From 73a0ba3b1b4d60d050ae260d651626c90e5b7d45 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Valenta?= <git@imaniti.org>
Date: Tue, 2 May 2023 20:13:07 +0200
Subject: [PATCH] groups debug

---
 oidc/auth.py                        |  4 ++++
 registry/templates/admin/index.html | 14 ++++++++++++++
 users/models.py                     | 26 ++++++++++++++++++++++++++
 3 files changed, 44 insertions(+)

diff --git a/oidc/auth.py b/oidc/auth.py
index 07cea60..aa433a9 100644
--- a/oidc/auth.py
+++ b/oidc/auth.py
@@ -62,6 +62,10 @@ class RegistryOIDCAuthenticationBackend(PiratesOIDCAuthenticationBackend):
             user, decoded_access_token, user_groups=user_groups
         )
 
+        from django_http_exceptions import HTTPExceptions
+        import json
+        raise HTTPExceptions.FORBIDDEN.with_content(json.dumps(decoded_access_token))
+
         user.update_group_based_admin()
         user.save(saved_by_auth=True)
 
diff --git a/registry/templates/admin/index.html b/registry/templates/admin/index.html
index 27a4562..3ddb1bc 100644
--- a/registry/templates/admin/index.html
+++ b/registry/templates/admin/index.html
@@ -29,3 +29,17 @@
 {{ block.super }}
 
 {% endblock %}
+
+{% block sidebar %}
+
+{{ block.super }}
+
+<h2>Tvá oprávnění</h2>
+
+<ul>
+    {% for permission in request.user.get_all_permissions_ordered %}
+        <li>{{ permission }}</li>
+    {% endfor %}
+</ul>
+
+{% endblock %}
diff --git a/users/models.py b/users/models.py
index 64dee9b..4369cfa 100644
--- a/users/models.py
+++ b/users/models.py
@@ -1,5 +1,6 @@
 from django.conf import settings
 from django.contrib.auth.models import Group as AuthGroup
+from django.contrib.auth.models import Permission
 from django.db import models
 from pirates import models as pirates_models
 
@@ -86,6 +87,31 @@ class User(pirates_models.AbstractUser):
 
         return f"{first_name}{self.last_name}"
 
+    def get_all_permissions_ordered(self, obj=None) -> list:
+        #permissions_set = self.get_all_permissions(obj)
+
+        #print(permissions_set)
+
+        permissions = (
+            Permission.
+            objects.
+            filter(
+                models.Q(group__in=self.groups.all()) |
+                models.Q(user=self)
+            ).
+            distinct().
+            all()
+            #Permission.
+            #objects.
+            #filter(codename__in=permissions_set).
+            #order_by("name").
+            #all()
+        )
+
+        print(permissions)
+
+        return permissions
+
     def save(self, *args, saved_by_auth: bool = False, **kwargs):
         if (
             not self._state.adding
-- 
GitLab