mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-05 17:36:27 +00:00
linter
This commit is contained in:
parent
f70b97677f
commit
a234be0981
2 changed files with 18 additions and 19 deletions
|
|
@ -213,7 +213,7 @@ class AutodetectACLPermission(permissions.BasePermission):
|
||||||
|
|
||||||
return [perm(obj) for perm in self.perms_obj_map[method]]
|
return [perm(obj) for perm in self.perms_obj_map[method]]
|
||||||
|
|
||||||
@ staticmethod
|
@staticmethod
|
||||||
def _queryset(view):
|
def _queryset(view):
|
||||||
return _get_param_in_view(view, "queryset")
|
return _get_param_in_view(view, "queryset")
|
||||||
|
|
||||||
|
|
@ -240,7 +240,9 @@ class AutodetectACLPermission(permissions.BasePermission):
|
||||||
if getattr(view, "_ignore_model_permissions", False):
|
if getattr(view, "_ignore_model_permissions", False):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
if not getattr(view, "queryset", None):
|
# Bypass permission verifications if it is a functional view
|
||||||
|
# (permissions are handled by ACL)
|
||||||
|
if not hasattr(view, "queryset") and not hasattr(view, "get_queryset"):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
if not request.user or not request.user.is_authenticated:
|
if not request.user or not request.user.is_authenticated:
|
||||||
|
|
@ -277,8 +279,7 @@ class AutodetectACLPermission(permissions.BasePermission):
|
||||||
# they have read permissions to see 403, or not, and simply see
|
# they have read permissions to see 403, or not, and simply see
|
||||||
# a 404 response.
|
# a 404 response.
|
||||||
|
|
||||||
SAFE_METHODS = ("GET", "OPTIONS", "HEAD",
|
SAFE_METHODS = ("GET", "OPTIONS", "HEAD", "POST", "PUT", "PATCH", "DELETE")
|
||||||
"POST", "PUT", "PATCH", "DELETE")
|
|
||||||
|
|
||||||
if request.method in SAFE_METHODS:
|
if request.method in SAFE_METHODS:
|
||||||
# Read permissions already checked and failed, no need
|
# Read permissions already checked and failed, no need
|
||||||
|
|
|
||||||
|
|
@ -34,12 +34,12 @@ https://github.com/FreeRADIUS/freeradius-server/blob/master/src/modules/rlm_pyth
|
||||||
Inspired by Daniel Stan in Crans
|
Inspired by Daniel Stan in Crans
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
import logging
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
import logging
|
|
||||||
import traceback
|
import traceback
|
||||||
import radiusd # Magic module freeradius (radiusd.py is dummy)
|
|
||||||
|
|
||||||
|
import radiusd # Magic module freeradius (radiusd.py is dummy)
|
||||||
from django.core.wsgi import get_wsgi_application
|
from django.core.wsgi import get_wsgi_application
|
||||||
from django.db.models import Q
|
from django.db.models import Q
|
||||||
|
|
||||||
|
|
@ -54,11 +54,10 @@ os.chdir(proj_path)
|
||||||
# This is so models get loaded.
|
# This is so models get loaded.
|
||||||
application = get_wsgi_application()
|
application = get_wsgi_application()
|
||||||
|
|
||||||
from machines.models import Interface, IpList, Nas, Domain
|
from machines.models import Domain, Interface, IpList, Nas
|
||||||
|
from preferences.models import RadiusOption
|
||||||
from topologie.models import Port, Switch
|
from topologie.models import Port, Switch
|
||||||
from users.models import User
|
from users.models import User
|
||||||
from preferences.models import RadiusOption
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Logging
|
# Logging
|
||||||
|
|
@ -76,7 +75,7 @@ class RadiusdHandler(logging.Handler):
|
||||||
radiusd.radlog(rad_sig, str(record.msg))
|
radiusd.radlog(rad_sig, str(record.msg))
|
||||||
|
|
||||||
|
|
||||||
# Init for logging
|
# Init for logging
|
||||||
logger = logging.getLogger("auth.py")
|
logger = logging.getLogger("auth.py")
|
||||||
logger.setLevel(logging.DEBUG)
|
logger.setLevel(logging.DEBUG)
|
||||||
formatter = logging.Formatter("%(name)s: [%(levelname)s] %(message)s")
|
formatter = logging.Formatter("%(name)s: [%(levelname)s] %(message)s")
|
||||||
|
|
@ -97,7 +96,7 @@ def radius_event(fun):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def new_f(auth_data):
|
def new_f(auth_data):
|
||||||
""" The function transforming the tuples as dict """
|
"""The function transforming the tuples as dict """
|
||||||
if isinstance(auth_data, dict):
|
if isinstance(auth_data, dict):
|
||||||
data = auth_data
|
data = auth_data
|
||||||
else:
|
else:
|
||||||
|
|
@ -132,10 +131,10 @@ def authorize(data):
|
||||||
- If the nas is known, we apply the 802.1X if enabled,
|
- If the nas is known, we apply the 802.1X if enabled,
|
||||||
- It the nas is known AND nas auth is enabled with mac address, returns
|
- It the nas is known AND nas auth is enabled with mac address, returns
|
||||||
accept here"""
|
accept here"""
|
||||||
# For proxified request, split
|
# For proxified request, split
|
||||||
nas = data.get("NAS-IP-Address", data.get("NAS-Identifier", None))
|
nas = data.get("NAS-IP-Address", data.get("NAS-Identifier", None))
|
||||||
nas_instance = find_nas_from_request(nas)
|
nas_instance = find_nas_from_request(nas)
|
||||||
# For none proxified requests
|
# For none proxified requests
|
||||||
nas_type = None
|
nas_type = None
|
||||||
if nas_instance:
|
if nas_instance:
|
||||||
nas_type = Nas.objects.filter(nas_type=nas_instance.machine_type).first()
|
nas_type = Nas.objects.filter(nas_type=nas_instance.machine_type).first()
|
||||||
|
|
@ -162,12 +161,11 @@ def authorize(data):
|
||||||
|
|
||||||
@radius_event
|
@radius_event
|
||||||
def post_auth(data):
|
def post_auth(data):
|
||||||
""" Function called after the user is authenticated
|
""" Function called after the user is authenticated"""
|
||||||
"""
|
|
||||||
|
|
||||||
nas = data.get("NAS-IP-Address", data.get("NAS-Identifier", None))
|
nas = data.get("NAS-IP-Address", data.get("NAS-Identifier", None))
|
||||||
nas_instance = find_nas_from_request(nas)
|
nas_instance = find_nas_from_request(nas)
|
||||||
# All non proxified requests
|
# All non proxified requests
|
||||||
if not nas_instance:
|
if not nas_instance:
|
||||||
logger.info("Proxified request, nas unknown")
|
logger.info("Proxified request, nas unknown")
|
||||||
return radiusd.RLM_MODULE_OK
|
return radiusd.RLM_MODULE_OK
|
||||||
|
|
@ -309,7 +307,7 @@ def decide_vlan_switch(nas_machine, nas_type, port_number, mac_address):
|
||||||
- no room : Decision set in Re2o RadiusOption,
|
- no room : Decision set in Re2o RadiusOption,
|
||||||
- no user in this room : Reject,
|
- no user in this room : Reject,
|
||||||
- user of this room is banned or disable : Reject,
|
- user of this room is banned or disable : Reject,
|
||||||
- user of this room non-contributor and not whitelisted:
|
- user of this room non-contributor and not whitelisted:
|
||||||
Decision set in Re2o RadiusOption
|
Decision set in Re2o RadiusOption
|
||||||
- mode common :
|
- mode common :
|
||||||
- mac-address already registered:
|
- mac-address already registered:
|
||||||
|
|
@ -336,7 +334,7 @@ def decide_vlan_switch(nas_machine, nas_type, port_number, mac_address):
|
||||||
}
|
}
|
||||||
# Get port from switch and port number
|
# Get port from switch and port number
|
||||||
extra_log = ""
|
extra_log = ""
|
||||||
# If NAS is unknown, go to default vlan
|
# If NAS is unknown, go to default vlan
|
||||||
if not nas_machine:
|
if not nas_machine:
|
||||||
return (
|
return (
|
||||||
"?",
|
"?",
|
||||||
|
|
@ -366,7 +364,7 @@ def decide_vlan_switch(nas_machine, nas_type, port_number, mac_address):
|
||||||
RadiusOption.get_cached_value("unknown_port") != RadiusOption.REJECT,
|
RadiusOption.get_cached_value("unknown_port") != RadiusOption.REJECT,
|
||||||
RadiusOption.get_attributes("unknown_port_attributes", attributes_kwargs),
|
RadiusOption.get_attributes("unknown_port_attributes", attributes_kwargs),
|
||||||
)
|
)
|
||||||
|
|
||||||
# Retrieve port profile
|
# Retrieve port profile
|
||||||
port_profile = port.get_port_profile
|
port_profile = port.get_port_profile
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue