1 | from django.contrib.auth.models import User, Permission, AnonymousUser
|
---|
2 |
|
---|
3 |
|
---|
4 | class ModelBackend(object):
|
---|
5 | """
|
---|
6 | Authenticates against django.contrib.auth.models.User.
|
---|
7 | """
|
---|
8 | supports_inactive_user = True
|
---|
9 |
|
---|
10 | user_class = User
|
---|
11 | permission_class = Permission
|
---|
12 | anonymous_user_class = AnonymousUser
|
---|
13 |
|
---|
14 | def get_anonymous_user(self):
|
---|
15 | return self.anonymous_user_class()
|
---|
16 |
|
---|
17 | # TODO: Model, login attribute name and password attribute name should be
|
---|
18 | # configurable.
|
---|
19 | def authenticate(self, username=None, password=None):
|
---|
20 | try:
|
---|
21 | user = self.user_class.objects.get(username=username)
|
---|
22 | if user.check_password(password):
|
---|
23 | return user
|
---|
24 | except self.user_class.DoesNotExist:
|
---|
25 | return None
|
---|
26 |
|
---|
27 | def get_group_permissions(self, user_obj, obj=None):
|
---|
28 | """
|
---|
29 | Returns a set of permission strings that this user has through his/her
|
---|
30 | groups.
|
---|
31 | """
|
---|
32 | if user_obj.is_anonymous() or obj is not None:
|
---|
33 | return set()
|
---|
34 | if not hasattr(user_obj, '_group_perm_cache'):
|
---|
35 | if user_obj.is_superuser:
|
---|
36 | perms = self.permission_class.objects.all()
|
---|
37 | else:
|
---|
38 | perms = self.permission_class.objects.filter(group__user=user_obj)
|
---|
39 | perms = perms.values_list('content_type__app_label', 'codename').order_by()
|
---|
40 | user_obj._group_perm_cache = set(["%s.%s" % (ct, name) for ct, name in perms])
|
---|
41 | return user_obj._group_perm_cache
|
---|
42 |
|
---|
43 | def get_all_permissions(self, user_obj, obj=None):
|
---|
44 | if user_obj.is_anonymous() or obj is not None:
|
---|
45 | return set()
|
---|
46 | if not hasattr(user_obj, '_perm_cache'):
|
---|
47 | user_obj._perm_cache = set([u"%s.%s" % (p.content_type.app_label, p.codename) for p in user_obj.user_permissions.select_related()])
|
---|
48 | user_obj._perm_cache.update(self.get_group_permissions(user_obj))
|
---|
49 | return user_obj._perm_cache
|
---|
50 |
|
---|
51 | def has_perm(self, user_obj, perm, obj=None):
|
---|
52 | if not user_obj.is_active:
|
---|
53 | return False
|
---|
54 | return perm in self.get_all_permissions(user_obj, obj)
|
---|
55 |
|
---|
56 | def has_module_perms(self, user_obj, app_label):
|
---|
57 | """
|
---|
58 | Returns True if user_obj has any permissions in the given app_label.
|
---|
59 | """
|
---|
60 | if not user_obj.is_active:
|
---|
61 | return False
|
---|
62 | for perm in self.get_all_permissions(user_obj):
|
---|
63 | if perm[:perm.index('.')] == app_label:
|
---|
64 | return True
|
---|
65 | return False
|
---|
66 |
|
---|
67 | def get_user(self, user_id):
|
---|
68 | try:
|
---|
69 | return self.user_class.objects.get(pk=user_id)
|
---|
70 | except self.user_class.DoesNotExist:
|
---|
71 | return None
|
---|
72 |
|
---|
73 |
|
---|
74 | class RemoteUserBackend(ModelBackend):
|
---|
75 | """
|
---|
76 | This backend is to be used in conjunction with the ``RemoteUserMiddleware``
|
---|
77 | found in the middleware module of this package, and is used when the server
|
---|
78 | is handling authentication outside of Django.
|
---|
79 |
|
---|
80 | By default, the ``authenticate`` method creates ``User`` objects for
|
---|
81 | usernames that don't already exist in the database. Subclasses can disable
|
---|
82 | this behavior by setting the ``create_unknown_user`` attribute to
|
---|
83 | ``False``.
|
---|
84 | """
|
---|
85 |
|
---|
86 | # Create a User object if not already in the database?
|
---|
87 | create_unknown_user = True
|
---|
88 |
|
---|
89 | def authenticate(self, remote_user):
|
---|
90 | """
|
---|
91 | The username passed as ``remote_user`` is considered trusted. This
|
---|
92 | method simply returns the ``User`` object with the given username,
|
---|
93 | creating a new ``User`` object if ``create_unknown_user`` is ``True``.
|
---|
94 |
|
---|
95 | Returns None if ``create_unknown_user`` is ``False`` and a ``User``
|
---|
96 | object with the given username is not found in the database.
|
---|
97 | """
|
---|
98 | if not remote_user:
|
---|
99 | return
|
---|
100 | user = None
|
---|
101 | username = self.clean_username(remote_user)
|
---|
102 |
|
---|
103 | # Note that this could be accomplished in one try-except clause, but
|
---|
104 | # instead we use get_or_create when creating unknown users since it has
|
---|
105 | # built-in safeguards for multiple threads.
|
---|
106 | if self.create_unknown_user:
|
---|
107 | user, created = self.user_class.objects.get_or_create(username=username)
|
---|
108 | if created:
|
---|
109 | user = self.configure_user(user)
|
---|
110 | else:
|
---|
111 | try:
|
---|
112 | user = self.user_class.objects.get(username=username)
|
---|
113 | except self.user_class.DoesNotExist:
|
---|
114 | pass
|
---|
115 | return user
|
---|
116 |
|
---|
117 | def clean_username(self, username):
|
---|
118 | """
|
---|
119 | Performs any cleaning on the "username" prior to using it to get or
|
---|
120 | create the user object. Returns the cleaned username.
|
---|
121 |
|
---|
122 | By default, returns the username unchanged.
|
---|
123 | """
|
---|
124 | return username
|
---|
125 |
|
---|
126 | def configure_user(self, user):
|
---|
127 | """
|
---|
128 | Configures a user after creation and returns the updated user.
|
---|
129 |
|
---|
130 | By default, returns the user unmodified.
|
---|
131 | """
|
---|
132 | return user
|
---|