python/lib/django_1_4/django/contrib/auth/backends.py

   1 from django.contrib.auth.models import User, Permission
   2
   3
   4 class ModelBackend(object):
   5     """
   6     Authenticates against django.contrib.auth.models.User.
   7     """
   8     supports_inactive_user = True
   9
  10     # TODO: Model, login attribute name and password attribute name should be
  11     # configurable.
  12     def authenticate(self, username=None, password=None):
  13         try:
  14             user = User.objects.get(username=username)
  15             if user.check_password(password):
  16                 return user
  17         except User.DoesNotExist:
  18             return None
  19
  20     def get_group_permissions(self, user_obj, obj=None):
  21         """
  22         Returns a set of permission strings that this user has through his/her
  23         groups.
  24         """
  25         if user_obj.is_anonymous() or obj is not None:
  26             return set()
  27         if not hasattr(user_obj, '_group_perm_cache'):
  28             if user_obj.is_superuser:
  29                 perms = Permission.objects.all()
  30             else:
  31                 perms = Permission.objects.filter(group__user=user_obj)
  32             perms = perms.values_list('content_type__app_label', 'codename').order_by()
  33             user_obj._group_perm_cache = set(["%s.%s" % (ct, name) for ct, name in perms])
  34         return user_obj._group_perm_cache
  35
  36     def get_all_permissions(self, user_obj, obj=None):
  37         if user_obj.is_anonymous() or obj is not None:
  38             return set()
  39         if not hasattr(user_obj, '_perm_cache'):
  40             user_obj._perm_cache = set([u"%s.%s" % (p.content_type.app_label, p.codename) for p in user_obj.user_permissions.select_related()])
  41             user_obj._perm_cache.update(self.get_group_permissions(user_obj))
  42         return user_obj._perm_cache
  43
  44     def has_perm(self, user_obj, perm, obj=None):
  45         if not user_obj.is_active:
  46             return False
  47         return perm in self.get_all_permissions(user_obj, obj)
  48
  49     def has_module_perms(self, user_obj, app_label):
  50         """
  51         Returns True if user_obj has any permissions in the given app_label.
  52         """
  53         if not user_obj.is_active:
  54             return False
  55         for perm in self.get_all_permissions(user_obj):
  56             if perm[:perm.index('.')] == app_label:
  57                 return True
  58         return False
  59
  60     def get_user(self, user_id):
  61         try:
  62             return User.objects.get(pk=user_id)
  63         except User.DoesNotExist:
  64             return None
  65
  66
  67 class RemoteUserBackend(ModelBackend):
  68     """
  69     This backend is to be used in conjunction with the ``RemoteUserMiddleware``
  70     found in the middleware module of this package, and is used when the server
  71     is handling authentication outside of Django.
  72
  73     By default, the ``authenticate`` method creates ``User`` objects for
  74     usernames that don't already exist in the database.  Subclasses can disable
  75     this behavior by setting the ``create_unknown_user`` attribute to
  76     ``False``.
  77     """
  78
  79     # Create a User object if not already in the database?
  80     create_unknown_user = True
  81
  82     def authenticate(self, remote_user):
  83         """
  84         The username passed as ``remote_user`` is considered trusted.  This
  85         method simply returns the ``User`` object with the given username,
  86         creating a new ``User`` object if ``create_unknown_user`` is ``True``.
  87
  88         Returns None if ``create_unknown_user`` is ``False`` and a ``User``
  89         object with the given username is not found in the database.
  90         """
  91         if not remote_user:
  92             return
  93         user = None
  94         username = self.clean_username(remote_user)
  95
  96         # Note that this could be accomplished in one try-except clause, but
  97         # instead we use get_or_create when creating unknown users since it has
  98         # built-in safeguards for multiple threads.
  99         if self.create_unknown_user:
 100             user, created = User.objects.get_or_create(username=username)
 101             if created:
 102                 user = self.configure_user(user)
 103         else:
 104             try:
 105                 user = User.objects.get(username=username)
 106             except User.DoesNotExist:
 107                 pass
 108         return user
 109
 110     def clean_username(self, username):
 111         """
 112         Performs any cleaning on the "username" prior to using it to get or
 113         create the user object.  Returns the cleaned username.
 114
 115         By default, returns the username unchanged.
 116         """
 117         return username
 118
 119     def configure_user(self, user):
 120         """
 121         Configures a user after creation and returns the updated user.
 122
 123         By default, returns the user unmodified.
 124         """
 125         return user