1 from django
.contrib
.auth
.models
import User
, Permission
4 class ModelBackend(object):
6 Authenticates against django.contrib.auth.models.User.
8 supports_inactive_user
= True
10 # TODO: Model, login attribute name and password attribute name should be
12 def authenticate(self
, username
=None, password
=None):
14 user
= User
.objects
.get(username
=username
)
15 if user
.check_password(password
):
17 except User
.DoesNotExist
:
20 def get_group_permissions(self
, user_obj
, obj
=None):
22 Returns a set of permission strings that this user has through his/her
25 if user_obj
.is_anonymous() or obj
is not None:
27 if not hasattr(user_obj
, '_group_perm_cache'):
28 if user_obj
.is_superuser
:
29 perms
= Permission
.objects
.all()
31 perms
= Permission
.objects
.filter(group__user
=user_obj
)
32 perms
= perms
.values_list('content_type__app_label', 'codename').order_by()
33 user_obj
._group
_perm
_cache
= set(["%s.%s" % (ct
, name
) for ct
, name
in perms
])
34 return user_obj
._group
_perm
_cache
36 def get_all_permissions(self
, user_obj
, obj
=None):
37 if user_obj
.is_anonymous() or obj
is not None:
39 if not hasattr(user_obj
, '_perm_cache'):
40 user_obj
._perm
_cache
= set([u
"%s.%s" % (p
.content_type
.app_label
, p
.codename
) for p
in user_obj
.user_permissions
.select_related()])
41 user_obj
._perm
_cache
.update(self
.get_group_permissions(user_obj
))
42 return user_obj
._perm
_cache
44 def has_perm(self
, user_obj
, perm
, obj
=None):
45 if not user_obj
.is_active
:
47 return perm
in self
.get_all_permissions(user_obj
, obj
)
49 def has_module_perms(self
, user_obj
, app_label
):
51 Returns True if user_obj has any permissions in the given app_label.
53 if not user_obj
.is_active
:
55 for perm
in self
.get_all_permissions(user_obj
):
56 if perm
[:perm
.index('.')] == app_label
:
60 def get_user(self
, user_id
):
62 return User
.objects
.get(pk
=user_id
)
63 except User
.DoesNotExist
:
67 class RemoteUserBackend(ModelBackend
):
69 This backend is to be used in conjunction with the ``RemoteUserMiddleware``
70 found in the middleware module of this package, and is used when the server
71 is handling authentication outside of Django.
73 By default, the ``authenticate`` method creates ``User`` objects for
74 usernames that don't already exist in the database. Subclasses can disable
75 this behavior by setting the ``create_unknown_user`` attribute to
79 # Create a User object if not already in the database?
80 create_unknown_user
= True
82 def authenticate(self
, remote_user
):
84 The username passed as ``remote_user`` is considered trusted. This
85 method simply returns the ``User`` object with the given username,
86 creating a new ``User`` object if ``create_unknown_user`` is ``True``.
88 Returns None if ``create_unknown_user`` is ``False`` and a ``User``
89 object with the given username is not found in the database.
94 username
= self
.clean_username(remote_user
)
96 # Note that this could be accomplished in one try-except clause, but
97 # instead we use get_or_create when creating unknown users since it has
98 # built-in safeguards for multiple threads.
99 if self
.create_unknown_user
:
100 user
, created
= User
.objects
.get_or_create(username
=username
)
102 user
= self
.configure_user(user
)
105 user
= User
.objects
.get(username
=username
)
106 except User
.DoesNotExist
:
110 def clean_username(self
, username
):
112 Performs any cleaning on the "username" prior to using it to get or
113 create the user object. Returns the cleaned username.
115 By default, returns the username unchanged.
119 def configure_user(self
, user
):
121 Configures a user after creation and returns the updated user.
123 By default, returns the user unmodified.