mirror of
https://gitlab.crans.org/bde/nk20
synced 2024-11-27 02:43:01 +00:00
Implement OAuth2 scopes based on permissions
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
This commit is contained in:
parent
7b809ff3a6
commit
dd639d829e
36
apps/permission/scopes.py
Normal file
36
apps/permission/scopes.py
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
# Copyright (C) 2018-2021 by BDE ENS Paris-Saclay
|
||||||
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
|
from oauth2_provider.scopes import BaseScopes
|
||||||
|
|
||||||
|
from member.models import Club
|
||||||
|
|
||||||
|
from .backends import PermissionBackend
|
||||||
|
from .models import Permission
|
||||||
|
|
||||||
|
|
||||||
|
class PermissionScopes(BaseScopes):
|
||||||
|
"""
|
||||||
|
An OAuth2 scope is defined by a permission object and a club.
|
||||||
|
A token will have a subset of permissions from the owner of the application,
|
||||||
|
and can be useful to make queries through the API with limited privileges.
|
||||||
|
"""
|
||||||
|
|
||||||
|
def get_all_scopes(self):
|
||||||
|
return {f"{p.id}_{club.id}": f"{p.description} (club {club.name})"
|
||||||
|
for p in Permission.objects.all() for club in Club.objects.all()}
|
||||||
|
|
||||||
|
def get_available_scopes(self, application=None, request=None, *args, **kwargs):
|
||||||
|
if not application:
|
||||||
|
return []
|
||||||
|
user = application.user
|
||||||
|
return [f"{p.id}_{p.membership.club.id}"
|
||||||
|
for t in Permission.PERMISSION_TYPES
|
||||||
|
for p in PermissionBackend.get_raw_permissions(user, t[0])]
|
||||||
|
|
||||||
|
def get_default_scopes(self, application=None, request=None, *args, **kwargs):
|
||||||
|
if not application:
|
||||||
|
return []
|
||||||
|
user = application.user
|
||||||
|
return [f"{p.id}_{p.membership.club.id}"
|
||||||
|
for p in PermissionBackend.get_raw_permissions(user, 'view')]
|
@ -245,6 +245,11 @@ REST_FRAMEWORK = {
|
|||||||
'PAGE_SIZE': 20,
|
'PAGE_SIZE': 20,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# OAuth2 Provider
|
||||||
|
OAUTH2_PROVIDER = {
|
||||||
|
'SCOPES_BACKEND_CLASS': 'permission.scopes.PermissionScopes',
|
||||||
|
}
|
||||||
|
|
||||||
# Take control on how widget templates are sourced
|
# Take control on how widget templates are sourced
|
||||||
# See https://docs.djangoproject.com/en/2.2/ref/forms/renderers/#templatessetting
|
# See https://docs.djangoproject.com/en/2.2/ref/forms/renderers/#templatessetting
|
||||||
FORM_RENDERER = 'django.forms.renderers.TemplatesSetting'
|
FORM_RENDERER = 'django.forms.renderers.TemplatesSetting'
|
||||||
|
Loading…
Reference in New Issue
Block a user