File: backends.py

package info (click to toggle)
lava 2026.01-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 30,796 kB
  • sloc: python: 82,790; javascript: 16,658; sh: 1,364; makefile: 335
file content (68 lines) | stat: -rw-r--r-- 2,231 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
# Copyright (C) 2019 Linaro Limited
#
# Author: Stevan Radakovic <stevan.radakovic@linaro.org>
#
# SPDX-License-Identifier: GPL-2.0-or-later


from django.contrib.auth.backends import ModelBackend

from lava_scheduler_app.auth import PermissionAuth
from lava_scheduler_app.models import Device, DeviceType, Worker


def is_object_supported(obj):
    """
    Returns True if obj is supported. False if obj is None or not supported.
    """
    return isinstance(obj, (Device, DeviceType, Worker))


class GroupPermissionBackend(ModelBackend):
    def authenticate(self, username, password):
        return None

    def has_perm(self, user, perm, obj=None):
        if hasattr(user, "_cached_has_perm"):
            ret = user._cached_has_perm.get(perm, {}).get(obj)
            if ret is not None:
                return ret
        else:
            user._cached_has_perm = {}

        ret = self._has_perm(user, perm, obj)
        user._cached_has_perm.setdefault(perm, {})[obj] = ret
        return ret

    def _has_perm(self, user, perm, obj=None):
        """
        Returns True if given user has particular permission for the object.
        If no object is given, False is returned.
        """
        if not is_object_supported(obj):
            return False

        app_label, _ = perm.split(".", maxsplit=1)
        if app_label != obj._meta.app_label:
            raise ValueError("Passed perm has wrong app label: '%s'" % app_label)

        # Global permissions test. The django backend doesn't handle well
        # has_perm call when obj is not None so we have to do the check here
        # as well (https://github.com/django/django/blob/master/django/contrib/auth/backends.py#L104)
        if perm in super().get_all_permissions(user, None):
            return True

        auth = PermissionAuth(user)
        return auth.has_perm(perm, obj)

    def get_all_permissions(self, user, obj=None):
        """
        Returns a set of permissions that the given user has for object.
        """
        if not obj:
            return super().get_all_permissions(user, None)
        if not is_object_supported(obj):
            return set()

        auth = PermissionAuth(user)
        return auth.get_perms(obj)