Integration with Django

DjaoApp handles accounts, billing and access control. Other application HTTP requests have been setup to be forwarded to the application logic server under specific conditions (ex: authenticated user, active subscription, etc.).

To retrieve the session data, and authenticated user information, forwarded by the DjaoApp HTTP proxy in the server-side Django application, start by updating your settings.py as such:

+from deployutils.configs import load_config

 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+APP_NAME = os.path.basename(BASE_DIR)

+update_settings(sys.modules[__name__],
    load_config(APP_NAME, 'credentials', verbose=True))

 INSTALLED_APPS = (
     'django.contrib.admin',
     'django.contrib.auth',
     'django.contrib.contenttypes',
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
+    'deployutils.apps.django',
 )

 MIDDLEWARE_CLASSES = (
     'django.middleware.security.SecurityMiddleware',
-    'django.contrib.sessions.middleware.SessionMiddleware',
+    'deployutils.apps.django.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
 )

+AUTHENTICATION_BACKENDS = (
+    'deployutils.apps.django.backends.auth.ProxyUserBackend',
+)

# Session settings
+SESSION_ENGINE = 'deployutils.apps.django.backends.encrypted_cookies'

+DEPLOYUTILS = {
+    # Hardcoded mockups here.
+    'MOCKUP_SESSIONS': {
+        'donny': {
+          'username': 'donny',
+          'roles': {
+            'manager': [{
+               'slug': 'testsite', 'printable_name': 'Testsite'}]}},
+    },
+    'ALLOWED_NO_SESSION': (
+        STATIC_URL, reverse_lazy('login'),)
+}

It will replace the default django.contrib.sessions and AUTHENTICATION_BACKENDS to decode sessions forwarded to your project by the HTTP session proxy.

Create a credentials file that contains the DJAODJIN_SECRET_KEY. (You can also pass DJAODJIN_SECRET_KEY as a shell environment variable.)

$ cat ./credentials
# Authentication for djaodjin firewall
DJAODJIN_SECRET_KEY = "__your_secret_key__"

(for stand-alone testing) Add the mockup views in urls.py

 urlpatterns = [
 ...
+    re_path(r'^', include('deployutils.apps.django.mockup.urls')),
 ...
 ]

Helper mixins

In the cases were you want to customize the user interface based on the roles, organizations and subscriptions attached to a user, deployutils provides a set of useful mixins that you can extend in your Views in order to access the session data:

deployutils.apps.django.mixins.AccessiblesMixin to test if a user has a specific role on an organization.
deployutils.apps.django.mixins.AccountMixin to retrieve an account object associated to a slug parameter

we have seen previously that request.user is set automatically by deployutils.apps.django.middleware.SessionMiddleware. You can also access the raw session data by accessing it by key in request.session. For example to retrieve the dictionnary of roles for the authenticated user, use the following code:

roles = request.session.get('roles', {})

You can also add deployutils.apps.django.mixins.AccessiblesMixin to your views and benefit from often used methods such as managed_accounts, the list of all organizations managed by the authenticated user. Example:

from django.views.generic import TemplateView
from deployutils.apps.django.mixins import AccessiblesMixin

class AppView(AccessiblesMixin, TemplateView):
...
    def get_context_data(self, *args, **kwargs):
        context = super(AppView, self).get_context_data(*args, **kwargs)
        context.update({'managed_accounts': self.managed_accounts})
        return context

Other methods available in the mixin are:

property AccessiblesMixin.accessible_plans: Returns a set of plan slug. A profile the request.user has a role on must be subscribed to the plan.

property AccessiblesMixin.accessible_profiles: Returns a set of profile slug. The request.user must have a role on the profile.

static AccessiblesMixin.get_accessible_plans(request, profile=None, at_time=None): Returns the list of plans that appear under at least one subscription of a profile the request.user has a role on.

static AccessiblesMixin.get_accessible_profiles(request, roles=None): Returns the list of dictionnaries for which the accounts are accessibles by request.user filtered by roles if present.

AccessiblesMixin.get_managed(request): Returns the list of dictionnaries for which the accounts are managed by request.user.

AccessiblesMixin.has_role(account, roles)

Returns True if the request.user is at least one of roles for account.

account will be converted to a string and compared to a profile slug.

property AccessiblesMixin.managed_accounts: Returns a list of account slugs for request.user is a manager of the account.

AccessiblesMixin.manages(account): Returns True if the request.user is a manager for account. account will be converted to a string and compared to a profile slug.

property AccessiblesMixin.manages_broker: Returns True if the request.user is a manager for the site.