Sith/core/auth_backends.py

43 lines
1.6 KiB
Python
Raw Permalink Normal View History

2024-12-21 16:34:20 +00:00
from __future__ import annotations
from typing import TYPE_CHECKING
2024-12-21 17:52:16 +00:00
from django.conf import settings
2024-12-21 16:34:20 +00:00
from django.contrib.auth.backends import ModelBackend
from django.contrib.auth.models import Permission
2024-12-21 17:52:16 +00:00
from core.models import Group
2024-12-21 16:34:20 +00:00
if TYPE_CHECKING:
from core.models import User
class SithModelBackend(ModelBackend):
"""Custom auth backend for the Sith.
In fact, it's the exact same backend as `django.contrib.auth.backend.ModelBackend`,
with the exception that group permissions are fetched slightly differently.
Indeed, django tries by default to fetch the permissions associated
with all the `django.contrib.auth.models.Group` of a user ;
however, our User model overrides that, so the actual linked group model
is [core.models.Group][].
Instead of having the relation `auth_perm --> auth_group <-- core_user`,
we have `auth_perm --> auth_group <-- core_group <-- core_user`.
Thus, this backend make the small tweaks necessary to make
our custom models interact with the django auth.
"""
def _get_group_permissions(self, user_obj: User):
# union of querysets doesn't work if the queryset is ordered.
# The empty `order_by` here are actually there to *remove*
# any default ordering defined in managers or model Meta
groups = user_obj.groups.order_by()
2024-12-21 17:52:16 +00:00
if user_obj.is_subscribed:
groups = groups.union(
Group.objects.filter(pk=settings.SITH_GROUP_SUBSCRIBERS_ID).order_by()
2024-12-21 17:52:16 +00:00
)
return Permission.objects.filter(
group__group__in=groups.values_list("pk", flat=True)
)