Projet

Général

Profil

0012-decorators-add-a-way-to-bypass-auth-level-check.patch

Valentin Deniaud, 04 avril 2019 17:07

Télécharger (1,29 ko)

Voir les différences: 

Subject: [PATCH 12/13] decorators: add a way to bypass auth level check


 src/authentic2/decorators.py | 9 +++++++++
 1 file changed, 9 insertions(+)
src/authentic2/decorators.py
6 6 
import time
7 7 
from functools import wraps
8 8 

  		




  
  9
  
    
from django.conf import settings

  		




  9
  10
  
    
from django.contrib.auth.decorators import login_required

  		




  10
  11
  
    
from django.views.debug import technical_404_response

  		




  11
  12
  
    
from django.http import Http404, HttpResponseForbidden, HttpResponse, HttpResponseBadRequest

  		




  ......




  329
  330
  
    
            login_url = utils.get_manager_login_url() + '?auth_level=%s' % required_auth_level

  		




  330
  331
  
    
            return redirect_to_login(next_field_value, login_url)

  		




  331
  332
  
    
    return wrapped

  		




  
  333
  
    

  		




  
  334
  
    

  		




  
  335
  
    
def fake_highest_auth_level(func):

  		




  
  336
  
    
    @wraps(func)

  		




  
  337
  
    
    def wrapped(request, *args, **kwargs):

  		




  
  338
  
    
        request.user.auth_level = getattr(settings, 'DJANGO_RBAC_MAX_AUTH_LEVEL', 5)

  		




  
  339
  
    
        return func(request, *args, **kwargs)

  		




  
  340
  
    
    return wrapped

  		




  332
  
  
    
-