Merge remote-tracking branch 'origin/master' into tresorerie

# Conflicts: # locale/de/LC_MESSAGES/django.po # locale/fr/LC_MESSAGES/django.po # note_kfet/settings/base.py # templates/base.html
2025-06-21 01:48:21 +02:00 · 2020-03-22 01:04:03 +01:00
parent 1c6d69ab9d 3556672ed9
commit 18f6daf2ac
54 changed files with 2754 additions and 438 deletions
--- a/note_kfet/settings/base.py
+++ b/note_kfet/settings/base.py
@ -39,8 +39,6 @@ INSTALLED_APPS = [
    'polymorphic',
    'crispy_forms',
    'django_tables2',
-    'cas_server',
-    'cas',
    # Django contrib
    'django.contrib.admin',
    'django.contrib.admindocs',
@ -62,6 +60,7 @@ INSTALLED_APPS = [
    'member',
    'note',
    'treasury',
+    'permission',
    'api',
    'logs',
 ]
@ -127,18 +126,15 @@ PASSWORD_HASHERS = [
    'member.hashers.CustomNK15Hasher',
 ]

-# Django Guardian object permissions
-
 AUTHENTICATION_BACKENDS = (
-    'django.contrib.auth.backends.ModelBackend',  # this is default
+    'permission.backends.PermissionBackend',  # Custom role-based permission system
+    'cas.backends.CASBackend',  # For CAS connections
 )

 REST_FRAMEWORK = {
-    # Use Django's standard `django.contrib.auth` permissions,
-    # or allow read-only access for unauthenticated users.
    'DEFAULT_PERMISSION_CLASSES': [
-        # TODO Maybe replace it with our custom permissions system
-        'rest_framework.permissions.DjangoModelPermissions',
+        # Control API access with our role-based permission system
+        'permission.permissions.StrongDjangoObjectPermissions',
    ],
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.SessionAuthentication',