remove Application.user_is_authorized
This commit is contained in:
parent
330118249e
commit
4a7b0ec8a9
|
@ -152,11 +152,6 @@ class Application(PolicyModel):
|
||||||
|
|
||||||
objects = InheritanceManager()
|
objects = InheritanceManager()
|
||||||
|
|
||||||
def user_is_authorized(self, user: User) -> bool:
|
|
||||||
"""Check if user is authorized to use this application"""
|
|
||||||
from passbook.core.policies import PolicyEngine
|
|
||||||
return PolicyEngine(self.policies.all()).for_user(user).build().result
|
|
||||||
|
|
||||||
def get_provider(self):
|
def get_provider(self):
|
||||||
"""Get casted provider instance"""
|
"""Get casted provider instance"""
|
||||||
if not self.provider:
|
if not self.provider:
|
||||||
|
|
|
@ -5,6 +5,7 @@ from django.contrib import messages
|
||||||
from django.utils.translation import gettext as _
|
from django.utils.translation import gettext as _
|
||||||
|
|
||||||
from passbook.core.models import Application
|
from passbook.core.models import Application
|
||||||
|
from passbook.core.policies import PolicyEngine
|
||||||
|
|
||||||
LOGGER = getLogger(__name__)
|
LOGGER = getLogger(__name__)
|
||||||
|
|
||||||
|
@ -28,4 +29,6 @@ class AccessMixin:
|
||||||
def user_has_access(self, application, user):
|
def user_has_access(self, application, user):
|
||||||
"""Check if user has access to application."""
|
"""Check if user has access to application."""
|
||||||
LOGGER.debug("Checking permissions of %s on application %s...", user, application)
|
LOGGER.debug("Checking permissions of %s on application %s...", user, application)
|
||||||
return application.user_is_authorized(user)
|
policy_engine = PolicyEngine(application.policies.all())
|
||||||
|
policy_engine.for_user(user).with_request(self.request).build()
|
||||||
|
return policy_engine.result
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
from logging import getLogger
|
from logging import getLogger
|
||||||
from urllib.parse import urlencode
|
from urllib.parse import urlencode
|
||||||
|
|
||||||
|
from django.contrib import messages
|
||||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||||
from django.shortcuts import get_object_or_404, redirect, reverse
|
from django.shortcuts import get_object_or_404, redirect, reverse
|
||||||
from django.utils.translation import ugettext as _
|
from django.utils.translation import ugettext as _
|
||||||
|
@ -49,7 +50,10 @@ class PassbookAuthorizationView(AccessMixin, AuthorizationView):
|
||||||
provider.save()
|
provider.save()
|
||||||
self._application = application
|
self._application = application
|
||||||
# Check permissions
|
# Check permissions
|
||||||
if not self.user_has_access(self._application, request.user):
|
passing, policy_meaages = self.user_has_access(self._application, request.user)
|
||||||
|
if not passing:
|
||||||
|
for policy_meaage in policy_meaages:
|
||||||
|
messages.error(request, policy_meaage)
|
||||||
return redirect('passbook_oauth_provider:oauth2-permission-denied')
|
return redirect('passbook_oauth_provider:oauth2-permission-denied')
|
||||||
actual_response = super().dispatch(request, *args, **kwargs)
|
actual_response = super().dispatch(request, *args, **kwargs)
|
||||||
if actual_response.status_code == 400:
|
if actual_response.status_code == 400:
|
||||||
|
|
Reference in New Issue