0001-WIP-ldap_backend-remove-imprecise-role-creation-capa.patch
| src/authentic2/backends/ldap_backend.py | ||
|---|---|---|
| 249 | 249 |
'is_staff': None, |
| 250 | 250 |
# create missing group if needed |
| 251 | 251 |
'create_group': False, |
| 252 |
# create missing role if needed |
|
| 253 |
'create_role': False, |
|
| 254 | 252 |
# attributes to retrieve and store with the user object |
| 255 | 253 |
'attributes': ['uid'], |
| 256 | 254 |
# default value for some attributes |
| ... | ... | |
| 587 | 585 |
except Group.DoesNotExist: |
| 588 | 586 |
return None |
| 589 | 587 | |
| 590 |
def get_role_by_name(self, block, role_name, create=None):
|
|
| 588 |
def get_role_by_name(self, block, role_name): |
|
| 591 | 589 |
'''Obtain a Django role''' |
| 592 |
if create is None: |
|
| 593 |
create = block['create_role'] |
|
| 594 |
if create: |
|
| 595 |
role, created = Role.objects.get_or_create(name=role_name) |
|
| 596 |
return role |
|
| 597 |
else: |
|
| 598 |
try: |
|
| 599 |
return Role.objects.get(name=role_name) |
|
| 600 |
except Role.DoesNotExist: |
|
| 601 |
return None |
|
| 590 |
try: |
|
| 591 |
return Role.objects.get(name=role_name) |
|
| 592 |
except Role.DoesNotExist: |
|
| 593 |
return None |
|
| 602 | 594 | |
| 603 | 595 |
def populate_mandatory_groups(self, user, block): |
| 604 | 596 |
mandatory_groups = block.get('set_mandatory_groups')
|
| tests/test_ldap.py | ||
|---|---|---|
| 359 | 359 | |
| 360 | 360 | |
| 361 | 361 |
@pytest.mark.django_db |
| 362 |
def test_create_mandatory_roles(slapd, settings):
|
|
| 362 |
def test_mandatory_roles(slapd, settings): |
|
| 363 | 363 |
User = get_user_model() |
| 364 | 364 |
settings.LDAP_AUTH_SETTINGS = [{
|
| 365 | 365 |
'url': [slapd.ldap_url], |
| ... | ... | |
| 378 | 378 |
assert User.objects.first().roles.count() == 2 |
| 379 | 379 | |
| 380 | 380 | |
| 381 |
@pytest.mark.django_db |
|
| 382 |
def test_nocreate_mandatory_roles(slapd, settings): |
|
| 383 |
User = get_user_model() |
|
| 384 |
settings.LDAP_AUTH_SETTINGS = [{
|
|
| 385 |
'url': [slapd.ldap_url], |
|
| 386 |
'basedn': 'o=orga', |
|
| 387 |
'use_tls': False, |
|
| 388 |
'create_group': True, |
|
| 389 |
'group_mapping': [ |
|
| 390 |
('cn=group2,o=orga', ['Group2']),
|
|
| 391 |
], |
|
| 392 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',
|
|
| 393 |
'set_mandatory_roles': ['tech', 'admin'], |
|
| 394 |
'create_role': False, |
|
| 395 |
}] |
|
| 396 | ||
| 397 |
list(ldap_backend.LDAPBackend.get_users()) |
|
| 398 |
assert User.objects.first().roles.count() == 0 |
|
| 399 | ||
| 400 | ||
| 401 | 381 |
@pytest.fixture |
| 402 | 382 |
def slapd_strict_acl(slapd): |
| 403 | 383 |
# forbid modifications by user themselves |
| 404 |
- |
|