fix: update usage of auth handler, per rattail changes

This commit is contained in:
Lance Edgar 2024-07-14 23:29:17 -05:00
parent 5e1c0a5187
commit ece29d7b6c
4 changed files with 19 additions and 10 deletions

View file

@ -53,7 +53,7 @@ dependencies = [
"pyramid_mako",
"pyramid_retry",
"pyramid_tm",
"rattail[db,bouncer]>=0.16.0",
"rattail[db,bouncer]>=0.17.0",
"sa-filters",
"simplejson",
"transaction",

View file

@ -2,7 +2,7 @@
################################################################################
#
# Rattail -- Retail Software Framework
# Copyright © 2010-2023 Lance Edgar
# Copyright © 2010-2024 Lance Edgar
#
# This file is part of Rattail.
#
@ -102,7 +102,7 @@ class APIView(View):
auth = app.get_auth_handler()
# basic / default info
is_admin = user.is_admin()
is_admin = auth.user_is_admin(user)
employee = app.get_employee(user)
info = {
'uuid': user.uuid,

View file

@ -45,11 +45,12 @@ def login_user(request, user, timeout=NOTSET):
Perform the steps necessary to login the given user. Note that this
returns a ``headers`` dict which you should pass to the redirect.
"""
app = request.rattail_config.get_app()
config = request.rattail_config
app = config.get_app()
user.record_event(app.enum.USER_EVENT_LOGIN)
headers = remember(request, user.uuid)
if timeout is NOTSET:
timeout = session_timeout_for_user(user)
timeout = session_timeout_for_user(config, user)
log.debug("setting session timeout for '{}' to {}".format(user.username, timeout))
set_session_timeout(request, timeout)
return headers
@ -70,15 +71,18 @@ def logout_user(request):
return headers
def session_timeout_for_user(user):
def session_timeout_for_user(config, user):
"""
Returns the "max" session timeout for the user, according to roles
"""
from rattail.db.auth import authenticated_role
app = config.get_app()
auth = app.get_auth_handler()
roles = user.roles + [authenticated_role(Session())]
authenticated = auth.get_role_authenticated(Session())
roles = user.roles + [authenticated]
timeouts = [role.session_timeout for role in roles
if role.session_timeout is not None]
if timeouts and 0 not in timeouts:
return max(timeouts)

View file

@ -98,10 +98,15 @@ def new_request(event):
request = event.request
# invoke upstream logic
# nb. this sets request.wutta_config
base.new_request(event)
config = request.wutta_config
app = config.get_app()
auth = app.get_auth_handler()
# compatibility
rattail_config = request.wutta_config
rattail_config = config
request.rattail_config = rattail_config
def user(request):
@ -120,7 +125,7 @@ def new_request(event):
# assign client IP address to the session, for sake of versioning
Session().continuum_remote_addr = request.client_addr
request.is_admin = bool(request.user) and request.user.is_admin()
request.is_admin = auth.user_is_admin(request.user)
request.is_root = request.is_admin and request.session.get('is_root', False)
# TODO: why would this ever be null?