NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-07-18 04:56:29 -06:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Expose assigned ObjectPermissions on User instance

Browse Source
This commit is contained in:
Jeremy Stretch 2020-05-28 13:25:37 -04:00
parent 73b7eb0c7f
commit a8ed04c4d2
1 changed files with 25 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
netbox/utilities/auth_backends.py
View File

@ -3,7 +3,6 @@ import logging
from django.conf import settings from django.conf import settings
from django.contrib.auth.backends import ModelBackend, RemoteUserBackend as _RemoteUserBackend from django.contrib.auth.backends import ModelBackend, RemoteUserBackend as _RemoteUserBackend
from django.contrib.auth.models import Group from django.contrib.auth.models import Group
from django.contrib.contenttypes.models import ContentType
from django.db.models import Q from django.db.models import Q
from users.models import ObjectPermission from users.models import ObjectPermission
@ -12,12 +11,17 @@ from utilities.permissions import resolve_permission
class ObjectPermissionBackend(ModelBackend): class ObjectPermissionBackend(ModelBackend):
def get_all_permissions(self, user_obj, obj=None):
if not user_obj.is_active or user_obj.is_anonymous:
return set()
if not hasattr(user_obj, '_object_perm_cache'):
user_obj._object_perm_cache = self.get_object_permissions(user_obj)
return user_obj._object_perm_cache
def get_object_permissions(self, user_obj): def get_object_permissions(self, user_obj):
""" """
Return all permissions granted to the user by an ObjectPermission. Return all permissions granted to the user by an ObjectPermission.
""" """
if not hasattr(user_obj, '_object_perm_cache'):
# Retrieve all assigned ObjectPermissions # Retrieve all assigned ObjectPermissions
object_permissions = ObjectPermission.objects.filter( object_permissions = ObjectPermission.objects.filter(
Q(users=user_obj) | Q(users=user_obj) |
@ -35,10 +39,7 @@ class ObjectPermissionBackend(ModelBackend):
else: else:
perms[perm_name] = [obj_perm.attrs] perms[perm_name] = [obj_perm.attrs]
# Cache resolved permissions on the User instance return perms
setattr(user_obj, '_object_perm_cache', perms)
return user_obj._object_perm_cache
def has_perm(self, user_obj, perm, obj=None): def has_perm(self, user_obj, perm, obj=None):
app_label, codename = perm.split('.') app_label, codename = perm.split('.')
@ -64,7 +65,7 @@ class ObjectPermissionBackend(ModelBackend):
return False return False
# If no applicable ObjectPermissions have been created for this user/permission, deny permission # If no applicable ObjectPermissions have been created for this user/permission, deny permission
if perm not in self.get_object_permissions(user_obj): if perm not in self.get_all_permissions(user_obj):
return False return False
# If no object has been specified, grant permission. (The presence of a permission in this set tells # If no object has been specified, grant permission. (The presence of a permission in this set tells
@ -78,7 +79,7 @@ class ObjectPermissionBackend(ModelBackend):
raise ValueError(f"Invalid permission {perm} for model {model}") raise ValueError(f"Invalid permission {perm} for model {model}")
# Compile a query filter that matches all instances of the specified model # Compile a query filter that matches all instances of the specified model
obj_perm_attrs = self.get_object_permissions(user_obj)[perm] obj_perm_attrs = self.get_all_permissions(user_obj)[perm]
attrs = Q() attrs = Q()
for perm_attrs in obj_perm_attrs: for perm_attrs in obj_perm_attrs:
if perm_attrs: if perm_attrs: