0001-WIP-ldap_backend-remove-imprecise-role-creation-capa.patch
src/authentic2/backends/ldap_backend.py | ||
---|---|---|
249 | 249 |
'is_staff': None, |
250 | 250 |
# create missing group if needed |
251 | 251 |
'create_group': False, |
252 |
# create missing role if needed |
|
253 |
'create_role': False, |
|
254 | 252 |
# attributes to retrieve and store with the user object |
255 | 253 |
'attributes': ['uid'], |
256 | 254 |
# default value for some attributes |
... | ... | |
587 | 585 |
except Group.DoesNotExist: |
588 | 586 |
return None |
589 | 587 | |
590 |
def get_role_by_name(self, block, role_name, create=None):
|
|
588 |
def get_role_by_name(self, block, role_name): |
|
591 | 589 |
'''Obtain a Django role''' |
592 |
if create is None: |
|
593 |
create = block['create_role'] |
|
594 |
if create: |
|
595 |
role, created = Role.objects.get_or_create(name=role_name) |
|
596 |
return role |
|
597 |
else: |
|
598 |
try: |
|
599 |
return Role.objects.get(name=role_name) |
|
600 |
except Role.DoesNotExist: |
|
601 |
return None |
|
590 |
try: |
|
591 |
return Role.objects.get(name=role_name) |
|
592 |
except Role.DoesNotExist: |
|
593 |
return None |
|
602 | 594 | |
603 | 595 |
def populate_mandatory_groups(self, user, block): |
604 | 596 |
mandatory_groups = block.get('set_mandatory_groups') |
tests/test_ldap.py | ||
---|---|---|
359 | 359 | |
360 | 360 | |
361 | 361 |
@pytest.mark.django_db |
362 |
def test_create_mandatory_roles(slapd, settings):
|
|
362 |
def test_mandatory_roles(slapd, settings): |
|
363 | 363 |
User = get_user_model() |
364 | 364 |
settings.LDAP_AUTH_SETTINGS = [{ |
365 | 365 |
'url': [slapd.ldap_url], |
... | ... | |
378 | 378 |
assert User.objects.first().roles.count() == 2 |
379 | 379 | |
380 | 380 | |
381 |
@pytest.mark.django_db |
|
382 |
def test_nocreate_mandatory_roles(slapd, settings): |
|
383 |
User = get_user_model() |
|
384 |
settings.LDAP_AUTH_SETTINGS = [{ |
|
385 |
'url': [slapd.ldap_url], |
|
386 |
'basedn': 'o=orga', |
|
387 |
'use_tls': False, |
|
388 |
'create_group': True, |
|
389 |
'group_mapping': [ |
|
390 |
('cn=group2,o=orga', ['Group2']), |
|
391 |
], |
|
392 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))', |
|
393 |
'set_mandatory_roles': ['tech', 'admin'], |
|
394 |
'create_role': False, |
|
395 |
}] |
|
396 | ||
397 |
list(ldap_backend.LDAPBackend.get_users()) |
|
398 |
assert User.objects.first().roles.count() == 0 |
|
399 | ||
400 | ||
401 | 381 |
@pytest.fixture |
402 | 382 |
def slapd_strict_acl(slapd): |
403 | 383 |
# forbid modifications by user themselves |
404 |
- |