managers=[
('objects', django.contrib.auth.models.UserManager()),
],
),
migrations.CreateModel(
name='AuditLog',
fields=[
('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
('timestamp', models.DateTimeField(auto_now_add=True, db_index=True)),
('action_type', models.CharField(choices=[('LOGIN', 'User Login'), ('LOGOUT', 'User Logout'), ('LOGIN_FAILED', 'Failed Login Attempt'), ('PASSWORD_CHANGE', 'Password Changed'), ('MFA_ENABLED', 'MFA Enabled'), ('MFA_DISABLED', 'MFA Disabled'), ('ROLE_ASSIGNED', 'Role Assigned'), ('ROLE_REMOVED', 'Role Removed'), ('DATA_ACCESS', 'Data Accessed'), ('DATA_MODIFIED', 'Data Modified'), ('DATA_DELETED', 'Data Deleted'), ('ACCOUNT_LOCKED', 'Account Locked'), ('ACCOUNT_UNLOCKED', 'Account Unlocked'), ('SSO_LOGIN', 'SSO Login')], max_length=50)),
('resource_type', models.CharField(blank=True, max_length=100)),
('resource_id', models.CharField(blank=True, max_length=255)),
('ip_address', models.GenericIPAddressField(blank=True, null=True)),
('user_agent', models.TextField(blank=True)),
('details', models.JSONField(default=dict)),
('severity', models.CharField(choices=[('LOW', 'Low'), ('MEDIUM', 'Medium'), ('HIGH', 'High'), ('CRITICAL', 'Critical')], default='LOW', max_length=20)),
('hash_value', models.CharField(help_text='SHA-256 hash for integrity verification', max_length=64, unique=True)),
('user', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to=settings.AUTH_USER_MODEL)),
],
options={
'ordering': ['-timestamp'],
'indexes': [models.Index(fields=['timestamp', 'action_type'], name='security_au_timesta_0a6bfb_idx'), models.Index(fields=['user', 'timestamp'], name='security_au_user_id_88bbbb_idx'), models.Index(fields=['severity', 'timestamp'], name='security_au_severit_eb201b_idx')],
},
),
migrations.CreateModel(
name='MFADevice',
fields=[
('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
('device_type', models.CharField(choices=[('TOTP', 'Time-based One-Time Password'), ('HOTP', 'HMAC-based One-Time Password'), ('SMS', 'SMS'), ('EMAIL', 'Email'), ('HARDWARE', 'Hardware Token')], max_length=20)),
('name', models.CharField(help_text='User-friendly name for the device', max_length=100)),
('secret_key', models.CharField(help_text='Encrypted secret key', max_length=255)),
('is_active', models.BooleanField(default=True)),
('is_primary', models.BooleanField(default=False)),
('last_used', models.DateTimeField(blank=True, null=True)),
('created_at', models.DateTimeField(auto_now_add=True)),
('updated_at', models.DateTimeField(auto_now=True)),
('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='mfa_devices', to=settings.AUTH_USER_MODEL)),
],
options={
'ordering': ['-is_primary', 'name'],
'unique_together': {('user', 'name')},
},
),
]
Reference in New Issue View Git Blame Copy Permalink