diff -r 8d941af65caf -r 77b6da96e6f1 web/lib/django/contrib/auth/backends.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/web/lib/django/contrib/auth/backends.py Wed Jun 02 18:57:35 2010 +0200 @@ -0,0 +1,119 @@ +from django.db import connection +from django.contrib.auth.models import User, Permission + + +class ModelBackend(object): + """ + Authenticates against django.contrib.auth.models.User. + """ + supports_object_permissions = False + supports_anonymous_user = True + + # TODO: Model, login attribute name and password attribute name should be + # configurable. + def authenticate(self, username=None, password=None): + try: + user = User.objects.get(username=username) + if user.check_password(password): + return user + except User.DoesNotExist: + return None + + def get_group_permissions(self, user_obj): + """ + Returns a set of permission strings that this user has through his/her + groups. + """ + if not hasattr(user_obj, '_group_perm_cache'): + perms = Permission.objects.filter(group__user=user_obj + ).values_list('content_type__app_label', 'codename' + ).order_by() + user_obj._group_perm_cache = set(["%s.%s" % (ct, name) for ct, name in perms]) + return user_obj._group_perm_cache + + def get_all_permissions(self, user_obj): + if user_obj.is_anonymous(): + return set() + if not hasattr(user_obj, '_perm_cache'): + user_obj._perm_cache = set([u"%s.%s" % (p.content_type.app_label, p.codename) for p in user_obj.user_permissions.select_related()]) + user_obj._perm_cache.update(self.get_group_permissions(user_obj)) + return user_obj._perm_cache + + def has_perm(self, user_obj, perm): + return perm in self.get_all_permissions(user_obj) + + def has_module_perms(self, user_obj, app_label): + """ + Returns True if user_obj has any permissions in the given app_label. + """ + for perm in self.get_all_permissions(user_obj): + if perm[:perm.index('.')] == app_label: + return True + return False + + def get_user(self, user_id): + try: + return User.objects.get(pk=user_id) + except User.DoesNotExist: + return None + + +class RemoteUserBackend(ModelBackend): + """ + This backend is to be used in conjunction with the ``RemoteUserMiddleware`` + found in the middleware module of this package, and is used when the server + is handling authentication outside of Django. + + By default, the ``authenticate`` method creates ``User`` objects for + usernames that don't already exist in the database. Subclasses can disable + this behavior by setting the ``create_unknown_user`` attribute to + ``False``. + """ + + # Create a User object if not already in the database? + create_unknown_user = True + + def authenticate(self, remote_user): + """ + The username passed as ``remote_user`` is considered trusted. This + method simply returns the ``User`` object with the given username, + creating a new ``User`` object if ``create_unknown_user`` is ``True``. + + Returns None if ``create_unknown_user`` is ``False`` and a ``User`` + object with the given username is not found in the database. + """ + if not remote_user: + return + user = None + username = self.clean_username(remote_user) + + # Note that this could be accomplished in one try-except clause, but + # instead we use get_or_create when creating unknown users since it has + # built-in safeguards for multiple threads. + if self.create_unknown_user: + user, created = User.objects.get_or_create(username=username) + if created: + user = self.configure_user(user) + else: + try: + user = User.objects.get(username=username) + except User.DoesNotExist: + pass + return user + + def clean_username(self, username): + """ + Performs any cleaning on the "username" prior to using it to get or + create the user object. Returns the cleaned username. + + By default, returns the username unchanged. + """ + return username + + def configure_user(self, user): + """ + Configures a user after creation and returns the updated user. + + By default, returns the user unmodified. + """ + return user