remove Application.user_is_authorized
This commit is contained in:
parent
330118249e
commit
4a7b0ec8a9
|
@ -152,11 +152,6 @@ class Application(PolicyModel):
|
|||
|
||||
objects = InheritanceManager()
|
||||
|
||||
def user_is_authorized(self, user: User) -> bool:
|
||||
"""Check if user is authorized to use this application"""
|
||||
from passbook.core.policies import PolicyEngine
|
||||
return PolicyEngine(self.policies.all()).for_user(user).build().result
|
||||
|
||||
def get_provider(self):
|
||||
"""Get casted provider instance"""
|
||||
if not self.provider:
|
||||
|
|
|
@ -5,6 +5,7 @@ from django.contrib import messages
|
|||
from django.utils.translation import gettext as _
|
||||
|
||||
from passbook.core.models import Application
|
||||
from passbook.core.policies import PolicyEngine
|
||||
|
||||
LOGGER = getLogger(__name__)
|
||||
|
||||
|
@ -28,4 +29,6 @@ class AccessMixin:
|
|||
def user_has_access(self, application, user):
|
||||
"""Check if user has access to application."""
|
||||
LOGGER.debug("Checking permissions of %s on application %s...", user, application)
|
||||
return application.user_is_authorized(user)
|
||||
policy_engine = PolicyEngine(application.policies.all())
|
||||
policy_engine.for_user(user).with_request(self.request).build()
|
||||
return policy_engine.result
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
from logging import getLogger
|
||||
from urllib.parse import urlencode
|
||||
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||
from django.shortcuts import get_object_or_404, redirect, reverse
|
||||
from django.utils.translation import ugettext as _
|
||||
|
@ -49,7 +50,10 @@ class PassbookAuthorizationView(AccessMixin, AuthorizationView):
|
|||
provider.save()
|
||||
self._application = application
|
||||
# Check permissions
|
||||
if not self.user_has_access(self._application, request.user):
|
||||
passing, policy_meaages = self.user_has_access(self._application, request.user)
|
||||
if not passing:
|
||||
for policy_meaage in policy_meaages:
|
||||
messages.error(request, policy_meaage)
|
||||
return redirect('passbook_oauth_provider:oauth2-permission-denied')
|
||||
actual_response = super().dispatch(request, *args, **kwargs)
|
||||
if actual_response.status_code == 400:
|
||||
|
|
Reference in a new issue