Avoid group ACLs to be used as normal groups

This would lead to quite a lot of privileges to anybody within the group. Issue #867 Signed-off-by: Michal Čihař <michal@cihar.com>

Avoid group ACLs to be used as normal groups
This would lead to quite a lot of privileges to anybody within the group. Issue #867 Signed-off-by: Michal Čihař <michal@cihar.com>
e79e701a · Michal Čihař · 514d54b9 · e79e701a
Commit e79e701a authored Mar 03, 2016 by Michal Čihař
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 0 deletions

weblate/accounts/auth.py weblate/accounts/auth.py +10 -0

No files found.
--- a/weblate/accounts/auth.py
+++ b/weblate/accounts/auth.py
@@ -81,6 +81,16 @@ class WeblateUserBackend(ModelBackend):
            user_obj, obj
        )

+    def _get_group_permissions(self, user_obj):
+        """Wrapper around _get_group_permissions to exclude groupacl
+
+        We don't want these to be applied direclty, they should work
+        only using group matching rules."""
+        perms = super(WeblateUserBackend, self)._get_group_permissions(
+            user_obj
+        )
+        return perms.exclude(group__groupacl__pk__gt=0)
+
    def authenticate(self, username=None, password=None, **kwargs):
        '''
        Prohibits login for anonymous user and allows to login by email.