22 |
22 |
from django.core.exceptions import ImproperlyConfigured
|
23 |
23 |
from django.conf import settings
|
24 |
24 |
from django.contrib.auth.models import Group
|
|
25 |
from authentic2.a2_rbac.models import Role
|
25 |
26 |
|
26 |
27 |
from authentic2.compat_lasso import lasso
|
27 |
28 |
|
... | ... | |
236 |
237 |
'is_staff': None,
|
237 |
238 |
# create missing group if needed
|
238 |
239 |
'create_group': False,
|
|
240 |
# create missing role if needed
|
|
241 |
'create_role': False,
|
239 |
242 |
# attributes to retrieve and store with the user object
|
240 |
243 |
'attributes': ['uid'],
|
241 |
244 |
# default value for some attributes
|
... | ... | |
264 |
267 |
'limit_to_realm': False,
|
265 |
268 |
# Assign users mandatorily to some groups
|
266 |
269 |
'set_mandatory_groups': (),
|
|
270 |
# Assign users mandatorily to some roles
|
|
271 |
'set_mandatory_roles': (),
|
267 |
272 |
# Can users change their password ?
|
268 |
273 |
'user_can_change_password': True,
|
269 |
274 |
# Use starttls
|
... | ... | |
554 |
559 |
except Group.DoesNotExist:
|
555 |
560 |
return None
|
556 |
561 |
|
|
562 |
def get_role_by_name(self, block, role_name, create=None):
|
|
563 |
'''Obtain a Django role'''
|
|
564 |
if create is None:
|
|
565 |
create = block['create_role']
|
|
566 |
if create:
|
|
567 |
role, created = Role.objects.get_or_create(name=role_name)
|
|
568 |
return role
|
|
569 |
else:
|
|
570 |
try:
|
|
571 |
return Role.objects.get(name=role_name)
|
|
572 |
except Role.DoesNotExist:
|
|
573 |
return None
|
|
574 |
|
557 |
575 |
def populate_mandatory_groups(self, user, block):
|
558 |
576 |
mandatory_groups = block.get('set_mandatory_groups')
|
559 |
577 |
if not mandatory_groups:
|
... | ... | |
569 |
587 |
if group not in groups:
|
570 |
588 |
user.groups.add(group)
|
571 |
589 |
|
|
590 |
|
|
591 |
def populate_mandatory_roles(self, user, block):
|
|
592 |
mandatory_roles = block.get('set_mandatory_roles')
|
|
593 |
if not mandatory_roles:
|
|
594 |
return
|
|
595 |
if not user.pk:
|
|
596 |
user.save()
|
|
597 |
user._changed = False
|
|
598 |
roles = user.roles.all()
|
|
599 |
for role_name in mandatory_roles:
|
|
600 |
role = self.get_role_by_name(block, role_name)
|
|
601 |
if role is None:
|
|
602 |
continue
|
|
603 |
if role not in roles:
|
|
604 |
user.roles.add(role)
|
|
605 |
|
572 |
606 |
def populate_admin_fields(self, user, block):
|
573 |
607 |
if block['is_staff'] is not None:
|
574 |
608 |
if user.is_staff != block['is_staff']:
|
... | ... | |
585 |
619 |
self.populate_user_ou(user, dn, conn, block, attributes)
|
586 |
620 |
self.update_user_identifiers(user, username, block, attributes)
|
587 |
621 |
self.populate_mandatory_groups(user, block)
|
|
622 |
self.populate_mandatory_roles(user, block)
|
588 |
623 |
self.populate_user_groups(user, dn, conn, block, attributes)
|
589 |
624 |
|
590 |
625 |
def populate_user_ou(self, user, dn, conn, block, attributes):
|