Skip to content
Snippets Groups Projects
Commit 9f3242d8 authored by Benjamin Ledel's avatar Benjamin Ledel
Browse files

* bump deps / fix permissions

parent c5e45cc9
No related branches found
No related tags found
No related merge requests found
Pipeline #1640278 failed
...@@ -11,14 +11,14 @@ class IsProvider(BasePermission): ...@@ -11,14 +11,14 @@ class IsProvider(BasePermission):
""" """
def has_permission(self, request, view): def has_permission(self, request, view):
return bool(has_permission(request.user, Roles.CREATE_PROVIDER)) return bool(request.user.has_perm(Roles.CREATE_PROVIDER))
class IsProviderManager(BasePermission): class IsProviderManager(BasePermission):
def has_permission(self, request, view): def has_permission(self, request, view):
return bool(has_permission(request.user, Roles.MANAGE_PROVIDER_KEYS)) return bool(request.user.has_perm(Roles.MANAGE_PROVIDER_KEYS))
class IsAnalyst(BasePermission): class IsAnalyst(BasePermission):
def has_permission(self, request, view): def has_permission(self, request, view):
return bool(has_permission(request.user, Roles.MANAGE_ANALYTICS_TOKENS)) return bool(request.user.has_perm( Roles.MANAGE_ANALYTICS_TOKENS))
...@@ -3,14 +3,14 @@ from strenum import StrEnum ...@@ -3,14 +3,14 @@ from strenum import StrEnum
class Roles(StrEnum): class Roles(StrEnum):
CREATE_USER = 'create_user', CREATE_USER = 'users.create_user',
EDIT_USER = 'edit_user', EDIT_USER = 'users.edit_user',
CREATE_PROVIDER = 'create_provider', CREATE_PROVIDER = 'users.create_provider',
CHANGE_PROVIDER = 'change_provider', CHANGE_PROVIDER = 'users.change_provider',
MANAGE_PROVIDER_KEYS = 'manage_provider_keys', MANAGE_PROVIDER_KEYS = 'users.manage_provider_keys',
MANAGE_ANALYTICS_TOKENS = 'manage_analytics_tokens', MANAGE_ANALYTICS_TOKENS = 'users.manage_analytics_tokens',
CREATE_USER_CONSENT = 'create_user_consent', CREATE_USER_CONSENT = 'users.create_user_consent',
REQUEST_USER_DATA = 'request_user_data', REQUEST_USER_DATA = 'users.request_user_data',
class PolarisAdministrator(AbstractUserRole): class PolarisAdministrator(AbstractUserRole):
......
...@@ -67,11 +67,11 @@ urlpatterns = [ ...@@ -67,11 +67,11 @@ urlpatterns = [
re_path(r"^saml2/meta(?:data)?/?$", views.MetadataView.as_view(), name="sso-saml2-meta"), re_path(r"^saml2/meta(?:data)?/?$", views.MetadataView.as_view(), name="sso-saml2-meta"),
re_path(r"^sso-dev/?$", views.DevView.as_view(), name="sso-dev"), re_path(r"^sso-dev/?$", views.DevView.as_view(), name="sso-dev"),
path("app/de/", render_angular_de), # path("app/de/", render_angular_de),
path("app/en/", render_angular_en), # path("app/en/", render_angular_en),
re_path(r'^app/de/(?P<path>.*)$', serve,{'document_root': os.path.join(settings.BASE_DIR, "frontend/dist/frontend/de")}), # re_path(r'^app/de/(?P<path>.*)$', serve,{'document_root': os.path.join(settings.BASE_DIR, "frontend/dist/frontend/de")}),
re_path(r"^$", detect_lang_redirect), # re_path(r"^$", detect_lang_redirect),
re_path(r"^(?:.*)/?$", detect_lang_redirect), # re_path(r"^(?:.*)/?$", detect_lang_redirect),
] ]
if settings.DEBUG == "True": if settings.DEBUG == "True":
......
...@@ -103,5 +103,5 @@ watchdog==2.2.1 ...@@ -103,5 +103,5 @@ watchdog==2.2.1
wcwidth==0.2.5 wcwidth==0.2.5
whitenoise==6.3.0 whitenoise==6.3.0
wrapt==1.14.1 wrapt==1.14.1
zeep==4.2.1 zeep==4.3.1
zipp==1.0.0 zipp==1.0.0
from datetime import date from datetime import date
from django.conf import settings from django.conf import settings
from django.contrib.auth.models import AbstractUser from django.contrib.auth.models import AbstractUser, Permission
from django.db import models from django.db import models
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
...@@ -24,3 +24,25 @@ class CustomUser(AbstractUser): ...@@ -24,3 +24,25 @@ class CustomUser(AbstractUser):
def __str__(self): def __str__(self):
return f"Custom user {self.id}: {self.email}" return f"Custom user {self.id}: {self.email}"
def has_perm(self, perm, obj=None):
"""
Custom permission check:
- Includes direct user permissions
- Includes group-based permissions
"""
if self.is_superuser: # Superuser has all permissions
return True
# Check direct user permissions
if self.user_permissions.filter(codename=perm.split(".")[-1]).exists():
return True
# Check group-based permissions
group_permissions = Permission.objects.filter(group__user=self).values_list(
"codename", flat=True
)
if perm.split(".")[-1] in group_permissions:
return True
return False
\ No newline at end of file
...@@ -30,7 +30,7 @@ class CreateUserView(APIView): ...@@ -30,7 +30,7 @@ class CreateUserView(APIView):
parser_class = (JsonUploadParser,) parser_class = (JsonUploadParser,)
def put(self, request, format=None): def put(self, request, format=None):
if has_permission(request.user, Roles.CREATE_USER): if request.user.has_perm(Roles.CREATE_USER):
email = request.data.get("email", None) email = request.data.get("email", None)
password = request.data.get("password", None) password = request.data.get("password", None)
assign_provider_role = request.data.get("assign_provider_role", None) assign_provider_role = request.data.get("assign_provider_role", None)
...@@ -161,12 +161,14 @@ class UserListView(APIView): ...@@ -161,12 +161,14 @@ class UserListView(APIView):
permission_classes = (IsAuthenticated,) permission_classes = (IsAuthenticated,)
def get(self, request): def get(self, request):
if has_permission(request.user, Roles.EDIT_USER): if request.user.has_perm(Roles.EDIT_USER):
users = CustomUser.objects.all() users = CustomUser.objects.all()
users = UserSerializer(users, many=True).data users = UserSerializer(users, many=True).data
return JsonResponse(users, return JsonResponse(users,
safe=False, safe=False,
status=status.HTTP_200_OK) status=status.HTTP_200_OK)
return JsonResponse({"status": "error", "message": 'not permissions'},
status=status.HTTP_401_UNAUTHORIZED)
class GroupListView(APIView): class GroupListView(APIView):
...@@ -199,7 +201,7 @@ class PermissionsUpdateView(APIView): ...@@ -199,7 +201,7 @@ class PermissionsUpdateView(APIView):
permission_classes = (IsAuthenticated,) permission_classes = (IsAuthenticated,)
def post(self, request, user_id): def post(self, request, user_id):
if not has_permission(request.user, Roles.EDIT_USER): if not request.user.has_perm(Roles.EDIT_USER):
return JsonResponse({"status": "error", "message": 'not permissions'}, return JsonResponse({"status": "error", "message": 'not permissions'},
status=status.HTTP_401_UNAUTHORIZED) status=status.HTTP_401_UNAUTHORIZED)
try: try:
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment