Skip to content

Commit f31fabb

Browse files
DavisRayMDavisRayM
committed
Update ObjectPermissionBackend
1 parent 2b2387e commit f31fabb

File tree

2 files changed

+21
-10
lines changed

2 files changed

+21
-10
lines changed

kpi/backends.py

Lines changed: 20 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,29 @@
11
# coding: utf-8
22
from django.contrib.auth.backends import ModelBackend
3+
from django.contrib.auth.models import AnonymousUser
34
from django.conf import settings
45

5-
from kpi.utils.object_permission import get_database_user
6-
from .utils.permissions import is_user_anonymous
6+
from .models.object_permission import get_anonymous_user, perm_parse
77

88

99
class ObjectPermissionBackend(ModelBackend):
10+
@staticmethod
11+
def _translate_anonymous_user(user_obj):
12+
"""
13+
Returns user_obj, is_anonymous, where user_obj is always a real
14+
User object (translated from AnonymousUser if necessary), and
15+
is_anonymous is True if the user is anonymous
16+
"""
17+
is_anonymous = False
18+
if isinstance(user_obj, AnonymousUser):
19+
is_anonymous = True
20+
user_obj = get_anonymous_user()
21+
elif user_obj.pk == settings.ANONYMOUS_USER_ID:
22+
is_anonymous = True
23+
return user_obj, is_anonymous
24+
1025
def get_group_permissions(self, user_obj, obj=None):
11-
is_anonymous = is_user_anonymous(user_obj)
12-
user_obj = get_database_user(user_obj)
26+
user_obj, is_anonymous = self._translate_anonymous_user(user_obj)
1327
permissions = super().get_group_permissions(user_obj, obj)
1428
if is_anonymous:
1529
# Obey limits on anonymous users' permissions
@@ -19,8 +33,7 @@ def get_group_permissions(self, user_obj, obj=None):
1933
return permissions
2034

2135
def get_all_permissions(self, user_obj, obj=None):
22-
is_anonymous = is_user_anonymous(user_obj)
23-
user_obj = get_database_user(user_obj)
36+
user_obj, is_anonymous = self._translate_anonymous_user(user_obj)
2437
permissions = super().get_all_permissions(user_obj, obj)
2538
if is_anonymous:
2639
# Obey limits on anonymous users' permissions
@@ -30,8 +43,7 @@ def get_all_permissions(self, user_obj, obj=None):
3043
return permissions
3144

3245
def has_perm(self, user_obj, perm, obj=None):
33-
is_anonymous = is_user_anonymous(user_obj)
34-
user_obj = get_database_user(user_obj)
46+
user_obj, is_anonymous = self._translate_anonymous_user(user_obj)
3547
if obj is None or not hasattr(obj, 'has_perm'):
3648
if is_anonymous:
3749
# Obey limits on anonymous users' permissions
@@ -43,4 +55,3 @@ def has_perm(self, user_obj, perm, obj=None):
4355
return False
4456
# Trust the object-level test to handle anonymous users correctly
4557
return obj.has_perm(user_obj, perm)
46-

kpi/views/__init__.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ def home(request):
2727
cookie_jwt = request.COOKIES.get(settings.KPI_COOKIE_NAME)
2828
if request.user.is_anonymous and cookie_jwt:
2929
auth_class = JWTAuthentication()
30-
user, token = auth_class.authenticate(request)
30+
user, _ = auth_class.authenticate(request)
3131
user.backend = settings.AUTHENTICATION_BACKENDS[0]
3232
login(request, user)
3333
return TemplateResponse(request, "index.html")

0 commit comments

Comments
 (0)