pub/mongoengine
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auth cleanups - removed duplicates

Browse Source
This commit is contained in:
Ross Lawley 2013-04-25 11:04:33 +00:00
parent fe62c3aacb
commit cb9166aba4
1 changed files with 68 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

162
mongoengine/django/auth.py
View File

@ -1,8 +1,7 @@
from mongoengine import * from mongoengine import *
from django.utils.encoding import smart_str from django.utils.encoding import smart_str
from django.contrib.auth.models import _user_get_all_permissions from django.contrib.auth.models import _user_has_perm, _user_get_all_permissions, _user_has_module_perms
from django.contrib.auth.models import _user_has_perm
from django.db import models from django.db import models
from django.contrib.contenttypes.models import ContentTypeManager from django.contrib.contenttypes.models import ContentTypeManager
from django.contrib import auth from django.contrib import auth
@ -38,11 +37,12 @@ from .utils import datetime_now
REDIRECT_FIELD_NAME = 'next' REDIRECT_FIELD_NAME = 'next'
class ContentType(Document): class ContentType(Document):
name = StringField(max_length=100) name = StringField(max_length=100)
app_label = StringField(max_length=100) app_label = StringField(max_length=100)
model = StringField(max_length=100, verbose_name=_('python model class name'), model = StringField(max_length=100, verbose_name=_('python model class name'),
unique_with='app_label') unique_with='app_label')
objects = ContentTypeManager() objects = ContentTypeManager()
class Meta: class Meta:
@ -72,9 +72,11 @@ class ContentType(Document):
def natural_key(self): def natural_key(self):
return (self.app_label, self.model) return (self.app_label, self.model)
class SiteProfileNotAvailable(Exception): class SiteProfileNotAvailable(Exception):
pass pass
class PermissionManager(models.Manager): class PermissionManager(models.Manager):
def get_by_natural_key(self, codename, app_label, model): def get_by_natural_key(self, codename, app_label, model):
return self.get( return self.get(
@ -82,18 +84,28 @@ class PermissionManager(models.Manager):
content_type=ContentType.objects.get_by_natural_key(app_label, model) content_type=ContentType.objects.get_by_natural_key(app_label, model)
) )
class Permission(Document): class Permission(Document):
"""The permissions system provides a way to assign permissions to specific users and groups of users. """The permissions system provides a way to assign permissions to specific
users and groups of users.
The permission system is used by the Django admin site, but may also be useful in your own code. The Django admin site uses permissions as follows: The permission system is used by the Django admin site, but may also be
useful in your own code. The Django admin site uses permissions as follows:
- The "add" permission limits the user's ability to view the "add" form and add an object. - The "add" permission limits the user's ability to view the "add"
- The "change" permission limits a user's ability to view the change list, view the "change" form and change an object. form and add an object.
- The "change" permission limits a user's ability to view the change
list, view the "change" form and change an object.
- The "delete" permission limits the ability to delete an object. - The "delete" permission limits the ability to delete an object.
Permissions are set globally per type of object, not per specific object instance. It is possible to say "Mary may change news stories," but it's not currently possible to say "Mary may change news stories, but only the ones she created herself" or "Mary may only change news stories that have a certain status or publication date." Permissions are set globally per type of object, not per specific object
instance. It is possible to say "Mary may change news stories," but it's
not currently possible to say "Mary may change news stories, but only the
ones she created herself" or "Mary may only change news stories that have
a certain status or publication date."
Three basic permissions -- add, change and delete -- are automatically created for each Django model. Three basic permissions -- add, change and delete -- are automatically
created for each Django model.
""" """
name = StringField(max_length=50, verbose_name=_('username')) name = StringField(max_length=50, verbose_name=_('username'))
content_type = ReferenceField(ContentType) content_type = ReferenceField(ContentType)
@ -119,12 +131,22 @@ class Permission(Document):
return (self.codename,) + self.content_type.natural_key() return (self.codename,) + self.content_type.natural_key()
natural_key.dependencies = ['contenttypes.contenttype'] natural_key.dependencies = ['contenttypes.contenttype']
class Group(Document): class Group(Document):
"""Groups are a generic way of categorizing users to apply permissions, or some other label, to those users. A user can belong to any number of groups. """Groups are a generic way of categorizing users to apply permissions,
or some other label, to those users. A user can belong to any number of
groups.
A user in a group automatically has all the permissions granted to that group. For example, if the group Site editors has the permission can_edit_home_page, any user in that group will have that permission. A user in a group automatically has all the permissions granted to that
group. For example, if the group Site editors has the permission
can_edit_home_page, any user in that group will have that permission.
Beyond permissions, groups are a convenient way to categorize users to apply some label, or extended functionality, to them. For example, you could create a group 'Special users', and you could write code that would do special things to those users -- such as giving them access to a members-only portion of your site, or sending them members-only e-mail messages. Beyond permissions, groups are a convenient way to categorize users to
apply some label, or extended functionality, to them. For example, you
could create a group 'Special users', and you could write code that would
do special things to those users -- such as giving them access to a
members-only portion of your site, or sending them members-only
e-mail messages.
""" """
name = StringField(max_length=80, unique=True, verbose_name=_('name')) name = StringField(max_length=80, unique=True, verbose_name=_('name'))
# permissions = models.ManyToManyField(Permission, verbose_name=_('permissions'), blank=True) # permissions = models.ManyToManyField(Permission, verbose_name=_('permissions'), blank=True)
@ -137,6 +159,7 @@ class Group(Document):
def __unicode__(self): def __unicode__(self):
return self.name return self.name
class UserManager(models.Manager): class UserManager(models.Manager):
def create_user(self, username, email, password=None): def create_user(self, username, email, password=None):
""" """
@ -154,8 +177,8 @@ class UserManager(models.Manager):
email = '@'.join([email_name, domain_part.lower()]) email = '@'.join([email_name, domain_part.lower()])
user = self.model(username=username, email=email, is_staff=False, user = self.model(username=username, email=email, is_staff=False,
is_active=True, is_superuser=False, last_login=now, is_active=True, is_superuser=False, last_login=now,
date_joined=now) date_joined=now)
user.set_password(password) user.set_password(password)
user.save(using=self._db) user.save(using=self._db)
@ -177,7 +200,6 @@ class UserManager(models.Manager):
return ''.join([choice(allowed_chars) for i in range(length)]) return ''.join([choice(allowed_chars) for i in range(length)])
class User(Document): class User(Document):
"""A User document that aims to mirror most of the API specified by Django """A User document that aims to mirror most of the API specified by Django
at http://docs.djangoproject.com/en/dev/topics/auth/#users at http://docs.djangoproject.com/en/dev/topics/auth/#users
@ -248,25 +270,6 @@ class User(Document):
""" """
return check_password(raw_password, self.password) return check_password(raw_password, self.password)
def get_all_permissions(self, obj=None):
return _user_get_all_permissions(self, obj)
def has_perm(self, perm, obj=None):
"""
Returns True if the user has the specified permission. This method
queries all available auth backends, but returns immediately if any
backend returns True. Thus, a user who has permission from a single
auth backend is assumed to have permission in general. If an object is
provided, permissions for this specific object are checked.
"""
# Active superusers have all permissions.
if self.is_active and self.is_superuser:
return True
# Otherwise we need to check the backends.
return _user_has_perm(self, perm, obj)
@classmethod @classmethod
def create_user(cls, username, password, email=None): def create_user(cls, username, password, email=None):
"""Create (and save) a new user with the given username, password and """Create (and save) a new user with the given username, password and
@ -289,68 +292,47 @@ class User(Document):
user.save() user.save()
return user return user
def get_all_permissions(self, obj=None): def get_group_permissions(self, obj=None):
"""
Returns a list of permission strings that this user has through his/her
groups. This method queries all available auth backends. If an object
is passed in, only permissions matching this object are returned.
"""
permissions = set() permissions = set()
anon = self.is_anonymous()
for backend in auth.get_backends(): for backend in auth.get_backends():
if not anon or backend.supports_anonymous_user: if hasattr(backend, "get_group_permissions"):
if hasattr(backend, "get_all_permissions"): permissions.update(backend.get_group_permissions(self, obj))
if obj is not None:
if backend.supports_object_permissions:
permissions.update(
backend.get_all_permissions(user, obj)
)
else:
permissions.update(backend.get_all_permissions(self))
return permissions return permissions
def get_and_delete_messages(self): def get_all_permissions(self, obj=None):
return [] return _user_get_all_permissions(self, obj)
def has_perm(self, perm, obj=None): def has_perm(self, perm, obj=None):
anon = self.is_anonymous() """
active = self.is_active Returns True if the user has the specified permission. This method
for backend in auth.get_backends(): queries all available auth backends, but returns immediately if any
if (not active and not anon and backend.supports_inactive_user) or \ backend returns True. Thus, a user who has permission from a single
(not anon or backend.supports_anonymous_user): auth backend is assumed to have permission in general. If an object is
if hasattr(backend, "has_perm"): provided, permissions for this specific object are checked.
if obj is not None: """
if (backend.supports_object_permissions and
backend.has_perm(self, perm, obj)):
return True
else:
if backend.has_perm(self, perm):
return True
return False
def has_perms(self, perm_list, obj=None): # Active superusers have all permissions.
""" if self.is_active and self.is_superuser:
Returns True if the user has each of the specified permissions. return True
If object is passed, it checks if the user has all required perms
for this object. # Otherwise we need to check the backends.
""" return _user_has_perm(self, perm, obj)
for perm in perm_list:
if not self.has_perm(perm, obj):
return False
return True
def has_module_perms(self, app_label): def has_module_perms(self, app_label):
anon = self.is_anonymous() """
active = self.is_active Returns True if the user has any permissions in the given app label.
for backend in auth.get_backends(): Uses pretty much the same logic as has_perm, above.
if (not active and not anon and backend.supports_inactive_user) or \ """
(not anon or backend.supports_anonymous_user): # Active superusers have all permissions.
if hasattr(backend, "has_module_perms"): if self.is_active and self.is_superuser:
if backend.has_module_perms(self, app_label): return True
return True
return False
def get_and_delete_messages(self): return _user_has_module_perms(self, app_label)
messages = []
for m in self.message_set.all():
messages.append(m.message)
m.delete()
return messages
def email_user(self, subject, message, from_email=None): def email_user(self, subject, message, from_email=None):
"Sends an e-mail to this User." "Sends an e-mail to this User."
@ -386,14 +368,6 @@ class User(Document):
raise SiteProfileNotAvailable raise SiteProfileNotAvailable
return self._profile_cache return self._profile_cache
def _get_message_set(self):
import warnings
warnings.warn('The user messaging API is deprecated. Please update'
' your code to use the new messages framework.',
category=DeprecationWarning)
return self._message_set
message_set = property(_get_message_set)
class MongoEngineBackend(object): class MongoEngineBackend(object):
"""Authenticate using MongoEngine and mongoengine.django.auth.User. """Authenticate using MongoEngine and mongoengine.django.auth.User.