Created new backend for model permissions

New auth backend for permissions. Basic ModelBackend returns false if user has table-level permissions, but an object is passed in. This new backend establishes that if the user has table-level permissions, those supersede the lack of row-level permissions on a given object.

Created new backend for model permissions
d116202c · Tanner Prestegard · GraceDB · 34f8c179 · d116202c
Commit d116202c authored 6 years ago by Tanner Prestegard Committed by GraceDB 6 years ago
--- a/gracedb/ligoauth/backends.py
+++ b/gracedb/ligoauth/backends.py
+#from guardian import backends
+from django.contrib.auth import backends
+
+class ModelPermissionsForObjectBackend(backends.ModelBackend):
+    """
+    Establishes a hierarchy for permissions: model/table-level
+    permissions are accepted in lieu of object/row-level permissions.
+    """
+    def has_perm(self, user_obj, perm, obj=None):
+        # If an object is passed, Django's ModelBackend returns set() as the
+        # user's permissions.  Otherwise, it returns the actual set of
+        # permissions that the user has.  So we just run the check with obj set
+        # to None. This change just adjusts the logic:
+        #   Previously, it was:
+        #     No object: check for table-level permissions
+        #     With object: return False
+        #   Now, logic is: check for table-level permissions in either case
+        return super(ModelPermissionsForObjectBackend, self).has_perm(user_obj,
+            perm, obj=None)