From a234be098128743fd5ed163509d68ff65ab62acd Mon Sep 17 00:00:00 2001 From: chapeau Date: Thu, 13 May 2021 19:43:39 +0200 Subject: [PATCH] linter --- api/permissions.py | 9 +++++---- freeradius_utils/auth.py | 28 +++++++++++++--------------- 2 files changed, 18 insertions(+), 19 deletions(-) diff --git a/api/permissions.py b/api/permissions.py index 9f120bec..4061d7d7 100644 --- a/api/permissions.py +++ b/api/permissions.py @@ -213,7 +213,7 @@ class AutodetectACLPermission(permissions.BasePermission): return [perm(obj) for perm in self.perms_obj_map[method]] - @ staticmethod + @staticmethod def _queryset(view): return _get_param_in_view(view, "queryset") @@ -240,7 +240,9 @@ class AutodetectACLPermission(permissions.BasePermission): if getattr(view, "_ignore_model_permissions", False): return True - if not getattr(view, "queryset", None): + # Bypass permission verifications if it is a functional view + # (permissions are handled by ACL) + if not hasattr(view, "queryset") and not hasattr(view, "get_queryset"): return True if not request.user or not request.user.is_authenticated: @@ -277,8 +279,7 @@ class AutodetectACLPermission(permissions.BasePermission): # they have read permissions to see 403, or not, and simply see # a 404 response. - SAFE_METHODS = ("GET", "OPTIONS", "HEAD", - "POST", "PUT", "PATCH", "DELETE") + SAFE_METHODS = ("GET", "OPTIONS", "HEAD", "POST", "PUT", "PATCH", "DELETE") if request.method in SAFE_METHODS: # Read permissions already checked and failed, no need diff --git a/freeradius_utils/auth.py b/freeradius_utils/auth.py index f4201f44..d41e9a5a 100644 --- a/freeradius_utils/auth.py +++ b/freeradius_utils/auth.py @@ -34,12 +34,12 @@ https://github.com/FreeRADIUS/freeradius-server/blob/master/src/modules/rlm_pyth Inspired by Daniel Stan in Crans """ +import logging import os import sys -import logging import traceback -import radiusd # Magic module freeradius (radiusd.py is dummy) +import radiusd # Magic module freeradius (radiusd.py is dummy) from django.core.wsgi import get_wsgi_application from django.db.models import Q @@ -54,11 +54,10 @@ os.chdir(proj_path) # This is so models get loaded. application = get_wsgi_application() -from machines.models import Interface, IpList, Nas, Domain +from machines.models import Domain, Interface, IpList, Nas +from preferences.models import RadiusOption from topologie.models import Port, Switch from users.models import User -from preferences.models import RadiusOption - # Logging @@ -76,7 +75,7 @@ class RadiusdHandler(logging.Handler): radiusd.radlog(rad_sig, str(record.msg)) -# Init for logging +# Init for logging logger = logging.getLogger("auth.py") logger.setLevel(logging.DEBUG) formatter = logging.Formatter("%(name)s: [%(levelname)s] %(message)s") @@ -97,7 +96,7 @@ def radius_event(fun): """ def new_f(auth_data): - """ The function transforming the tuples as dict """ + """The function transforming the tuples as dict """ if isinstance(auth_data, dict): data = auth_data else: @@ -132,10 +131,10 @@ def authorize(data): - If the nas is known, we apply the 802.1X if enabled, - It the nas is known AND nas auth is enabled with mac address, returns accept here""" - # For proxified request, split + # For proxified request, split nas = data.get("NAS-IP-Address", data.get("NAS-Identifier", None)) nas_instance = find_nas_from_request(nas) - # For none proxified requests + # For none proxified requests nas_type = None if nas_instance: nas_type = Nas.objects.filter(nas_type=nas_instance.machine_type).first() @@ -162,12 +161,11 @@ def authorize(data): @radius_event def post_auth(data): - """ Function called after the user is authenticated - """ + """ Function called after the user is authenticated""" nas = data.get("NAS-IP-Address", data.get("NAS-Identifier", None)) nas_instance = find_nas_from_request(nas) - # All non proxified requests + # All non proxified requests if not nas_instance: logger.info("Proxified request, nas unknown") return radiusd.RLM_MODULE_OK @@ -309,7 +307,7 @@ def decide_vlan_switch(nas_machine, nas_type, port_number, mac_address): - no room : Decision set in Re2o RadiusOption, - no user in this room : Reject, - user of this room is banned or disable : Reject, - - user of this room non-contributor and not whitelisted: + - user of this room non-contributor and not whitelisted: Decision set in Re2o RadiusOption - mode common : - mac-address already registered: @@ -336,7 +334,7 @@ def decide_vlan_switch(nas_machine, nas_type, port_number, mac_address): } # Get port from switch and port number extra_log = "" - # If NAS is unknown, go to default vlan + # If NAS is unknown, go to default vlan if not nas_machine: return ( "?", @@ -366,7 +364,7 @@ def decide_vlan_switch(nas_machine, nas_type, port_number, mac_address): RadiusOption.get_cached_value("unknown_port") != RadiusOption.REJECT, RadiusOption.get_attributes("unknown_port_attributes", attributes_kwargs), ) - + # Retrieve port profile port_profile = port.get_port_profile