arthexis 0.1.8__py3-none-any.whl → 0.1.10__py3-none-any.whl

core/notifications.py

@@ -5,6 +5,7 @@ updates the LCD. If writing to the lock file fails, a Windows
 notification or log entry is used as a fallback. Each line is truncated
 to 64 characters; scrolling is handled by the LCD service.
 """
+
 from __future__ import annotations
 
 import logging
@@ -20,6 +21,15 @@ except Exception:  # pragma: no cover - plyer may not be installed
 logger = logging.getLogger(__name__)
 
 
+def supports_gui_toast() -> bool:
+    """Return ``True`` when a GUI toast notification is available."""
+
+    if not sys.platform.startswith("win"):
+        return False
+    notify = getattr(plyer_notification, "notify", None)
+    return callable(notify)
+
+
 class NotificationManager:
     """Write notifications to a lock file or fall back to GUI/log output."""
 
@@ -68,7 +78,7 @@ class NotificationManager:
 
     # GUI/log fallback ------------------------------------------------
     def _gui_display(self, subject: str, body: str) -> None:
-        if sys.platform.startswith("win") and plyer_notification:
+        if supports_gui_toast():
             try:  # pragma: no cover - depends on platform
                 plyer_notification.notify(
                     title="Arthexis", message=f"{subject}\n{body}", timeout=6

core/public_wifi.py

@@ -0,0 +1,227 @@
+"""Utilities for managing public Wi-Fi access control."""
+
+from __future__ import annotations
+
+import logging
+import re
+import shutil
+import subprocess
+from pathlib import Path
+from typing import Iterable
+
+from django.conf import settings
+from django.utils import timezone
+
+logger = logging.getLogger(__name__)
+
+_MAC_RE = re.compile(r"(?P<mac>([0-9a-f]{2}:){5}[0-9a-f]{2})", re.IGNORECASE)
+
+
+def _lock_dir() -> Path:
+    return Path(settings.BASE_DIR) / "locks"
+
+
+def _mode_lock() -> Path:
+    return _lock_dir() / "public_wifi_mode.lck"
+
+
+def _allowlist_path() -> Path:
+    return _lock_dir() / "public_wifi_allow.list"
+
+
+def _normalize_mac(mac: str) -> str:
+    return mac.strip().lower()
+
+
+def resolve_mac_address(ip_address: str | None) -> str | None:
+    """Attempt to resolve the MAC address for ``ip_address``.
+
+    The lookup prefers ``ip neigh`` and falls back to ``arp`` when available.
+    Returns ``None`` when the MAC cannot be determined.
+    """
+
+    if not ip_address:
+        return None
+
+    commands: Iterable[list[str]] = []
+    ip_cmd = shutil.which("ip")
+    if ip_cmd:
+        commands = [[ip_cmd, "neigh", "show", ip_address]]
+    arp_cmd = shutil.which("arp")
+    if arp_cmd:
+        commands = list(commands) + [[arp_cmd, "-n", ip_address]]
+    for command in commands:
+        try:
+            result = subprocess.run(
+                command,
+                capture_output=True,
+                text=True,
+                check=False,
+                timeout=1,
+            )
+        except Exception:  # pragma: no cover - defensive
+            continue
+        if result.returncode != 0:
+            continue
+        match = _MAC_RE.search(result.stdout)
+        if match:
+            mac = match.group("mac")
+            return _normalize_mac(mac)
+    return None
+
+
+def _iptables_available() -> bool:
+    return shutil.which("iptables") is not None
+
+
+def _run_iptables(args: list[str]) -> None:
+    try:
+        subprocess.run(["iptables", *args], check=False, timeout=2)
+    except Exception:  # pragma: no cover - defensive
+        logger.exception("iptables command failed: %s", " ".join(args))
+
+
+def _load_allowlist() -> set[str]:
+    path = _allowlist_path()
+    if not path.exists():
+        return set()
+    try:
+        content = path.read_text().splitlines()
+    except OSError:  # pragma: no cover - defensive
+        logger.exception("Unable to read public Wi-Fi allow list")
+        return set()
+    return {line.strip().lower() for line in content if line.strip()}
+
+
+def _save_allowlist(macs: Iterable[str]) -> None:
+    path = _allowlist_path()
+    path.parent.mkdir(parents=True, exist_ok=True)
+    lines = sorted({m.lower() for m in macs if m})
+    try:
+        path.write_text("\n".join(lines) + ("\n" if lines else ""))
+    except OSError:  # pragma: no cover - defensive
+        logger.exception("Unable to write public Wi-Fi allow list")
+
+
+def allow_mac(mac: str) -> None:
+    mac = _normalize_mac(mac)
+    if not mac:
+        return
+    allowlist = _load_allowlist()
+    if mac not in allowlist:
+        allowlist.add(mac)
+        _save_allowlist(allowlist)
+    if _iptables_available():
+        check_args = [
+            "-C",
+            "FORWARD",
+            "-i",
+            "wlan0",
+            "-m",
+            "mac",
+            "--mac-source",
+            mac,
+            "-j",
+            "ACCEPT",
+        ]
+        try:
+            result = subprocess.run(
+                ["iptables", *check_args],
+                capture_output=True,
+                text=True,
+                check=False,
+                timeout=2,
+            )
+            exists = result.returncode == 0
+        except Exception:  # pragma: no cover - defensive
+            logger.exception("iptables check failed for %s", mac)
+            exists = True
+        if not exists:
+            _run_iptables(
+                [
+                    "-I",
+                    "FORWARD",
+                    "1",
+                    "-i",
+                    "wlan0",
+                    "-m",
+                    "mac",
+                    "--mac-source",
+                    mac,
+                    "-j",
+                    "ACCEPT",
+                ]
+            )
+
+
+def revoke_mac(mac: str) -> None:
+    mac = _normalize_mac(mac)
+    if not mac:
+        return
+    allowlist = _load_allowlist()
+    if mac in allowlist:
+        allowlist.remove(mac)
+        _save_allowlist(allowlist)
+    if _iptables_available():
+        while True:
+            try:
+                result = subprocess.run(
+                    [
+                        "iptables",
+                        "-D",
+                        "FORWARD",
+                        "-i",
+                        "wlan0",
+                        "-m",
+                        "mac",
+                        "--mac-source",
+                        mac,
+                        "-j",
+                        "ACCEPT",
+                    ],
+                    capture_output=True,
+                    text=True,
+                    check=False,
+                    timeout=2,
+                )
+            except Exception:  # pragma: no cover - defensive
+                logger.exception("iptables delete failed for %s", mac)
+                break
+            if result.returncode != 0:
+                break
+
+
+def public_mode_lock_exists() -> bool:
+    return _mode_lock().exists()
+
+
+def grant_public_access(user, mac: str):
+    from core.models import PublicWifiAccess
+
+    mac = _normalize_mac(mac)
+    if not mac:
+        return None
+    access, created = PublicWifiAccess.objects.get_or_create(
+        user=user,
+        mac_address=mac,
+        defaults={"revoked_on": None},
+    )
+    if access.revoked_on is not None:
+        access.revoked_on = None
+        access.save(update_fields=["revoked_on", "updated_on"])
+    allow_mac(mac)
+    return access
+
+
+def revoke_public_access(access) -> None:
+    if access.revoked_on is None:
+        access.revoked_on = timezone.now()
+        access.save(update_fields=["revoked_on", "updated_on"])
+    revoke_mac(access.mac_address)
+
+
+def revoke_public_access_for_user(user) -> None:
+    from core.models import PublicWifiAccess
+
+    for access in PublicWifiAccess.objects.filter(user=user, revoked_on__isnull=True):
+        revoke_public_access(access)

core/reference_utils.py

@@ -0,0 +1,97 @@
+"""Utility helpers for working with Reference objects."""
+
+from __future__ import annotations
+
+from typing import Iterable, TYPE_CHECKING
+
+from django.contrib.sites.models import Site
+
+if TYPE_CHECKING:  # pragma: no cover - imported only for type checking
+    from django.http import HttpRequest
+    from nodes.models import Node
+    from .models import Reference
+
+
+def filter_visible_references(
+    refs: Iterable["Reference"],
+    *,
+    request: "HttpRequest | None" = None,
+    site: Site | None = None,
+    node: "Node | None" = None,
+    respect_footer_visibility: bool = True,
+) -> list["Reference"]:
+    """Return references visible for the current context."""
+
+    if site is None and request is not None:
+        try:
+            host = request.get_host().split(":")[0]
+        except Exception:
+            host = ""
+        if host:
+            site = Site.objects.filter(domain__iexact=host).first()
+
+    site_id = site.pk if site else None
+
+    if node is None:
+        try:
+            from nodes.models import Node  # imported lazily to avoid circular import
+
+            node = Node.get_local()
+        except Exception:
+            node = None
+
+    node_role_id = getattr(node, "role_id", None)
+    node_feature_ids: set[int] = set()
+    if node is not None:
+        features_manager = getattr(node, "features", None)
+        if features_manager is not None:
+            try:
+                node_feature_ids = set(
+                    features_manager.values_list("pk", flat=True)
+                )
+            except Exception:
+                node_feature_ids = set()
+
+    visible_refs: list["Reference"] = []
+    for ref in refs:
+        required_roles = {role.pk for role in ref.roles.all()}
+        required_features = {feature.pk for feature in ref.features.all()}
+        required_sites = {current_site.pk for current_site in ref.sites.all()}
+
+        if required_roles or required_features or required_sites:
+            allowed = False
+            if required_roles and node_role_id and node_role_id in required_roles:
+                allowed = True
+            elif (
+                required_features
+                and node_feature_ids
+                and node_feature_ids.intersection(required_features)
+            ):
+                allowed = True
+            elif required_sites and site_id and site_id in required_sites:
+                allowed = True
+
+            if not allowed:
+                continue
+
+        if respect_footer_visibility:
+            if ref.footer_visibility == ref.FOOTER_PUBLIC:
+                visible_refs.append(ref)
+            elif (
+                ref.footer_visibility == ref.FOOTER_PRIVATE
+                and request
+                and request.user.is_authenticated
+            ):
+                visible_refs.append(ref)
+            elif (
+                ref.footer_visibility == ref.FOOTER_STAFF
+                and request
+                and request.user.is_authenticated
+                and request.user.is_staff
+            ):
+                visible_refs.append(ref)
+        else:
+            visible_refs.append(ref)
+
+    return visible_refs
+

core/release.py

@@ -52,7 +52,7 @@ DEFAULT_PACKAGE = Package(
     author="Rafael J. Guillén-Osorio",
     email="tecnologia@gelectriic.com",
     python_requires=">=3.10",
-    license="MIT",
+    license="GPL-3.0-only",
 )
 
 
@@ -79,7 +79,9 @@ def _run(cmd: list[str], check: bool = True) -> subprocess.CompletedProcess:
 
 
 def _git_clean() -> bool:
-    proc = subprocess.run(["git", "status", "--porcelain"], capture_output=True, text=True)
+    proc = subprocess.run(
+        ["git", "status", "--porcelain"], capture_output=True, text=True
+    )
     return not proc.stdout.strip()
 
 
@@ -89,7 +91,6 @@ def _git_has_staged_changes() -> bool:
     return proc.returncode != 0
 
 
-
 def _manager_credentials() -> Optional[Credentials]:
     """Return credentials from the Package's release manager if available."""
     try:  # pragma: no cover - optional dependency
@@ -162,13 +163,12 @@ def _write_pyproject(package: Package, version: str, requirements: list[str]) ->
         if toml is not None and hasattr(toml, "dumps"):
             return toml.dumps(data)
         import json
+
         return json.dumps(data)
 
     Path("pyproject.toml").write_text(_dump_toml(content), encoding="utf-8")
 
 
-
-
 @requires_network
 def build(
     *,
@@ -254,19 +254,19 @@ def build(
             except Exception:
                 requests = None  # type: ignore
             if requests is not None:
-                resp = requests.get(
-                    f"https://pypi.org/pypi/{package.name}/json"
-                )
+                resp = requests.get(f"https://pypi.org/pypi/{package.name}/json")
                 if resp.ok:
                     releases = resp.json().get("releases", {})
                     if version in releases:
-                        raise ReleaseError(
-                            f"Version {version} already on PyPI"
-                        )
-        creds = creds or _manager_credentials() or Credentials(
-            token=os.environ.get("PYPI_API_TOKEN"),
-            username=os.environ.get("PYPI_USERNAME"),
-            password=os.environ.get("PYPI_PASSWORD"),
+                        raise ReleaseError(f"Version {version} already on PyPI")
+        creds = (
+            creds
+            or _manager_credentials()
+            or Credentials(
+                token=os.environ.get("PYPI_API_TOKEN"),
+                username=os.environ.get("PYPI_USERNAME"),
+                password=os.environ.get("PYPI_PASSWORD"),
+            )
         )
         files = sorted(str(p) for p in Path("dist").glob("*"))
         if not files:
@@ -307,7 +307,10 @@ def promote(
 
 
 def publish(
-    *, package: Package = DEFAULT_PACKAGE, version: str, creds: Optional[Credentials] = None
+    *,
+    package: Package = DEFAULT_PACKAGE,
+    version: str,
+    creds: Optional[Credentials] = None,
 ) -> None:
     """Upload the existing distribution to PyPI."""
     if network_available():
@@ -321,10 +324,14 @@ def publish(
                 raise ReleaseError(f"Version {version} already on PyPI")
     if not Path("dist").exists():
         raise ReleaseError("dist directory not found")
-    creds = creds or _manager_credentials() or Credentials(
-        token=os.environ.get("PYPI_API_TOKEN"),
-        username=os.environ.get("PYPI_USERNAME"),
-        password=os.environ.get("PYPI_PASSWORD"),
+    creds = (
+        creds
+        or _manager_credentials()
+        or Credentials(
+            token=os.environ.get("PYPI_API_TOKEN"),
+            username=os.environ.get("PYPI_USERNAME"),
+            password=os.environ.get("PYPI_PASSWORD"),
+        )
     )
     files = sorted(str(p) for p in Path("dist").glob("*"))
     if not files:

core/sigil_builder.py

@@ -0,0 +1,144 @@
+from __future__ import annotations
+
+
+from django.apps import apps
+from django.contrib import admin
+from django.template.response import TemplateResponse
+from django.urls import path, reverse
+from django.utils.translation import gettext_lazy as _
+
+from .fields import SigilAutoFieldMixin
+from .sigil_resolver import (
+    resolve_sigils as resolve_sigils_in_text,
+    resolve_sigil as _resolve_sigil,
+)
+
+
+def generate_model_sigils(**kwargs) -> None:
+    """Ensure built-in configuration SigilRoot entries exist."""
+    SigilRoot = apps.get_model("core", "SigilRoot")
+    for prefix in ["ENV", "SYS"]:
+        # Ensure built-in configuration roots exist without violating the
+        # unique ``prefix`` constraint, even if older databases already have
+        # entries with a different ``context_type``.
+        root = SigilRoot.objects.filter(prefix__iexact=prefix).first()
+        if root:
+            root.prefix = prefix
+            root.context_type = SigilRoot.Context.CONFIG
+            root.save(update_fields=["prefix", "context_type"])
+        else:
+            SigilRoot.objects.create(
+                prefix=prefix,
+                context_type=SigilRoot.Context.CONFIG,
+            )
+
+
+def _sigil_builder_view(request):
+    SigilRoot = apps.get_model("core", "SigilRoot")
+    grouped: dict[str, dict[str, object]] = {}
+    builtin_roots = [
+        {
+            "prefix": "ENV",
+            "url": reverse("admin:environment"),
+            "label": _("Environment"),
+        },
+        {
+            "prefix": "SYS",
+            "url": reverse("admin:system"),
+            "label": _("System"),
+        },
+    ]
+    for root in SigilRoot.objects.filter(
+        context_type=SigilRoot.Context.ENTITY
+    ).select_related("content_type"):
+        if not root.content_type:
+            continue
+        model = root.content_type.model_class()
+        model_name = model._meta.object_name
+        entry = grouped.setdefault(
+            model_name,
+            {
+                "model": model_name,
+                "fields": [f.name.upper() for f in model._meta.fields],
+                "prefixes": [],
+            },
+        )
+        entry["prefixes"].append(root.prefix.upper())
+    roots = sorted(grouped.values(), key=lambda r: r["model"])
+    for entry in roots:
+        entry["prefixes"].sort()
+
+    auto_fields = []
+    seen = set()
+    for model in apps.get_models():
+        model_name = model._meta.object_name
+        if model_name in seen:
+            continue
+        seen.add(model_name)
+        prefixes = grouped.get(model_name, {}).get("prefixes", [])
+        for field in model._meta.fields:
+            if isinstance(field, SigilAutoFieldMixin):
+                auto_fields.append(
+                    {
+                        "model": model_name,
+                        "roots": prefixes,
+                        "field": field.name.upper(),
+                    }
+                )
+
+    sigils_text = ""
+    resolved_text = ""
+    show_sigils_input = True
+    show_result = False
+    if request.method == "POST":
+        sigils_text = request.POST.get("sigils_text", "")
+        source_text = sigils_text
+        upload = request.FILES.get("sigils_file")
+        if upload:
+            source_text = upload.read().decode("utf-8", errors="ignore")
+            show_sigils_input = False
+        else:
+            single = request.POST.get("sigil", "")
+            if single:
+                source_text = (
+                    f"[{single}]" if not single.startswith("[") else single
+                )
+                sigils_text = source_text
+        if source_text:
+            resolved_text = resolve_sigils_in_text(source_text)
+            show_result = True
+        if upload:
+            sigils_text = ""
+
+    context = admin.site.each_context(request)
+    context.update(
+        {
+            "title": _("Sigil Builder"),
+            "sigil_roots": roots,
+            "builtin_roots": builtin_roots,
+            "auto_fields": auto_fields,
+            "sigils_text": sigils_text,
+            "resolved_text": resolved_text,
+            "show_sigils_input": show_sigils_input,
+            "show_result": show_result,
+        }
+    )
+    return TemplateResponse(request, "admin/sigil_builder.html", context)
+
+
+def patch_admin_sigil_builder_view() -> None:
+    """Add custom admin view for listing SigilRoots."""
+    original_get_urls = admin.site.get_urls
+
+    def get_urls():
+        urls = original_get_urls()
+        custom = [
+            path(
+                "sigil-builder/",
+                admin.site.admin_view(_sigil_builder_view),
+                name="sigil_builder",
+            ),
+        ]
+        return custom + urls
+
+    admin.site.get_urls = get_urls

core/sigil_context.py

@@ -0,0 +1,20 @@
+from __future__ import annotations
+
+from threading import local
+from typing import Dict, Type
+from django.db import models
+
+_thread = local()
+
+
+def set_context(context: Dict[Type[models.Model], str]) -> None:
+    _thread.context = context
+
+
+def get_context() -> Dict[Type[models.Model], str]:
+    return getattr(_thread, "context", {})
+
+
+def clear_context() -> None:
+    if hasattr(_thread, "context"):
+        delattr(_thread, "context")