Merge remote-tracking branch 'origin/master' into tresorerie

# Conflicts: # locale/de/LC_MESSAGES/django.po # locale/fr/LC_MESSAGES/django.po # note_kfet/settings/base.py # templates/base.html
2025-06-21 01:48:21 +02:00 · 2020-03-22 01:04:03 +01:00
parent 1c6d69ab9d 3556672ed9
commit 18f6daf2ac
54 changed files with 2754 additions and 438 deletions
--- a/note_kfet/middlewares.py
+++ b/note_kfet/middlewares.py
@ -1,6 +1,66 @@
 # Copyright (C) 2018-2020 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later

+from django.conf import settings
+from django.contrib.auth.models import AnonymousUser, User
+
+from threading import local
+
+from django.contrib.sessions.backends.db import SessionStore
+
+USER_ATTR_NAME = getattr(settings, 'LOCAL_USER_ATTR_NAME', '_current_user')
+SESSION_ATTR_NAME = getattr(settings, 'LOCAL_SESSION_ATTR_NAME', '_current_session')
+IP_ATTR_NAME = getattr(settings, 'LOCAL_IP_ATTR_NAME', '_current_ip')
+
+_thread_locals = local()
+
+
+def _set_current_user_and_ip(user=None, session=None, ip=None):
+    setattr(_thread_locals, USER_ATTR_NAME, user)
+    setattr(_thread_locals, SESSION_ATTR_NAME, session)
+    setattr(_thread_locals, IP_ATTR_NAME, ip)
+
+
+def get_current_user() -> User:
+    return getattr(_thread_locals, USER_ATTR_NAME, None)
+
+
+def get_current_session() -> SessionStore:
+    return getattr(_thread_locals, SESSION_ATTR_NAME, None)
+
+
+def get_current_ip() -> str:
+    return getattr(_thread_locals, IP_ATTR_NAME, None)
+
+
+def get_current_authenticated_user():
+    current_user = get_current_user()
+    if isinstance(current_user, AnonymousUser):
+        return None
+    return current_user
+
+
+class SessionMiddleware(object):
+    """
+    This middleware get the current user with his or her IP address on each request.
+    """
+
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        user = request.user
+        if 'HTTP_X_FORWARDED_FOR' in request.META:
+            ip = request.META.get('HTTP_X_FORWARDED_FOR')
+        else:
+            ip = request.META.get('REMOTE_ADDR')
+
+        _set_current_user_and_ip(user, request.session, ip)
+        response = self.get_response(request)
+        _set_current_user_and_ip(None, None, None)
+
+        return response
+

 class TurbolinksMiddleware(object):
    """
--- a/note_kfet/settings/init.py
+++ b/note_kfet/settings/init.py
@ -41,6 +41,8 @@ else:
 try:
    #in secrets.py defines everything you want
    from .secrets import *
+    INSTALLED_APPS += OPTIONAL_APPS
+
 except ImportError:
    pass

@ -74,7 +76,7 @@ if "cas" in INSTALLED_APPS:


 if "logs" in INSTALLED_APPS:
-    MIDDLEWARE += ('logs.middlewares.LogsMiddleware',)
+    MIDDLEWARE += ('note_kfet.middlewares.SessionMiddleware',)

 if "debug_toolbar" in INSTALLED_APPS:
    MIDDLEWARE.insert(1, "debug_toolbar.middleware.DebugToolbarMiddleware")
--- a/note_kfet/settings/base.py
+++ b/note_kfet/settings/base.py
@ -39,8 +39,6 @@ INSTALLED_APPS = [
    'polymorphic',
    'crispy_forms',
    'django_tables2',
-    'cas_server',
-    'cas',
    # Django contrib
    'django.contrib.admin',
    'django.contrib.admindocs',
@ -62,6 +60,7 @@ INSTALLED_APPS = [
    'member',
    'note',
    'treasury',
+    'permission',
    'api',
    'logs',
 ]
@ -127,18 +126,15 @@ PASSWORD_HASHERS = [
    'member.hashers.CustomNK15Hasher',
 ]

-# Django Guardian object permissions
-
 AUTHENTICATION_BACKENDS = (
-    'django.contrib.auth.backends.ModelBackend',  # this is default
+    'permission.backends.PermissionBackend',  # Custom role-based permission system
+    'cas.backends.CASBackend',  # For CAS connections
 )

 REST_FRAMEWORK = {
-    # Use Django's standard `django.contrib.auth` permissions,
-    # or allow read-only access for unauthenticated users.
    'DEFAULT_PERMISSION_CLASSES': [
-        # TODO Maybe replace it with our custom permissions system
-        'rest_framework.permissions.DjangoModelPermissions',
+        # Control API access with our role-based permission system
+        'permission.permissions.StrongDjangoObjectPermissions',
    ],
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.SessionAuthentication',
--- a/note_kfet/urls.py
+++ b/note_kfet/urls.py
@ -7,6 +7,8 @@ from django.contrib import admin
 from django.urls import path, include
 from django.views.generic import RedirectView

+from member.views import CustomLoginView
+
 urlpatterns = [
    # Dev so redirect to something random
    path('', RedirectView.as_view(pattern_name='note:transfer'), name='index'),
@ -17,10 +19,11 @@ urlpatterns = [

    # Include Django Contrib and Core routers
    path('i18n/', include('django.conf.urls.i18n')),
-    path('accounts/', include('member.urls')),
-    path('accounts/', include('django.contrib.auth.urls')),
    path('admin/doc/', include('django.contrib.admindocs.urls')),
    path('admin/', admin.site.urls),
+    path('accounts/', include('member.urls')),
+    path('accounts/login/', CustomLoginView.as_view()),
+    path('accounts/', include('django.contrib.auth.urls')),
    path('api/', include('api.urls')),
 ]