Allow fresh connections from browsers that have not established a

session in the database yet, also allow subscriptions from unauthenticated sessions (but don\'t show any data for collections that have user_rel items defined).
2026-03-16 22:40:24 +00:00 · 2015-04-27 22:26:39 +10:00 · 2015-04-27 22:26:39 +10:00 · abe6b12ece
commit abe6b12ece
parent b6a4388b93
4 changed files with 28 additions and 5 deletions
--- a/dddp/api.py
+++ b/dddp/api.py
@ -191,6 +191,8 @@ class Collection(APIMixin):
        qs = self.get_queryset(qs)
        user_rels = self.user_rel
        if user_rels:
+            if user is None:
+                return qs.none()  # no user but we need one: return no objects.
            if isinstance(user_rels, basestring):
                user_rels = [user_rels]
            user_filter = None
@ -399,9 +401,9 @@ class DDP(APIMixin):
            this.error('Invalid publication name: %r' % name)
            return
        obj, created = Subscription.objects.get_or_create(
-            connection=this.ws.connection,
+            connection_id=this.ws.connection.pk,
            sub_id=id_,
-            user=this.request.user,
+            user_id=this.request.user.pk,
            defaults={
                'publication': pub.name,
                'publication_class': '%s.%s' % (
--- a/dddp/migrations/0005_auto_20150427_1209.py
+++ b/dddp/migrations/0005_auto_20150427_1209.py
@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import models, migrations
+from django.conf import settings
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dddp', '0004_connection_server_addr'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='subscription',
+            name='user',
+            field=models.ForeignKey(blank=True, to=settings.AUTH_USER_MODEL, null=True),
+            preserve_default=True,
+        ),
+    ]
--- a/dddp/models.py
+++ b/dddp/models.py
@ -136,7 +136,7 @@ class Subscription(models.Model, object):
    _publication_cache = {}
    connection = models.ForeignKey(Connection)
    sub_id = models.CharField(max_length=17)
-    user = models.ForeignKey(settings.AUTH_USER_MODEL)
+    user = models.ForeignKey(settings.AUTH_USER_MODEL, blank=True, null=True)
    publication = models.CharField(max_length=255)
    publication_class = models.CharField(max_length=255)
    params_ejson = models.TextField(default='{}')
--- a/dddp/websocket.py
+++ b/dddp/websocket.py
@ -123,7 +123,7 @@ class DDPWebSocketApplication(geventwebsocket.WebSocketApplication):
        this.send_msg = self.send_msg
        this.reply = self.reply
        this.error = self.error
-        this.session_key = this.request.session.session_key
+        this.request.session.save()

        this.remote_addr = self.remote_addr = \
            '{0[REMOTE_ADDR]}:{0[REMOTE_PORT]}'.format(
@ -280,7 +280,7 @@ class DDPWebSocketApplication(geventwebsocket.WebSocketApplication):
            this.version = version
            this.support = support
            self.connection = Connection.objects.create(
-                session_id=this.session_key,
+                session_id=this.request.session.session_key,
                server_addr='%d:%s' % (
                    backend_pid,
                    self.ws.handler.socket.getsockname(),