Use backend to enforce frozen accounts

This commit is contained in:
Ludovic Stephan 2021-06-15 16:52:50 +02:00
parent 02584982f6
commit a34b83c236
3 changed files with 45 additions and 12 deletions

View file

@ -111,11 +111,17 @@ CORS_ORIGIN_WHITELIST = ("bda.ens.fr", "www.bda.ens.fr" "cof.ens.fr", "www.cof.e
# Auth-related stuff # Auth-related stuff
# --- # ---
AUTHENTICATION_BACKENDS += [ AUTHENTICATION_BACKENDS = (
[
# Must be in first
"kfet.auth.backends.BlockFrozenAccountBackend"
]
+ AUTHENTICATION_BACKENDS
+ [
"gestioncof.shared.COFCASBackend", "gestioncof.shared.COFCASBackend",
"kfet.auth.backends.GenericBackend", "kfet.auth.backends.GenericBackend",
] ]
)
LOGIN_URL = "cof-login" LOGIN_URL = "cof-login"
LOGIN_REDIRECT_URL = "home" LOGIN_REDIRECT_URL = "home"

View file

@ -1,4 +1,5 @@
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
from django.core.exceptions import PermissionDenied
from kfet.models import Account, GenericTeamToken from kfet.models import Account, GenericTeamToken
@ -37,3 +38,36 @@ class GenericBackend(BaseKFetBackend):
team_token.delete() team_token.delete()
return get_kfet_generic_user() return get_kfet_generic_user()
class BlockFrozenAccountBackend:
def authenticate(self, request, **kwargs):
return None
def get_user(self, user_id):
return None
def has_perm(self, user_obj, perm, obj=None):
app_label, _ = perm.split(".")
if app_label == "kfet":
if (
hasattr(user_obj, "profile")
and hasattr(user_obj.profile, "account_kfet")
and user_obj.profile.account_kfet.is_frozen
):
raise PermissionDenied
# Dans le cas général, on se réfère aux autres backends
return False
def has_module_perms(self, user_obj, app_label):
if app_label == "kfet":
if (
hasattr(user_obj, "profile")
and hasattr(user_obj.profile, "account_kfet")
and user_obj.profile.account_kfet.is_frozen
):
raise PermissionDenied
# Dans le cas général, on se réfère aux autres backends
return False

View file

@ -2,13 +2,6 @@ from django.contrib.auth.decorators import user_passes_test
def kfet_is_team(user): def kfet_is_team(user):
if (
hasattr(user, "profile")
and hasattr(user.profile, "account_kfet")
and user.profile.account_kfet.is_frozen
):
return False
return user.has_perm("kfet.is_team") return user.has_perm("kfet.is_team")