0001-ldap_backend-remove-imprecise-role-creation-capabili.patch
src/authentic2/backends/ldap_backend.py | ||
---|---|---|
249 | 249 |
'is_staff': None, |
250 | 250 |
# create missing group if needed |
251 | 251 |
'create_group': False, |
252 |
# create missing role if needed |
|
253 |
'create_role': False, |
|
254 | 252 |
# attributes to retrieve and store with the user object |
255 | 253 |
'attributes': ['uid'], |
256 | 254 |
# default value for some attributes |
... | ... | |
587 | 585 |
except Group.DoesNotExist: |
588 | 586 |
return None |
589 | 587 | |
590 |
def get_role_by_name(self, block, role_name, create=None):
|
|
588 |
def get_role_by_name(self, block, role_name): |
|
591 | 589 |
'''Obtain a Django role''' |
592 |
if create is None: |
|
593 |
create = block['create_role'] |
|
594 |
if create: |
|
595 |
role, created = Role.objects.get_or_create(name=role_name) |
|
596 |
return role |
|
597 |
else: |
|
598 |
try: |
|
599 |
return Role.objects.get(name=role_name) |
|
600 |
except Role.DoesNotExist: |
|
601 |
return None |
|
590 |
try: |
|
591 |
return Role.objects.get(name=role_name) |
|
592 |
except Role.DoesNotExist: |
|
593 |
return None |
|
602 | 594 | |
603 | 595 |
def populate_mandatory_groups(self, user, block): |
604 | 596 |
mandatory_groups = block.get('set_mandatory_groups') |
tests/test_ldap.py | ||
---|---|---|
359 | 359 | |
360 | 360 | |
361 | 361 |
@pytest.mark.django_db |
362 |
def test_create_mandatory_roles(slapd, settings): |
|
362 |
def test_set_mandatory_roles(slapd, settings): |
|
363 |
from authentic2.a2_rbac.models import Role |
|
364 | ||
365 |
Role.objects.get_or_create(name='_pytest_tech') |
|
366 |
Role.objects.get_or_create(name='_pytest_admin') |
|
363 | 367 |
User = get_user_model() |
364 | 368 |
settings.LDAP_AUTH_SETTINGS = [{ |
365 | 369 |
'url': [slapd.ldap_url], |
... | ... | |
370 | 374 |
('cn=group2,o=orga', ['Group2']), |
371 | 375 |
], |
372 | 376 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))', |
373 |
'set_mandatory_roles': ['tech', 'admin'], |
|
374 |
'create_role': True, |
|
377 |
'set_mandatory_roles': ['_pytest_tech', '_pytest_admin'], |
|
375 | 378 |
}] |
376 | 379 | |
377 |
users = list(ldap_backend.LDAPBackend.get_users())
|
|
380 |
list(ldap_backend.LDAPBackend.get_users()) |
|
378 | 381 |
assert User.objects.first().roles.count() == 2 |
379 | 382 | |
380 | 383 | |
... | ... | |
391 | 394 |
], |
392 | 395 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))', |
393 | 396 |
'set_mandatory_roles': ['tech', 'admin'], |
394 |
'create_role': False, |
|
395 | 397 |
}] |
396 | 398 | |
397 | 399 |
list(ldap_backend.LDAPBackend.get_users()) |
... | ... | |
424 | 426 |
], |
425 | 427 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))', |
426 | 428 |
'set_mandatory_roles': ['tech', 'admin'], |
427 |
'create_role': False, |
|
428 | 429 |
}] |
429 | 430 |
response = app.get('/login/') |
430 | 431 |
response.form.set('username', USERNAME) |
431 |
- |