Fix rbac (#7699)

* perf: 优化 suggesstion * perf: 修改 migrations * feat: 添加OIDC认证逻辑 * perf: 修改 backend * perf: 优化认证backends * perf: 优化认证backends * perf: 优化CAS认证, 用户多域名进行访问时回调到各自域名 Co-authored-by: ibuler <ibuler@qq.com>
2025-09-09 03:09:34 +00:00 · 2022-02-25 19:23:59 +08:00
parent 02ca473492
commit edfca5eb24
33 changed files with 1132 additions and 178 deletions
--- a/apps/rbac/backends.py
+++ b/apps/rbac/backends.py
@@ -1,13 +1,27 @@
-from django.contrib.auth.backends import ModelBackend
+from django.core.exceptions import PermissionDenied
+
+from authentication.backends.base import JMSBaseAuthBackend


-class RBACBackend(ModelBackend):
+class RBACBackend(JMSBaseAuthBackend):
+    """ 只做权限校验 """
+    @staticmethod
+    def is_enabled():
+        return True
+
+    def authenticate(self, *args, **kwargs):
+        return None
+
+    def username_can_authenticate(self, username):
+        return False
+
    def has_perm(self, user_obj, perm, obj=None):
        if not user_obj.is_active:
-            return False
-
+            raise PermissionDenied()
        has_perm = perm in user_obj.perms
+        if not has_perm:
+            raise PermissionDenied()
        return has_perm
-    #
+
    # def has_module_perms(self, user_obj, app_label):
    #     return True