Exemple #1
0
def perm_grant(request):
    g_id = request.GET.get('g_id', '')
    u_id = request.GET.get('u_id', '')
    mypermissions = MyPermission.objects.filter(parent__isnull=True).order_by('order_id')
    if g_id:
        obj = Group.objects.get(id=g_id)
        perms = obj.permissions.values_list('content_type__app_label', 'codename').order_by()
        perms = set("%s.%s" % (ct, name) for ct, name in perms)
    if u_id:
        obj = MyUser.objects.get(id=u_id)
        perms = ModelBackend().get_all_permissions(obj)
    if request.method == "POST":
        ids = request.POST.get('ids', '').split(',')
        ids = filter(lambda s: s.isdigit(), ids)
        permissions = []
        for p in MyPermission.objects.filter(id__in=ids):
            permissions.append(p.permission)
        if g_id:
            obj.permissions.clear()
            obj.permissions = permissions
        else:
            obj.user_permissions.clear()
            obj.user_permissions = permissions

        messages.add_message(request, messages.SUCCESS, u'信息修改成功')
        # return HttpResponseRedirect(reverse('user_list'))
        return HttpResponseRedirect(request.get_full_path())
    return render(request, "perm/perm_grant.html", {
        'mypermissions': mypermissions,
        'myperms': perms,
        'obj': obj,
    })
Exemple #2
0
 def authenticate(self, **kwargs):
     log.info("Authenticating: %(username)s" % kwargs)
     try:
         user = RemoteDrupalBackend().authenticate(**kwargs)
         if user is None:
             log.info(
                 "Remote Auth Rejected, trying local user list: %(username)s"
                 % kwargs)
             # Then... Remote failed, try local model
             #return super(DualAuthBackend, self).authenticate(self,
             #    **kwargs)
             return ModelBackend().authenticate(**kwargs)
         else:
             #  Remote succeeded, but we're still cautious and refuse
             #  this one password out of abundance of prudence
             log.info(" " * 5 +
                      "Remote Auth Accepted: %(username)s" % kwargs)
             return user
     except PermissionDenied:
         log.warn(" " * 5 +
                  "Full Abort after remote Auth for user: %(username)s" %
                  kwargs)
         raise  # abort abort abort!
     except:
         raise
         log.warn(" " * 5 +
                  "Other error in remote Auth for user: %(username)s" %
                  kwargs)
         return None
    def test_anonymous_has_no_permissions(self):
        """
        #17903 -- Anonymous users shouldn't have permissions in
        ModelBackend.get_(all|user|group)_permissions().
        """
        backend = ModelBackend()

        user = self.UserModel._default_manager.get(pk=self.user.pk)
        content_type = ContentType.objects.get_for_model(Group)
        user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user')
        group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group')
        user.user_permissions.add(user_perm)

        group = Group.objects.create(name='test_group')
        user.groups.add(group)
        group.permissions.add(group_perm)

        self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'})
        self.assertEqual(backend.get_user_permissions(user), {'auth.test_user'})
        self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'})

        with mock.patch.object(self.UserModel, 'is_anonymous', True):
            self.assertEqual(backend.get_all_permissions(user), set())
            self.assertEqual(backend.get_user_permissions(user), set())
            self.assertEqual(backend.get_group_permissions(user), set())
Exemple #4
0
def favhtml(request):
    """点赞"""
    userid = request.session.get('_auth_user_id', None)
    cacheuserdic = cache.get(userid, None)
    if not cacheuserdic:
        return False
    if not cacheuserdic['is_login']:
        weiboresponeobj = weiborespone.is_favor(nid='',
                                                status=False,
                                                message="登录超时,请重新登录")
        return HttpResponse(json.dumps(weiboresponeobj.dic()))

    if request.method == 'GET':
        favid = request.GET.get('id', None)
        userobj = ModelBackend().get_user(user_id=userid)
        weibocontenobj = models_server.WeiboContent()
        ret = weibocontenobj.is_favor(favid, userobj)
        if not ret:
            weiboresponeobj = weiborespone.is_favor(nid='',
                                                    status=False,
                                                    message="已经点过赞了亲")
        else:
            weiboresponeobj = weiborespone.is_favor(nid='',
                                                    status=True,
                                                    message="")
        return HttpResponse(json.dumps(weiboresponeobj.dic()))

    elif request.method == 'POST':
        pass
Exemple #5
0
def picture_video(request):
    """图片视频上传视图"""
    userid = request.session.get('_auth_user_id', None)
    userobj = ModelBackend().get_user(user_id=userid)
    fileobj = user_file.userfile(user_obj=userobj)
    filepath = fileobj.filepath
    if userobj:
        if request.method == 'GET':
            if os.path.isdir(filepath):
                shutil.rmtree((filepath))
                os.makedirs(filepath)
            else:
                os.makedirs(filepath)
            return HttpResponse('ok')
        elif request.method == 'POST':
            try:
                obj = request.FILES.get('PVFile')
                fileabspath = os.path.join(
                    filepath, '%s%s%s' %
                    (encryption(obj.name), '.', str(obj.name).split('.')[-1]))
                f = open(fileabspath, 'wb')
                for chunk in obj.chunks():
                    f.write(chunk)
                f.close()
                pvfileresponeobj = weiborespone.PVFile(
                    status=True,
                    message='上传成功',
                    filepath=str(fileabspath).split('user')[-1])
            except Exception as e:
                pvfileresponeobj = weiborespone.PVFile(status=False,
                                                       message='上传失败',
                                                       filepath=str(e))
            return HttpResponse(json.dumps(pvfileresponeobj.dic()))
Exemple #6
0
class RestrictiveBackend(object):
    """ Allows restricting permissions on per-object basis.

    For objects, checks object permissions first. If none found checks model
    permissions.  Works pretty much as usual for model permissions.

    NOTE: Make sure this is the only authentication backend providing
    permissions or it won't work, since Django will ask all backends and just
    needs one backend to return True in order to grant the permission.

    If no permissions are found at all, returns the value of the
    USERS_LOGGED_IN_HAS_PERM setting, or False if it's not set.  Set this to
    True if you want to allow everything that is not restricted on a per-object
    level, as long as the user is logged in.  Remember, you can control
    anonymous user permissions separately. See the ANONYMOUS_USER_ID setting
    (from django-guardian) and the USERS_ANONYMOUS_GROUP setting.

    Supports ban list through the optional USERS_BANNED_GROUP setting. Note
    that users in this group will not have ANY permissions, regardless of
    what the group's permissions are set to. It is only a way to indicate which
    users are banned and does not behave like a regular group when it comes
    to permissions.

    Uses django-guardian internally to check object permissions and the default
    django.contrib.auth.backends.ModelBackend for model permissions.
    """
    supports_object_permissions = True
    supports_anonymous_user = True
    supports_inactive_user = True
    _object_backend = ObjectPermissionBackend()
    _model_backend = ModelBackend()

    def authenticate(self, username=None, password=None):
        return None

    def is_banned(self, user_obj):
        return (BANNED_GROUP
                and user_obj.groups.filter(name=BANNED_GROUP).exists())

    def has_perm(self, user_obj, perm, obj=None):
        default_has_perm = False
        if user_obj.is_authenticated():
            default_has_perm = LOGGED_IN_HAS_PERM
        else:
            user_obj = User.objects.get(pk=ANONYMOUS_USER_ID)
        if not user_obj.is_active:
            return False
        if user_obj.is_superuser:
            return True
        if self.is_banned(user_obj):
            return False
        if obj and self.object_has_perms(obj):
            return self._object_backend.has_perm(user_obj, perm, obj)
        has_model_perm = self._model_backend.has_perm(user_obj, perm)
        return has_model_perm or default_has_perm

    def object_has_perms(self, obj):
        return (
            GroupObjectPermission.objects.filter(object_pk=obj.pk).exists()
            or UserObjectPermission.objects.filter(object_pk=obj.pk).exists())
Exemple #7
0
 def test_non_browserid_user(self):
     # If the current user was not authenticated via
     # django-browserid, userEmail should be empty.
     user = auth.models.User.objects.create_user('asdf', '*****@*****.**')
     response = self.info(user, ModelBackend())
     response_data = json.loads(smart_text(response.content))
     eq_(response_data['userEmail'], '')
Exemple #8
0
    def test_inactive_has_no_permissions(self):
        """
        #17903 -- Inactive users shouldn't have permissions in
        ModelBackend.get_(all|user|group)_permissions().
        """
        backend = ModelBackend()

        user = self.UserModel._default_manager.get(pk=self.user.pk)
        content_type = ContentType.objects.get_for_model(Group)
        user_perm = Permission.objects.create(name='test',
                                              content_type=content_type,
                                              codename='test_user')
        group_perm = Permission.objects.create(name='test2',
                                               content_type=content_type,
                                               codename='test_group')
        user.user_permissions.add(user_perm)

        group = Group.objects.create(name='test_group')
        user.groups.add(group)
        group.permissions.add(group_perm)

        self.assertEqual(backend.get_all_permissions(user),
                         {'auth.test_user', 'auth.test_group'})
        self.assertEqual(backend.get_user_permissions(user),
                         {'auth.test_user', 'auth.test_group'})
        self.assertEqual(backend.get_group_permissions(user),
                         {'auth.test_group'})

        user.is_active = False
        user.save()

        self.assertEqual(backend.get_all_permissions(user), set())
        self.assertEqual(backend.get_user_permissions(user), set())
        self.assertEqual(backend.get_group_permissions(user), set())
Exemple #9
0
def identify_operatorfinger(request):
    obj_template = request.REQUEST.get("template10", "")
    mathpro = windll.LoadLibrary("match.dll")
    if obj_template:
        from ctypes import create_string_buffer
        obj_template = create_string_buffer(obj_template)
        tmps = OperatorTemplate.objects.filter(fpversion=10)  #比对时只取10.0
        if tmps:
            for t in tmps:
                try:
                    source_template = t.template1
                    source_template = create_string_buffer(source_template)
                
                    math_result = mathpro.process10(source_template, obj_template)
                    if math_result == FP_IDENTIFY_SUCCESS:
                        user = t.user
                        backend = ModelBackend()
                        user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
                        return t
                    elif math_result == FP_NO_LICENCES:
                        return math_result       
                except:
                    import traceback; traceback.print_exc()
            return FP_IDENTIFY_FAILED
        else:
            return FP_IDENTIFY_FAILED
Exemple #10
0
    def post(self, request):
        form = AccessTokenForm.create_from_request(request)

        if not form.is_valid():
            raise ValidationException(request, form)

        backend = ModelBackend()
        user = backend.authenticate(request,
                                    username=form.cleaned_data['username'],
                                    password=form.cleaned_data['password'])

        if not user:
            raise UnauthorizedException(request)

        access_token = JWTFactory(user.pk).access()
        jti, refresh_token = JWTFactory(user.pk).refresh()

        redis = Redis(host=settings.REDIS_HOST,
                      port=settings.REDIS_PORT,
                      db=settings.REDIS_DATABASE)

        redis.set(f"refresh_token:{jti}", jti)
        redis.expire(f"refresh_token:{jti}",
                     settings.SECURED_VIEW_JWT_REFRESH_TOKEN_EXPIRATION)

        return SingleResponse(request, {
            'access_token': access_token,
            'refresh_token': refresh_token
        },
                              status=HTTPStatus.OK)
Exemple #11
0
def comhtml(request):
    """评论"""
    userid = request.session.get('_auth_user_id', None)
    cacheuserdic = cache.get(userid, None)
    if not cacheuserdic or not cacheuserdic['is_login']:
        weiboresponeobj = weiborespone.is_com(comlist='',
                                              status=False,
                                              message="登录超时,请重新登录")
        return HttpResponse(json.dumps(weiboresponeobj.dic()))

    if request.method == 'GET':
        comid = request.GET.get('id', None)
        text = request.GET.get('text', None)
        userobj = ModelBackend().get_user(user_id=userid)
        weibocontenobj = models_server.WeiboContent()
        if text:
            ret = weibocontenobj.is_comment(weibo_id=comid,
                                            userobj=userobj,
                                            comment=text)
        else:
            ret = weibocontenobj.select_comment(comid)
        weiboresponeobj = weiborespone.is_com(comlist=ret,
                                              status=True,
                                              message="")
        return HttpResponse(json.dumps(weiboresponeobj.dic()))

    elif request.method == 'POST':
        pass
Exemple #12
0
def test_create_active_user(db):
    """Should authenticate users in active state."""
    user = UserAccount.objects.create_user(**DEFAULT_PARAMETERS)
    parameters = DEFAULT_PARAMETERS.copy()
    password = parameters.pop("password")
    assert ModelBackend().authenticate(request=None,
                                       username=user.email,
                                       password=password)
Exemple #13
0
def login_password(request, username, password):
    """login_password(username, password): session_id"""
    backend = ModelBackend()
    user = backend.authenticate(username, password)
    if user is None:
        raise PermissionDenied("Invalid username or password.")
    user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
    django.contrib.auth.login(request, user)
    return request.session.session_key
Exemple #14
0
def login(request):
    """登录视图"""
    if request.method == 'GET':
        pass

    elif request.method == 'POST':
        """登录判断"""
        username = request.POST.get('username', None)
        password = request.POST.get('password', None)
        loginrespone = userrespone.loginespone()
        if username and password:
            obj = models_server.UserCollection()
            ret = obj.is_login(request=request,
                               username=username,
                               password=password)
            if ret:
                user_id = request.session['_auth_user_id']
                request.session['id_login'] = True
                loginrespone.status = True
                sessionrequestobj = sessionrespone.sessionrespone(
                    user_id=user_id)
                cache.set(user_id,
                          sessionrequestobj.dic(),
                          timeout=config.cache['redis_timeout'])
                usercollobj = models_server.UserCollection()
                newmess_push.start('%s%s' % (str(
                    usercollobj.mymess(
                        ModelBackend().get_user(user_id=user_id)).id), 'mq'))
            else:
                loginrespone.status = False
                loginrespone.message = "用户名或密码错误"
        else:
            loginrespone.status = False
            loginrespone.message = "用户名或密码不能为空"
        return HttpResponse(json.dumps(loginrespone.dic()))

    elif request.method == 'PUT':
        """更改密码"""
        username = request.POST.get('username', None)
        old_password = request.POST.get('old_password', None)
        new_password = request.POST.get('new_password', None)
        if username and old_password and new_password:
            obj = models_server.UserCollection()
            ret = obj.put_passwd(username=username,
                                 old_password=old_password,
                                 new_password=new_password)
            print(ret)
            return

    elif request.method == 'DELETE':
        """退出用户登录"""
        userid = request.session.get('_auth_user_id', None)
        cache.set(userid, {'is_login': False}, timeout=5)
        obj = models_server.UserCollection()
        ret = obj.is_logout(request)
        return redirect('/index/', permanent=True)
Exemple #15
0
def loginPOST(req):
    form = req.POST
    nexturl = form.get('next', '/')
    kwds = {}
    kwds['username'] = form.get('uid', '') or form.get('username', '')
    kwds['password'] = form.get('password', '')

    # Check if correct credentials
    # - should put a msg to pass to redirect as login report
    if kwds['password'] == None: return redirect('/login/')
    objects = ModelBackend()
    #    user = User.objects.authenticate(kwds['username'], kwds['password'])
    user = objects.authenticate(kwds['username'], kwds['password'])
    #    user_list = objects.all()
    print "user_list:"
    print User.objects.all()
    print "username:%s, pwd:%s" % (kwds['username'], kwds['password'])

    # Check if user in group for redirect
    # - should put a msg to pass to redirect as login report
    group = user.groups.all().first()
    print "GROUP: %s" % (group)
    if group == None: return redirect('/login/')

    # Hack to open a job page on login
    first_login = user.date_joined == user.last_login
    print "user.date_joined == user.last_login => first_login:%s" % first_login
    if (first_login):
        from mcsimulator.models import Job, Simulation
        simulations = Simulation.objects
        sim = simulations.get(name__startswith=group)
        print "SIM:%s" % sim
        print "     id:        %s" % sim.id
        print "   name:        %s" % sim.name
        print "   simgroup:    %s" % sim.simgroup
        print "   displayname: %s" % sim.displayname
        print "   params:"
        for k, v in sim.params.items():
            print "     key:%s, val:%s" % (k, v)
        # got a simulation that is relevent to the user now build and save a job for them
        job_ref = "%s_%s_%s" % (datetime.datetime.now().strftime(
            "%Y%m%d%H%M%S"), sim.name(), user.name)
        Job.new(job_ref, sim, 0, 1000, 1000, sim.id).save()
        # then pass this job to the redirect

        #    for m in [method for method in dir(OBJECT) if callable(getattr(OBJECT,method))]:
        #      if(m[0]!="_"):print m
        # End of Job ref hack

    if user is None or not user.is_active:
        return redirect('/login/Invalid_credentials')
    else:
        user.backend = 'django.contrib.auth.backends.ModelBackend'
        login(req, user)
        return redirect(nexturl + job_ref)
Exemple #16
0
def get_user(request):
    """
    Returns the user model instance associated with the given request token.
    If no user is retrieved an instance of `AnonymousUser` is returned.
    """
    if hasattr(request, 'token'):
        user_id = request.token.user.pk
        user = ModelBackend().get_user(user_id) or AnonymousUser()
    else:
        user = AnonymousUser()
    return user
 def validate(self, attrs):
     username = attrs.get('username')
     password = attrs.get('password')
     if password and password:
         is_correct = bool(ModelBackend().authenticate(request=self.request,
                                                       username=username,
                                                       password=password))
         if not is_correct:
             raise serializers.ValidationError(
                 'Incorrect login and password combination.')
     return attrs
    def test_anonymous_has_no_permissions(self):
        """Anonymous users shouldn't have permissions in ModelBackend

        #17903 -- Anonymous users shouldn't have permissions in
        ModelBackend.get_(all|user|group)_permissions().

        https://code.djangoproject.com/ticket/17903
        """
        backend = ModelBackend()

        user = self.UserModel._default_manager.get(pk=self.user.pk)
        content_type = ContentType.objects.get_for_model(Group)
        user_perm = Permission.objects.create(name="test",
                                              content_type=content_type,
                                              codename="test_user")
        group_perm = Permission.objects.create(name="test2",
                                               content_type=content_type,
                                               codename="test_group")
        user.user_permissions.add(user_perm)

        group = Group.objects.create(name="test_group")
        user.groups.add(group)
        group.permissions.add(group_perm)

        self.assertEqual(
            backend.get_all_permissions(user),
            {"auth.test_user", "auth.test_group"},
        )
        # Django 2.0 avoids cache permission problems
        # https://code.djangoproject.com/ticket/28713
        # https://github.com/django/django/pull/9242
        if DJANGO_VERSION >= (2, 0):
            self.assertEqual(backend.get_user_permissions(user),
                             {"auth.test_user"})
        else:
            self.assertEqual(
                backend.get_user_permissions(user),
                {"auth.test_user", "auth.test_group"},
            )
        self.assertEqual(backend.get_group_permissions(user),
                         {"auth.test_group"})

        # In Django 1.10, is_anonymous became a property.
        if DJANGO_VERSION >= (1, 10):
            is_anon_mock = True
        else:
            is_anon_mock = lambda s: True  # noqa: E731
        with patch.object(self.UserModel, "is_anonymous", is_anon_mock):
            self.assertEqual(backend.get_all_permissions(user), set())
            self.assertEqual(backend.get_user_permissions(user), set())
            self.assertEqual(backend.get_group_permissions(user), set())
Exemple #19
0
 def authenticate(self, request):
     incoming = extract_incoming(request)
     if not isinstance(incoming, dict):
         raise AuthenticationFailed()
     username, password = incoming.get(USERNAME), incoming.get(PASSWORD)
     if not username or not password:
         return None
     user = ModelBackend().authenticate(request, username, password)
     if user is None:
         raise AuthenticationFailed('%s or %s is incorrect.' %
                                    (USERNAME, PASSWORD))
     if not user.is_active:
         raise AuthenticationFailed("Invalid Login.")
     return user, None
Exemple #20
0
    def authenticate(self, username, password, backend_cls=None):
        if not backend_cls:

            class EveryoneCanActAs(ActAsBackend):
                def can_act_as(self, auth_user, user):
                    return True

            backend_cls = EveryoneCanActAs

        backend = backend_cls()
        with patched_get_backends([backend, ModelBackend()]):
            return auth_through_backend(backend,
                                        username=username,
                                        password=password)
Exemple #21
0
 class Meta:
     queryset = Product.objects.all()
     list_allowed_methods = ['get', 'post']
     detail_allowed_methods = ['get', 'put', 'delete']
     serializer = Serializer(formats=['json'])
     authentication = CustomAuthentication(backend=ModelBackend())
     authorization = DjangoAuthorization()
     excludes = [
         'is_active',
         'is_staff',
         'is_superuser',
         'date_joined',
         'last_login'
     ]
Exemple #22
0
    def post(self, request, *kwargs):
        """..."""
        print(request.user)
        post = request.POST
        auth_backend = ModelBackend()

        user = auth_backend.authenticate(request, post.get('email'),
                                         post.get('password'))

        print(user)

        login(request, user)

        return JsonResponse({'status': 'success'})
    def test_inactive_has_no_permissions(self):
        """Inactive users shouldn't have permissions in ModelBackend

        #17903 -- Inactive users shouldn't have permissions in
        ModelBackend.get_(all|user|group)_permissions().

        https://code.djangoproject.com/ticket/17903
        """
        backend = ModelBackend()

        user = self.UserModel._default_manager.get(pk=self.user.pk)
        content_type = ContentType.objects.get_for_model(Group)
        user_perm = Permission.objects.create(name="test",
                                              content_type=content_type,
                                              codename="test_user")
        group_perm = Permission.objects.create(name="test2",
                                               content_type=content_type,
                                               codename="test_group")
        user.user_permissions.add(user_perm)

        group = Group.objects.create(name="test_group")
        user.groups.add(group)
        group.permissions.add(group_perm)

        self.assertEqual(
            backend.get_all_permissions(user),
            {"auth.test_user", "auth.test_group"},
        )
        # Django 2.0 avoids cache permission problems
        # https://code.djangoproject.com/ticket/28713
        # https://github.com/django/django/pull/9242
        if DJANGO_VERSION >= (2, 0):
            self.assertEqual(backend.get_user_permissions(user),
                             {"auth.test_user"})
        else:
            self.assertEqual(
                backend.get_user_permissions(user),
                {"auth.test_user", "auth.test_group"},
            )
        self.assertEqual(backend.get_group_permissions(user),
                         {"auth.test_group"})

        user.is_active = False
        user.save()

        self.assertEqual(backend.get_all_permissions(user), set())
        self.assertEqual(backend.get_user_permissions(user), set())
        self.assertEqual(backend.get_group_permissions(user), set())
Exemple #24
0
    def validate(self, data):
        # The `validate` method is where we make sure that the current
        # instance of `LoginSerializer` has "valid". In the case of logging a
        # user in, this means validating that they've provided an email
        # and password and that this combination matches one of the users in
        # our database.
        email = data.get('email', None)
        password = data.get('password', None)

        if email is None:
            raise serializers.ValidationError(
                'An email address is required to log in.')

        if password is None:
            raise serializers.ValidationError(
                'A password is required to log in.')

        # The `authenticate` method is provided by Django and handles checking
        # for a user that matches this email/password combination.
        # we pass `email` as the `username` value since in our User
        # model we set `USERNAME_FIELD` as `email`.

        # we use the authenticate method of the ModelBackend class in order to
        # mock it in tests and avoid hitting the database when unit testing this
        # serializer. The None value represents the request argument of the method
        user = ModelBackend().authenticate(None,
                                           username=email,
                                           password=password)

        if user is None:
            raise NotFound('A user with this email and password was not found')

        # purpose of this flag is to tell us whether the user has been banned
        # or deactivated.
        if not user.is_active:
            raise serializers.ValidationError('This user has been deactivated')

        return {
            'email': user.email,
            'username': user.username,
            'token': user.token,
            'profile': user.profile,
        }
def menu_filter(request):
    user = request.user
    menus = ModelBackend().get_all_permissions(user_obj=user)
    can_menus = {
        'menus': [],
    }

    for menu in menus:
        if str(menu).split('.')[0] == 'plug_ins':
            menu = Permission.objects.get(codename=str(menu).split('.')[-1])
            if menu.codename.split('_')[0] == 'view':
                can_menus['menus'].append({
                    'id':
                    menu.codename.split('view_')[-1],
                    'url':
                    '/xadmin/ta/%s/' %
                    menu.codename.split('view_')[-1].replace('menu', '')
                })
    return can_menus
Exemple #26
0
    def test_anonymous_has_no_permissions(self):
        """
        #17903 -- Anonymous users shouldn't have permissions in
        ModelBackend.get_(all|user|group)_permissions().
        """
        backend = ModelBackend()

        user = self.UserModel._default_manager.get(pk=self.user.pk)
        content_type = ContentType.objects.get_for_model(Group)
        user_perm = Permission.objects.create(name='test',
                                              content_type=content_type,
                                              codename='test_user')
        group_perm = Permission.objects.create(name='test2',
                                               content_type=content_type,
                                               codename='test_group')
        user.user_permissions.add(user_perm)

        group = Group.objects.create(name='test_group')
        user.groups.add(group)
        group.permissions.add(group_perm)

        self.assertEqual(backend.get_all_permissions(user),
                         {'auth.test_user', 'auth.test_group'})
        self.assertEqual(backend.get_user_permissions(user),
                         {'auth.test_user', 'auth.test_group'})
        self.assertEqual(backend.get_group_permissions(user),
                         {'auth.test_group'})

        # In Django 1.10, is_anonymous became a property.
        is_anon = self.UserModel.is_anonymous
        if django.VERSION >= (1, 10):
            self.UserModel.is_anonymous = True
        else:
            user.is_anonymous = lambda: True

        self.assertEqual(backend.get_all_permissions(user), set())
        self.assertEqual(backend.get_user_permissions(user), set())
        self.assertEqual(backend.get_group_permissions(user), set())

        self.UserModel.is_anonymous = is_anon
Exemple #27
0
def user_login(request):

    if request.method == 'POST':
        username = request.POST.get('username')
        password = request.POST.get('password')
        UserModel = get_user_model()
        user = UserModel._default_manager.get_by_natural_key(username)
        mb = ModelBackend()
        user = authenticate(username=username,
                            password=password,
                            request=request)
        if user:
            if user.is_active:
                login(request, user)
                return HttpResponseRedirect(reverse('home'))
            else:
                return HttpResponse("ACCOUNT NOT ACTIVE")
        else:
            print("Someone tried to login and failed")
            return HttpResponse("Invalid login details")
    else:
        return render(request, 'accounts/login.html', {})
Exemple #28
0
.. moduleauthor:: Gerson Galang <*****@*****.**>
'''

import logging

from django.contrib.auth.models import User, Group
from django.contrib.auth.backends import ModelBackend

from tardis.tardis_portal.auth.interfaces import AuthProvider, GroupProvider, UserProvider

logger = logging.getLogger(__name__)

auth_key = u'localdb'
auth_display_name = u'Local DB'

_modelBackend = ModelBackend()


class DjangoAuthBackend(AuthProvider):
    """Authenticate against Django's Model Backend.

    """
    def authenticate(self, request):
        """authenticate a user, this expect the user will be using
        form based auth and the *username* and *password* will be
        passed in as **POST** variables.

        :param request: a HTTP Request instance
        :type request: :class:`django.http.HttpRequest`
        """
        username = request.POST['username']
Exemple #29
0
def check_global_permission(user: User, perm: str) -> bool:
    """Check whether a user has a global permission."""
    return ModelBackend().has_perm(user, perm)
 def authenticate(self, *args, **kwargs):
     if django.VERSION[0] >= 2 or (django.VERSION[0] == 1
                                   and django.VERSION[1] >= 11):
         assert len(args) > 0 and args[0]
     return ModelBackend().authenticate(*args, **kwargs)