0001-add-authorized-roles-and-unauthorized-url-field-to-S.patch
src/authentic2/migrations/0017_auto_20170421_1017.py | ||
---|---|---|
1 |
# -*- coding: utf-8 -*- |
|
2 |
from __future__ import unicode_literals |
|
3 | ||
4 |
from django.db import migrations, models |
|
5 |
from django.conf import settings |
|
6 | ||
7 | ||
8 |
class Migration(migrations.Migration): |
|
9 | ||
10 |
dependencies = [ |
|
11 |
migrations.swappable_dependency(settings.RBAC_ROLE_MODEL), |
|
12 |
('authentic2', '0016_attribute_disabled'), |
|
13 |
] |
|
14 | ||
15 |
operations = [ |
|
16 |
migrations.AddField( |
|
17 |
model_name='service', |
|
18 |
name='authorized_roles', |
|
19 |
field=models.ManyToManyField(related_name='_service_authorized_roles_+', verbose_name='authorized roles', to=settings.RBAC_ROLE_MODEL), |
|
20 |
), |
|
21 |
migrations.AddField( |
|
22 |
model_name='service', |
|
23 |
name='unauthorized_url', |
|
24 |
field=models.URLField(max_length=256, null=True, verbose_name='callback url when unathorized'), |
|
25 |
), |
|
26 |
] |
src/authentic2/models.py | ||
---|---|---|
14 | 14 |
from . import attribute_kinds |
15 | 15 |
from authentic2.a2_rbac.models import Role |
16 | 16 |
from authentic2.a2_rbac.utils import get_default_ou |
17 |
from django_rbac.utils import get_role_model_name |
|
17 | 18 | |
18 | 19 |
try: |
19 | 20 |
from django.contrib.contenttypes.fields import GenericForeignKey |
... | ... | |
313 | 314 |
null=True, |
314 | 315 |
blank=True, |
315 | 316 |
swappable=False) |
317 |
authorized_roles = models.ManyToManyField( |
|
318 |
get_role_model_name(), verbose_name=_('authorized roles'), |
|
319 |
related_name='authorized_roles+') |
|
320 |
unauthorized_url = models.URLField( |
|
321 |
verbose_name=_('callback url when unathorized'), |
|
322 |
max_length=256, null=True) |
|
316 | 323 | |
317 | 324 |
objects = managers.ServiceManager() |
318 | 325 | |
... | ... | |
348 | 355 |
def __repr__(self): |
349 | 356 |
return '<%s %r>' % (self.__class__.__name__, unicode(self)) |
350 | 357 | |
358 |
def authorize(self, request): |
|
359 |
if not self.authorized_roles.exists(): |
|
360 |
return True |
|
361 |
for role in self.authorized_roles.all(): |
|
362 |
if request.user.roles.filter(uuid=role.uuid).exists(): |
|
363 |
return True |
|
364 |
else: |
|
365 |
return False |
|
366 | ||
351 | 367 |
def to_json(self, roles=None): |
352 | 368 |
if not roles: |
353 | 369 |
roles = Role.objects.all() |
354 |
- |