144 lines
5.3 KiB
Python
144 lines
5.3 KiB
Python
try:
|
|
set
|
|
except NameError:
|
|
from sets import Set as set # Python 2.3 fallback
|
|
|
|
from django.db import connection
|
|
from django.contrib.auth.models import User
|
|
|
|
|
|
class ModelBackend(object):
|
|
"""
|
|
Authenticates against django.contrib.auth.models.User.
|
|
"""
|
|
supports_object_permissions = False
|
|
|
|
# TODO: Model, login attribute name and password attribute name should be
|
|
# configurable.
|
|
def authenticate(self, username=None, password=None):
|
|
try:
|
|
user = User.objects.get(username=username)
|
|
if user.check_password(password):
|
|
return user
|
|
except User.DoesNotExist:
|
|
return None
|
|
|
|
def get_group_permissions(self, user_obj):
|
|
"""
|
|
Returns a set of permission strings that this user has through his/her
|
|
groups.
|
|
"""
|
|
if not hasattr(user_obj, '_group_perm_cache'):
|
|
cursor = connection.cursor()
|
|
# The SQL below works out to the following, after DB quoting:
|
|
# cursor.execute("""
|
|
# SELECT ct."app_label", p."codename"
|
|
# FROM "auth_permission" p, "auth_group_permissions" gp, "auth_user_groups" ug, "django_content_type" ct
|
|
# WHERE p."id" = gp."permission_id"
|
|
# AND gp."group_id" = ug."group_id"
|
|
# AND ct."id" = p."content_type_id"
|
|
# AND ug."user_id" = %s, [self.id])
|
|
qn = connection.ops.quote_name
|
|
sql = """
|
|
SELECT ct.%s, p.%s
|
|
FROM %s p, %s gp, %s ug, %s ct
|
|
WHERE p.%s = gp.%s
|
|
AND gp.%s = ug.%s
|
|
AND ct.%s = p.%s
|
|
AND ug.%s = %%s""" % (
|
|
qn('app_label'), qn('codename'),
|
|
qn('auth_permission'), qn('auth_group_permissions'),
|
|
qn('auth_user_groups'), qn('django_content_type'),
|
|
qn('id'), qn('permission_id'),
|
|
qn('group_id'), qn('group_id'),
|
|
qn('id'), qn('content_type_id'),
|
|
qn('user_id'),)
|
|
cursor.execute(sql, [user_obj.id])
|
|
user_obj._group_perm_cache = set(["%s.%s" % (row[0], row[1]) for row in cursor.fetchall()])
|
|
return user_obj._group_perm_cache
|
|
|
|
def get_all_permissions(self, user_obj):
|
|
if not hasattr(user_obj, '_perm_cache'):
|
|
user_obj._perm_cache = set([u"%s.%s" % (p.content_type.app_label, p.codename) for p in user_obj.user_permissions.select_related()])
|
|
user_obj._perm_cache.update(self.get_group_permissions(user_obj))
|
|
return user_obj._perm_cache
|
|
|
|
def has_perm(self, user_obj, perm):
|
|
return perm in self.get_all_permissions(user_obj)
|
|
|
|
def has_module_perms(self, user_obj, app_label):
|
|
"""
|
|
Returns True if user_obj has any permissions in the given app_label.
|
|
"""
|
|
for perm in self.get_all_permissions(user_obj):
|
|
if perm[:perm.index('.')] == app_label:
|
|
return True
|
|
return False
|
|
|
|
def get_user(self, user_id):
|
|
try:
|
|
return User.objects.get(pk=user_id)
|
|
except User.DoesNotExist:
|
|
return None
|
|
|
|
|
|
class RemoteUserBackend(ModelBackend):
|
|
"""
|
|
This backend is to be used in conjunction with the ``RemoteUserMiddleware``
|
|
found in the middleware module of this package, and is used when the server
|
|
is handling authentication outside of Django.
|
|
|
|
By default, the ``authenticate`` method creates ``User`` objects for
|
|
usernames that don't already exist in the database. Subclasses can disable
|
|
this behavior by setting the ``create_unknown_user`` attribute to
|
|
``False``.
|
|
"""
|
|
|
|
# Create a User object if not already in the database?
|
|
create_unknown_user = True
|
|
|
|
def authenticate(self, remote_user):
|
|
"""
|
|
The username passed as ``remote_user`` is considered trusted. This
|
|
method simply returns the ``User`` object with the given username,
|
|
creating a new ``User`` object if ``create_unknown_user`` is ``True``.
|
|
|
|
Returns None if ``create_unknown_user`` is ``False`` and a ``User``
|
|
object with the given username is not found in the database.
|
|
"""
|
|
if not remote_user:
|
|
return
|
|
user = None
|
|
username = self.clean_username(remote_user)
|
|
|
|
# Note that this could be accomplished in one try-except clause, but
|
|
# instead we use get_or_create when creating unknown users since it has
|
|
# built-in safeguards for multiple threads.
|
|
if self.create_unknown_user:
|
|
user, created = User.objects.get_or_create(username=username)
|
|
if created:
|
|
user = self.configure_user(user)
|
|
else:
|
|
try:
|
|
user = User.objects.get(username=username)
|
|
except User.DoesNotExist:
|
|
pass
|
|
return user
|
|
|
|
def clean_username(self, username):
|
|
"""
|
|
Performs any cleaning on the "username" prior to using it to get or
|
|
create the user object. Returns the cleaned username.
|
|
|
|
By default, returns the username unchanged.
|
|
"""
|
|
return username
|
|
|
|
def configure_user(self, user):
|
|
"""
|
|
Configures a user after creation and returns the updated user.
|
|
|
|
By default, returns the user unmodified.
|
|
"""
|
|
return user
|