Added model level permissions on Guardian.GroupObjectPermissions for members...

Added model level permissions on Guardian.GroupObjectPermissions for members of the executives group. Also restored a modified version of the ModelBackend that *doesn't* do authentication. This is so that the has_perm check on Models can work.

Added model level permissions on Guardian.GroupObjectPermissions for members...
b2ef2284 · Branson Craig Stephens · bd3eac9d · b2ef2284 · b2ef2284 · b2ef2284
Commit b2ef2284 authored 10 years ago by Branson Craig Stephens
--- a/ligoauth/middleware/auth.py
+++ b/ligoauth/middleware/auth.py
@@ -3,6 +3,7 @@ import re
 from django.contrib.auth import authenticate
 from django.contrib.auth.models import User, AnonymousUser, Group
 from django.contrib.auth.backends import RemoteUserBackend as DefaultRemoteUserBackend
+from django.contrib.auth.backends import ModelBackend as DefaultModelBackend
 from ligoauth.models import certdn_to_user

 from django.shortcuts import render_to_response
@@ -172,3 +173,7 @@ class LigoShibBackend:
            return User.objects.get(id=user_id)
        except User.DoesNotExist:
            return None
+
+class ModelBackend(DefaultModelBackend):
+    def authenticate(self, username=None, password=None, **kwargs):
+        return None
--- a/migrations/auth/0006_add_exec_perms_on_groupobjectperms.py
+++ b/migrations/auth/0006_add_exec_perms_on_groupobjectperms.py
+# -*- coding: utf-8 -*-
+from south.utils import datetime_utils as datetime
+from south.db import db
+from south.v2 import DataMigration
+from django.db import models
+
+class Migration(DataMigration):
+
+    def forwards(self, orm):
+        "Let execs add and delete GroupObjectPermissions."
+
+        execs = orm.Group.objects.get(name='executives')
+
+        # Find our permissions
+        ctype = orm['contenttypes.contenttype'].objects.get(app_label='guardian', model='groupobjectpermission')
+        add = orm.Permission.objects.get(content_type=ctype, codename='add_groupobjectpermission')
+        delete = orm.Permission.objects.get(content_type=ctype, codename='delete_groupobjectpermission')
+
+        execs.permissions.add(add)
+        execs.permissions.add(delete)
+
+    def backwards(self, orm):
+        execs = orm.Group.objects.get(name='executives')
+
+        # Find our permissions
+        ctype = orm['contenttypes.contenttype'].objects.get(app_label='guardian', model='groupobjectpermission')
+        add = orm.Permission.objects.get(content_type=ctype, codename='add_groupobjectpermission')
+        delete = orm.Permission.objects.get(content_type=ctype, codename='delete_groupobjectpermission')
+
+        execs.permissions.delete(add)
+        execs.permissions.delete(delete)
+
+    models = {
+        u'auth.group': {
+            'Meta': {'object_name': 'Group'},
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
+            'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
+        },
+        u'auth.permission': {
+            'Meta': {'ordering': "(u'content_type__app_label', u'content_type__model', u'codename')", 'unique_together': "((u'content_type', u'codename'),)", 'object_name': 'Permission'},
+            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
+        },
+        u'auth.user': {
+            'Meta': {'object_name': 'User'},
+            'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
+            'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "u'user_set'", 'blank': 'True', 'to': u"orm['auth.Group']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
+            'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "u'user_set'", 'blank': 'True', 'to': u"orm['auth.Permission']"}),
+            'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
+        },
+        u'contenttypes.contenttype': {
+            'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
+            'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
+        },
+        u'guardian.groupobjectpermission': {
+            'Meta': {'unique_together': "([u'group', u'permission', u'object_pk'],)", 'object_name': 'GroupObjectPermission'},
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            'group': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.Group']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'object_pk': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
+            'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.Permission']"})
+        },
+        u'guardian.userobjectpermission': {
+            'Meta': {'unique_together': "([u'user', u'permission', u'object_pk'],)", 'object_name': 'UserObjectPermission'},
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'object_pk': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
+            'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.Permission']"}),
+            'user': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"})
+        }
+    }
+
+    complete_apps = ['guardian', 'auth']
+    symmetrical = True
--- a/settings/default.py
+++ b/settings/default.py
@@ -195,6 +195,7 @@ AUTHENTICATION_BACKENDS = (
 #   'gracedb.middleware.auth.LigoAuthBackend',
    'ligoauth.middleware.auth.LigoX509Backend',
    'ligoauth.middleware.auth.LigoShibBackend',
+    'ligoauth.middleware.auth.ModelBackend',
 #   'ligoauth.middleware.auth.RemoteUserBackend',
 #   'ligodjangoauth.LigoShibbolethAuthBackend',
 #   'django.contrib.auth.backends.ModelBackend',