forked from DGNum/gestioCOF
Use backend to enforce frozen accounts
This commit is contained in:
parent
02584982f6
commit
a34b83c236
3 changed files with 45 additions and 12 deletions
|
@ -111,11 +111,17 @@ CORS_ORIGIN_WHITELIST = ("bda.ens.fr", "www.bda.ens.fr" "cof.ens.fr", "www.cof.e
|
||||||
# Auth-related stuff
|
# Auth-related stuff
|
||||||
# ---
|
# ---
|
||||||
|
|
||||||
AUTHENTICATION_BACKENDS += [
|
AUTHENTICATION_BACKENDS = (
|
||||||
|
[
|
||||||
|
# Must be in first
|
||||||
|
"kfet.auth.backends.BlockFrozenAccountBackend"
|
||||||
|
]
|
||||||
|
+ AUTHENTICATION_BACKENDS
|
||||||
|
+ [
|
||||||
"gestioncof.shared.COFCASBackend",
|
"gestioncof.shared.COFCASBackend",
|
||||||
"kfet.auth.backends.GenericBackend",
|
"kfet.auth.backends.GenericBackend",
|
||||||
]
|
]
|
||||||
|
)
|
||||||
LOGIN_URL = "cof-login"
|
LOGIN_URL = "cof-login"
|
||||||
LOGIN_REDIRECT_URL = "home"
|
LOGIN_REDIRECT_URL = "home"
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
from django.contrib.auth import get_user_model
|
from django.contrib.auth import get_user_model
|
||||||
|
from django.core.exceptions import PermissionDenied
|
||||||
|
|
||||||
from kfet.models import Account, GenericTeamToken
|
from kfet.models import Account, GenericTeamToken
|
||||||
|
|
||||||
|
@ -37,3 +38,36 @@ class GenericBackend(BaseKFetBackend):
|
||||||
team_token.delete()
|
team_token.delete()
|
||||||
|
|
||||||
return get_kfet_generic_user()
|
return get_kfet_generic_user()
|
||||||
|
|
||||||
|
|
||||||
|
class BlockFrozenAccountBackend:
|
||||||
|
def authenticate(self, request, **kwargs):
|
||||||
|
return None
|
||||||
|
|
||||||
|
def get_user(self, user_id):
|
||||||
|
return None
|
||||||
|
|
||||||
|
def has_perm(self, user_obj, perm, obj=None):
|
||||||
|
app_label, _ = perm.split(".")
|
||||||
|
if app_label == "kfet":
|
||||||
|
if (
|
||||||
|
hasattr(user_obj, "profile")
|
||||||
|
and hasattr(user_obj.profile, "account_kfet")
|
||||||
|
and user_obj.profile.account_kfet.is_frozen
|
||||||
|
):
|
||||||
|
raise PermissionDenied
|
||||||
|
|
||||||
|
# Dans le cas général, on se réfère aux autres backends
|
||||||
|
return False
|
||||||
|
|
||||||
|
def has_module_perms(self, user_obj, app_label):
|
||||||
|
if app_label == "kfet":
|
||||||
|
if (
|
||||||
|
hasattr(user_obj, "profile")
|
||||||
|
and hasattr(user_obj.profile, "account_kfet")
|
||||||
|
and user_obj.profile.account_kfet.is_frozen
|
||||||
|
):
|
||||||
|
raise PermissionDenied
|
||||||
|
|
||||||
|
# Dans le cas général, on se réfère aux autres backends
|
||||||
|
return False
|
||||||
|
|
|
@ -2,13 +2,6 @@ from django.contrib.auth.decorators import user_passes_test
|
||||||
|
|
||||||
|
|
||||||
def kfet_is_team(user):
|
def kfet_is_team(user):
|
||||||
if (
|
|
||||||
hasattr(user, "profile")
|
|
||||||
and hasattr(user.profile, "account_kfet")
|
|
||||||
and user.profile.account_kfet.is_frozen
|
|
||||||
):
|
|
||||||
return False
|
|
||||||
|
|
||||||
return user.has_perm("kfet.is_team")
|
return user.has_perm("kfet.is_team")
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue