[GRDM-40446] Add login access control function based on authentication attributes and email address

admin/base/urls.py

@@ -17,7 +17,7 @@
             url(r'^brands/', include('admin.brands.urls', namespace='brands')),
             url(r'^spam/', include('admin.spam.urls', namespace='spam')),
             url(r'^institutions/', include('admin.institutions.urls', namespace='institutions')),
-            url(r'^entitlements/', include('admin.entitlements.urls', namespace='entitlements')),
+            url(r'^login_access_control/', include('admin.login_access_control.urls', namespace='login_access_control')),
             url(r'^quota_recalc/', include('admin.quota_recalc.urls', namespace='quota_recalc')),
             url(r'^preprint_providers/', include('admin.preprint_providers.urls', namespace='preprint_providers')),
             url(r'^collection_providers/', include('admin.collection_providers.urls', namespace='collection_providers')),

admin/institutions/urls.py

@@ -1,6 +1,5 @@
 from django.conf.urls import url
 from . import views
-from admin.entitlements.views import InstitutionEntitlementList, ToggleInstitutionEntitlement, DeleteInstitutionEntitlement
 
 app_name = 'admin'
 
@@ -9,10 +8,6 @@
     url(r'^institution_list/$', views.InstitutionUserList.as_view(), name='institution_list'),
     url(r'^create/$', views.CreateInstitution.as_view(), name='create'),
     url(r'^import/$', views.ImportInstitution.as_view(), name='import'),
-    url(r'^entitlements/$', InstitutionEntitlementList.as_view(), name='entitlements'),
-    # url(r'^(?P<institution_id>[0-9]+)/entitlements/$', InstitutionEntitlementList.as_view(), name='inst_entitlements'),
-    url(r'^(?P<institution_id>[0-9]+)/entitlements/(?P<entitlement_id>[0-9]+)/toggle/$', ToggleInstitutionEntitlement.as_view(), name='entitlement_toggle'),
-    url(r'^(?P<institution_id>[0-9]+)/entitlements/(?P<entitlement_id>[0-9]+)/delete/$', DeleteInstitutionEntitlement.as_view(), name='entitlement_delete'),
     url(r'^(?P<institution_id>[0-9]+)/$', views.InstitutionDetail.as_view(), name='detail'),
     url(r'^(?P<institution_id>[0-9]+)/export/$', views.InstitutionExport.as_view(), name='export'),
     url(r'^(?P<institution_id>[0-9]+)/delete/$', views.DeleteInstitution.as_view(), name='delete'),

admin/login_access_control/urls.py

@@ -0,0 +1,16 @@
+from django.conf.urls import url
+from . import views
+
+app_name = 'admin'
+
+urlpatterns = [
+    url(r'^$', views.LoginAccessControlListView.as_view(), name='list'),
+    url(r'^login_availability_default$', views.UpdateLoginAvailabilityDefaultView.as_view(), name='update_login_availability_default'),
+    url(r'^authentication_attribute/save$', views.SaveAuthenticationAttributeListView.as_view(), name='save_authentication_attribute_list'),
+    url(r'^authentication_attribute/update$', views.UpdateAuthenticationAttributeView.as_view(), name='update_authentication_attribute'),
+    url(r'^authentication_attribute/delete$', views.DeleteAuthenticationAttributeView.as_view(), name='delete_authentication_attribute'),
+    url(r'^authentication_attribute/logic_condition$', views.UpdateLoginLogicConditionView.as_view(), name='update_login_logic_condition'),
+    url(r'^mail_address/save$', views.SaveMailAddressListView.as_view(), name='save_mail_address_list'),
+    url(r'^mail_address/update$', views.UpdateMailAddressView.as_view(), name='update_mail_address'),
+    url(r'^mail_address/delete$', views.DeleteMailAddressView.as_view(), name='delete_mail_address'),
+]

admin/login_access_control/utils.py

@@ -0,0 +1,75 @@
+from osf.models import Institution
+
+
+def validate_integer(value, name):
+    """ Check if value is an integer """
+    if not value:
+        return f'{name} is required.'
+    if not isinstance(value, int):
+        return f'{name} is invalid.'
+    return None
+
+
+def validate_boolean(value, name):
+    """ Check if value is an integer """
+    if value is None:
+        return f'{name} is required.'
+    if not isinstance(value, bool):
+        return f'{name} is invalid.'
+    return None
+
+
+def validate_institution_id(institution_id):
+    """ Check if value is a ID for existing institution """
+    integer_error_message = validate_integer(institution_id, 'institution_id')
+    if integer_error_message is not None:
+        return integer_error_message
+    if not Institution.objects.filter(id=institution_id, is_deleted=False).exists():
+        return 'institution_id is invalid.'
+    return None
+
+
+def validate_logic_condition(logic_condition):
+    """Validate logic condition expression
+
+    :param str logic_condition: logic condition
+    :return bool: logic condition is valid or not
+    """
+    if not logic_condition:
+        # If logic condition is None or empty, return True
+        return True
+
+    if not isinstance(logic_condition, str) or has_invalid_character(logic_condition):
+        # If logic condition is not a string or has at least one invalid character, return False
+        return False
+
+    # Convert operator characters into their respective readable counterpart
+    expression = logic_condition. \
+        replace('&&', ' and '). \
+        replace('||', ' or '). \
+        replace('!', ' not ')
+
+    # If converted expression still have & or | then return False
+    if expression.find('&') >= 0 or expression.find('|') >= 0:
+        return False
+
+    try:
+        # Try to evaluate expression
+        if not (type(eval(expression)) == int or type(eval(expression)) == bool):
+            # If expression is invalid then return False
+            return False
+    except (SyntaxError, NameError):
+        # Fail to evaluate expression, return False
+        return False
+
+    # The expression is valid, return True
+    return True
+
+
+def has_invalid_character(expression):
+    """ Check if expression has at least one invalid character """
+    valid_characters = [' ', '!', '(', ')', '|', '&']
+    for item in expression:
+        if not (item.isdigit() or item in valid_characters):
+            return True
+    return False