django-cfg 1.4.87__py3-none-any.whl → 1.4.89__py3-none-any.whl

django_cfg/__init__.py

@@ -32,7 +32,7 @@ Example:
 default_app_config = "django_cfg.apps.DjangoCfgConfig"
 
 # Version information
-__version__ = "1.4.87"
+__version__ = "1.4.89"
 __license__ = "MIT"
 
 # Import registry for organized lazy loading

django_cfg/apps/centrifugo/views/__init__.py

@@ -3,7 +3,6 @@ Views for Centrifugo module.
 """
 
 from .admin_api import CentrifugoAdminAPIViewSet
-from .dashboard import dashboard_view
 from .monitoring import CentrifugoMonitorViewSet
 from .testing_api import CentrifugoTestingAPIViewSet
 
@@ -11,5 +10,4 @@ __all__ = [
     'CentrifugoMonitorViewSet',
     'CentrifugoAdminAPIViewSet',
     'CentrifugoTestingAPIViewSet',
-    'dashboard_view',
 ]

django_cfg/apps/dashboard/permissions.py

@@ -0,0 +1,48 @@
+"""
+Dashboard Permissions
+
+Custom permission classes for dashboard API endpoints.
+"""
+
+from rest_framework.permissions import BasePermission
+
+
+class IsSuperAdmin(BasePermission):
+    """
+    Permission that allows access only to superusers.
+
+    More restrictive than IsAdminUser - requires is_superuser flag.
+    Use for sensitive operations like command execution.
+    """
+
+    def has_permission(self, request, view):
+        """Check if user is authenticated and is a superuser."""
+        return bool(
+            request.user and
+            request.user.is_authenticated and
+            request.user.is_superuser
+        )
+
+
+class IsStaffOrReadOnly(BasePermission):
+    """
+    Permission that allows read access to staff,
+    but write access only to superusers.
+    """
+
+    def has_permission(self, request, view):
+        """Check permissions based on request method."""
+        # Read permissions are allowed to any staff user
+        if request.method in ['GET', 'HEAD', 'OPTIONS']:
+            return bool(
+                request.user and
+                request.user.is_authenticated and
+                request.user.is_staff
+            )
+
+        # Write permissions are only allowed to superusers
+        return bool(
+            request.user and
+            request.user.is_authenticated and
+            request.user.is_superuser
+        )

django_cfg/apps/dashboard/serializers/__init__.py

@@ -15,7 +15,12 @@ from .charts import (
     ActivityTrackerDaySerializer,
     RecentUserSerializer,
 )
-from .commands import CommandSerializer, CommandsSummarySerializer
+from .commands import (
+    CommandSerializer,
+    CommandsSummarySerializer,
+    CommandExecuteRequestSerializer,
+    CommandHelpResponseSerializer,
+)
 from .apizones import APIZoneSerializer, APIZonesSummarySerializer
 
 __all__ = [
@@ -48,6 +53,8 @@ __all__ = [
     # Commands
     'CommandSerializer',
     'CommandsSummarySerializer',
+    'CommandExecuteRequestSerializer',
+    'CommandHelpResponseSerializer',
 
     # API Zones
     'APIZoneSerializer',

django_cfg/apps/dashboard/serializers/commands.py

@@ -14,6 +14,8 @@ class CommandSerializer(serializers.Serializer):
     help = serializers.CharField()
     is_core = serializers.BooleanField()
     is_custom = serializers.BooleanField()
+    is_allowed = serializers.BooleanField(required=False)
+    risk_level = serializers.CharField(required=False)
 
 
 class CommandsSummarySerializer(serializers.Serializer):
@@ -24,3 +26,30 @@ class CommandsSummarySerializer(serializers.Serializer):
     categories = serializers.ListField(child=serializers.CharField())
     commands = CommandSerializer(many=True)
     categorized = serializers.DictField()
+
+
+class CommandExecuteRequestSerializer(serializers.Serializer):
+    """Request serializer for command execution."""
+    command = serializers.CharField(help_text="Name of the Django management command")
+    args = serializers.ListField(
+        child=serializers.CharField(),
+        required=False,
+        default=list,
+        help_text="Positional arguments for the command"
+    )
+    options = serializers.DictField(
+        required=False,
+        default=dict,
+        help_text="Named options for the command (e.g., {'verbosity': '2'})"
+    )
+
+
+class CommandHelpResponseSerializer(serializers.Serializer):
+    """Response serializer for command help."""
+    status = serializers.CharField()
+    command = serializers.CharField()
+    app = serializers.CharField(required=False)
+    help_text = serializers.CharField(required=False)
+    is_allowed = serializers.BooleanField(required=False)
+    risk_level = serializers.CharField(required=False)
+    error = serializers.CharField(required=False)

django_cfg/apps/dashboard/services/__init__.py

@@ -10,6 +10,7 @@ from .system_health_service import SystemHealthService
 from .charts_service import ChartsService
 from .commands_service import CommandsService
 from .apizones_service import APIZonesService
+from .overview_service import OverviewService
 
 __all__ = [
     'StatisticsService',
@@ -17,4 +18,5 @@ __all__ = [
     'ChartsService',
     'CommandsService',
     'APIZonesService',
+    'OverviewService',
 ]

django_cfg/{modules/django_unfold/callbacks/base.py → apps/dashboard/services/commands_security.py}

@@ -1,5 +1,10 @@
 """
-Base utilities and helper functions for callbacks.
+Commands Security Module
+
+Self-contained security logic for Django management commands execution.
+Determines which commands are safe to execute via web interface.
+
+TAGS: commands, security, validation, safety
 """
 
 import importlib
@@ -7,8 +12,6 @@ import inspect
 import logging
 from typing import Any, Dict, Set
 
-from django.contrib.auth import get_user_model
-from django.core.management import get_commands
 from django.core.management.base import BaseCommand
 
 logger = logging.getLogger(__name__)
@@ -108,7 +111,7 @@ def analyze_command_safety(command_class: BaseCommand, command_name: str) -> Dic
 
 def is_command_allowed(command_name: str, app_name: str) -> bool:
     """
-    Check if command should be displayed in web interface.
+    Check if command should be allowed for web execution.
 
     Priority:
     1. Custom blacklist from settings (DJANGO_CFG_COMMANDS_BLACKLIST)
@@ -136,15 +139,18 @@ def is_command_allowed(command_name: str, app_name: str) -> bool:
     # Custom blacklist from settings (highest priority)
     custom_blacklist = getattr(settings, 'DJANGO_CFG_COMMANDS_BLACKLIST', set())
     if command_name in custom_blacklist:
+        logger.info(f"Command {command_name} blocked by custom blacklist")
         return False
 
     # Absolute blacklist
     if command_name in ABSOLUTE_BLACKLIST:
+        logger.info(f"Command {command_name} blocked by absolute blacklist")
         return False
 
     # Custom whitelist from settings
     custom_whitelist = getattr(settings, 'DJANGO_CFG_COMMANDS_WHITELIST', set())
     if command_name in custom_whitelist:
+        logger.info(f"Command {command_name} allowed by custom whitelist")
         return True
 
     # Load and analyze command
@@ -192,99 +198,31 @@ def is_command_allowed(command_name: str, app_name: str) -> bool:
 
     # Exclude other Django core by default
     if app_name.startswith('django.'):
+        logger.debug(f"Command {command_name} excluded (Django core, not in safe list)")
         return False
 
     # Third-party apps - only whitelisted
+    logger.debug(f"Command {command_name} excluded (third-party, not whitelisted)")
     return False
 
 
-def get_available_commands():
-    """Get all available Django management commands (filtered for safety)."""
-    commands_dict = get_commands()
-    commands_list = []
-
-    for command_name, app_name in commands_dict.items():
-        # Filter out unsafe/unwanted commands
-        if not is_command_allowed(command_name, app_name):
-            continue
-
-        try:
-            # Try to get command description
-            if app_name == 'django_cfg':
-                module_path = f'django_cfg.management.commands.{command_name}'
-            else:
-                module_path = f'{app_name}.management.commands.{command_name}'
-
-            try:
-                command_module = importlib.import_module(module_path)
-                if hasattr(command_module, 'Command'):
-                    command_class = command_module.Command
-                    description = getattr(command_class, 'help', f'{command_name} command')
-                else:
-                    description = f'{command_name} command'
-            except ImportError:
-                description = f'{command_name} command'
-
-            commands_list.append({
-                'name': command_name,
-                'app': app_name,
-                'description': description,
-                'is_core': app_name.startswith('django.'),
-                'is_custom': app_name == 'django_cfg',
-            })
-        except Exception as e:
-            # Skip problematic commands
-            logger.debug(f"Skipping command {command_name}: {e}")
-            continue
-
-    return commands_list
-
-
-def get_commands_by_category():
-    """Get commands categorized by type."""
-    commands = get_available_commands()
-
-    categorized = {
-        'django_cfg': [],
-        'django_core': [],
-        'third_party': [],
-        'project': [],
-    }
+def get_command_risk_level(command_name: str, app_name: str) -> str:
+    """
+    Get risk level for a command.
 
-    for cmd in commands:
-        if cmd['app'] == 'django_cfg':
-            categorized['django_cfg'].append(cmd)
-        elif cmd['app'].startswith('django.'):
-            categorized['django_core'].append(cmd)
-        elif cmd['app'].startswith(('src.', 'api.', 'accounts.')):
-            categorized['project'].append(cmd)
-        else:
-            categorized['third_party'].append(cmd)
+    Returns:
+        'safe', 'caution', or 'dangerous'
+    """
+    if command_name in ABSOLUTE_BLACKLIST:
+        return 'dangerous'
 
-    return categorized
+    if app_name == 'django_cfg':
+        return 'safe'
 
+    if app_name.startswith('django.'):
+        safe_commands = {'check', 'diffsettings', 'showmigrations'}
+        if command_name in safe_commands:
+            return 'safe'
+        return 'caution'
 
-def get_user_admin_urls():
-    """Get admin URLs for user model."""
-    try:
-        User = get_user_model()
-
-        app_label = User._meta.app_label
-        model_name = User._meta.model_name
-
-        return {
-            'changelist': f'admin:{app_label}_{model_name}_changelist',
-            'add': f'admin:{app_label}_{model_name}_add',
-            'change': f'admin:{app_label}_{model_name}_change/{{id}}/',
-            'delete': f'admin:{app_label}_{model_name}_delete/{{id}}/',
-            'view': f'admin:{app_label}_{model_name}_view/{{id}}/',
-        }
-    except Exception:
-        # Universal fallback - return admin index for all actions
-        return {
-            'changelist': 'admin:index',
-            'add': 'admin:index',
-            'change': 'admin:index',
-            'delete': 'admin:index',
-            'view': 'admin:index',
-        }
+    return 'caution'

django_cfg/apps/dashboard/services/commands_service.py

@@ -1,13 +1,18 @@
 """
 Commands Service
 
-Django management commands discovery and documentation.
+Django management commands discovery, documentation, and execution.
 """
 
 import logging
-from typing import Any, Dict, List
+import sys
+import time
+from io import StringIO
+from typing import Any, Dict, Generator, List
 
-from django.core.management import get_commands, load_command_class
+from django.core.management import call_command, get_commands, load_command_class
+
+from .commands_security import is_command_allowed, get_command_risk_level
 
 logger = logging.getLogger(__name__)
 
@@ -26,20 +31,29 @@ class CommandsService:
         """Initialize commands service."""
         self.logger = logger
 
-    def get_all_commands(self) -> List[Dict[str, Any]]:
+    def get_all_commands(self, include_unsafe: bool = False) -> List[Dict[str, Any]]:
         """
-        Get all available Django management commands.
+        Get all available Django management commands (filtered for safety by default).
+
+        Args:
+            include_unsafe: If True, include all commands. If False, only safe commands.
 
         Returns:
-            List of command dictionaries with name, app, help text
+            List of command dictionaries with name, app, help text, safety info
 
-        %%AI_HINT: Uses Django's get_commands() for command discovery%%
+        %%AI_HINT: Uses Django's get_commands() for command discovery with security filtering%%
         """
         try:
             commands_dict = get_commands()
             commands_list = []
 
             for command_name, app_name in commands_dict.items():
+                # Check if command is allowed (unless explicitly including unsafe)
+                is_allowed = is_command_allowed(command_name, app_name)
+
+                if not include_unsafe and not is_allowed:
+                    continue
+
                 try:
                     # Try to load command to get help text
                     command = load_command_class(app_name, command_name)
@@ -47,7 +61,10 @@ class CommandsService:
 
                     # Determine if it's a core Django command or custom
                     is_core = app_name.startswith('django.')
-                    is_custom = not is_core
+                    is_custom = app_name == 'django_cfg'
+
+                    # Get risk level
+                    risk_level = get_command_risk_level(command_name, app_name)
 
                     commands_list.append({
                         'name': command_name,
@@ -55,6 +72,8 @@ class CommandsService:
                         'help': help_text,
                         'is_core': is_core,
                         'is_custom': is_custom,
+                        'is_allowed': is_allowed,
+                        'risk_level': risk_level,
                     })
                 except Exception as e:
                     # If we can't load the command, still include basic info
@@ -64,7 +83,9 @@ class CommandsService:
                         'app': app_name,
                         'help': 'Description unavailable',
                         'is_core': app_name.startswith('django.'),
-                        'is_custom': not app_name.startswith('django.'),
+                        'is_custom': app_name == 'django_cfg',
+                        'is_allowed': is_allowed,
+                        'risk_level': get_command_risk_level(command_name, app_name),
                     })
 
             # Sort by name
@@ -140,3 +161,181 @@ class CommandsService:
                 'commands': [],
                 'categorized': {},
             }
+
+    def get_command_help(self, command_name: str) -> Dict[str, Any]:
+        """
+        Get detailed help text for a specific command.
+
+        Args:
+            command_name: Name of the Django management command
+
+        Returns:
+            Dictionary with help text and command info
+        """
+        try:
+            commands_dict = get_commands()
+
+            if command_name not in commands_dict:
+                return {
+                    'status': 'error',
+                    'error': f"Command '{command_name}' not found",
+                }
+
+            app_name = commands_dict[command_name]
+
+            # Load command class
+            command_class = load_command_class(app_name, command_name)
+            command_instance = command_class()
+
+            # Get parser to extract help
+            parser = command_instance.create_parser('manage.py', command_name)
+            help_text = parser.format_help()
+
+            return {
+                'status': 'success',
+                'command': command_name,
+                'app': app_name,
+                'help_text': help_text,
+                'is_allowed': is_command_allowed(command_name, app_name),
+                'risk_level': get_command_risk_level(command_name, app_name),
+            }
+
+        except Exception as e:
+            self.logger.error(f"Error getting help for command {command_name}: {e}")
+            return {
+                'status': 'error',
+                'error': str(e),
+                'command': command_name,
+            }
+
+    def execute_command(
+        self,
+        command_name: str,
+        args: List[str] = None,
+        options: Dict[str, Any] = None,
+        user=None
+    ) -> Generator[Dict[str, Any], None, None]:
+        """
+        Execute a Django management command and stream output.
+
+        Args:
+            command_name: Name of the command to execute
+            args: List of positional arguments
+            options: Dictionary of command options
+            user: User executing the command (for logging)
+
+        Yields:
+            Dict with execution events (start, output, complete, error)
+
+        Security:
+            - Validates command is allowed via is_command_allowed()
+            - Logs all execution attempts
+            - Captures and streams output safely
+        """
+        args = args or []
+        options = options or {}
+        start_time = time.time()
+
+        try:
+            # Validate command exists
+            commands_dict = get_commands()
+            if command_name not in commands_dict:
+                yield {
+                    'type': 'error',
+                    'error': f"Command '{command_name}' not found",
+                    'available_commands': list(commands_dict.keys())[:20],  # First 20 for reference
+                }
+                return
+
+            app_name = commands_dict[command_name]
+
+            # Security check - validate command is allowed
+            if not is_command_allowed(command_name, app_name):
+                self.logger.warning(
+                    f"Attempted execution of forbidden command '{command_name}' by user {user}"
+                )
+                yield {
+                    'type': 'error',
+                    'error': f"Command '{command_name}' is not allowed via web interface for security reasons",
+                    'suggestion': 'Only safe django_cfg commands and whitelisted utilities can be executed via web.',
+                    'risk_level': get_command_risk_level(command_name, app_name),
+                }
+                return
+
+            # Send start event
+            yield {
+                'type': 'start',
+                'command': command_name,
+                'args': args,
+                'options': options,
+            }
+
+            # Capture command output
+            output_buffer = StringIO()
+            old_stdout = sys.stdout
+            old_stderr = sys.stderr
+
+            try:
+                # Redirect stdout/stderr to buffer
+                sys.stdout = output_buffer
+                sys.stderr = output_buffer
+
+                # Execute command
+                call_command(command_name, *args, **options)
+                return_code = 0
+
+            except Exception as e:
+                # Command execution failed
+                output_buffer.write(f"\nError: {str(e)}\n")
+                return_code = 1
+
+            finally:
+                # Restore stdout/stderr
+                sys.stdout = old_stdout
+                sys.stderr = old_stderr
+
+            # Get all output
+            output = output_buffer.getvalue()
+
+            # Stream output line by line
+            if output:
+                for line in output.split('\n'):
+                    if line.strip():
+                        yield {
+                            'type': 'output',
+                            'line': line,
+                        }
+
+            execution_time = time.time() - start_time
+
+            # Send completion event
+            yield {
+                'type': 'complete',
+                'return_code': return_code,
+                'execution_time': round(execution_time, 2),
+            }
+
+            # Log command execution
+            if return_code == 0:
+                self.logger.info(
+                    f"Command executed: {command_name} {' '.join(args)} "
+                    f"by user {user} in {execution_time:.2f}s"
+                )
+            else:
+                self.logger.error(
+                    f"Command failed: {command_name} {' '.join(args)} "
+                    f"by user {user} in {execution_time:.2f}s"
+                )
+
+        except Exception as e:
+            execution_time = time.time() - start_time
+
+            self.logger.error(
+                f"Command execution error: {command_name} by user {user}: {e}"
+            )
+
+            yield {
+                'type': 'error',
+                'error': str(e),
+                'execution_time': round(execution_time, 2),
+            }