mqtt models

src/backoffice/forms/mqtt.py

+from django.forms import ModelForm
+from core.models import MqttTopic, MqttCredential, MqttCredentialAccess, MqttUserAccess
+
+
+class MqttTopicCreateForm(ModelForm):
+    class Meta:
+        model = MqttTopic
+        fields = [
+            'name',
+            'access_mode',
+            'subtree_wildcard',
+            'description',
+        ]
+
+
+class MqttTopicEditForm(ModelForm):
+    class Meta:
+        model = MqttTopic
+        fields = [
+            'access_mode',
+            'subtree_wildcard',
+            'description',
+        ]
+
+
+class MqttCredentialAccessForm(ModelForm):
+    class Meta:
+        model = MqttCredentialAccess
+        fields = [
+            'conference_member',
+            'access_mode',
+        ]
+
+    def __init__(self):
+        self.fields['conference_member'].disabled = True

src/core/integrations/mqtt.py

+class MqttIntegration:
+    def __init__(self):
+        # probably needs some info how to reach the Mqtt broker + credentials
+        pass
+
+    def initialize(self):
+        """ called at startup """
+        pass
+
+    def create_or_update_user(self, username: str, password: str, admin: bool):
+        """
+        Creates user or updates password / admin access.
+        If User was created, also create a private topic where only the user can publish/subscribe.
+        """
+        pass
+
+    def remove_user(self, username):
+        """ removes user with username `username`. """
+        pass
+
+    def create_or_update_topic(self, topic_path: str, public_subscribe: bool, public_publish: bool):
+        """ creates topic at path `topic_path` or updates global access """
+        pass
+
+    def remove_topic(self, topic_path: str):
+        """ removes topic at `topic_path` """
+        pass
+
+    def update_user_permission(self, topic_path: str, username: str, subscribe: bool, publish: bool):
+        """ updates permissions for user `username` at topic `topic_path` """
+        pass

src/core/models/__init__.py

@@ -6,6 +6,7 @@ from .board import BulletinBoardEntry
 from .events import Event, EventAttachment, EventLikeCount, EventParticipant
 from .pages import StaticPage, StaticPageRevision
 from .messages import DirectMessage
+from .mqtt import MqttTopic, MqttCredential, MqttCredentialAccess, MqttUserAccess
 from .rooms import Room, RoomLink
 from .schedules import ScheduleSource, ScheduleSourceImport, ScheduleSourceMapping
 from .shared import BackendMixin
@@ -21,6 +22,7 @@ __all__ = [
     'BackendMixin', 'Badge', 'BadgeToken', 'BulletinBoardEntry',
     'Conference', 'ConferenceMember', 'ConferenceMemberTicket', 'ConferenceTag', 'ConferenceTrack',
     'DereferrerStats', 'DirectMessage',
+    'MqttTopic', 'MqttCredential', 'MqttCredentialAccess', 'MqttUserAccess',
     'Event', 'EventAttachment', 'EventLikeCount', 'EventParticipant',
     'PlatformUser',
     'Room', 'RoomLink',

src/core/models/conference.py

@@ -29,6 +29,8 @@ class ConferenceMember(models.Model):
     permission_groups = models.ManyToManyField(Group, blank=True, related_name='+')
     static_page_groups = pg_fields.ArrayField(models.CharField(max_length=50), blank=True, null=True)
 
+    mqtt_defaultuser = models.ManyToManyField('MqttCredential', related_name='conference_member')
+
     class Meta:
         permissions = [
             ('assembly_team', _('ConferenceMember__permission-assembly_team')),

src/core/models/mqtt.py

+from django.db import models
+from django.db.models import F
+from django.utils.translation import gettext_lazy as _
+
+from .rooms import Room
+
+
+class MqttTopic(models.Model):
+
+    ACCESS_MODE__NONE = ''
+    ACCESS_MODE__READ = 'r'
+    ACCESS_MODE__WRITE = 'w'
+    ACCESS_MODE__READWRITE = 'rw'
+    ACCESS_MODES = (
+        (ACCESS_MODE__NONE, _("MqttTopic--AccessMode--none")),
+        (ACCESS_MODE__READ, _("MqttTopic--AccessMode--read")),
+        (ACCESS_MODE__WRITE, _("MqttTopic--AccessMode--write")),
+        (ACCESS_MODE__READWRITE, _("MqttTopic--AccessMode--readwrite")),
+    )
+
+    name = models.CharField(
+        max_length=200,
+        help_text=_('MqttTopic--name--help'),
+        verbose_name=_('MqttTopic--name')
+    )
+    description = models.TextField(
+        blank=True, null=True,
+        help_text=_('MqttTopic--description--help'),
+        verbose_name=_('MqttTopic--description')
+    )
+    access_mode = models.CharField(
+        choices=ACCESS_MODES, max_length=max([len(k) for (k, v) in ACCESS_MODES]),
+        help_text=_('MqttTopic--access_mode--help'),
+        verbose_name=_('MqttTopic--access_mode')
+    )
+    subtree_wildcard = models.BooleanField(
+        help_text=_('MqttTopic--subtree_wildcard--help'),
+        verbose_name=_('MqttTopic--subtree_wildcard')
+    )
+    room = models.ForeignKey(Room, on_delete=models.CASCADE, related_name='mqtt_topics')
+
+
+class MqttCredential(models.Model):
+    class Meta:
+        constraints = [
+            models.UniqueConstraint('username', name='mqttcredential__username'),
+        ]
+
+    username = models.CharField(
+        max_length=200,
+        help_text=_('MqttUser--username--help'),
+        verbose_name=_('MqttUser--username')
+    )
+    password = models.CharField(
+        max_length=200,
+        help_text=_('MqttUser--password--help'),
+        verbose_name=_('MqttUser--password')
+    )
+    blocked = models.BooleanField(
+        help_text=_('MqttUser--blocked--help'),
+        verbose_name=_('MqttUser--blocked')
+    )
+    description = models.CharField(
+        help_text=_('MqttTopic--description--help'),
+        verbose_name=_('MqttTopic--description')
+    )
+
+    # ForeignKey am PlatformUser - für den anonymen Clientuser auf den man per SSO zugreifen kann
+    # Many2Many am ConferenceMember für weitere Clientuser die auch Permissions requesten können
+
+
+class MqttUserAccess(models.Model):
+    class Meta:
+        constraints = [
+            models.UniqueConstraint('topic', 'credential', condition=F(granted=False), name='mqttuseraccess_unique_requests'),
+            models.UniqueConstraint('topic', 'credential', condition=F(granted=True), name='mqttuseraccess_unique_grants'),
+        ]
+
+    topic = models.ForeignKey(MqttTopic, on_delete=models.CASCADE, related_name='access')
+    conference_member = models.ForeignKey('ConferenceMember', on_delete=models.CASCADE, related_name='mqtt_access')
+    granted = models.BooleanField(default=False)
+    access_mode = models.CharField(
+        choices=MqttTopic.ACCESS_MODES, max_length=max([len(k) for (k, v) in MqttTopic.ACCESS_MODES]),
+        help_text=_('MqttUserAccess--access_mode--help'),
+        verbose_name=_('MqttUserAccess--access_mode')
+    )
+
+
+class MqttCredentialAccess(models.Model):
+    class Meta:
+        constraints = [
+            models.UniqueConstraint('topic', 'credential', name='mqttcredaccess_unique'),
+        ]
+
+    topic = models.ForeignKey(MqttTopic, on_delete=models.CASCADE, related_name='access')
+    conference_member = models.ForeignKey(MqttCredential, on_delete=models.CASCADE, related_name='access')
+    access_mode = models.CharField(
+        choices=MqttTopic.ACCESS_MODES, max_length=max([len(k) for (k, v) in MqttTopic.ACCESS_MODES]),
+        help_text=_('MqttUserAccess--access_mode--help'),
+        verbose_name=_('MqttUserAccess--access_mode')
+    )

src/core/models/users.py

@@ -181,6 +181,8 @@ class PlatformUser(AbstractUser):
         verbose_name=_("PlatformUser__wa_force_website_trigger"),
     )
 
+    mqtt_defaultuser = models.ForeignKey('MqttCredential', on_delete=models.SET_NULL, related_name='user')
+
     @classmethod
     def get_user_flags(cls, user):
         return {