diff --git a/config/settings/base.py b/config/settings/base.py
index 8a21cd457f1eb2a4c1c4084d6f4e4348e963a8b3..299be0ee55e8cb93d97c6d94fff0e616d0ec9b3b 100644
--- a/config/settings/base.py
+++ b/config/settings/base.py
@@ -259,7 +259,7 @@ AUTHENTICATION_BACKENDS = (
'ligoauth.middleware.auth.LigoX509Backend',
'ligoauth.middleware.auth.LigoShibBackend',
'ligoauth.middleware.auth.LigoBasicBackend',
- 'ligoauth.middleware.auth.ModelBackend',
+ 'ligoauth.backends.GraceDbModelBackend',
# 'ligoauth.middleware.auth.RemoteUserBackend',
# 'ligodjangoauth.LigoShibbolethAuthBackend',
# 'django.contrib.auth.backends.ModelBackend',
diff --git a/gracedb/ligoauth/backends.py b/gracedb/ligoauth/backends.py
index a665d93741d270bf505b17a61d8f82839cdbe50a..8b4d408d4f710960eed1afc4e0e1db884335adc9 100644
--- a/gracedb/ligoauth/backends.py
+++ b/gracedb/ligoauth/backends.py
@@ -17,3 +17,13 @@ class ModelPermissionsForObjectBackend(backends.ModelBackend):
# Now, logic is: check for table-level permissions in either case
return super(ModelPermissionsForObjectBackend, self).has_perm(user_obj,
perm, obj=None)
+
+
+class GraceDbModelBackend(ModelPermissionsForObjectBackend):
+ """
+ Main permission-checking backend for GraceDB. We remove the ability
+ for this backend to authenticate users, since that is handled by other
+ auth backends.
+ """
+ def authenticate(self, request, username=None, password=None, **kwargs):
+ return None
diff --git a/gracedb/ligoauth/middleware/auth.py b/gracedb/ligoauth/middleware/auth.py
index 4c55a4fe0af290fe6344d433dac759c8b2bd762b..f52facbbaef36ac9a2ae20be37becdd74b5e892b 100644
--- a/gracedb/ligoauth/middleware/auth.py
+++ b/gracedb/ligoauth/middleware/auth.py
@@ -304,7 +304,3 @@ class LigoBasicBackend:
return User.objects.get(id=user_id)
except User.DoesNotExist:
return None
-
-class ModelBackend(DefaultModelBackend):
- def authenticate(self, username=None, password=None, **kwargs):
- return None