allows mask for Oauth2

2025-10-30 23:39:54 +01:00 · 2025-10-17 17:45:41 +02:00
2 changed files with 10 additions and 1 deletions
--- a/apps/permission/backends.py
+++ b/apps/permission/backends.py
@@ -39,7 +39,15 @@ class PermissionBackend(ModelBackend):

            def permission_filter(membership_obj):
                query = Q(pk=-1)
+                if 'mask' in request.GET:
+                    try:
+                        rank = int(request.GET['mask'])
+                    except:
+                        rank = 42
+                    query &= Q(mask__rank__lte=rank)
                for scope in request.auth.scope.split(' '):
+                    if scope == "openid":
+                        continue
                    permission_id, club_id = scope.split('_')
                    if int(club_id) == membership_obj.club_id:
                        query |= Q(pk=permission_id)
--- a/apps/permission/scopes.py
+++ b/apps/permission/scopes.py
@@ -10,6 +10,7 @@ from note_kfet.middlewares import get_current_request
 from .backends import PermissionBackend
 from .models import Permission

+from django.utils.translation import gettext_lazy as _

 class PermissionScopes(BaseScopes):
    """
@@ -32,7 +33,7 @@ class PermissionScopes(BaseScopes):

        scopes = {f"{p.id}_{club.id}": f"{p.description} (club {club.name})"
                  for p in Permission.objects.all() for club in Club.objects.all()}
-        scopes['openid'] = "OpenID Connect"
+        scopes['openid'] = _("OpenID Connect (username and email)")
        return scopes

    def get_available_scopes(self, application=None, request=None, *args, **kwargs):