Checkpioint commit. This basically works with user.has_perm, but seems like the…

Checkpioint commit. This basically works with user.has_perm, but seems like the wrong way to do it.  Instead of implementing has_perm and get_all_permissions on the Backend, I think we should be setting that permission when the user's UserOpenID object is updated.

django_openid_auth/admin.py

@@ -29,6 +29,7 @@
 
 from django.conf import settings
 from django.contrib import admin
+from django.contrib.auth.models import Permission
 from django_openid_auth.models import Nonce, Association, UserOpenID
 from django_openid_auth.store import DjangoOpenIDStore
 
@@ -66,6 +67,20 @@ class UserOpenIDAdmin(admin.ModelAdmin):
     list_display = ('user', 'claimed_id')
     search_fields = ('claimed_id',)
 
+    def save_model(self, request, obj, form, change):
+        permission = Permission.objects.get(codename='account_verified')
+        if obj.account_verified:
+            request.user.user_permissions.add(permission)
+        else:
+            request.user.user_permissions.remove(permission)
+        obj.save()
+
+    def log_deletion(self, request, obj, object_repr):
+        permission = Permission.objects.get(codename='account_verified')
+        if obj.user:
+            obj.user.user_permissions.remove(permission)
+        super(UserOpenIDAdmin, self).log_deletion(request, obj, object_repr)
+
 admin.site.register(UserOpenID, UserOpenIDAdmin)
 
 

django_openid_auth/auth.py

@@ -33,7 +33,7 @@ __metaclass__ = type
 import re
 
 from django.conf import settings
-from django.contrib.auth.models import User, Group
+from django.contrib.auth.models import User, Group, Permission
 from openid.consumer.consumer import SUCCESS
 from openid.extensions import ax, sreg, pape
 
@@ -370,3 +370,16 @@ class OpenIDBackend:
 
         user.save()
 
+    def has_perm(self, user_obj, perm, instance=None):
+        return perm in self.get_all_permissions(user_obj, instance)
+
+    def get_all_permissions(self, user_obj, instance=None):
+        try:
+            user_openid = UserOpenID.objects.get(user=user_obj)
+        except UserOpenID.DoesNotExist:
+            return set()
+        if user_openid.account_verified:
+            permission = Permission.objects.get(codename='account_verified')
+            return set(['%s.%s' % (permission.content_type.app_label,
+                                   permission.codename)])
+        return set()

django_openid_auth/models.py

@@ -57,3 +57,8 @@ class UserOpenID(models.Model):
     claimed_id = models.TextField(max_length=2047, unique=True)
     display_id = models.TextField(max_length=2047)
     account_verified = models.BooleanField(default=False)
+
+    class Meta:
+        permissions = (
+            ('account_verified', 'The OpenID has been verified'),
+        )

django_openid_auth/tests/test_views.py

@@ -1241,6 +1241,9 @@ class RelyingPartyTests(TestCase):
         self.assertEquals(user.first_name, 'Firstname')
         self.assertEquals(user.last_name, 'Lastname')
         self.assertEquals(user.email, 'foo@example.com')
+        # So have the user's permissions
+        self.assertEqual(
+            user.has_perm('django_openid_auth.account_verified'), is_verified)
         # And the verified status of their UserOpenID
         user_openid = UserOpenID.objects.get(user=user)
         self.assertEqual(user_openid.account_verified, is_verified)