0001-ldap_backend-remove-imprecise-role-creation-capabili.patch
| src/authentic2/backends/ldap_backend.py | ||
|---|---|---|
| 249 | 249 |
'is_staff': None, |
| 250 | 250 |
# create missing group if needed |
| 251 | 251 |
'create_group': False, |
| 252 |
# create missing role if needed |
|
| 253 |
'create_role': False, |
|
| 254 | 252 |
# attributes to retrieve and store with the user object |
| 255 | 253 |
'attributes': ['uid'], |
| 256 | 254 |
# default value for some attributes |
| ... | ... | |
| 587 | 585 |
except Group.DoesNotExist: |
| 588 | 586 |
return None |
| 589 | 587 | |
| 590 |
def get_role_by_name(self, block, role_name, create=None):
|
|
| 588 |
def get_role_by_name(self, block, role_name): |
|
| 591 | 589 |
'''Obtain a Django role''' |
| 592 |
if create is None: |
|
| 593 |
create = block['create_role'] |
|
| 594 |
if create: |
|
| 595 |
role, created = Role.objects.get_or_create(name=role_name) |
|
| 596 |
return role |
|
| 597 |
else: |
|
| 598 |
try: |
|
| 599 |
return Role.objects.get(name=role_name) |
|
| 600 |
except Role.DoesNotExist: |
|
| 601 |
return None |
|
| 590 |
try: |
|
| 591 |
return Role.objects.get(name=role_name) |
|
| 592 |
except Role.DoesNotExist: |
|
| 593 |
return None |
|
| 602 | 594 | |
| 603 | 595 |
def populate_mandatory_groups(self, user, block): |
| 604 | 596 |
mandatory_groups = block.get('set_mandatory_groups')
|
| tests/test_ldap.py | ||
|---|---|---|
| 359 | 359 | |
| 360 | 360 | |
| 361 | 361 |
@pytest.mark.django_db |
| 362 |
def test_create_mandatory_roles(slapd, settings): |
|
| 362 |
def test_set_mandatory_roles(slapd, settings): |
|
| 363 |
from authentic2.a2_rbac.models import Role |
|
| 364 | ||
| 365 |
Role.objects.get_or_create(name='_pytest_tech') |
|
| 366 |
Role.objects.get_or_create(name='_pytest_admin') |
|
| 363 | 367 |
User = get_user_model() |
| 364 | 368 |
settings.LDAP_AUTH_SETTINGS = [{
|
| 365 | 369 |
'url': [slapd.ldap_url], |
| ... | ... | |
| 370 | 374 |
('cn=group2,o=orga', ['Group2']),
|
| 371 | 375 |
], |
| 372 | 376 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',
|
| 373 |
'set_mandatory_roles': ['tech', 'admin'], |
|
| 374 |
'create_role': True, |
|
| 377 |
'set_mandatory_roles': ['_pytest_tech', '_pytest_admin'], |
|
| 375 | 378 |
}] |
| 376 | 379 | |
| 377 |
users = list(ldap_backend.LDAPBackend.get_users())
|
|
| 380 |
list(ldap_backend.LDAPBackend.get_users()) |
|
| 378 | 381 |
assert User.objects.first().roles.count() == 2 |
| 379 | 382 | |
| 380 | 383 | |
| ... | ... | |
| 391 | 394 |
], |
| 392 | 395 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',
|
| 393 | 396 |
'set_mandatory_roles': ['tech', 'admin'], |
| 394 |
'create_role': False, |
|
| 395 | 397 |
}] |
| 396 | 398 | |
| 397 | 399 |
list(ldap_backend.LDAPBackend.get_users()) |
| ... | ... | |
| 424 | 426 |
], |
| 425 | 427 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',
|
| 426 | 428 |
'set_mandatory_roles': ['tech', 'admin'], |
| 427 |
'create_role': False, |
|
| 428 | 429 |
}] |
| 429 | 430 |
response = app.get('/login/')
|
| 430 | 431 |
response.form.set('username', USERNAME)
|
| 431 |
- |
|