globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

refactor: factorized User.load_permissions

Browse source
This commit is contained in:
Éloi Rivard 2024-04-06 19:22:47 +02:00
parent e02b54f327
commit fe809161ff
No known key found for this signature in database
GPG key ID: 7EDA204EA57DD184
4 changed files with 36 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
canaille/backends/ldap/models.py
View file

@ -54,6 +54,13 @@ class User(canaille.core.models.User, LDAPObject):
) )
return cls.get(filter=filter, **kwargs) return cls.get(filter=filter, **kwargs)
def match_filter(self, filter):
conn = Backend.get().connection
filter_ = self.acl_filter_to_ldap_filter(filter)
return not filter_ or (
self.dn and conn.search_s(self.dn, ldap.SCOPE_SUBTREE, filter_)
)
@classmethod @classmethod
def acl_filter_to_ldap_filter(cls, filter_): def acl_filter_to_ldap_filter(cls, filter_):
if isinstance(filter_, dict): if isinstance(filter_, dict):
@ -171,21 +178,6 @@ class User(canaille.core.models.User, LDAPObject):
self.state[group_attr] = new_groups self.state[group_attr] = new_groups
def load_permissions(self):
conn = Backend.get().connection
self._permissions = set()
self._readable_fields = set()
self._writable_fields = set()
for details in current_app.config["CANAILLE"]["ACL"].values():
filter_ = self.acl_filter_to_ldap_filter(details["FILTER"])
if not filter_ or (
self.dn and conn.search_s(self.dn, ldap.SCOPE_SUBTREE, filter_)
):
self._permissions |= set(details["PERMISSIONS"])
self._readable_fields |= set(details["READ"])
self._writable_fields |= set(details["WRITE"])
class Group(canaille.core.models.Group, LDAPObject): class Group(canaille.core.models.Group, LDAPObject):
attribute_map = { attribute_map = {

42
canaille/backends/memory/models.py
View file

@ -3,8 +3,6 @@ import datetime
import typing import typing
import uuid import uuid
from flask import current_app
import canaille.core.models import canaille.core.models
import canaille.oidc.models import canaille.oidc.models
from canaille.app import models from canaille.app import models
@ -235,31 +233,6 @@ class MemoryModel(BackendModel):
def identifier(self): def identifier(self):
return getattr(self, self.identifier_attribute) return getattr(self, self.identifier_attribute)
class User(canaille.core.models.User, MemoryModel):
identifier_attribute = "user_name"
model_attributes = {
"groups": ("Group", "members"),
}
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.load_permissions()
def reload(self):
super().reload()
self.load_permissions()
def load_permissions(self):
self._permissions = set()
self._readable_fields = set()
self._writable_fields = set()
for details in current_app.config["CANAILLE"]["ACL"].values():
if self.match_filter(details["FILTER"]):
self._permissions |= set(details["PERMISSIONS"])
self._readable_fields |= set(details["READ"])
self._writable_fields |= set(details["WRITE"])
def match_filter(self, filter): def match_filter(self, filter):
if filter is None: if filter is None:
return True return True
@ -280,6 +253,21 @@ class User(canaille.core.models.User, MemoryModel):
return any(self.match_filter(subfilter) for subfilter in filter) return any(self.match_filter(subfilter) for subfilter in filter)
class User(canaille.core.models.User, MemoryModel):
identifier_attribute = "user_name"
model_attributes = {
"groups": ("Group", "members"),
}
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.load_permissions()
def reload(self):
super().reload()
self.load_permissions()
@classmethod @classmethod
def get_from_login(cls, login=None, **kwargs): def get_from_login(cls, login=None, **kwargs):
return User.get(user_name=login) return User.get(user_name=login)

10
canaille/backends/sql/models.py
View file

@ -3,7 +3,6 @@ import typing
import uuid import uuid
from typing import List from typing import List
from flask import current_app
from sqlalchemy import Boolean from sqlalchemy import Boolean
from sqlalchemy import Column from sqlalchemy import Column
from sqlalchemy import ForeignKey from sqlalchemy import ForeignKey
@ -180,14 +179,7 @@ class User(canaille.core.models.User, Base, SqlAlchemyModel):
@reconstructor @reconstructor
def load_permissions(self): def load_permissions(self):
self._permissions = set() super().load_permissions()
self._readable_fields = set()
self._writable_fields = set()
for details in current_app.config["CANAILLE"]["ACL"].values():
if self.match_filter(details["FILTER"]):
self._permissions |= set(details["PERMISSIONS"])
self._readable_fields |= set(details["READ"])
self._writable_fields |= set(details["WRITE"])
def normalize_filter_value(self, attribute, value): def normalize_filter_value(self, attribute, value):
# not super generic, but we can improve this when we have # not super generic, but we can improve this when we have

13
canaille/core/models.py
View file

@ -2,6 +2,8 @@ import datetime
from typing import List from typing import List
from typing import Optional from typing import Optional
from flask import current_app
from canaille.backends.models import Model from canaille.backends.models import Model
@ -280,6 +282,17 @@ class User(Model):
datetime.timezone.utc datetime.timezone.utc
) )
def load_permissions(self):
self._permissions = set()
self._readable_fields = set()
self._writable_fields = set()
acls = current_app.config["CANAILLE"]["ACL"].values()
for details in acls:
if self.match_filter(details["FILTER"]):
self._permissions |= set(details["PERMISSIONS"])
self._readable_fields |= set(details["READ"])
self._writable_fields |= set(details["WRITE"])
class Group(Model): class Group(Model):
""" """