nikdoof/test-auth
1
0
Fork 0
mirror of https://github.com/nikdoof/test-auth.git synced 2025-12-14 14:52:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use permissions instead of is_staff

Browse Source
This commit is contained in:
Andrew Williams
2011-05-25 13:33:05 +01:00
parent bf39194b4d
commit 79fd900a0c
2 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/sso/models.py
View File

@@ -43,6 +43,15 @@ class SSOUser(models.Model):
if created:
profile, created = SSOUser.objects.get_or_create(user=instance)
class Meta:
permissions = (
("can_view_users", "Can view any user's profile"),
("can_view_users_restricted", "Can view a restricted user profile"),
("can_search_users", "Can use the user search function"),
("can_refresh_users", "Can refresh a user's access"),
)
signals.post_save.connect(SSOUser.create_user_profile, sender=User)

9
app/sso/views.py
View File

@@ -155,7 +155,7 @@ def service_reset(request, serviceid=0):
def user_view(request, username=None):
""" View a user's profile as a admin """
if not request.user.is_staff:
if not request.user.has_perm('sso.can_view_users') and not request.user.has_perm('sso.can_view_users_restricted'):
return redirect('sso.views.profile')
if username:
@@ -167,9 +167,8 @@ def user_view(request, username=None):
return redirect('sso.views.user_lookup')
profile = user.get_profile()
is_admin = request.user.is_staff
if is_admin:
if installed('hr'):
if request.user.has_perm('hr.add_blacklist'):
from hr.utils import blacklist_values
blacklisted = len(blacklist_values(user))
services = ServiceAccount.objects.select_related('service').filter(user=user).only('service__name', 'service_uid', 'active')
@@ -184,7 +183,7 @@ def user_lookup(request):
form = UserLookupForm()
if not request.user.is_staff:
if not request.user.has_perm('sso.can_search_users'):
return redirect('sso.views.profile')
if request.method == 'POST':
@@ -247,7 +246,7 @@ def set_apipasswd(request):
def refresh_access(request, userid=0):
""" Refreshes the user's access """
if userid > 0 and request.user.is_staff:
if userid > 0 and request.user.has_perm('sso.can_refresh_users'):
update_user_access(userid)
elif request.user:
update_user_access(request.user.id)