jbdod/notes-ker-lann
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Check permissions per request instead of per user

Browse source 
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
This commit is contained in:
Yohann D'ANELLO 2021-06-15 14:40:32 +02:00
parent 5e9f36ef1a
commit ea092803d7
No known key found for this signature in database
GPG key ID: 3A75C55819C8CF85
25 changed files with 207 additions and 203 deletions
Download patch file Download diff file Expand all files Collapse all files

4
note_kfet/admin.py
View file

@ -6,7 +6,6 @@ from django.contrib.admin import AdminSite
from django.contrib.sites.admin import Site, SiteAdmin
from member.views import CustomLoginView
from .middlewares import get_current_session
class StrongAdminSite(AdminSite):
@ -14,8 +13,7 @@ class StrongAdminSite(AdminSite):
"""
Authorize only staff that have the correct permission mask
"""
session = get_current_session()
return request.user.is_active and request.user.is_staff and session.get("permission_mask", -1) >= 42
return request.user.is_active and request.user.is_staff and request.session.get("permission_mask", -1) >= 42
def login(self, request, extra_context=None):
return CustomLoginView.as_view()(request)