root(minor): start implementing guardian

This commit is contained in:
Langhammer, Jens 2019-10-10 10:45:51 +02:00
parent ca3bcc565d
commit a53f7a49ac
6 changed files with 41 additions and 11 deletions

View file

@ -35,6 +35,7 @@ service_identity = "*"
signxml = "*" signxml = "*"
urllib3 = {extras = ["secure"],version = "*"} urllib3 = {extras = ["secure"],version = "*"}
structlog = "*" structlog = "*"
django-guardian = "*"
[requires] [requires]
python_version = "3.7" python_version = "3.7"

22
Pipfile.lock generated
View file

@ -1,7 +1,7 @@
{ {
"_meta": { "_meta": {
"hash": { "hash": {
"sha256": "53d7190ea62f504dc1a36eae952a273e0b2d9f313f23031099d039c3146235b7" "sha256": "1636ead76bcc61736245f5255a6dfafbf261c3b37b1a2b2665db50919b4cb1ea"
}, },
"pipfile-spec": 6, "pipfile-spec": 6,
"requires": { "requires": {
@ -101,10 +101,10 @@
}, },
"cheroot": { "cheroot": {
"hashes": [ "hashes": [
"sha256:6168371ab9aaf574ac5f75675f244bbfebf990202bf75048065e9d675b9ae719", "sha256:709259ea832932fb4e1c040b87836a260d386155098c7e138fc317937763e7ae",
"sha256:8cc7c28961db2e13d0cac6b234a589a314c1844f7bbf54e67888ac9a2e25ac59" "sha256:abba64f5f0d09b3b8bddf98fa18df1176cd83728b220a995e061c1a766e20a45"
], ],
"version": "==7.0.0" "version": "==8.0.0"
}, },
"cherrypy": { "cherrypy": {
"hashes": [ "hashes": [
@ -180,6 +180,14 @@
"index": "pypi", "index": "pypi",
"version": "==0.2.1" "version": "==0.2.1"
}, },
"django-guardian": {
"hashes": [
"sha256:8cf4efd67a863eb32beafd4335a38ffb083630f8ab2045212d27f8f9c3abe5a6",
"sha256:e638c9a23eeac534bb68b133975539ed8782f733ab6f35c0b23b4c39cd06b1bb"
],
"index": "pypi",
"version": "==2.1.0"
},
"django-ipware": { "django-ipware": {
"hashes": [ "hashes": [
"sha256:a7c7a8fd019dbdc9c357e6e582f65034e897572fc79a7e467674efa8aef9d00b" "sha256:a7c7a8fd019dbdc9c357e6e582f65034e897572fc79a7e467674efa8aef9d00b"
@ -459,10 +467,10 @@
}, },
"pyasn1-modules": { "pyasn1-modules": {
"hashes": [ "hashes": [
"sha256:43c17a83c155229839cc5c6b868e8d0c6041dba149789b6d6e28801c64821722", "sha256:0c35a52e00b672f832e5846826f1fb7507907f7d52fba6faa9e3c4cbe874fe4b",
"sha256:e30199a9d221f1b26c885ff3d87fd08694dbbe18ed0e8e405a2a7126d30ce4c0" "sha256:b6ada4f840fe51abf5a6bd545b45bf537bea62221fa0dde2e8a553ed9f06a4e3"
], ],
"version": "==0.2.6" "version": "==0.2.7"
}, },
"pycparser": { "pycparser": {
"hashes": [ "hashes": [

View file

@ -11,6 +11,7 @@ from django.db import models
from django.urls import reverse_lazy from django.urls import reverse_lazy
from django.utils.timezone import now from django.utils.timezone import now
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from guardian.mixins import GuardianUserMixin
from model_utils.managers import InheritanceManager from model_utils.managers import InheritanceManager
from structlog import get_logger from structlog import get_logger
@ -41,7 +42,7 @@ class Group(UUIDModel):
unique_together = (('name', 'parent',),) unique_together = (('name', 'parent',),)
class User(AbstractUser): class User(GuardianUserMixin, AbstractUser):
"""Custom User model to allow easier adding o f user-based settings""" """Custom User model to allow easier adding o f user-based settings"""
uuid = models.UUIDField(default=uuid4, editable=False) uuid = models.UUIDField(default=uuid4, editable=False)

View file

@ -4,6 +4,7 @@ from django.apps import apps
from django.contrib import admin from django.contrib import admin
from django.contrib.admin.sites import AlreadyRegistered from django.contrib.admin.sites import AlreadyRegistered
from django.contrib.auth.admin import UserAdmin from django.contrib.auth.admin import UserAdmin
from guardian.admin import GuardedModelAdmin
from passbook.core.models import User from passbook.core.models import User
@ -13,10 +14,9 @@ def admin_autoregister(app):
app_models = apps.get_app_config(app).get_models() app_models = apps.get_app_config(app).get_models()
for model in app_models: for model in app_models:
try: try:
admin.site.register(model) admin.site.register(model, GuardedModelAdmin)
except AlreadyRegistered: except AlreadyRegistered:
pass pass
admin.site.register(User, UserAdmin) admin.site.register(User, UserAdmin)
admin_autoregister('passbook_core')

16
passbook/lib/views.py Normal file
View file

@ -0,0 +1,16 @@
"""passbook helper views"""
from django.views.generic import CreateView
from guardian.shortcuts import assign_perm
class CreateAssignPermView(CreateView):
"""Assign permissions to object after creation"""
permissions = []
def form_valid(self, form):
response = super().form_valid(form)
for permission in self.permissions:
assign_perm(permission, self.request.user, self.object)
return response

View file

@ -53,10 +53,10 @@ LANGUAGE_COOKIE_NAME = 'passbook_language'
AUTHENTICATION_BACKENDS = [ AUTHENTICATION_BACKENDS = [
'django.contrib.auth.backends.ModelBackend', 'django.contrib.auth.backends.ModelBackend',
'guardian.backends.ObjectPermissionBackend',
] ]
# Application definition # Application definition
INSTALLED_APPS = [ INSTALLED_APPS = [
'django.contrib.admin', 'django.contrib.admin',
'django.contrib.auth', 'django.contrib.auth',
@ -67,6 +67,8 @@ INSTALLED_APPS = [
'django.contrib.postgres', 'django.contrib.postgres',
# 'rest_framework', # 'rest_framework',
# 'drf_yasg', # 'drf_yasg',
'guardian',
'passbook.core.apps.PassbookCoreConfig', 'passbook.core.apps.PassbookCoreConfig',
'passbook.admin.apps.PassbookAdminConfig', 'passbook.admin.apps.PassbookAdminConfig',
'passbook.api.apps.PassbookAPIConfig', 'passbook.api.apps.PassbookAPIConfig',
@ -97,6 +99,8 @@ INSTALLED_APPS = [
'passbook.policies.webhook.apps.PassbookPoliciesWebhookConfig', 'passbook.policies.webhook.apps.PassbookPoliciesWebhookConfig',
] ]
GUARDIAN_MONKEY_PATCH = False
REST_FRAMEWORK = { REST_FRAMEWORK = {
# Use Django's standard `django.contrib.auth` permissions, # Use Django's standard `django.contrib.auth` permissions,
# or allow read-only access for unauthenticated users. # or allow read-only access for unauthenticated users.