0002-allow-checking-for-authentication-level-and-request-.patch

Valentin Deniaud, 16 avril 2019 14:27

Voir les différences: en ligne côte à côte

Subject: [PATCH 2/2] allow checking for authentication level and request
 increase

 chrono/agendas/models.py | 31 +++++++++++++++++++++++++------
 chrono/exceptions.py     |  4 ++++
 chrono/manager/views.py  |  2 +-
 chrono/urls_utils.py     | 17 ++++++++++++++++-
 4 files changed, 46 insertions(+), 8 deletions(-)
 create mode 100644 chrono/exceptions.py

     from jsonfield import JSONField
     from ..interval import Intervals
     from chrono.exceptions import InsufficientAuthLevel
     AGENDA_KINDS = (
-...
         def get_absolute_url(self):
             return reverse('chrono-manager-agenda-view', kwargs={'pk': self.id})
         def can_be_managed(self, user):
         @staticmethod
         def user_has_sufficient_auth_level(user, role, can_raise):
             if hasattr(role, 'auth_level') and user.auth_level < role.auth_level.value:
                 if can_raise:
                     raise InsufficientAuthLevel(role.auth_level.value)
                 return False
             return True
         def can_be_managed(self, user, can_raise=True):
             if user.is_staff:
                 return True
             group_ids = [x.id for x in user.groups.all()]
             return bool(self.edit_role_id in group_ids)
             if self.edit_role_id in group_ids:
                 return self.user_has_sufficient_auth_level(user, self.edit_role, can_raise)
             return False
         def can_be_viewed(self, user):
             if self.can_be_managed(user):
                 return True
         def can_be_viewed(self, user, can_raise=True):
             would_have_raised = False
             try:
                 if self.can_be_managed(user, can_raise):
                     return True
             except InsufficientAuthLevel as e:
                 would_have_raised = e.auth_level.value
             group_ids = [x.id for x in user.groups.all()]
             return bool(self.view_role_id in group_ids)
             if self.view_role_id in group_ids:
                 return self.user_has_sufficient_auth_level(user, self.view_role, can_raise)
             if would_have_raised:
                 raise InsufficientAuthLevel(would_have_raised)
             return False
         def get_base_meeting_duration(self):
             durations = [x.duration for x in MeetingType.objects.filter(agenda=self)]

chrono/exceptions.py
	1	class InsufficientAuthLevel(Exception):
	2
	3	def __init__(self, level):
	4	self.required_level = level

                 self.agenda = Agenda.objects.get(id=kwargs.get('pk'))
             except Agenda.DoesNotExist:
                 raise Http404()
             if not self.agenda.can_be_managed(request.user):
             if not self.agenda.can_be_managed(request.user, can_raise=False):
                 # "events" agendas settings page can be access by user with the
                 # view permission as there are no other "view" page for this type
                 # of agenda.

     # Decorating URL includes, <https://djangosnippets.org/snippets/2532/>
     from django.contrib.auth.decorators import user_passes_test
     from django.contrib.auth.views import redirect_to_login
     from django.core.exceptions import PermissionDenied
     from django.core.urlresolvers import RegexURLPattern, RegexURLResolver
     from django.db.models import Q
     from .agendas.models import Agenda
     from .exceptions import InsufficientAuthLevel
     class DecoratedURLPattern(RegexURLPattern):
-...
         return urlconf_module, app_name, namespace
     def manager_required(function=None, login_url=None):
         def check_auth_level(func):
             def wrapped(request, *args, **kwargs):
                 try:
                     request.user.auth_level = request.session.get('auth_level', 1)
                     return func(request, *args, **kwargs)
                 except InsufficientAuthLevel as e:
                     required_auth_level = e.required_level
                     next_field_value = request.get_full_path()
                     login_url = '/login/?auth_level=%s' % required_auth_level
                     return redirect_to_login(next_field_value, login_url)
             return wrapped
         def check_manager(user):
             if user and user.is_staff:
                 return True
-...
             return False
         actual_decorator = user_passes_test(check_manager, login_url=login_url)
         if function:
             return actual_decorator(function)
             return check_auth_level(actual_decorator(function))
         return actual_decorator
+    -

Projet

Général

Profil

Produits Entr'ouvert » Chrono

0002-allow-checking-for-authentication-level-and-request-.patch