fix: use auth handler instead of deprecated auth functions

This commit is contained in:
Lance Edgar 2024-08-03 14:13:16 -05:00
parent 08a89c490a
commit 458c95696a

View file

@ -28,8 +28,6 @@ import sqlalchemy as sa
from sqlalchemy import orm
from rattail.db.model import User, UserEvent
from rattail.db.auth import (administrator_role, guest_role,
authenticated_role, set_user_password)
import colander
from deform import widget as dfwidget
@ -360,17 +358,19 @@ class UserView(PrincipalMasterView):
return tokens
def get_possible_roles(self):
model = self.model
app = self.get_rattail_app()
auth = app.get_auth_handler()
model = app.model
# some roles should never have users "belong" to them
excluded = [
guest_role(self.Session()).uuid,
authenticated_role(self.Session()).uuid,
auth.get_role_anonymous(self.Session()).uuid,
auth.get_role_authenticated(self.Session()).uuid,
]
# only allow "root" user to change true admin role membership
if not self.request.is_root:
excluded.append(administrator_role(self.Session()).uuid)
excluded.append(auth.get_role_administrator(self.Session()).uuid)
# basic list, minus exclusions so far
roles = self.Session.query(model.Role)\
@ -385,7 +385,9 @@ class UserView(PrincipalMasterView):
return roles.order_by(model.Role.name)
def objectify(self, form, data=None):
model = self.model
app = self.get_rattail_app()
auth = app.get_auth_handler()
model = app.model
# create/update user as per normal
if data is None:
@ -420,7 +422,7 @@ class UserView(PrincipalMasterView):
# maybe set user password
if 'set_password' in form and data['set_password']:
set_user_password(user, data['set_password'])
auth.set_user_password(user, data['set_password'])
# update roles for user
self.update_roles(user, data)
@ -433,10 +435,12 @@ class UserView(PrincipalMasterView):
if 'roles' not in data:
return
model = self.model
app = self.get_rattail_app()
auth = app.get_auth_handler()
model = app.model
old_roles = set([r.uuid for r in user.roles])
new_roles = data['roles']
admin = administrator_role(self.Session())
admin = auth.get_role_administrator(self.Session())
# add any new roles for the user, taking care not to add the admin role
# unless acting as root