ynerant/nk20
1
0
Fork 0
mirror of https://gitlab.crans.org/bde/nk20 synced 2025-11-12 09:39:28 +01:00
Code Issues Releases Wiki Activity

token access

Browse Source
This commit is contained in:
quark
2025-11-09 14:48:29 +01:00
parent 08593700fc
commit 9998189dbf
4 changed files with 34 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
apps/permission/backends.py
View File

@@ -21,7 +21,7 @@ class PermissionBackend(ModelBackend):
Manage permissions of users
"""
supports_object_permissions = True
supports_anonymous_user = True
supports_anonymous_user = False
supports_inactive_user = False
@staticmethod
@@ -33,6 +33,7 @@ class PermissionBackend(ModelBackend):
:param t: The type of the permissions: view, change, add or delete
:return: The queryset of the permissions of the user (memoized) grouped by clubs
"""
# Permission for auth
if hasattr(request, 'oauth2') and request.oauth2 is not None and 'scope' in request.oauth2:
# OAuth2 Authentication
user = request.oauth2['user']
@@ -46,6 +47,21 @@ class PermissionBackend(ModelBackend):
if int(club_id) == membership_obj.club_id:
query |= Q(pk=permission_id, mask__rank__lte=request.oauth2['mask'])
return query
# Restreint token permission to his scope
elif hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'):
user = request.auth.user
def permission_filter(membership_obj):
query = Q(pk=-1)
for scope in request.auth.scope.split(' '):
if scope == "openid" or scope == "0_0":
continue
permission_id, club_id = scope.split('_')
if int(club_id) == membership_obj.club_id:
query |= Q(pk=permission_id)
return query
else:
user = request.user
@@ -79,7 +95,6 @@ class PermissionBackend(ModelBackend):
:param type: The type of the permissions: view, change, add or delete
:return: A generator of the requested permissions
"""
if hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'):
# OAuth2 Authentication
user = request.auth.user