From d2cc1b902d8186290a0bc9c0e60108a94419f9e8 Mon Sep 17 00:00:00 2001 From: quark Date: Fri, 17 Oct 2025 17:45:41 +0200 Subject: [PATCH] allows mask for Oauth2 --- apps/permission/backends.py | 8 ++++++++ apps/permission/scopes.py | 3 ++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/apps/permission/backends.py b/apps/permission/backends.py index a7beeeb6..37134713 100644 --- a/apps/permission/backends.py +++ b/apps/permission/backends.py @@ -39,7 +39,15 @@ class PermissionBackend(ModelBackend): def permission_filter(membership_obj): query = Q(pk=-1) + if 'mask' in request.GET: + try: + rank = int(request.GET['mask']) + except: + rank = 42 + query &= Q(mask__rank__lte=rank) for scope in request.auth.scope.split(' '): + if scope == "openid": + continue permission_id, club_id = scope.split('_') if int(club_id) == membership_obj.club_id: query |= Q(pk=permission_id) diff --git a/apps/permission/scopes.py b/apps/permission/scopes.py index 2842546f..d05bf297 100644 --- a/apps/permission/scopes.py +++ b/apps/permission/scopes.py @@ -10,6 +10,7 @@ from note_kfet.middlewares import get_current_request from .backends import PermissionBackend from .models import Permission +from django.utils.translation import gettext_lazy as _ class PermissionScopes(BaseScopes): """ @@ -32,7 +33,7 @@ class PermissionScopes(BaseScopes): scopes = {f"{p.id}_{club.id}": f"{p.description} (club {club.name})" for p in Permission.objects.all() for club in Club.objects.all()} - scopes['openid'] = "OpenID Connect" + scopes['openid'] = _("OpenID Connect (username and email)") return scopes def get_available_scopes(self, application=None, request=None, *args, **kwargs):