Object-level permissions + filtering

2025-09-24 01:02:45 -05:00 · 2022-12-05 22:56:03 -08:00
parent dbaa606a9f
commit fad13c148e
5 changed files with 52 additions and 20 deletions
--- a/src/paperless/settings.py
+++ b/src/paperless/settings.py
@@ -258,6 +258,11 @@ CHANNEL_LAYERS = {
 # Security                                                                    #
 ###############################################################################

+AUTHENTICATION_BACKENDS = [
+    "guardian.backends.ObjectPermissionBackend",
+    "django.contrib.auth.backends.ModelBackend",
+]
+
 AUTO_LOGIN_USERNAME = os.getenv("PAPERLESS_AUTO_LOGIN_USERNAME")

 if AUTO_LOGIN_USERNAME:
@@ -274,11 +279,7 @@ HTTP_REMOTE_USER_HEADER_NAME = os.getenv(

 if ENABLE_HTTP_REMOTE_USER:
    MIDDLEWARE.append("paperless.auth.HttpRemoteUserMiddleware")
-    AUTHENTICATION_BACKENDS = [
-        "django.contrib.auth.backends.RemoteUserBackend",
-        "django.contrib.auth.backends.ModelBackend",
-        "guardian.backends.ObjectPermissionBackend",
-    ]
+    AUTHENTICATION_BACKENDS.insert(0, "django.contrib.auth.backends.RemoteUserBackend")
    REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"].append(
        "rest_framework.authentication.RemoteUserAuthentication",
    )