Skip to content
Snippets Groups Projects
Commit b2ef2284 authored by Branson Craig Stephens's avatar Branson Craig Stephens
Browse files

Added model level permissions on Guardian.GroupObjectPermissions for members...

Added model level permissions on Guardian.GroupObjectPermissions for members of the executives group. Also restored a modified version of the ModelBackend that *doesn't* do authentication. This is so that the has_perm check on Models can work.
parent bd3eac9d
No related branches found
No related tags found
No related merge requests found
......@@ -3,6 +3,7 @@ import re
from django.contrib.auth import authenticate
from django.contrib.auth.models import User, AnonymousUser, Group
from django.contrib.auth.backends import RemoteUserBackend as DefaultRemoteUserBackend
from django.contrib.auth.backends import ModelBackend as DefaultModelBackend
from ligoauth.models import certdn_to_user
from django.shortcuts import render_to_response
......@@ -172,3 +173,7 @@ class LigoShibBackend:
return User.objects.get(id=user_id)
except User.DoesNotExist:
return None
class ModelBackend(DefaultModelBackend):
def authenticate(self, username=None, password=None, **kwargs):
return None
# -*- coding: utf-8 -*-
from south.utils import datetime_utils as datetime
from south.db import db
from south.v2 import DataMigration
from django.db import models
class Migration(DataMigration):
def forwards(self, orm):
"Let execs add and delete GroupObjectPermissions."
execs = orm.Group.objects.get(name='executives')
# Find our permissions
ctype = orm['contenttypes.contenttype'].objects.get(app_label='guardian', model='groupobjectpermission')
add = orm.Permission.objects.get(content_type=ctype, codename='add_groupobjectpermission')
delete = orm.Permission.objects.get(content_type=ctype, codename='delete_groupobjectpermission')
execs.permissions.add(add)
execs.permissions.add(delete)
def backwards(self, orm):
execs = orm.Group.objects.get(name='executives')
# Find our permissions
ctype = orm['contenttypes.contenttype'].objects.get(app_label='guardian', model='groupobjectpermission')
add = orm.Permission.objects.get(content_type=ctype, codename='add_groupobjectpermission')
delete = orm.Permission.objects.get(content_type=ctype, codename='delete_groupobjectpermission')
execs.permissions.delete(add)
execs.permissions.delete(delete)
models = {
u'auth.group': {
'Meta': {'object_name': 'Group'},
u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
},
u'auth.permission': {
'Meta': {'ordering': "(u'content_type__app_label', u'content_type__model', u'codename')", 'unique_together': "((u'content_type', u'codename'),)", 'object_name': 'Permission'},
'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
},
u'auth.user': {
'Meta': {'object_name': 'User'},
'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
'groups': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "u'user_set'", 'blank': 'True', 'to': u"orm['auth.Group']"}),
u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "u'user_set'", 'blank': 'True', 'to': u"orm['auth.Permission']"}),
'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
},
u'contenttypes.contenttype': {
'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
},
u'guardian.groupobjectpermission': {
'Meta': {'unique_together': "([u'group', u'permission', u'object_pk'],)", 'object_name': 'GroupObjectPermission'},
'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
'group': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.Group']"}),
u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
'object_pk': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.Permission']"})
},
u'guardian.userobjectpermission': {
'Meta': {'unique_together': "([u'user', u'permission', u'object_pk'],)", 'object_name': 'UserObjectPermission'},
'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
'object_pk': ('django.db.models.fields.CharField', [], {'max_length': '255'}),
'permission': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.Permission']"}),
'user': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"})
}
}
complete_apps = ['guardian', 'auth']
symmetrical = True
......@@ -195,6 +195,7 @@ AUTHENTICATION_BACKENDS = (
# 'gracedb.middleware.auth.LigoAuthBackend',
'ligoauth.middleware.auth.LigoX509Backend',
'ligoauth.middleware.auth.LigoShibBackend',
'ligoauth.middleware.auth.ModelBackend',
# 'ligoauth.middleware.auth.RemoteUserBackend',
# 'ligodjangoauth.LigoShibbolethAuthBackend',
# 'django.contrib.auth.backends.ModelBackend',
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment