0001-ldap_backend-remove-imprecise-role-creation-capabili.patch
src/authentic2/backends/ldap_backend.py | ||
---|---|---|
249 | 249 |
'is_staff': None, |
250 | 250 |
# create missing group if needed |
251 | 251 |
'create_group': False, |
252 |
# create missing role if needed |
|
253 |
'create_role': False, |
|
254 | 252 |
# attributes to retrieve and store with the user object |
255 | 253 |
'attributes': ['uid'], |
256 | 254 |
# default value for some attributes |
... | ... | |
587 | 585 |
except Group.DoesNotExist: |
588 | 586 |
return None |
589 | 587 | |
590 |
def get_role_by_name(self, block, role_name, create=None):
|
|
588 |
def get_role_by_name(self, block, role_name): |
|
591 | 589 |
'''Obtain a Django role''' |
592 |
if create is None: |
|
593 |
create = block['create_role'] |
|
594 |
if create: |
|
595 |
role, created = Role.objects.get_or_create(name=role_name) |
|
596 |
return role |
|
597 |
else: |
|
598 |
try: |
|
599 |
return Role.objects.get(name=role_name) |
|
600 |
except Role.DoesNotExist: |
|
601 |
return None |
|
590 |
try: |
|
591 |
return Role.objects.get(name=role_name) |
|
592 |
except Role.DoesNotExist: |
|
593 |
return None |
|
602 | 594 | |
603 | 595 |
def populate_mandatory_groups(self, user, block): |
604 | 596 |
mandatory_groups = block.get('set_mandatory_groups') |
tests/test_ldap.py | ||
---|---|---|
359 | 359 | |
360 | 360 | |
361 | 361 |
@pytest.mark.django_db |
362 |
def test_create_mandatory_roles(slapd, settings): |
|
363 |
User = get_user_model() |
|
364 |
settings.LDAP_AUTH_SETTINGS = [{ |
|
365 |
'url': [slapd.ldap_url], |
|
366 |
'basedn': 'o=orga', |
|
367 |
'use_tls': False, |
|
368 |
'create_group': True, |
|
369 |
'group_mapping': [ |
|
370 |
('cn=group2,o=orga', ['Group2']), |
|
371 |
], |
|
372 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))', |
|
373 |
'set_mandatory_roles': ['tech', 'admin'], |
|
374 |
'create_role': True, |
|
375 |
}] |
|
376 | ||
377 |
users = list(ldap_backend.LDAPBackend.get_users()) |
|
378 |
assert User.objects.first().roles.count() == 2 |
|
379 | ||
380 | ||
381 |
@pytest.mark.django_db |
|
382 | 362 |
def test_nocreate_mandatory_roles(slapd, settings): |
383 | 363 |
User = get_user_model() |
384 | 364 |
settings.LDAP_AUTH_SETTINGS = [{ |
... | ... | |
391 | 371 |
], |
392 | 372 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))', |
393 | 373 |
'set_mandatory_roles': ['tech', 'admin'], |
394 |
'create_role': False, |
|
395 | 374 |
}] |
396 | 375 | |
397 | 376 |
list(ldap_backend.LDAPBackend.get_users()) |
... | ... | |
424 | 403 |
], |
425 | 404 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))', |
426 | 405 |
'set_mandatory_roles': ['tech', 'admin'], |
427 |
'create_role': False, |
|
428 | 406 |
}] |
429 | 407 |
response = app.get('/login/') |
430 | 408 |
response.form.set('username', USERNAME) |
431 |
- |