root(minor): start implementing guardian

2019-10-10 10:45:51 +02:00
parent ca3bcc565d
commit a53f7a49ac
6 changed files with 41 additions and 11 deletions
--- a/passbook/core/models.py
+++ b/passbook/core/models.py
@ -11,6 +11,7 @@ from django.db import models
 from django.urls import reverse_lazy
 from django.utils.timezone import now
 from django.utils.translation import gettext as _
+from guardian.mixins import GuardianUserMixin
 from model_utils.managers import InheritanceManager
 from structlog import get_logger

@ -41,7 +42,7 @@ class Group(UUIDModel):

        unique_together = (('name', 'parent',),)

-class User(AbstractUser):
+class User(GuardianUserMixin, AbstractUser):
    """Custom User model to allow easier adding o f user-based settings"""

    uuid = models.UUIDField(default=uuid4, editable=False)
--- a/passbook/lib/admin.py
+++ b/passbook/lib/admin.py
@ -4,6 +4,7 @@ from django.apps import apps
 from django.contrib import admin
 from django.contrib.admin.sites import AlreadyRegistered
 from django.contrib.auth.admin import UserAdmin
+from guardian.admin import GuardedModelAdmin

 from passbook.core.models import User

@ -13,10 +14,9 @@ def admin_autoregister(app):
    app_models = apps.get_app_config(app).get_models()
    for model in app_models:
        try:
-            admin.site.register(model)
+            admin.site.register(model, GuardedModelAdmin)
        except AlreadyRegistered:
            pass


 admin.site.register(User, UserAdmin)
-admin_autoregister('passbook_core')
--- a/passbook/lib/views.py
+++ b/passbook/lib/views.py
@ -0,0 +1,16 @@
+"""passbook helper views"""
+
+from django.views.generic import CreateView
+from guardian.shortcuts import assign_perm
+
+
+class CreateAssignPermView(CreateView):
+    """Assign permissions to object after creation"""
+
+    permissions = []
+
+    def form_valid(self, form):
+        response = super().form_valid(form)
+        for permission in self.permissions:
+            assign_perm(permission, self.request.user, self.object)
+        return response
--- a/passbook/root/settings.py
+++ b/passbook/root/settings.py
@ -53,10 +53,10 @@ LANGUAGE_COOKIE_NAME = 'passbook_language'

 AUTHENTICATION_BACKENDS = [
    'django.contrib.auth.backends.ModelBackend',
+    'guardian.backends.ObjectPermissionBackend',
 ]

 # Application definition
-
 INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
@ -67,6 +67,8 @@ INSTALLED_APPS = [
    'django.contrib.postgres',
    # 'rest_framework',
    # 'drf_yasg',
+    'guardian',
+
    'passbook.core.apps.PassbookCoreConfig',
    'passbook.admin.apps.PassbookAdminConfig',
    'passbook.api.apps.PassbookAPIConfig',
@ -97,6 +99,8 @@ INSTALLED_APPS = [
    'passbook.policies.webhook.apps.PassbookPoliciesWebhookConfig',
 ]

+GUARDIAN_MONKEY_PATCH = False
+
 REST_FRAMEWORK = {
    # Use Django's standard `django.contrib.auth` permissions,
    # or allow read-only access for unauthenticated users.