remove Application.user_is_authorized

This commit is contained in:
Jens Langhammer 2019-03-12 10:56:01 +01:00
parent 330118249e
commit 4a7b0ec8a9
3 changed files with 9 additions and 7 deletions

View File

@ -152,11 +152,6 @@ class Application(PolicyModel):
objects = InheritanceManager() objects = InheritanceManager()
def user_is_authorized(self, user: User) -> bool:
"""Check if user is authorized to use this application"""
from passbook.core.policies import PolicyEngine
return PolicyEngine(self.policies.all()).for_user(user).build().result
def get_provider(self): def get_provider(self):
"""Get casted provider instance""" """Get casted provider instance"""
if not self.provider: if not self.provider:

View File

@ -5,6 +5,7 @@ from django.contrib import messages
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from passbook.core.models import Application from passbook.core.models import Application
from passbook.core.policies import PolicyEngine
LOGGER = getLogger(__name__) LOGGER = getLogger(__name__)
@ -28,4 +29,6 @@ class AccessMixin:
def user_has_access(self, application, user): def user_has_access(self, application, user):
"""Check if user has access to application.""" """Check if user has access to application."""
LOGGER.debug("Checking permissions of %s on application %s...", user, application) LOGGER.debug("Checking permissions of %s on application %s...", user, application)
return application.user_is_authorized(user) policy_engine = PolicyEngine(application.policies.all())
policy_engine.for_user(user).with_request(self.request).build()
return policy_engine.result

View File

@ -2,6 +2,7 @@
from logging import getLogger from logging import getLogger
from urllib.parse import urlencode from urllib.parse import urlencode
from django.contrib import messages
from django.contrib.auth.mixins import LoginRequiredMixin from django.contrib.auth.mixins import LoginRequiredMixin
from django.shortcuts import get_object_or_404, redirect, reverse from django.shortcuts import get_object_or_404, redirect, reverse
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
@ -49,7 +50,10 @@ class PassbookAuthorizationView(AccessMixin, AuthorizationView):
provider.save() provider.save()
self._application = application self._application = application
# Check permissions # Check permissions
if not self.user_has_access(self._application, request.user): passing, policy_meaages = self.user_has_access(self._application, request.user)
if not passing:
for policy_meaage in policy_meaages:
messages.error(request, policy_meaage)
return redirect('passbook_oauth_provider:oauth2-permission-denied') return redirect('passbook_oauth_provider:oauth2-permission-denied')
actual_response = super().dispatch(request, *args, **kwargs) actual_response = super().dispatch(request, *args, **kwargs)
if actual_response.status_code == 400: if actual_response.status_code == 400: