VladPolskiy/postgres-web
1
0
Fork 0
mirror of https://github.com/postgres/pgweb.git synced 2025-08-12 23:05:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
0938dba4b8286a0436236f8cd627114f0680ddc2
postgres-web/pgweb/account/admin.py
Magnus Hagander f7d6709fae Implement consent for third party orgs in commmunity auth 
This adds a new model for CommunityAuthOrg representing the organisation
that runs the system that's being authenticated (e.g. PostgreSQL Europe
or PostgreSQL US). For this we just keep a name and a "is consent required" flag.

In the case where consent is required, we keep track on a per-user basis
of if they have given consent to sharing their data with this
organistion. If they haven't, we ask for it before completing the
redirect and actually sharing the data.
2018-05-30 16:25:37 -04:00

55 lines
1.9 KiB
Python
Raw Blame History

from django.contrib import admin
from django.contrib.auth.admin import UserAdmin
from django.contrib.auth.forms import UserChangeForm
from django.contrib.auth.models import User
from django import forms
import base64
from models import CommunityAuthSite, CommunityAuthOrg
class CommunityAuthSiteAdminForm(forms.ModelForm):
class Meta:
model = CommunityAuthSite
exclude = ()
def clean_cryptkey(self):
x = None
try:
x = base64.b64decode(self.cleaned_data['cryptkey'])
except TypeError:
raise forms.ValidationError("Crypto key must be base64 encoded")
if (len(x) != 16 and len(x) != 24 and len(x) != 32):
raise forms.ValidationError("Crypto key must be 16, 24 or 32 bytes before being base64-encoded")
return self.cleaned_data['cryptkey']
class CommunityAuthSiteAdmin(admin.ModelAdmin):
form = CommunityAuthSiteAdminForm
class PGUserChangeForm(UserChangeForm):
"""just like UserChangeForm, butremoves "username" requirement"""
def __init__(self, *args, **kwargs):
super(PGUserChangeForm, self).__init__(*args, **kwargs)
# because the auth.User model is set to "blank=False" and the Django
# auth.UserChangeForm is setup as a ModelForm, it will always validate
# the "username" even though it is not present. Thus the best way to
# avoid the validation is to remove the "username" field, if it exists
if self.fields.get('username'):
del self.fields['username']
class PGUserAdmin(UserAdmin):
"""overrides default Django user admin"""
form = PGUserChangeForm
def get_readonly_fields(self, request, obj=None):
"""this prevents users from changing a username once created"""
if obj:
return self.readonly_fields + ('username',)
return self.readonly_fields
admin.site.register(CommunityAuthSite, CommunityAuthSiteAdmin)
admin.site.register(CommunityAuthOrg)
admin.site.unregister(User) # have to unregister default User Admin...
admin.site.register(User, PGUserAdmin) # ...in order to add overrides
Reference in New Issue View Git Blame Copy Permalink