Move the Django API Permissions to a FastAPI dependency

This commit is contained in:
PapaTutuWawa 2021-02-05 13:28:08 +01:00
parent 117ab96017
commit 2f5f312d9c
2 changed files with 8 additions and 15 deletions

View File

@ -130,7 +130,6 @@ STATIC_ROOT = os.environ.get("DJANGO_STATIC_ROOT", os.path.join(BASE_DIR, "stati
MEDIA_ROOT = os.environ.get("DJANGO_MEDIA_ROOT", os.path.join(BASE_DIR, "media")) MEDIA_ROOT = os.environ.get("DJANGO_MEDIA_ROOT", os.path.join(BASE_DIR, "media"))
MEDIA_URL = "/user-media/" MEDIA_URL = "/user-media/"
ETEBASE_API_PERMISSIONS = ["rest_framework.permissions.IsAuthenticated"]
ETEBASE_API_AUTHENTICATORS = ( ETEBASE_API_AUTHENTICATORS = (
"django_etebase.token_auth.authentication.TokenAuthentication", "django_etebase.token_auth.authentication.TokenAuthentication",
"rest_framework.authentication.SessionAuthentication", "rest_framework.authentication.SessionAuthentication",
@ -143,8 +142,6 @@ config_locations = [
"/etc/etebase-server/etebase-server.ini", "/etc/etebase-server/etebase-server.ini",
] ]
ETEBASE_CREATE_USER_FUNC = "django_etebase.utils.create_user_blocked"
# Use config file if present # Use config file if present
if any(os.path.isfile(x) for x in config_locations): if any(os.path.isfile(x) for x in config_locations):
config = configparser.ConfigParser() config = configparser.ConfigParser()
@ -180,7 +177,7 @@ if any(os.path.isfile(x) for x in config_locations):
# Configure EteBase to use LDAP # Configure EteBase to use LDAP
ETEBASE_CREATE_USER_FUNC = "myauth.ldap.create_user" ETEBASE_CREATE_USER_FUNC = "myauth.ldap.create_user"
ETEBASE_API_PERMISSIONS.append("myauth.ldap.LDAPUserExists") ETEBASE_API_PERMISSIONS_READ = ["myauth.ldap.is_user_in_ldap"]
# Efficient file streaming (for large files) # Efficient file streaming (for large files)
SENDFILE_BACKEND = "django_etebase.sendfile.backends.simple" SENDFILE_BACKEND = "django_etebase.sendfile.backends.simple"

View File

@ -4,8 +4,10 @@ from django.utils import timezone
from django.conf import settings from django.conf import settings
from django.core.exceptions import PermissionDenied from django.core.exceptions import PermissionDenied
from django_etebase.utils import CallbackContext from django_etebase.utils import CallbackContext
from myauth.models import get_typed_user_model from myauth.models import get_typed_user_model, UserType
from rest_framework.permissions import BasePermission from etebase_fastapi.dependencies import get_authenticated_user
from etebase_fastapi.exceptions import PermissionDenied
from fastapi import Depends
import ldap import ldap
@ -76,15 +78,9 @@ class LDAPConnection:
return True return True
return False return False
def is_user_in_ldap(user: UserType = Depends(get_authenticated_user)):
class LDAPUserExists(BasePermission): if not LDAPConnection.get_instance().has_user(user.username):
""" raise PermissionDenied("User not in LDAP directory.")
A permission check which first checks with the LDAP directory if the user
exists.
"""
def has_permission(self, request, view):
return LDAPConnection.get_instance().has_user(request.user.username)
def create_user(context: CallbackContext, *args, **kwargs): def create_user(context: CallbackContext, *args, **kwargs):
""" """