From 7147b68c0964e7a438b8a0fc9f9a5e04123dac11 Mon Sep 17 00:00:00 2001
From: Frank Sauerburger <frank@sauerburger.com>
Date: Tue, 2 Mar 2021 23:24:00 +0100
Subject: [PATCH] Assign public view permission to any-user group
---
app/hkp/tests.py | 11 +++++------
app/keys_home/migrations/0001_initial.py | 13 +++++++++----
app/keys_home/signals.py | 6 +++++-
app/owlca/views.py | 13 ++++++-------
app/pgp/views.py | 6 +++---
app/ssh/views.py | 7 +++----
app/wkd/tests.py | 11 +++++------
7 files changed, 36 insertions(+), 31 deletions(-)
diff --git a/app/hkp/tests.py b/app/hkp/tests.py
index c2d8b32..51852c9 100644
--- a/app/hkp/tests.py
+++ b/app/hkp/tests.py
@@ -1,7 +1,6 @@
from django.test import TestCase
-
+from django.contrib.auth.models import Group
from guardian.shortcuts import assign_perm
-from guardian.utils import get_anonymous_user
from pgp import models
@@ -13,8 +12,8 @@ class CorsHeadersTestCase(TestCase):
email="frank@sauerburger.com",
keyid="123456789",
)
- anonymous = get_anonymous_user()
- assign_perm('view_publickey', anonymous, self.toykey)
+ any_user = Group.objects.get(name="any-user")
+ assign_perm('view_publickey', any_user, self.toykey)
def test_policy(self):
"""Check that the policy file has CORS headers"""
@@ -30,8 +29,8 @@ class CaseSensitivityTestCase(TestCase):
email="frank@sauerburger.com",
keyid="123456789abcd",
)
- anonymous = get_anonymous_user()
- assign_perm('view_publickey', anonymous, self.toykey)
+ any_user = Group.objects.get(name="any-user")
+ assign_perm('view_publickey', any_user, self.toykey)
def test_lower(self):
"""Check that lower case string can be used to lookup a key"""
diff --git a/app/keys_home/migrations/0001_initial.py b/app/keys_home/migrations/0001_initial.py
index 6536948..e67728d 100644
--- a/app/keys_home/migrations/0001_initial.py
+++ b/app/keys_home/migrations/0001_initial.py
@@ -25,14 +25,19 @@ def add_any_group(*args):
}
group.save()
- anon = get_anonymous_user()
- for perm, klass in propagate_klasses.items():
- objs = get_objects_for_user(anon, perm, klass)
- assign_perm(perm, group, objs)
+ try:
+ anon = get_anonymous_user()
+ for perm, klass in propagate_klasses.items():
+ objs = get_objects_for_user(anon, perm, klass)
+ assign_perm(perm, group, objs)
+ except User.DoesNotExist:
+ # Anonymous user does not exist
+ pass
class Migration(migrations.Migration):
dependencies = [
+ ('guardian', '0001_initial'),
]
operations = [
diff --git a/app/keys_home/signals.py b/app/keys_home/signals.py
index d8f52eb..216318d 100644
--- a/app/keys_home/signals.py
+++ b/app/keys_home/signals.py
@@ -5,4 +5,8 @@ from django.dispatch import receiver
@receiver(post_save, sender=User)
def create_user_profile(sender, instance, created, **kwargs):
if created:
- instance.groups.add(Group.objects.get(name='any-user'))
+ try:
+ instance.groups.add(Group.objects.get(name='any-user'))
+ except Group.DoesNotExist:
+ # Group not yet created
+ pass
diff --git a/app/owlca/views.py b/app/owlca/views.py
index 2fd99d2..12dadcb 100644
--- a/app/owlca/views.py
+++ b/app/owlca/views.py
@@ -4,10 +4,10 @@ from django.contrib.auth.decorators import login_required
from django.urls import reverse
from django.http import HttpResponseRedirect, HttpResponse, Http404
from django.core.exceptions import ValidationError, PermissionDenied
+from django.contrib.auth.models import Group
from guardian.decorators import permission_required
from guardian.mixins import PermissionRequiredMixin, PermissionListMixin
from guardian.shortcuts import assign_perm, get_users_with_perms, get_objects_for_user
-from guardian.utils import get_anonymous_user
from . import models
from . import forms
@@ -130,12 +130,11 @@ def ca_create(request):
assign_perm('change_certificationauthority', request.user, ca)
assign_perm('request_certificate', request.user, ca)
if form.cleaned_data['public']:
+ any_user = Group.objects.get(name="any-user")
assign_perm('view_certificationauthority',
- get_anonymous_user(),
- ca)
+ any_user, ca)
assign_perm('request_certificate',
- get_anonymous_user(),
- ca)
+ any_user, ca)
csr = ca.create_self_sign_request(password)
assign_perm('view_certificatesigningrequest', request.user, csr)
@@ -146,9 +145,9 @@ def ca_create(request):
assign_perm('view_certificate', request.user, cert)
assign_perm('change_certificate', request.user, cert)
if form.cleaned_data['public']:
+ any_user = Group.objects.get(name="any-user")
assign_perm('view_certificate',
- get_anonymous_user(),
- cert)
+ any_user, cert)
ca.save()
diff --git a/app/pgp/views.py b/app/pgp/views.py
index 2344124..c95ed38 100644
--- a/app/pgp/views.py
+++ b/app/pgp/views.py
@@ -3,9 +3,9 @@ from django.urls import reverse_lazy
from django.http import Http404
from django.utils.translation import gettext as _
from django.views.generic import DetailView, ListView, CreateView
+from django.contrib.auth.models import Group
from guardian.mixins import PermissionRequiredMixin, PermissionListMixin
from guardian.shortcuts import assign_perm
-from guardian.utils import get_anonymous_user
from . import models
from . import forms
@@ -58,7 +58,7 @@ class PublicKeyCreateView(PermissionRequiredMixin, CreateView):
assign_perm('view_publickey', self.request.user, self.object)
assign_perm('change_publickey', self.request.user, self.object)
if form.cleaned_data["public"]:
- anonymous = get_anonymous_user()
- assign_perm('view_publickey', anonymous, self.object)
+ any_user = Group.objects.get(name="any-user")
+ assign_perm('view_publickey', any_user, self.object)
return resp
diff --git a/app/ssh/views.py b/app/ssh/views.py
index f2434b9..ce5d6d3 100644
--- a/app/ssh/views.py
+++ b/app/ssh/views.py
@@ -1,10 +1,10 @@
from django.shortcuts import render, reverse
from django.views.generic import DetailView, ListView, CreateView
from django.http import HttpResponseRedirect
+from django.contrib.auth.models import Group
from guardian.mixins import PermissionRequiredMixin, PermissionListMixin
from guardian.decorators import permission_required
from guardian.shortcuts import assign_perm
-from guardian.utils import get_anonymous_user
from . import models
from . import forms
@@ -29,9 +29,8 @@ def publickey_create(request):
assign_perm('change_sshpublickey', request.user, pk)
if form.cleaned_data['public']:
- assign_perm('view_sshpublickey',
- get_anonymous_user(),
- pk)
+ any_user = Group.objects.get(name="any-user")
+ assign_perm('view_sshpublickey', any_user, pk)
return HttpResponseRedirect(reverse('ssh-list'))
# if a GET (or any other method) we'll create a blank form
diff --git a/app/wkd/tests.py b/app/wkd/tests.py
index 4533a12..0ffefbe 100644
--- a/app/wkd/tests.py
+++ b/app/wkd/tests.py
@@ -1,8 +1,7 @@
import hashlib
from django.test import TestCase
+from django.contrib.auth.models import Group
from guardian.shortcuts import assign_perm
-from guardian.utils import get_anonymous_user
-
from pgp import models
from pgp.zbase32 import encode
@@ -13,8 +12,8 @@ class CorsHeadersTestCase(TestCase):
self.toykey = models.PublicKey.objects.create(
email="frank@sauerburger.com"
)
- anonymous = get_anonymous_user()
- assign_perm('view_publickey', anonymous, self.toykey)
+ any_user = Group.objects.get(name="any-user")
+ assign_perm('view_publickey', any_user, self.toykey)
def test_policy(self):
"""Check that the policy file has CORS headers"""
@@ -50,8 +49,8 @@ class WkdCapitalizationTestCase(TestCase):
self.toykey = models.PublicKey.objects.create(
email="FrÄnk@SauerburgEr.com"
)
- anonymous = get_anonymous_user()
- assign_perm('view_publickey', anonymous, self.toykey)
+ any_user = Group.objects.get(name="any-user")
+ assign_perm('view_publickey', any_user, self.toykey)
def test_advanced(self):
"""Check that advanced url"""
--
GitLab