def check_policy_to_enter_any_area(user: User): """ Checks the area access policy for a user. """ if not user.is_active: raise InactiveUserError(user=user) if user.active_project_count() < 1: raise NoActiveProjectsForUserError(user=user) if user.access_expiration is not None and user.access_expiration < date.today(): raise PhysicalAccessExpiredUserError(user=user) user_has_access_to_at_least_one_area = user.accessible_access_levels().exists() if not user_has_access_to_at_least_one_area: raise NoPhysicalAccessUserError(user=user)
def check_user_exists_and_active(backend: ModelBackend, username: str) -> User:
# The user must exist in the database
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
auth_logger.warning(
f"User {username} attempted to authenticate with {type(backend).__name__}, but that username does not exist in the database. The user was denied access."
)
raise
# The user must be marked active.
if not user.is_active:
auth_logger.warning(
f"User {username} attempted to authenticate with {type(backend).__name__}, but that user is marked inactive in the database. The user was denied access."
)
raise InactiveUserError(user=username)
auth_logger.debug(f"User {username} exists in the database and is active.")
return user
def check_policy_to_enter_any_area(user: User): """ Checks the area access policy for a user. """ if not user.is_active: raise InactiveUserError(user=user) if user.active_project_count() < 1: raise NoActiveProjectsForUserError(user=user) if user.access_expiration is not None and user.access_expiration < date.today(): raise PhysicalAccessExpiredUserError(user=user) user_has_access_to_at_least_one_area = user.physical_access_levels.all().exists() staff_has_access_to_at_least_one_area = user.is_staff and PhysicalAccessLevel.objects.filter(allow_staff_access=True).exists() if not (user_has_access_to_at_least_one_area or staff_has_access_to_at_least_one_area): raise NoPhysicalAccessUserError(user=user)
def check_user_exists_and_active(backend: ModelBackend, username: str) -> User:
# The user must exist in the database
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
auth_logger.warning(
f"Username {username} attempted to authenticate with {type(backend).__name__}, but that username does not exist in the NEMO database. The user was denied access."
)
raise
# The user must be marked active.
if not user.is_active:
auth_logger.warning(
f"User {username} successfully authenticated with {type(backend).__name__}, but that user is marked inactive in the NEMO database. The user was denied access."
)
raise InactiveUserError(user=username)
# All security checks passed so let the user in.
auth_logger.debug(
f"User {username} successfully authenticated with {type(backend).__name__} and was granted access to NEMO."
)
return user