Improved ACL handling, aggressive guard of team flag on sessions

misago/acl/middleware.py

@@ -3,14 +3,7 @@ from misago.acl.builder import build_acl
 
 class ACLMiddleware(object):
     def process_request(self, request):
-        if request.user.is_authenticated():
-            acl_key = request.user.make_acl_key()
-        else:
-            acl_key = request.session.get('acl_key')
-            if not acl_key:
-                acl_key = request.user.make_acl_key()
-                request.session['acl_key'] = acl_key
-        
+        acl_key = request.user.make_acl_key()
         try:
             user_acl = cache.get(acl_key)
             if user_acl.version != request.monitor['acl_version']:
@@ -23,4 +16,6 @@ class ACLMiddleware(object):
         if request.user.is_authenticated() and (request.acl.team or request.user.is_god()) != request.user.is_team:
             request.user.is_team = (request.acl.team or request.user.is_god())
             request.user.save(force_update=True)
-        request.session.team = request.user.is_team
+        if request.session.team != request.user.is_team:
+            request.session.team = request.user.is_team
+            request.session.save()

misago/sessions/middleware.py

@@ -16,7 +16,7 @@ class SessionMiddleware(object):
         
     def process_response(self, request, response):
         try:
-            request.session.save(request, response)
+            request.session.save()
         except AttributeError:
             pass
         return response

misago/sessions/sessions.py

@@ -69,7 +69,7 @@ class SessionMisago(SessionBase):
     def set_ban(self, ban):
         return False
     
-    def save(self, request, response):
+    def save(self):
         self._session_rk.data = self.encode(self._get_session())
         self._session_rk.last = timezone.now()
         self._session_rk.save(force_update=True)
@@ -147,6 +147,7 @@ class SessionHuman(SessionMisago):
             self._session_rk.matched = True
             self._user = self._session_rk.user
             self.hidden = self._session_rk.hidden
+            self.team = self._session_rk.team
         except (Session.DoesNotExist, IncorrectSessionException):
             # Attempt autolog
             try:
@@ -192,11 +193,11 @@ class SessionHuman(SessionMisago):
                 # Key wasn't unique. Try again.
                 continue
     
-    def save(self, request, response):
+    def save(self):
         self._session_rk.user = self._user
         self._session_rk.hidden = self.hidden
         self._session_rk.team = self.team
-        super(SessionHuman, self).save(request, response)
+        super(SessionHuman, self).save()
         
     def human_session(self):
         return True

misago/users/management/commands/adduser.py

@@ -30,6 +30,7 @@ class Command(BaseCommand):
         # Set admin role
         if options['admin']:
             new_user.roles.add(Role.objects.get(token='admin'))
+            new_user.make_acl_key(True)
             new_user.save(force_update=True)
         
         if options['admin']:

misago/users/models.py

@@ -389,10 +389,9 @@ class User(models.Model):
     def get_roles(self):
         return self.roles.all()
         
-    def make_acl_key(self):
-        if self.acl_key:
+    def make_acl_key(self, force=False):
+        if not force and self.acl_key:
             return self.acl_key
-        
         roles_ids = []
         for role in self.roles.all():
             roles_ids.append(str(role.pk))
@@ -466,7 +465,8 @@ class User(models.Model):
     
     def sync_user(self):
         pass
-        
+
+
 class Guest(object):
     """
     Misago Guest dummy
@@ -486,7 +486,7 @@ class Guest(object):
         return Role.objects.filter(token='guest')
     
     def make_acl_key(self):
-        return 'acl_%s' % hashlib.md5(str(Role.objects.get(token='guest').pk)).hexdigest()[0:8]
+        return 'acl_guest'
 
         
 class Crawler(Guest): 

misago/users/views.py

@@ -232,7 +232,7 @@ class New(FormWidget):
         
         for role in form.cleaned_data['roles']:
             new_user.roles.add(role)
-        new_user.make_acl_key()
+        new_user.make_acl_key(True)
         new_user.save(force_update=True)
         
         return new_user, Message(_('New User has been created.'), 'success')
@@ -320,7 +320,7 @@ class Edit(FormWidget):
             for role in form.cleaned_data['roles']:
                 target.roles.add(role)
         
-        target.make_acl_key()
+        target.make_acl_key(True)
         target.save(force_update=True)
         return target, Message(_('Changes in user\'s "%(name)s" account have been saved.') % {'name': self.original_name}, 'success')