policy(major): simplify PolicyEngine API, add flag to ignore cache for debug purposes

2019-10-15 15:44:59 +02:00
parent 13f4ea0b8b
commit d4cb1a98c7
10 changed files with 23 additions and 31 deletions
--- a/passbook/providers/oidc/lib.py
+++ b/passbook/providers/oidc/lib.py
@ -18,8 +18,8 @@ def check_permissions(request, user, client):
    except Application.DoesNotExist:
        return redirect('passbook_providers_oauth:oauth2-permission-denied')
    LOGGER.debug("Checking permissions for application", user=user, application=application)
-    policy_engine = PolicyEngine(application.policies.all())
-    policy_engine.for_user(user).with_request(request).build()
+    policy_engine = PolicyEngine(application.policies.all(), user, request)
+    policy_engine.build()

    # Check permissions
    passing, policy_messages = policy_engine.result
--- a/passbook/providers/saml/views.py
+++ b/passbook/providers/saml/views.py
@ -59,8 +59,9 @@ class AccessRequiredView(AccessMixin, View):

    def _has_access(self):
        """Check if user has access to application"""
-        policy_engine = PolicyEngine(self.provider.application.policies.all())
-        policy_engine.for_user(self.request.user).with_request(self.request).build()
+        policy_engine = PolicyEngine(self.provider.application.policies.all(),
+                                     self.request.user, self.request)
+        policy_engine.build()
        return policy_engine.passing

    def dispatch(self, request, *args, **kwargs):