Commit e79e701a authored by Michal Čihař's avatar Michal Čihař

Avoid group ACLs to be used as normal groups

This would lead to quite a lot of privileges to anybody within the
group.

Issue #867
Signed-off-by: default avatarMichal Čihař <michal@cihar.com>
parent 514d54b9
...@@ -81,6 +81,16 @@ class WeblateUserBackend(ModelBackend): ...@@ -81,6 +81,16 @@ class WeblateUserBackend(ModelBackend):
user_obj, obj user_obj, obj
) )
def _get_group_permissions(self, user_obj):
"""Wrapper around _get_group_permissions to exclude groupacl
We don't want these to be applied direclty, they should work
only using group matching rules."""
perms = super(WeblateUserBackend, self)._get_group_permissions(
user_obj
)
return perms.exclude(group__groupacl__pk__gt=0)
def authenticate(self, username=None, password=None, **kwargs): def authenticate(self, username=None, password=None, **kwargs):
''' '''
Prohibits login for anonymous user and allows to login by email. Prohibits login for anonymous user and allows to login by email.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment