Client Credential Flow implementation

2025-11-08 15:59:50 +01:00 · 2025-11-07 15:49:01 +01:00
parent 68341a2a7e
commit bfd50e3cd5
4 changed files with 56 additions and 31 deletions
--- a/apps/permission/backends.py
+++ b/apps/permission/backends.py
@@ -21,7 +21,7 @@ class PermissionBackend(ModelBackend):
    Manage permissions of users
    """
    supports_object_permissions = True
-    supports_anonymous_user = False
+    supports_anonymous_user = True
    supports_inactive_user = False

    @staticmethod
@@ -33,24 +33,18 @@ class PermissionBackend(ModelBackend):
        :param t: The type of the permissions: view, change, add or delete
        :return: The queryset of the permissions of the user (memoized) grouped by clubs
        """
-        if hasattr(request, 'auth') and request.auth is not None and hasattr(request.auth, 'scope'):
+        if hasattr(request, 'oauth2') and request.oauth2 is not None and 'scope' in request.oauth2:
            # OAuth2 Authentication
-            user = request.auth.user
+            user = request.oauth2['user']

            def permission_filter(membership_obj):
                query = Q(pk=-1)
-                if 'mask' in request.GET:
-                    try:
-                        rank = int(request.GET['mask'])
-                    except ValueError:
-                        rank = 42
-                    query &= Q(mask__rank__lte=rank)
-                for scope in request.auth.scope.split(' '):
+                for scope in request.oauth2['scope']:
                    if scope == "openid":
                        continue
                    permission_id, club_id = scope.split('_')
                    if int(club_id) == membership_obj.club_id:
-                        query |= Q(pk=permission_id)
+                        query |= Q(pk=permission_id, mask__rank__lte=request.oauth2['mask'])
                return query
        else:
            user = request.user