Last active
August 29, 2015 14:05
-
-
Save clintonb/0f022e148c718c44d87d to your computer and use it in GitHub Desktop.
Proposed Design for Permissions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
Workflow: | |
1. User authenticates and OIDC provider returns permissions as comma-delimited list of globs. | |
2. When user access a course page, call has_access() to verify permissions. | |
If no permissions, view should raise a 403 error. This can be accomplished with a mixin added to our existing views. | |
""" | |
# models.py | |
class UserCoursePermissons(models.Model): | |
user = models.ForeignKey(User, primary_key=True) # Unsure if foreign key can also be primary key | |
course_access_patterns = models.TextField() # Using text field to avoid future issues with data overflow/truncation | |
# pipeline.py | |
def update_user_course_permissions(strategy, details, user=None, *args, **kwargs): | |
if not user: | |
raise ... | |
patterns = details.get('analytics_api_courses') | |
ucp, created = UserCoursePermissons.objects.get_or_create(user=user, defaults={'course_access_patterns': patterns}) | |
if not created: | |
ucp.course_access_patterns = patterns | |
ucp.save() | |
return {} | |
# permissions.py | |
import fnmatch | |
def has_access(user, course_id): | |
uca = UserCoursePermissons.objects.get(user=user) | |
patterns = uca.course_access_patterns | |
if not Patterns: | |
return False | |
patterns = patterns.split(',') | |
return any(fnmatch.fnmatch(course_id, p) for p in patterns) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment