remove Application.user_is_authorized

This commit is contained in:
Jens Langhammer 2019-03-12 10:56:01 +01:00
parent 330118249e
commit 4a7b0ec8a9
3 changed files with 9 additions and 7 deletions

View File

@ -152,11 +152,6 @@ class Application(PolicyModel):
objects = InheritanceManager()
def user_is_authorized(self, user: User) -> bool:
"""Check if user is authorized to use this application"""
from passbook.core.policies import PolicyEngine
return PolicyEngine(self.policies.all()).for_user(user).build().result
def get_provider(self):
"""Get casted provider instance"""
if not self.provider:

View File

@ -5,6 +5,7 @@ from django.contrib import messages
from django.utils.translation import gettext as _
from passbook.core.models import Application
from passbook.core.policies import PolicyEngine
LOGGER = getLogger(__name__)
@ -28,4 +29,6 @@ class AccessMixin:
def user_has_access(self, application, user):
"""Check if user has access to application."""
LOGGER.debug("Checking permissions of %s on application %s...", user, application)
return application.user_is_authorized(user)
policy_engine = PolicyEngine(application.policies.all())
policy_engine.for_user(user).with_request(self.request).build()
return policy_engine.result

View File

@ -2,6 +2,7 @@
from logging import getLogger
from urllib.parse import urlencode
from django.contrib import messages
from django.contrib.auth.mixins import LoginRequiredMixin
from django.shortcuts import get_object_or_404, redirect, reverse
from django.utils.translation import ugettext as _
@ -49,7 +50,10 @@ class PassbookAuthorizationView(AccessMixin, AuthorizationView):
provider.save()
self._application = application
# Check permissions
if not self.user_has_access(self._application, request.user):
passing, policy_meaages = self.user_has_access(self._application, request.user)
if not passing:
for policy_meaage in policy_meaages:
messages.error(request, policy_meaage)
return redirect('passbook_oauth_provider:oauth2-permission-denied')
actual_response = super().dispatch(request, *args, **kwargs)
if actual_response.status_code == 400: