Auth
Backend¶
SithModelBackend
¶
Bases: ModelBackend
Custom auth backend for the Sith.
In fact, it's the exact same backend as django.contrib.auth.backend.ModelBackend,
with the exception that group permissions are fetched slightly differently.
Indeed, django tries by default to fetch the permissions associated
with all the django.contrib.auth.models.Group of a user ;
however, our User model overrides that, so the actual linked group model
is core.models.Group.
Instead of having the relation auth_perm --> auth_group <-- core_user,
we have auth_perm --> auth_group <-- core_group <-- core_user.
Thus, this backend make the small tweaks necessary to make our custom models interact with the django auth.
Mixins¶
CanCreateMixin(*args, **kwargs)
¶
Bases: View
Protect any child view that would create an object.
Raises:
| Type | Description |
|---|---|
PermissionDenied
|
If the user has not the necessary permission to create the object of the view. |
Source code in core/auth/mixins.py
CanEditMixin
¶
Bases: GenericContentPermissionMixinBuilder
Ensure the user has permission to edit this view's object.
Raises:
| Type | Description |
|---|---|
PermissionDenied
|
if the user cannot edit this view's object. |
CanViewMixin
¶
Bases: GenericContentPermissionMixinBuilder
Ensure the user has permission to view this view's object.
Raises:
| Type | Description |
|---|---|
PermissionDenied
|
if the user cannot edit this view's object. |
CanEditPropMixin
¶
Bases: GenericContentPermissionMixinBuilder
Ensure the user has owner permissions on the child view object.
In other word, you can make a view with this view as parent,
and it will be retricted to the users that are in the
object's owner_group or that pass the obj.can_be_viewed_by test.
Raises:
| Type | Description |
|---|---|
PermissionDenied
|
If the user cannot see the object |
FormerSubscriberMixin
¶
Bases: AccessMixin
Check if the user was at least an old subscriber.
Raises:
| Type | Description |
|---|---|
PermissionDenied
|
if the user never subscribed. |
PermissionOrAuthorRequiredMixin
¶
Bases: PermissionRequiredMixin
Require that the user has the required perm or is the object author.
This mixin can be used in combination with DetailView,
or another base class that implements the get_object method.
Example
In the following code, a user will be able
to edit news if he has the com.change_news permission
or if he tries to edit his own news :
class NewsEditView(PermissionOrAuthorRequiredMixin, DetailView):
model = News
author_field = "author"
permission_required = "com.change_news"
This is more or less equivalent to :
class NewsEditView(PermissionOrAuthorRequiredMixin, DetailView):
model = News
def dispatch(self, request, *args, **kwargs):
self.object = self.get_object()
if not (
user.has_perm("com.change_news")
or self.object.author == request.user
):
raise PermissionDenied
return super().dispatch(request, *args, **kwargs)
can_edit_prop(obj, user)
¶
Can the user edit the properties of the object.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
obj
|
Any
|
Object to test for permission |
required |
user
|
User
|
core.models.User to test permissions against |
required |
Returns:
| Type | Description |
|---|---|
bool
|
True if user is authorized to edit object properties else False |
Source code in core/auth/mixins.py
can_edit(obj, user)
¶
Can the user edit the object.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
obj
|
Any
|
Object to test for permission |
required |
user
|
User
|
core.models.User to test permissions against |
required |
Returns:
| Type | Description |
|---|---|
bool
|
True if user is authorized to edit object else False |
Source code in core/auth/mixins.py
can_view(obj, user)
¶
Can the user see the object.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
obj
|
Any
|
Object to test for permission |
required |
user
|
User
|
core.models.User to test permissions against |
required |
Returns:
| Type | Description |
|---|---|
bool
|
True if user is authorized to see object else False |