mirror of
https://github.com/ae-utbm/sith.git
synced 2025-06-07 03:35:18 +00:00
Make HasPerm work with ApiKeyAuth
This commit is contained in:
parent
1ccd24b69a
commit
f72a93a673
@ -96,7 +96,16 @@ class HasPerm(BasePermission):
|
||||
self._perms = perms
|
||||
|
||||
def has_permission(self, request: HttpRequest, controller: ControllerBase) -> bool:
|
||||
return reduce(self._operator, (request.user.has_perm(p) for p in self._perms))
|
||||
# if the request has the `auth` property,
|
||||
# it means that the user has been explicitly authenticated
|
||||
# using a django-ninja authentication backend
|
||||
# (whether it is SessionAuth or ApiKeyAuth).
|
||||
# If not, this authentication has not been done, but the user may
|
||||
# still be implicitly authenticated through AuthenticationMiddleware
|
||||
user = request.auth if hasattr(request, "auth") else request.user
|
||||
# `user` may either be a `core.User` or an `apikey.ApiClient` ;
|
||||
# they are not the same model, but they both implement the `has_perm` method
|
||||
return reduce(self._operator, (user.has_perm(p) for p in self._perms))
|
||||
|
||||
|
||||
class IsRoot(BasePermission):
|
||||
|
Loading…
x
Reference in New Issue
Block a user