Move the Django API Permissions to a FastAPI dependency
This commit is contained in:
parent
117ab96017
commit
2f5f312d9c
@ -130,7 +130,6 @@ STATIC_ROOT = os.environ.get("DJANGO_STATIC_ROOT", os.path.join(BASE_DIR, "stati
|
||||
MEDIA_ROOT = os.environ.get("DJANGO_MEDIA_ROOT", os.path.join(BASE_DIR, "media"))
|
||||
MEDIA_URL = "/user-media/"
|
||||
|
||||
ETEBASE_API_PERMISSIONS = ["rest_framework.permissions.IsAuthenticated"]
|
||||
ETEBASE_API_AUTHENTICATORS = (
|
||||
"django_etebase.token_auth.authentication.TokenAuthentication",
|
||||
"rest_framework.authentication.SessionAuthentication",
|
||||
@ -143,8 +142,6 @@ config_locations = [
|
||||
"/etc/etebase-server/etebase-server.ini",
|
||||
]
|
||||
|
||||
ETEBASE_CREATE_USER_FUNC = "django_etebase.utils.create_user_blocked"
|
||||
|
||||
# Use config file if present
|
||||
if any(os.path.isfile(x) for x in config_locations):
|
||||
config = configparser.ConfigParser()
|
||||
@ -180,7 +177,7 @@ if any(os.path.isfile(x) for x in config_locations):
|
||||
|
||||
# Configure EteBase to use LDAP
|
||||
ETEBASE_CREATE_USER_FUNC = "myauth.ldap.create_user"
|
||||
ETEBASE_API_PERMISSIONS.append("myauth.ldap.LDAPUserExists")
|
||||
ETEBASE_API_PERMISSIONS_READ = ["myauth.ldap.is_user_in_ldap"]
|
||||
|
||||
# Efficient file streaming (for large files)
|
||||
SENDFILE_BACKEND = "django_etebase.sendfile.backends.simple"
|
||||
|
||||
@ -4,8 +4,10 @@ from django.utils import timezone
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django_etebase.utils import CallbackContext
|
||||
from myauth.models import get_typed_user_model
|
||||
from rest_framework.permissions import BasePermission
|
||||
from myauth.models import get_typed_user_model, UserType
|
||||
from etebase_fastapi.dependencies import get_authenticated_user
|
||||
from etebase_fastapi.exceptions import PermissionDenied
|
||||
from fastapi import Depends
|
||||
|
||||
import ldap
|
||||
|
||||
@ -76,15 +78,9 @@ class LDAPConnection:
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
class LDAPUserExists(BasePermission):
|
||||
"""
|
||||
A permission check which first checks with the LDAP directory if the user
|
||||
exists.
|
||||
"""
|
||||
|
||||
def has_permission(self, request, view):
|
||||
return LDAPConnection.get_instance().has_user(request.user.username)
|
||||
def is_user_in_ldap(user: UserType = Depends(get_authenticated_user)):
|
||||
if not LDAPConnection.get_instance().has_user(user.username):
|
||||
raise PermissionDenied("User not in LDAP directory.")
|
||||
|
||||
def create_user(context: CallbackContext, *args, **kwargs):
|
||||
"""
|
||||
|
||||
Loading…
Reference in New Issue
Block a user