Mirrored_Repos/InvenTree
1
0
Fork 0
mirror of https://github.com/inventree/InvenTree synced 2024-08-30 18:33:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

out-of-scope: Add decorator to not require auth (#3633)

Browse Source
This commit is contained in:
Matthias Mair 2022-09-05 05:03:38 +02:00 committed by GitHub
parent abf133384b
commit b7d0bb9820
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
InvenTree/InvenTree/middleware.py
View File

@ -7,7 +7,7 @@ from django.conf import settings
from django.contrib.auth.middleware import PersistentRemoteUserMiddleware from django.contrib.auth.middleware import PersistentRemoteUserMiddleware
from django.http import HttpResponse from django.http import HttpResponse
from django.shortcuts import redirect from django.shortcuts import redirect
from django.urls import Resolver404, include, re_path, reverse_lazy from django.urls import Resolver404, include, re_path, resolve, reverse_lazy
from allauth_2fa.middleware import (AllauthTwoFactorMiddleware, from allauth_2fa.middleware import (AllauthTwoFactorMiddleware,
BaseRequire2FAMiddleware) BaseRequire2FAMiddleware)
@ -41,6 +41,11 @@ class AuthRequiredMiddleware(object):
if request.path_info.startswith('/api/'): if request.path_info.startswith('/api/'):
return self.get_response(request) return self.get_response(request)
# Is the function exempt from auth requirements?
path_func = resolve(request.path).func
if getattr(path_func, 'auth_exempt', False) is True:
return self.get_response(request)
if not request.user.is_authenticated: if not request.user.is_authenticated:
""" """
Normally, a web-based session would use csrftoken based authentication. Normally, a web-based session would use csrftoken based authentication.

10
InvenTree/InvenTree/permissions.py
View File

@ -1,5 +1,7 @@
"""Permission set for InvenTree.""" """Permission set for InvenTree."""
from functools import wraps
from rest_framework import permissions from rest_framework import permissions
import users.models import users.models
@ -63,3 +65,11 @@ class RolePermission(permissions.BasePermission):
result = users.models.RuleSet.check_table_permission(user, table, permission) result = users.models.RuleSet.check_table_permission(user, table, permission)
return result return result
def auth_exempt(view_func):
"""Mark a view function as being exempt from auth requirements."""
def wrapped_view(*args, **kwargs):
return view_func(*args, **kwargs)
wrapped_view.auth_exempt = True
return wraps(view_func)(wrapped_view)