try:

    set

except NameError:

    from sets import Set as set # Python 2.3 fallback

from django.db import connection

from django.contrib.auth.models import User

class ModelBackend(object):

    """

    Authenticates against django.contrib.auth.models.User.

    """

    # TODO: Model, login attribute name and password attribute name should be

    # configurable.

    def authenticate(self, username=None, password=None):

        try:

            user = User.objects.get(username=username)

            if user.check_password(password):

                return user

        except User.DoesNotExist:

            return None

    def get_group_permissions(self, user_obj):

        """

        Returns a set of permission strings that this user has through his/her

        groups.

        """

        if not hasattr(user_obj, '_group_perm_cache'):

            cursor = connection.cursor()

            # The SQL below works out to the following, after DB quoting:

            # cursor.execute("""

            #     SELECT ct."app_label", p."codename"

            #     FROM "auth_permission" p, "auth_group_permissions" gp, "auth_user_groups" ug, "django_content_type" ct

            #     WHERE p."id" = gp."permission_id"

            #         AND gp."group_id" = ug."group_id"

            #         AND ct."id" = p."content_type_id"

            #         AND ug."user_id" = %s, [self.id])

            qn = connection.ops.quote_name

            sql = """

                SELECT ct.%s, p.%s

                FROM %s p, %s gp, %s ug, %s ct

                WHERE p.%s = gp.%s

                    AND gp.%s = ug.%s

                    AND ct.%s = p.%s

                    AND ug.%s = %%s""" % (

                qn('app_label'), qn('codename'),

                qn('auth_permission'), qn('auth_group_permissions'),

                qn('auth_user_groups'), qn('django_content_type'),

                qn('id'), qn('permission_id'),

                qn('group_id'), qn('group_id'),

                qn('id'), qn('content_type_id'),

                qn('user_id'),)

            cursor.execute(sql, [user_obj.id])

            user_obj._group_perm_cache = set(["%s.%s" % (row[0], row[1]) for row in cursor.fetchall()])

        return user_obj._group_perm_cache

    def get_all_permissions(self, user_obj):

        if not hasattr(user_obj, '_perm_cache'):

            user_obj._perm_cache = set([u"%s.%s" % (p.content_type.app_label, p.codename) for p in user_obj.user_permissions.select_related()])

            user_obj._perm_cache.update(self.get_group_permissions(user_obj))

        return user_obj._perm_cache

    def has_perm(self, user_obj, perm):

        return perm in self.get_all_permissions(user_obj)

    def has_module_perms(self, user_obj, app_label):

        """

        Returns True if user_obj has any permissions in the given app_label.

        """

        for perm in self.get_all_permissions(user_obj):

            if perm[:perm.index('.')] == app_label:

                return True

        return False

    def get_user(self, user_id):

        try:

            return User.objects.get(pk=user_id)

        except User.DoesNotExist:

            return None

class RemoteUserBackend(ModelBackend):

    """

    This backend is to be used in conjunction with the ``RemoteUserMiddleware``

    found in the middleware module of this package, and is used when the server

    is handling authentication outside of Django.

    By default, the ``authenticate`` method creates ``User`` objects for

    usernames that don't already exist in the database.  Subclasses can disable

    this behavior by setting the ``create_unknown_user`` attribute to

    ``False``.

    """

    # Create a User object if not already in the database?

    create_unknown_user = True

    def authenticate(self, remote_user):

        """

        The username passed as ``remote_user`` is considered trusted.  This

        method simply returns the ``User`` object with the given username,

        creating a new ``User`` object if ``create_unknown_user`` is ``True``.

        Returns None if ``create_unknown_user`` is ``False`` and a ``User``

        object with the given username is not found in the database.

        """

        if not remote_user:

            return

        user = None

        username = self.clean_username(remote_user)

        # Note that this could be accomplished in one try-except clause, but

        # instead we use get_or_create when creating unknown users since it has

        # built-in safeguards for multiple threads.

        if self.create_unknown_user:

            user, created = User.objects.get_or_create(username=username)

            if created:

                user = self.configure_user(user)

        else:

            try:

                user = User.objects.get(username=username)

            except User.DoesNotExist:

                pass

        return user

    def clean_username(self, username):

        """

        Performs any cleaning on the "username" prior to using it to get or

        create the user object.  Returns the cleaned username.

        By default, returns the username unchanged.

        """

        return username

    def configure_user(self, user):

        """

        Configures a user after creation and returns the updated user.

        By default, returns the user unmodified.

        """

        return user