klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith.git synced 2025-06-07 19:55:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make HasPerm work with ApiKeyAuth

Browse Source
This commit is contained in:
imperosol 2025-05-20 18:16:14 +02:00
parent 1ccd24b69a
commit f72a93a673
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
core/auth/api_permissions.py
View File

@ -96,7 +96,16 @@ class HasPerm(BasePermission):
self._perms = perms self._perms = perms
def has_permission(self, request: HttpRequest, controller: ControllerBase) -> bool: def has_permission(self, request: HttpRequest, controller: ControllerBase) -> bool:
return reduce(self._operator, (request.user.has_perm(p) for p in self._perms)) # if the request has the `auth` property,
# it means that the user has been explicitly authenticated
# using a django-ninja authentication backend
# (whether it is SessionAuth or ApiKeyAuth).
# If not, this authentication has not been done, but the user may
# still be implicitly authenticated through AuthenticationMiddleware
user = request.auth if hasattr(request, "auth") else request.user
# `user` may either be a `core.User` or an `apikey.ApiClient` ;
# they are not the same model, but they both implement the `has_perm` method
return reduce(self._operator, (user.has_perm(p) for p in self._perms))
class IsRoot(BasePermission): class IsRoot(BasePermission):