From 787fd2f4849916d703c2900774081cace116e9ba Mon Sep 17 00:00:00 2001
From: Skia <lordbanana25@mailoo.org>
Date: Mon, 14 Dec 2015 15:43:30 +0100
Subject: [PATCH] Settingize some stuff and add custom AnonymousUser

---
 core/management/commands/setup.py | 14 +++++++++-----
 core/middleware.py                | 31 +++++++++++++++++++++++++++++++
 core/models.py                    | 29 ++++++++++++++++++++++++-----
 sith/settings.py                  | 23 +++++++++++++++++++++++
 4 files changed, 87 insertions(+), 10 deletions(-)
 create mode 100644 core/middleware.py

diff --git a/core/management/commands/setup.py b/core/management/commands/setup.py
index 90e10008..223d9488 100755
--- a/core/management/commands/setup.py
+++ b/core/management/commands/setup.py
@@ -1,6 +1,7 @@
 import os
 from django.core.management.base import BaseCommand, CommandError
 from django.core.management import call_command
+from django.conf import settings
 from core.models import Group, User
 
 class Command(BaseCommand):
@@ -21,11 +22,8 @@ class Command(BaseCommand):
                  is_superuser=True, is_staff=True)
         u.set_password("plop")
         u.save()
-        Group(name="root").save()
-        # Just some example groups, only root is truly mandatory
-        Group(name="bureau_restreint_ae").save()
-        Group(name="bureau_ae").save()
-        Group(name="membre_ae").save()
+        for g in settings.AE_GROUPS.values():
+            Group(id=g['id'], name=g['name']).save()
         if not options['prod']:
             print("Dev mode, adding some test data")
             u = User(username='skia', last_name="Kia", first_name="S'",
@@ -34,4 +32,10 @@ class Command(BaseCommand):
                      is_superuser=True, is_staff=True)
             u.set_password("plop")
             u.save()
+            u = User(username='guy', last_name="Carlier", first_name="Guy",
+                     email="guy@git.an",
+                     date_of_birth="1942-06-12T00:00:00+01:00",
+                     is_superuser=False, is_staff=False)
+            u.set_password("plop")
+            u.save()
 
diff --git a/core/middleware.py b/core/middleware.py
new file mode 100644
index 00000000..c26543f5
--- /dev/null
+++ b/core/middleware.py
@@ -0,0 +1,31 @@
+import importlib
+from django.conf import settings
+from django.utils.functional import SimpleLazyObject
+from django.contrib.auth import get_user
+from django.contrib.auth.middleware import AuthenticationMiddleware as DjangoAuthenticationMiddleware
+
+module, klass = settings.AUTH_ANONYMOUS_MODEL.rsplit('.', 1)
+AnonymousUser = getattr(importlib.import_module(module), klass)
+
+
+def get_cached_user(request):
+    if not hasattr(request, '_cached_user'):
+        user = get_user(request)
+        if user.is_anonymous():
+            user = AnonymousUser(request)
+
+        request._cached_user = user
+
+    return request._cached_user
+
+
+class AuthenticationMiddleware(DjangoAuthenticationMiddleware):
+    def process_request(self, request):
+        assert hasattr(request, 'session'), (
+            "The Django authentication middleware requires session middleware "
+            "to be installed. Edit your MIDDLEWARE_CLASSES setting to insert "
+            "'django.contrib.sessions.middleware.SessionMiddleware' before "
+            "'account.middleware.AuthenticationMiddleware'."
+        )
+        request.user = SimpleLazyObject(lambda: get_cached_user(request))
+
diff --git a/core/models.py b/core/models.py
index f15aba03..09eebfa0 100644
--- a/core/models.py
+++ b/core/models.py
@@ -1,10 +1,11 @@
 from django.db import models
-from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin, UserManager, Group as AuthGroup
+from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin, UserManager, Group as AuthGroup, AnonymousUser as AuthAnonymousUser
 from django.utils.translation import ugettext_lazy as _
 from django.utils import timezone
 from django.core import validators
 from django.core.exceptions import ValidationError
 from django.core.urlresolvers import reverse
+from django.conf import settings
 from datetime import datetime, timedelta
 
 class Group(AuthGroup):
@@ -60,14 +61,15 @@ class User(AbstractBaseUser, PermissionsMixin):
         ),
     )
     date_joined = models.DateTimeField(_('date joined'), default=timezone.now)
-    owner_group = models.ForeignKey(Group, related_name="owned_user", default=1)
+    owner_group = models.ForeignKey(Group, related_name="owned_user",
+                                    default=settings.AE_GROUPS['root']['id'])
     edit_group = models.ManyToManyField(Group, related_name="editable_user", blank=True)
     view_group = models.ManyToManyField(Group, related_name="viewable_user", blank=True)
 
     objects = UserManager()
 
     USERNAME_FIELD = 'username'
-    REQUIRED_FIELDS = ['email', 'first_name', 'last_name', 'date_of_birth']
+    REQUIRED_FIELDS = ['email', 'date_of_birth']
 
     class Meta:
         verbose_name = _('user')
@@ -149,7 +151,8 @@ class User(AbstractBaseUser, PermissionsMixin):
         if not hasattr(obj, "owner_group"):
             return False
         if (self.is_superuser or self.groups.filter(name=obj.owner_group.name).exists() or
-            self.has_perm(obj.__class__.__module__.split('.')[0]+".change_prop_"+obj.__class__.__name__.lower())):
+            self.has_perm(obj.__class__.__module__.split('.')[0]+".change_prop_"+obj.__class__.__name__.lower()) or
+            self.groups.filter(id=settings.AE_GROUPS['root']['id']).exists()):
             return True
         return False
 
@@ -185,6 +188,21 @@ class User(AbstractBaseUser, PermissionsMixin):
             return True
         return False
 
+class AnonymousUser(AuthAnonymousUser):
+    def __init__(self, request):
+        super(AnonymousUser, self).__init__()
+
+    def is_owner(self, obj):
+        return False
+
+    def can_edit(self, obj):
+        return False
+
+    def can_view(self, obj):
+        if obj.view_group.filter(pk=settings.AE_GROUPS['public']['id']).exists():
+            return True
+        return False
+
 class LockError(Exception):
     """There was a lock error on the object"""
     pass
@@ -213,7 +231,8 @@ class Page(models.Model):
     # Attention: this field may not be valid until you call save(). It's made for fast query, but don't rely on it when
     # playing with a Page object, use get_full_name() instead!
     full_name = models.CharField(_('page name'), max_length=255, blank=True)
-    owner_group = models.ForeignKey(Group, related_name="owned_page", default=1)
+    owner_group = models.ForeignKey(Group, related_name="owned_page",
+                                    default=settings.AE_GROUPS['root']['id'])
     edit_group = models.ManyToManyField(Group, related_name="editable_page", blank=True)
     view_group = models.ManyToManyField(Group, related_name="viewable_page", blank=True)
     lock_mutex = {}
diff --git a/sith/settings.py b/sith/settings.py
index feff21f0..fa04c23a 100644
--- a/sith/settings.py
+++ b/sith/settings.py
@@ -49,6 +49,7 @@ MIDDLEWARE_CLASSES = (
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'django.middleware.security.SecurityMiddleware',
+    'core.middleware.AuthenticationMiddleware',
 )
 
 ROOT_URLCONF = 'sith.urls'
@@ -105,6 +106,7 @@ STATIC_URL = '/static/'
 # Auth configuration
 
 AUTH_USER_MODEL = 'core.User'
+AUTH_ANONYMOUS_MODEL = 'core.models.AnonymousUser'
 LOGIN_URL = '/login'
 LOGOUT_URL = '/logout'
 LOGIN_REDIRECT_URL = '/'
@@ -113,3 +115,24 @@ DEFAULT_FROM_EMAIL="bibou@git.an"
 # Email
 EMAIL_HOST="localhost"
 EMAIL_PORT=25
+
+# AE configuration
+AE_GROUPS = {
+    'root': {
+        'id': 1,
+        'name': "root",
+    },
+    'board': {
+        'id': 2,
+        'name': "ae_bureau",
+    },
+    'members': {
+        'id': 3,
+        'name': "ae_membres",
+    },
+    'public': {
+        'id': 4,
+        'name': "not_registered_users",
+    },
+}
+