diff --git a/core/auth_backends.py b/core/auth_backends.py new file mode 100644 index 00000000..ba763324 --- /dev/null +++ b/core/auth_backends.py @@ -0,0 +1,29 @@ +from __future__ import annotations + +from typing import TYPE_CHECKING + +from django.contrib.auth.backends import ModelBackend +from django.contrib.auth.models import Permission + +if TYPE_CHECKING: + from core.models import User + + +class SithModelBackend(ModelBackend): + """Custom auth backend for the Sith. + + In fact, it's the exact same backend as `django.contrib.auth.backend.ModelBackend`, + with the exception that group permissions are fetched slightly differently. + Indeed, django tries by default to fetch the permissions associated + with all the `django.contrib.auth.models.Group` of a user ; + however, our User model overrides that, so the actual linked group model + is [core.models.Group][]. + Instead of having the relation `auth_perm --> auth_group <-- core_user`, + we have `auth_perm --> auth_group <-- core_group <-- core_user`. + + Thus, this backend make the small tweaks necessary to make + our custom models interact with the django auth. + """ + + def _get_group_permissions(self, user_obj: User): + return Permission.objects.filter(group__group__users=user_obj) diff --git a/sith/settings.py b/sith/settings.py index 054787e7..5fdc3786 100644 --- a/sith/settings.py +++ b/sith/settings.py @@ -290,6 +290,7 @@ STORAGES = { # Auth configuration AUTH_USER_MODEL = "core.User" AUTH_ANONYMOUS_MODEL = "core.models.AnonymousUser" +AUTHENTICATION_BACKENDS = ["core.auth_backends.SithModelBackend"] LOGIN_URL = "/login" LOGOUT_URL = "/logout" LOGIN_REDIRECT_URL = "/"