KK

2 years ago · e2242141d1
parent 357744c7c1
commit e2242141d1
5 changed files with 35 additions and 30 deletions
--- a/postamates/settings.py
+++ b/postamates/settings.py
@ -43,8 +43,8 @@ INSTALLED_APPS = [
    'rest_framework',
    'django_json_widget',
    'django.contrib.gis',
-    'rest_registration',
    'django_celery_beat',
+    'drf_keycloak_auth',
 ]

 MIDDLEWARE = [
@ -147,23 +147,6 @@ if os.getenv('local') is not None:
    GDAL_LIBRARY_PATH = '/opt/homebrew/opt/gdal/lib/libgdal.dylib'
    GEOS_LIBRARY_PATH = '/opt/homebrew/opt/geos/lib/libgeos_c.dylib'

-EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
-EMAIL_HOST = os.getenv('EMAIL_HOST', 'smtp.yandex.ru')
-EMAIL_PORT = os.getenv('EMAIL_PORT', 587)
-EMAIL_HOST_USER = os.getenv('EMAIL_HOST_USER', 'noreply@spatiality.website')
-EMAIL_HOST_PASSWORD = os.getenv('EMAIL_HOST_PASSWORD', 'spatialitypass321')
-EMAIL_USE_TLS = True
-FRONTEND_URL = os.getenv('REACT_APP_DOMAIN_URL', 'http://localhost:3000/')
-REST_REGISTRATION = {
-    'REGISTER_VERIFICATION_ENABLED': True,
-    'RESET_PASSWORD_VERIFICATION_ENABLED': False,
-    'REGISTER_EMAIL_VERIFICATION_ENABLED': True,
-    'REGISTER_VERIFICATION_URL': f'{FRONTEND_URL}verify-user/',
-    'RESET_PASSWORD_VERIFICATION_URL': f'{FRONTEND_URL}reset-password/',
-    'REGISTER_EMAIL_VERIFICATION_URL': f'{FRONTEND_URL}verify-email/',
-    'VERIFICATION_FROM_EMAIL': 'noreply@spatiality.website',
-    'USER_LOGIN_FIELDS': ['email'],
-}

 SWAGGER_SETTINGS = {
    'DEFAULT_INFO': 'service.urls.info',
@ -198,3 +181,22 @@ DATA_UPLOAD_MAX_NUMBER_FIELDS = None
 GEOCODER_API_KEY = os.getenv('GEOCODER_API_KEY','TzgdKWgyI2nfaz1WHRD-aYJK4e400MiOJQP7Enf1e1M')
 STATUS_TASK_NAME='status_task'
 STATUS_TASK_NAME_IMPORT='import_status_task'
+
+
+REST_FRAMEWORK = {
+  'DEFAULT_AUTHENTICATION_CLASSES': [
+    'rest_framework.authentication.SessionAuthentication',
+    'drf_keycloak_auth.authentication.KeycloakAuthentication',
+  ]
+}
+
+
+DRF_KEYCLOAK_AUTH = {
+    # 'KEYCLOAK_SERVER_URL': 'http://keycloak.dev.selfservicetech.ru/auth',
+    'KEYCLOAK_SERVER_URL': 'https://kk.dev.selftech.ru/auth',
+    'KEYCLOAK_REALM': 'SST',
+    'KEYCLOAK_CLIENT_ID': 'postnet',
+    'KEYCLOAK_CLIENT_SECRET_KEY': 'K2yHweEUispkVeWn03VMk843sW2Moic5',
+    'KEYCLOAK_MANAGE_LOCAL_USER': False,
+    'KEYCLOAK_ROLE_SET_PREFIX': 'realm_access',
+}
--- a/postamates/urls.py
+++ b/postamates/urls.py
@ -8,7 +8,6 @@ from service.admin import my_admin_site
 urlpatterns = [
    path('admin/', my_admin_site.urls),
    path('api/', include('service.urls')),
-    path('accounts/', include('rest_registration.api.urls')),
 ]

 urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
--- a/requirements.txt
+++ b/requirements.txt
@ -92,3 +92,4 @@ xlrd==1.2.0
 XlsxWriter==3.0.8
 django-filter==23.2
 shap==0.41.0
+drf-keycloak-auth==0.3.0
--- a/service/permissions.py
+++ b/service/permissions.py
@ -1,14 +1,16 @@
 from rest_framework.permissions import BasePermission
+# from drf_keycloak_auth.authentication import KeycloakAuthentication


 class UserPermission(BasePermission):
    def has_permission(self, request, view):
+        kk_profile = request.auth
+        kk_roles = kk_profile.get('realm_access', {}).get('roles', [])
+        if getattr(view, 'action', None):
            if view.action in [
                'update_fact', 'update_postamat_id', 'update_status', 'retrieve',
                'update', 'partial_update', 'destroy', 'create',
            ]:
-            return request.user.groups.filter(name='Редактор').exists()
+                return 'postnet_editor' in kk_roles
        else:
-            return request.user.groups.filter(
-                name__in=('Зритель', 'Редактор'),
-            ).exists()
+            return 'postnet_editor' in kk_roles or 'postnet_viewer' in kk_roles
--- a/service/views.py
+++ b/service/views.py
@ -7,7 +7,6 @@ from django.http import JsonResponse
 from rest_framework.decorators import action
 from rest_framework.decorators import api_view
 from rest_framework.decorators import permission_classes
-from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework.viewsets import ReadOnlyModelViewSet
@ -511,10 +510,12 @@ def upload_houses(request):


@api_view(['GET'])
-@permission_classes([IsAuthenticated])
+@permission_classes([UserPermission])
 def get_current_user(request):
+    kk_profile = request.auth
+    kk_roles = kk_profile.get('realm_access', {}).get('roles', [])
    return JsonResponse(
-        {'groups': [gr.name for gr in request.user.groups.all()]},
+        {'groups': kk_roles, 'username': kk_profile.get('preferred_username')},
    )