From 913259c46dd6cc8d8e52eeb7d71d347d24225b77 Mon Sep 17 00:00:00 2001
From: Sylvain Le Bon <sylvain@startinblox.com>
Date: Wed, 24 Jan 2024 20:27:23 +0100
Subject: [PATCH 1/2] bugfix: permissions were all given on objects filtered on
 IP

---
 djangoldp_account/filters.py     | 2 +-
 djangoldp_account/permissions.py | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/djangoldp_account/filters.py b/djangoldp_account/filters.py
index d0ff0db..7f8ac41 100644
--- a/djangoldp_account/filters.py
+++ b/djangoldp_account/filters.py
@@ -6,7 +6,7 @@ PASSTHROUGH_IPS = getattr(settings, 'PASSTHROUGH_IPS', '')
 def check_client_ip(request):
     x_forwarded_for = request.headers.get('x-forwarded-for')
     if x_forwarded_for:
-        if any(i in x_forwarded_for.replace(' ', '').split(',') for i in PASSTHROUGH_IPS):
+        if any(ip in x_forwarded_for.replace(' ', '').split(',') for ip in PASSTHROUGH_IPS):
             return True
     elif request.META.get('REMOTE_ADDR') in PASSTHROUGH_IPS:
         return True
diff --git a/djangoldp_account/permissions.py b/djangoldp_account/permissions.py
index c0cbe00..6cde9a1 100644
--- a/djangoldp_account/permissions.py
+++ b/djangoldp_account/permissions.py
@@ -7,4 +7,8 @@ class IPOpenPermissions(LDPBasePermission):
         return check_client_ip(request)
 
     def has_object_permission(self, request, view, obj):
-        return check_client_ip(request)
\ No newline at end of file
+        return check_client_ip(request)
+    
+    def get_permissions(self, user, model, obj=None):
+        #Will always say there is no migrations, not taking the IP into accounts
+        return set()
\ No newline at end of file
-- 
GitLab


From 2053bb02617c4b7d200765d58bdddfd53cf85155 Mon Sep 17 00:00:00 2001
From: Sylvain Le Bon <sylvain@startinblox.com>
Date: Wed, 24 Jan 2024 20:41:48 +0100
Subject: [PATCH 2/2] bugfix: fixed context in tests

---
 djangoldp_account/tests/tests_update.py | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/djangoldp_account/tests/tests_update.py b/djangoldp_account/tests/tests_update.py
index bef4f11..6e62f32 100644
--- a/djangoldp_account/tests/tests_update.py
+++ b/djangoldp_account/tests/tests_update.py
@@ -23,15 +23,7 @@ class UpdateTestCase(APITestCase):
         test_picture = "https://github.com/" + urllib.parse.quote("calummackervoy/calummackervoy.github.io/blob/master/assets/img/profile.jpg")
 
         payload = {
-            "@context": {"@vocab": "http://happy-dev.fr/owl/#", "rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#",
-                         "rdfs": "http://www.w3.org/2000/01/rdf-schema#", "ldp": "http://www.w3.org/ns/ldp#",
-                         "foaf": "http://xmlns.com/foaf/0.1/", "name": "rdfs:label",
-                         "acl": "http://www.w3.org/ns/auth/acl#", "permissions": "acl:accessControl",
-                         "mode": "acl:mode", "geo": "http://www.w3.org/2003/01/geo/wgs84_pos#", "lat": "geo:lat",
-                         "lng": "geo:long", "entrepreneurProfile": "http://happy-dev.fr/owl/#entrepreneur_profile",
-                         "mentorProfile": "http://happy-dev.fr/owl/#mentor_profile", "account": "hd:account",
-                         "messageSet": "http://happy-dev.fr/owl/#message_set",
-                         "author": "http://happy-dev.fr/owl/#author_user", "title": "http://happy-dev.fr/owl/#title"},
+            "@context": {"@vocab": "https://cdn.startinblox.com/owl#"},
             '@id': settings.SITE_URL + "/accounts/{}/".format(self.user.account.slug),
             'picture': test_picture,
             'slug': self.user.slug
-- 
GitLab