0002-views-save-is_staff-in-session.patch
mellon/adapters.py | ||
---|---|---|
183 | 183 | |
184 | 184 |
def provision_superuser(self, user, idp, saml_attributes): |
185 | 185 |
superuser_mapping = utils.get_setting(idp, 'SUPERUSER_MAPPING') |
186 |
if not superuser_mapping: |
|
187 |
return |
|
188 |
for key, values in superuser_mapping.items(): |
|
189 |
if key in saml_attributes: |
|
190 |
if not isinstance(values, (tuple, list)): |
|
191 |
values = [values] |
|
192 |
values = set(values) |
|
193 |
attribute_values = saml_attributes[key] |
|
194 |
if not isinstance(attribute_values, (tuple, list)): |
|
195 |
attribute_values = [attribute_values] |
|
196 |
attribute_values = set(attribute_values) |
|
197 |
if attribute_values & values: |
|
198 |
if not (user.is_staff and user.is_superuser): |
|
199 |
user.is_staff = True |
|
200 |
user.is_superuser = True |
|
201 |
user.save() |
|
202 |
self.logger.info('flag is_staff and is_superuser added to user %s', user) |
|
203 |
break |
|
186 |
if utils.has_superuser_flag(idp, saml_attributes): |
|
187 |
if not (user.is_staff and user.is_superuser): |
|
188 |
user.is_staff = True |
|
189 |
user.is_superuser = True |
|
190 |
user.save() |
|
191 |
self.logger.info('flag is_staff and is_superuser added to user %s', user) |
|
204 | 192 |
else: |
205 | 193 |
self.remove_superuser(user) |
206 | 194 |
mellon/utils.py | ||
---|---|---|
276 | 276 |
return path |
277 | 277 | |
278 | 278 | |
279 |
def has_superuser_flag(idp, saml_attributes): |
|
280 |
superuser_mapping = get_setting(idp, 'SUPERUSER_MAPPING') |
|
281 |
if not superuser_mapping: |
|
282 |
return False |
|
283 |
for key, values in superuser_mapping.items(): |
|
284 |
if key in saml_attributes: |
|
285 |
if not isinstance(values, (tuple, list)): |
|
286 |
values = [values] |
|
287 |
values = set(values) |
|
288 |
attribute_values = saml_attributes[key] |
|
289 |
if not isinstance(attribute_values, (tuple, list)): |
|
290 |
attribute_values = [attribute_values] |
|
291 |
attribute_values = set(attribute_values) |
|
292 |
if attribute_values & values: |
|
293 |
return True |
|
294 |
return False |
|
295 | ||
296 | ||
279 | 297 |
def user_has_role(request, role_id): |
280 | 298 |
try: |
281 | 299 |
group = request.user.groups.get(id=role_id) |
mellon/views.py | ||
---|---|---|
218 | 218 |
if user.is_active: |
219 | 219 |
utils.login(request, user) |
220 | 220 |
request.session['role_uuids'] = dict.fromkeys(attributes['role-slug']) |
221 |
idp = self.get_idp(request) |
|
222 |
request.session['is_staff'] = utils.has_superuser_flag(idp, attributes) |
|
221 | 223 |
self.log.info('user %s (NameID is %r) logged in using SAML', user, |
222 | 224 |
attributes['name_id_content']) |
223 | 225 |
request.session['mellon_session'] = utils.flatten_datetime(attributes) |
224 |
- |