Ensure all permissions group exist during migration

This prevents a situation where the groups don't exist and one has to consult the source code to figure out what they are supposed to be called.
author: Magnus Hagander 2019-03-29 13:50:03 +0000
committer: Magnus Hagander 2019-03-29 13:50:03 +0000
commit: 43f215150eb27fddbe7be3dada867c94bd3f8491 (patch)
tree: 12e352b1f07aec7d29cf71b82fb1c19b2f86eae1 /postgresqleu/util/auth.py
parent: 36daa137dd9d75f4f7bccca8cbfcc3d9a4230dd2 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/postgresqleu/util/auth.py b/postgresqleu/util/auth.py
index bdb5bd7d..d6a05eba 100644
--- a/postgresqleu/util/auth.py
+++ b/postgresqleu/util/auth.py
@@ -5,10 +5,21 @@ from django.conf import settings
 import urllib.parse
 
 
+PERMISSION_GROUPS = (
+    'Invoice managers',
+    'News administrators',
+    'Membership administrators',
+    'Election administrators',
+)
+
+
 def authenticate_backend_group(request, groupname):
     if not request.user.is_authenticated:
         raise RedirectException("{0}?{1}".format(settings.LOGIN_URL, urllib.parse.urlencode({'next': request.build_absolute_uri()})))
 
+    if groupname not in PERMISSION_GROUPS:
+        raise PermissionDenied("Group name not known")
+
     if request.user.is_superuser:
         return
     if request.user.groups.filter(name=groupname).exists():
author	Magnus Hagander	2019-03-29 13:50:03 +0000
committer	Magnus Hagander	2019-03-29 13:50:03 +0000
commit	43f215150eb27fddbe7be3dada867c94bd3f8491 (patch)
tree	12e352b1f07aec7d29cf71b82fb1c19b2f86eae1 /postgresqleu/util/auth.py
parent	36daa137dd9d75f4f7bccca8cbfcc3d9a4230dd2 (diff)