0001-admin-add-option-to-declare-roles-are-managed-by-ide.patch
| tests/test_admin_pages.py | ||
|---|---|---|
| 2489 | 2489 |
assert PasswordAccount.has_key('foo')
|
| 2490 | 2490 |
assert PasswordAccount.get('foo').user_id == user.id
|
| 2491 | 2491 | |
| 2492 |
def test_users_edit_with_managing_idp(pub): |
|
| 2493 |
create_role() |
|
| 2494 |
pub.user_class.wipe() |
|
| 2495 |
pub.cfg['sp'] = {'idp-manage-user-attributes': True}
|
|
| 2496 |
pub.write_cfg() |
|
| 2497 |
PasswordAccount.wipe() |
|
| 2498 |
create_superuser(pub) |
|
| 2499 |
user = pub.user_class(name='foo bar') |
|
| 2500 |
user.store() |
|
| 2501 | ||
| 2502 |
app = login(get_app(pub)) |
|
| 2503 |
resp = app.get('/backoffice/users/%s/' % user.id)
|
|
| 2504 |
assert '>Manage Roles<' in resp.body |
|
| 2505 |
resp = resp.click(href='edit') |
|
| 2506 |
assert not 'email' in resp.form.fields |
|
| 2507 |
assert 'roles$added_elements' in resp.form.fields |
|
| 2508 | ||
| 2509 |
pub.cfg['sp'] = {'idp-manage-user-roles': True}
|
|
| 2510 |
pub.write_cfg() |
|
| 2511 |
resp = app.get('/backoffice/users/%s/' % user.id)
|
|
| 2512 |
assert '>Edit<' in resp.body |
|
| 2513 |
resp = resp.click(href='edit') |
|
| 2514 |
assert 'email' in resp.form.fields |
|
| 2515 |
assert not 'roles$added_elements' in resp.form.fields |
|
| 2516 | ||
| 2517 |
pub.cfg['sp'] = {'idp-manage-user-roles': True, 'idp-manage-user-attributes': True}
|
|
| 2518 |
pub.write_cfg() |
|
| 2519 |
resp = app.get('/backoffice/users/%s/' % user.id)
|
|
| 2520 |
assert not '/edit' in resp.body |
|
| 2521 | ||
| 2492 | 2522 |
def test_users_delete(pub): |
| 2493 | 2523 |
pub.user_class.wipe() |
| 2494 | 2524 |
PasswordAccount.wipe() |
| tests/test_hobo.py | ||
|---|---|---|
| 322 | 322 | |
| 323 | 323 |
assert len(pub.cfg['idp'].keys()) == 1 |
| 324 | 324 |
assert pub.cfg['saml_identities']['registration-url'] |
| 325 |
assert pub.cfg['sp']['idp-manage-user-attributes'] |
|
| 326 |
assert pub.cfg['sp']['idp-manage-user-roles'] |
|
| 325 | 327 | |
| 326 | 328 |
def test_deploy(): |
| 327 | 329 |
cleanup() |
| wcs/admin/users.py | ||
|---|---|---|
| 25 | 25 |
from wcs.roles import Role |
| 26 | 26 | |
| 27 | 27 |
import qommon.ident |
| 28 |
from qommon.ident.idp import is_idp_managing_user_attributes |
|
| 28 |
from qommon.ident.idp import is_idp_managing_user_attributes, is_idp_managing_user_roles
|
|
| 29 | 29 |
from qommon.form import * |
| 30 | 30 |
from qommon.admin.emails import EmailsDirectory |
| 31 | 31 |
from qommon.backoffice.menu import html_top |
| ... | ... | |
| 54 | 54 |
formdef.add_fields_to_form(form, form_data = self.user.form_data) |
| 55 | 55 |
form.add(CheckboxWidget, 'is_admin', title = _('Administrator Account'),
|
| 56 | 56 |
value = self.user.is_admin) |
| 57 | ||
| 57 | 58 |
roles = list(Role.select(order_by='name')) |
| 58 |
if len(roles): |
|
| 59 |
if len(roles) and not is_idp_managing_user_roles():
|
|
| 59 | 60 |
form.add(WidgetList, 'roles', title = _('Roles'), element_type = SingleSelectWidget,
|
| 60 | 61 |
value = self.user.roles, |
| 61 | 62 |
add_element_label = _('Add Role'),
|
| ... | ... | |
| 214 | 215 |
r = TemplateIO(html=True) |
| 215 | 216 |
r += htmltext('<ul id="sidebar-actions">')
|
| 216 | 217 | |
| 217 |
if is_idp_managing_user_attributes(): |
|
| 218 |
if is_idp_managing_user_attributes() and not is_idp_managing_user_roles():
|
|
| 218 | 219 |
r += htmltext('<li><a href="edit">%s</a></li>') % _('Manage Roles')
|
| 219 |
else:
|
|
| 220 |
elif not (is_idp_managing_user_attributes() and is_idp_managing_user_roles()):
|
|
| 220 | 221 |
r += htmltext('<li><a href="edit">%s</a></li>') % _('Edit')
|
| 221 | 222 |
r += htmltext('<li><a href="delete" rel="popup">%s</a></li>') % _('Delete')
|
| 222 | 223 | |
| wcs/ctl/check_hobos.py | ||
|---|---|---|
| 215 | 215 |
if not pub.cfg.get('sp'):
|
| 216 | 216 |
pub.cfg['sp'] = {}
|
| 217 | 217 |
pub.cfg['sp']['idp-manage-user-attributes'] = bool(idps) |
| 218 |
pub.cfg['sp']['idp-manage-user-roles'] = bool(idps) |
|
| 218 | 219 |
pub.write_cfg() |
| 219 | 220 | |
| 220 | 221 |
if not idps: |
| wcs/qommon/ident/idp.py | ||
|---|---|---|
| 48 | 48 |
def is_idp_managing_user_attributes(): |
| 49 | 49 |
return get_cfg('sp', {}).get('idp-manage-user-attributes', False)
|
| 50 | 50 | |
| 51 |
def is_idp_managing_user_roles(): |
|
| 52 |
return get_cfg('sp', {}).get('idp-manage-user-roles', False)
|
|
| 53 | ||
| 51 | 54 |
def get_file_content(filename): |
| 52 | 55 |
try: |
| 53 | 56 |
return open(filename,'r').read() |
| ... | ... | |
| 844 | 847 |
title = _('IdP manage user attributes'),
|
| 845 | 848 |
value = get_cfg('sp',{}).get('idp-manage-user-attributes', False))
|
| 846 | 849 | |
| 850 |
form.add(CheckboxWidget, 'idp-manage-user-roles', |
|
| 851 |
title = _('IdP manage user roles'),
|
|
| 852 |
value = get_cfg('sp',{}).get('idp-manage-user-roles', False))
|
|
| 853 | ||
| 847 | 854 |
form.add_submit('submit', _('Submit'))
|
| 848 | 855 |
form.add_submit('cancel', _('Cancel'))
|
| 849 | 856 |
if x509utils.can_generate_rsa_key_pair(): |
| ... | ... | |
| 920 | 927 |
'saml2_providerid', 'saml2_base_url', 'common_domain_getter_url', |
| 921 | 928 |
'grab_user_with_id_wsf', 'identity-creation', |
| 922 | 929 |
'authn-request-signed', 'want-assertion-signed', |
| 923 |
'idp-manage-user-attributes'): |
|
| 930 |
'idp-manage-user-attributes', |
|
| 931 |
'idp-manage-user-roles'): |
|
| 924 | 932 |
if form.get_widget(k): |
| 925 | 933 |
cfg_sp[k] = form.get_widget(k).parse() |
| 926 | 934 | |
| 927 |
- |
|