From 8536ef9e2338711f9c8c43719de9c7886650e4ae Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 10 Apr 2019 18:46:33 +0200 Subject: [PATCH 1/4] Add guardian for Application permissions --- .../migrations/0022_remove_user_applications.py | 17 +++++++++++++++++ passbook/core/models.py | 1 - passbook/core/requirements.txt | 1 + passbook/core/settings.py | 5 ++++- passbook/core/views/overview.py | 6 +++--- 5 files changed, 25 insertions(+), 5 deletions(-) create mode 100644 passbook/core/migrations/0022_remove_user_applications.py diff --git a/passbook/core/migrations/0022_remove_user_applications.py b/passbook/core/migrations/0022_remove_user_applications.py new file mode 100644 index 000000000..d984f461c --- /dev/null +++ b/passbook/core/migrations/0022_remove_user_applications.py @@ -0,0 +1,17 @@ +# Generated by Django 2.2 on 2019-04-09 16:13 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('passbook_core', '0021_policy_timeout'), + ] + + operations = [ + migrations.RemoveField( + model_name='user', + name='applications', + ), + ] diff --git a/passbook/core/models.py b/passbook/core/models.py index cc4642ebb..04140a167 100644 --- a/passbook/core/models.py +++ b/passbook/core/models.py @@ -47,7 +47,6 @@ class User(AbstractUser): name = models.TextField() sources = models.ManyToManyField('Source', through='UserSourceConnection') - applications = models.ManyToManyField('Application') groups = models.ManyToManyField('Group') password_change_date = models.DateTimeField(auto_now_add=True) diff --git a/passbook/core/requirements.txt b/passbook/core/requirements.txt index fd80ba3f1..3a37ce628 100644 --- a/passbook/core/requirements.txt +++ b/passbook/core/requirements.txt @@ -1,6 +1,7 @@ celery cherrypy colorlog +django-guardian django-ipware django-model-utils django-redis diff --git a/passbook/core/settings.py b/passbook/core/settings.py index 421d9c122..63f9c2f72 100644 --- a/passbook/core/settings.py +++ b/passbook/core/settings.py @@ -58,7 +58,8 @@ SESSION_CACHE_ALIAS = "default" LANGUAGE_COOKIE_NAME = 'passbook_language' AUTHENTICATION_BACKENDS = [ - 'django.contrib.auth.backends.ModelBackend' + 'django.contrib.auth.backends.ModelBackend', + 'guardian.backends.ObjectPermissionBackend', ] # Application definition @@ -73,6 +74,8 @@ INSTALLED_APPS = [ 'django.contrib.postgres', 'rest_framework', 'drf_yasg', + 'guardian', + 'raven.contrib.django.raven_compat', 'passbook.core.apps.PassbookCoreConfig', 'passbook.admin.apps.PassbookAdminConfig', 'passbook.api.apps.PassbookAPIConfig', diff --git a/passbook/core/views/overview.py b/passbook/core/views/overview.py index 07b55ace8..b641bcde9 100644 --- a/passbook/core/views/overview.py +++ b/passbook/core/views/overview.py @@ -2,6 +2,7 @@ from django.contrib.auth.mixins import LoginRequiredMixin from django.views.generic import TemplateView +from guardian.shortcuts import get_objects_for_user from passbook.core.models import Application @@ -13,7 +14,6 @@ class OverviewView(LoginRequiredMixin, TemplateView): template_name = 'overview/index.html' def get_context_data(self, **kwargs): - kwargs['applications'] = self.request.user.applications.all() - if self.request.user.is_superuser: - kwargs['applications'] = Application.objects.all() + kwargs['applications'] = get_objects_for_user(self.request.user, + 'passbook_core.view_application') return super().get_context_data(**kwargs) From 15aaeda475311128e6697c0ab746e4c23eec31cd Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 10 Apr 2019 18:47:21 +0200 Subject: [PATCH 2/4] remove unused import --- passbook/core/views/overview.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/passbook/core/views/overview.py b/passbook/core/views/overview.py index b641bcde9..7c85b3d63 100644 --- a/passbook/core/views/overview.py +++ b/passbook/core/views/overview.py @@ -4,8 +4,6 @@ from django.contrib.auth.mixins import LoginRequiredMixin from django.views.generic import TemplateView from guardian.shortcuts import get_objects_for_user -from passbook.core.models import Application - class OverviewView(LoginRequiredMixin, TemplateView): """Overview for logged in user, incase user opens passbook directly From d2bf9f81d6f5633549194d06a9c13b642b538c9f Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 13 Apr 2019 17:46:51 +0200 Subject: [PATCH 3/4] remove raven middleware --- passbook/core/settings.py | 1 - 1 file changed, 1 deletion(-) diff --git a/passbook/core/settings.py b/passbook/core/settings.py index 8205ad0fb..d139e2ec7 100644 --- a/passbook/core/settings.py +++ b/passbook/core/settings.py @@ -75,7 +75,6 @@ INSTALLED_APPS = [ 'rest_framework', 'drf_yasg', 'guardian', - 'raven.contrib.django.raven_compat', 'passbook.core.apps.PassbookCoreConfig', 'passbook.admin.apps.PassbookAdminConfig', 'passbook.api.apps.PassbookAPIConfig', From e7129d18f6caa47b0a455b0d8e7c99f941f53a47 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 13 Apr 2019 17:52:11 +0200 Subject: [PATCH 4/4] fix inconsistent migrations --- ..._user_applications.py => 0023_remove_user_applications.py} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename passbook/core/migrations/{0022_remove_user_applications.py => 0023_remove_user_applications.py} (71%) diff --git a/passbook/core/migrations/0022_remove_user_applications.py b/passbook/core/migrations/0023_remove_user_applications.py similarity index 71% rename from passbook/core/migrations/0022_remove_user_applications.py rename to passbook/core/migrations/0023_remove_user_applications.py index d984f461c..daaaefcd2 100644 --- a/passbook/core/migrations/0022_remove_user_applications.py +++ b/passbook/core/migrations/0023_remove_user_applications.py @@ -1,4 +1,4 @@ -# Generated by Django 2.2 on 2019-04-09 16:13 +# Generated by Django 2.2 on 2019-04-13 15:51 from django.db import migrations @@ -6,7 +6,7 @@ from django.db import migrations class Migration(migrations.Migration): dependencies = [ - ('passbook_core', '0021_policy_timeout'), + ('passbook_core', '0022_nonce_expiring'), ] operations = [