shaba/awx
1
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2024-11-01 08:21:15 +03:00
Code Releases Activity
8cae93c55f
awx/lib/main/rbac.py
Michael DeHaan 8cae93c55f Move RBAC code to seperate file.
2013-03-21 00:34:59 -04:00

40 lines
1.3 KiB
Python
Raw Blame History

from lib.main.models import *
from lib.main.serializers import *
from rest_framework import permissions
from django.contrib.auth.models import AnonymousUser
# FIXME: this will probably need to be subclassed by object type
class CustomRbac(permissions.BasePermission):
def _common_user_check(self, request):
# no anonymous users
if type(request.user) == AnonymousUser:
return False
# superusers are always good
if request.user.is_superuser:
return True
# other users must have associated acom user records & be active
acom_user = User.objects.filter(auth_user = request.user)
if len(acom_user) != 1:
return False
if not acom_user[0].active:
return False
return True
def has_permission(self, request, view, obj=None):
if not self._common_user_check(request):
return False
if obj is None:
return True
else:
# haven't tested around these confines yet
raise Exception("FIXME")
def has_object_permission(self, request, view, obj):
if not self._common_user_check(request):
return False
# FIXME: TODO: verify the user is actually allowed to see this resource
return True
View Git Blame Copy Permalink