blinkster: web/lib/django/contrib/auth/backends.py@cc9b7e14412b (annotated)

0 0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	1	from django.db import connection
29 cc9b7e14412b update django and lucene ymh <ymh.work@gmail.com> parents: 0 diff changeset	2	from django.contrib.auth.models import User, Permission
0 0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	3
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	4
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	5	class ModelBackend(object):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	6	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	7	Authenticates against django.contrib.auth.models.User.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	8	"""
29 cc9b7e14412b update django and lucene ymh <ymh.work@gmail.com> parents: 0 diff changeset	9	supports_object_permissions = False
cc9b7e14412b update django and lucene ymh <ymh.work@gmail.com> parents: 0 diff changeset	10	supports_anonymous_user = True
cc9b7e14412b update django and lucene ymh <ymh.work@gmail.com> parents: 0 diff changeset	11
0 0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	12	# TODO: Model, login attribute name and password attribute name should be
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	13	# configurable.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	14	def authenticate(self, username=None, password=None):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	15	try:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	16	user = User.objects.get(username=username)
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	17	if user.check_password(password):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	18	return user
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	19	except User.DoesNotExist:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	20	return None
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	21
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	22	def get_group_permissions(self, user_obj):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	23	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	24	Returns a set of permission strings that this user has through his/her
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	25	groups.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	26	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	27	if not hasattr(user_obj, '_group_perm_cache'):
29 cc9b7e14412b update django and lucene ymh <ymh.work@gmail.com> parents: 0 diff changeset	28	perms = Permission.objects.filter(group__user=user_obj
cc9b7e14412b update django and lucene ymh <ymh.work@gmail.com> parents: 0 diff changeset	29	).values_list('content_type__app_label', 'codename'
cc9b7e14412b update django and lucene ymh <ymh.work@gmail.com> parents: 0 diff changeset	30	).order_by()
cc9b7e14412b update django and lucene ymh <ymh.work@gmail.com> parents: 0 diff changeset	31	user_obj._group_perm_cache = set(["%s.%s" % (ct, name) for ct, name in perms])
0 0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	32	return user_obj._group_perm_cache
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	33
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	34	def get_all_permissions(self, user_obj):
29 cc9b7e14412b update django and lucene ymh <ymh.work@gmail.com> parents: 0 diff changeset	35	if user_obj.is_anonymous():
cc9b7e14412b update django and lucene ymh <ymh.work@gmail.com> parents: 0 diff changeset	36	return set()
0 0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	37	if not hasattr(user_obj, '_perm_cache'):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	38	user_obj._perm_cache = set([u"%s.%s" % (p.content_type.app_label, p.codename) for p in user_obj.user_permissions.select_related()])
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	39	user_obj._perm_cache.update(self.get_group_permissions(user_obj))
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	40	return user_obj._perm_cache
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	41
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	42	def has_perm(self, user_obj, perm):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	43	return perm in self.get_all_permissions(user_obj)
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	44
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	45	def has_module_perms(self, user_obj, app_label):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	46	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	47	Returns True if user_obj has any permissions in the given app_label.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	48	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	49	for perm in self.get_all_permissions(user_obj):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	50	if perm[:perm.index('.')] == app_label:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	51	return True
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	52	return False
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	53
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	54	def get_user(self, user_id):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	55	try:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	56	return User.objects.get(pk=user_id)
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	57	except User.DoesNotExist:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	58	return None
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	59
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	60
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	61	class RemoteUserBackend(ModelBackend):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	62	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	63	This backend is to be used in conjunction with the ``RemoteUserMiddleware``
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	64	found in the middleware module of this package, and is used when the server
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	65	is handling authentication outside of Django.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	66
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	67	By default, the ``authenticate`` method creates ``User`` objects for
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	68	usernames that don't already exist in the database. Subclasses can disable
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	69	this behavior by setting the ``create_unknown_user`` attribute to
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	70	``False``.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	71	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	72
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	73	# Create a User object if not already in the database?
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	74	create_unknown_user = True
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	75
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	76	def authenticate(self, remote_user):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	77	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	78	The username passed as ``remote_user`` is considered trusted. This
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	79	method simply returns the ``User`` object with the given username,
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	80	creating a new ``User`` object if ``create_unknown_user`` is ``True``.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	81
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	82	Returns None if ``create_unknown_user`` is ``False`` and a ``User``
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	83	object with the given username is not found in the database.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	84	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	85	if not remote_user:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	86	return
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	87	user = None
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	88	username = self.clean_username(remote_user)
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	89
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	90	# Note that this could be accomplished in one try-except clause, but
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	91	# instead we use get_or_create when creating unknown users since it has
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	92	# built-in safeguards for multiple threads.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	93	if self.create_unknown_user:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	94	user, created = User.objects.get_or_create(username=username)
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	95	if created:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	96	user = self.configure_user(user)
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	97	else:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	98	try:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	99	user = User.objects.get(username=username)
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	100	except User.DoesNotExist:
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	101	pass
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	102	return user
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	103
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	104	def clean_username(self, username):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	105	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	106	Performs any cleaning on the "username" prior to using it to get or
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	107	create the user object. Returns the cleaned username.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	108
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	109	By default, returns the username unchanged.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	110	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	111	return username
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	112
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	113	def configure_user(self, user):
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	114	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	115	Configures a user after creation and returns the updated user.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	116
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	117	By default, returns the user unmodified.
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	118	"""
0d40e90630ef Blinkster creation ymh <ymh.work@gmail.com> parents: diff changeset	119	return user

author	ymh <ymh.work@gmail.com>
	Tue, 25 May 2010 02:43:45 +0200
changeset 29	cc9b7e14412b
parent 0	0d40e90630ef
permissions	-rw-r--r--