0001-admin-add-option-to-declare-roles-are-managed-by-ide.patch
tests/test_admin_pages.py | ||
---|---|---|
2489 | 2489 |
assert PasswordAccount.has_key('foo') |
2490 | 2490 |
assert PasswordAccount.get('foo').user_id == user.id |
2491 | 2491 | |
2492 |
def test_users_edit_with_managing_idp(pub): |
|
2493 |
create_role() |
|
2494 |
pub.user_class.wipe() |
|
2495 |
pub.cfg['sp'] = {'idp-manage-user-attributes': True} |
|
2496 |
pub.write_cfg() |
|
2497 |
PasswordAccount.wipe() |
|
2498 |
create_superuser(pub) |
|
2499 |
user = pub.user_class(name='foo bar') |
|
2500 |
user.store() |
|
2501 | ||
2502 |
app = login(get_app(pub)) |
|
2503 |
resp = app.get('/backoffice/users/%s/' % user.id) |
|
2504 |
assert '>Manage Roles<' in resp.body |
|
2505 |
resp = resp.click(href='edit') |
|
2506 |
assert not 'email' in resp.form.fields |
|
2507 |
assert 'roles$added_elements' in resp.form.fields |
|
2508 | ||
2509 |
pub.cfg['sp'] = {'idp-manage-user-roles': True} |
|
2510 |
pub.write_cfg() |
|
2511 |
resp = app.get('/backoffice/users/%s/' % user.id) |
|
2512 |
assert '>Edit<' in resp.body |
|
2513 |
resp = resp.click(href='edit') |
|
2514 |
assert 'email' in resp.form.fields |
|
2515 |
assert not 'roles$added_elements' in resp.form.fields |
|
2516 | ||
2517 |
pub.cfg['sp'] = {'idp-manage-user-roles': True, 'idp-manage-user-attributes': True} |
|
2518 |
pub.write_cfg() |
|
2519 |
resp = app.get('/backoffice/users/%s/' % user.id) |
|
2520 |
assert not '/edit' in resp.body |
|
2521 | ||
2492 | 2522 |
def test_users_delete(pub): |
2493 | 2523 |
pub.user_class.wipe() |
2494 | 2524 |
PasswordAccount.wipe() |
tests/test_hobo.py | ||
---|---|---|
322 | 322 | |
323 | 323 |
assert len(pub.cfg['idp'].keys()) == 1 |
324 | 324 |
assert pub.cfg['saml_identities']['registration-url'] |
325 |
assert pub.cfg['sp']['idp-manage-user-attributes'] |
|
326 |
assert pub.cfg['sp']['idp-manage-user-roles'] |
|
325 | 327 | |
326 | 328 |
def test_deploy(): |
327 | 329 |
cleanup() |
wcs/admin/users.py | ||
---|---|---|
25 | 25 |
from wcs.roles import Role |
26 | 26 | |
27 | 27 |
import qommon.ident |
28 |
from qommon.ident.idp import is_idp_managing_user_attributes |
|
28 |
from qommon.ident.idp import is_idp_managing_user_attributes, is_idp_managing_user_roles
|
|
29 | 29 |
from qommon.form import * |
30 | 30 |
from qommon.admin.emails import EmailsDirectory |
31 | 31 |
from qommon.backoffice.menu import html_top |
... | ... | |
54 | 54 |
formdef.add_fields_to_form(form, form_data = self.user.form_data) |
55 | 55 |
form.add(CheckboxWidget, 'is_admin', title = _('Administrator Account'), |
56 | 56 |
value = self.user.is_admin) |
57 | ||
57 | 58 |
roles = list(Role.select(order_by='name')) |
58 |
if len(roles): |
|
59 |
if len(roles) and not is_idp_managing_user_roles():
|
|
59 | 60 |
form.add(WidgetList, 'roles', title = _('Roles'), element_type = SingleSelectWidget, |
60 | 61 |
value = self.user.roles, |
61 | 62 |
add_element_label = _('Add Role'), |
... | ... | |
214 | 215 |
r = TemplateIO(html=True) |
215 | 216 |
r += htmltext('<ul id="sidebar-actions">') |
216 | 217 | |
217 |
if is_idp_managing_user_attributes(): |
|
218 |
if is_idp_managing_user_attributes() and not is_idp_managing_user_roles():
|
|
218 | 219 |
r += htmltext('<li><a href="edit">%s</a></li>') % _('Manage Roles') |
219 |
else:
|
|
220 |
elif not (is_idp_managing_user_attributes() and is_idp_managing_user_roles()):
|
|
220 | 221 |
r += htmltext('<li><a href="edit">%s</a></li>') % _('Edit') |
221 | 222 |
r += htmltext('<li><a href="delete" rel="popup">%s</a></li>') % _('Delete') |
222 | 223 |
wcs/ctl/check_hobos.py | ||
---|---|---|
215 | 215 |
if not pub.cfg.get('sp'): |
216 | 216 |
pub.cfg['sp'] = {} |
217 | 217 |
pub.cfg['sp']['idp-manage-user-attributes'] = bool(idps) |
218 |
pub.cfg['sp']['idp-manage-user-roles'] = bool(idps) |
|
218 | 219 |
pub.write_cfg() |
219 | 220 | |
220 | 221 |
if not idps: |
wcs/qommon/ident/idp.py | ||
---|---|---|
48 | 48 |
def is_idp_managing_user_attributes(): |
49 | 49 |
return get_cfg('sp', {}).get('idp-manage-user-attributes', False) |
50 | 50 | |
51 |
def is_idp_managing_user_roles(): |
|
52 |
return get_cfg('sp', {}).get('idp-manage-user-roles', False) |
|
53 | ||
51 | 54 |
def get_file_content(filename): |
52 | 55 |
try: |
53 | 56 |
return open(filename,'r').read() |
... | ... | |
844 | 847 |
title = _('IdP manage user attributes'), |
845 | 848 |
value = get_cfg('sp',{}).get('idp-manage-user-attributes', False)) |
846 | 849 | |
850 |
form.add(CheckboxWidget, 'idp-manage-user-roles', |
|
851 |
title = _('IdP manage user roles'), |
|
852 |
value = get_cfg('sp',{}).get('idp-manage-user-roles', False)) |
|
853 | ||
847 | 854 |
form.add_submit('submit', _('Submit')) |
848 | 855 |
form.add_submit('cancel', _('Cancel')) |
849 | 856 |
if x509utils.can_generate_rsa_key_pair(): |
... | ... | |
920 | 927 |
'saml2_providerid', 'saml2_base_url', 'common_domain_getter_url', |
921 | 928 |
'grab_user_with_id_wsf', 'identity-creation', |
922 | 929 |
'authn-request-signed', 'want-assertion-signed', |
923 |
'idp-manage-user-attributes'): |
|
930 |
'idp-manage-user-attributes', |
|
931 |
'idp-manage-user-roles'): |
|
924 | 932 |
if form.get_widget(k): |
925 | 933 |
cfg_sp[k] = form.get_widget(k).parse() |
926 | 934 | |
927 |
- |