0001-add-authorized-roles-and-unauthorized-url-field-to-S.patch
| src/authentic2/migrations/0017_auto_20170421_1017.py | ||
|---|---|---|
| 1 |
# -*- coding: utf-8 -*- |
|
| 2 |
from __future__ import unicode_literals |
|
| 3 | ||
| 4 |
from django.db import migrations, models |
|
| 5 |
from django.conf import settings |
|
| 6 | ||
| 7 | ||
| 8 |
class Migration(migrations.Migration): |
|
| 9 | ||
| 10 |
dependencies = [ |
|
| 11 |
migrations.swappable_dependency(settings.RBAC_ROLE_MODEL), |
|
| 12 |
('authentic2', '0016_attribute_disabled'),
|
|
| 13 |
] |
|
| 14 | ||
| 15 |
operations = [ |
|
| 16 |
migrations.AddField( |
|
| 17 |
model_name='service', |
|
| 18 |
name='authorized_roles', |
|
| 19 |
field=models.ManyToManyField(related_name='_service_authorized_roles_+', verbose_name='authorized roles', to=settings.RBAC_ROLE_MODEL), |
|
| 20 |
), |
|
| 21 |
migrations.AddField( |
|
| 22 |
model_name='service', |
|
| 23 |
name='unauthorized_url', |
|
| 24 |
field=models.URLField(max_length=256, null=True, verbose_name='callback url when unathorized'), |
|
| 25 |
), |
|
| 26 |
] |
|
| src/authentic2/models.py | ||
|---|---|---|
| 14 | 14 |
from . import attribute_kinds |
| 15 | 15 |
from authentic2.a2_rbac.models import Role |
| 16 | 16 |
from authentic2.a2_rbac.utils import get_default_ou |
| 17 |
from django_rbac.utils import get_role_model_name |
|
| 17 | 18 | |
| 18 | 19 |
try: |
| 19 | 20 |
from django.contrib.contenttypes.fields import GenericForeignKey |
| ... | ... | |
| 313 | 314 |
null=True, |
| 314 | 315 |
blank=True, |
| 315 | 316 |
swappable=False) |
| 317 |
authorized_roles = models.ManyToManyField( |
|
| 318 |
get_role_model_name(), verbose_name=_('authorized roles'),
|
|
| 319 |
related_name='authorized_roles+') |
|
| 320 |
unauthorized_url = models.URLField( |
|
| 321 |
verbose_name=_('callback url when unathorized'),
|
|
| 322 |
max_length=256, null=True) |
|
| 316 | 323 | |
| 317 | 324 |
objects = managers.ServiceManager() |
| 318 | 325 | |
| ... | ... | |
| 348 | 355 |
def __repr__(self): |
| 349 | 356 |
return '<%s %r>' % (self.__class__.__name__, unicode(self)) |
| 350 | 357 | |
| 358 |
def authorize(self, request): |
|
| 359 |
if not self.authorized_roles.exists(): |
|
| 360 |
return True |
|
| 361 |
for role in self.authorized_roles.all(): |
|
| 362 |
if request.user.roles.filter(uuid=role.uuid).exists(): |
|
| 363 |
return True |
|
| 364 |
else: |
|
| 365 |
return False |
|
| 366 | ||
| 351 | 367 |
def to_json(self, roles=None): |
| 352 | 368 |
if not roles: |
| 353 | 369 |
roles = Role.objects.all() |
| 354 |
- |
|