From 5dfd74c3602363d55bad38e71c86b4c8d103d861 Mon Sep 17 00:00:00 2001 From: Luke Hatcher Date: Tue, 31 Jul 2012 15:24:26 -0400 Subject: [PATCH] permissions backend based on team membership --- symposion/teams/backends.py | 33 +++++++++++++++++++++++++++++++++ symposion_project/settings.py | 4 ++++ 2 files changed, 37 insertions(+) create mode 100644 symposion/teams/backends.py diff --git a/symposion/teams/backends.py b/symposion/teams/backends.py new file mode 100644 index 00000000..9b4ddf7e --- /dev/null +++ b/symposion/teams/backends.py @@ -0,0 +1,33 @@ +from django.db.models import Q + +from .models import Team + + +class TeamPermissionsBackend(object): + + def authenticate(self, username=None, password=None): + return None + + def get_team_permissions(self, user_obj, obj=None): + """ + Returns a set of permission strings that this user has through his/her + team memberships. + """ + if user_obj.is_anonymous() or obj is not None: + return set() + if not hasattr(user_obj, "_team_perm_cache"): + memberships = Team.objects.filter( + Q(memberships__user=user_obj), + Q(memberships__state="manager") | Q(memberships__state="member"), + ) + perms = memberships.values_list( + "permissions__content_type__app_label", + "permissions__codename" + ).order_by() + user_obj._team_perm_cache = set(["%s.%s" % (ct, name) for ct, name in perms]) + return user_obj._team_perm_cache + + def has_perm(self, user_obj, perm, obj=None): + if not user_obj.is_active: + return False + return perm in self.get_team_permissions(user_obj, obj) diff --git a/symposion_project/settings.py b/symposion_project/settings.py index 8b81f04a..e8279f3c 100644 --- a/symposion_project/settings.py +++ b/symposion_project/settings.py @@ -194,6 +194,10 @@ ACCOUNT_LOGOUT_REDIRECT_URL = "home" ACCOUNT_USER_DISPLAY = lambda user: user.email AUTHENTICATION_BACKENDS = [ + # Permissions Backends + "symposion.teams.backends.TeamPermissionsBackend", + + # Auth backends "account.auth_backends.EmailAuthenticationBackend", ]