0002-views-save-is_staff-in-session.patch

Valentin Deniaud, 24 avril 2019 11:46

Voir les différences: en ligne côte à côte

Subject: [PATCH 2/3] views: save is_staff in session

 mellon/adapters.py | 24 ++++++------------------
 mellon/utils.py    | 18 ++++++++++++++++++
 mellon/views.py    |  2 ++
 3 files changed, 26 insertions(+), 18 deletions(-)

         def provision_superuser(self, user, idp, saml_attributes):
             superuser_mapping = utils.get_setting(idp, 'SUPERUSER_MAPPING')
             if not superuser_mapping:
                 return
             for key, values in superuser_mapping.items():
                 if key in saml_attributes:
                     if not isinstance(values, (tuple, list)):
                         values = [values]
                     values = set(values)
                     attribute_values = saml_attributes[key]
                     if not isinstance(attribute_values, (tuple, list)):
                         attribute_values = [attribute_values]
                     attribute_values = set(attribute_values)
                     if attribute_values & values:
                         if not (user.is_staff and user.is_superuser):
                             user.is_staff = True
                             user.is_superuser = True
                             user.save()
                             self.logger.info('flag is_staff and is_superuser added to user %s', user)
                         break
             if utils.has_superuser_flag(idp, saml_attributes):
                 if not (user.is_staff and user.is_superuser):
                     user.is_staff = True
                     user.is_superuser = True
                     user.save()
                     self.logger.info('flag is_staff and is_superuser added to user %s', user)
             else:
                 self.remove_superuser(user)

         return path
     def has_superuser_flag(idp, saml_attributes):
         superuser_mapping = get_setting(idp, 'SUPERUSER_MAPPING')
         if not superuser_mapping:
             return False
         for key, values in superuser_mapping.items():
             if key in saml_attributes:
                 if not isinstance(values, (tuple, list)):
                     values = [values]
                 values = set(values)
                 attribute_values = saml_attributes[key]
                 if not isinstance(attribute_values, (tuple, list)):
                     attribute_values = [attribute_values]
                 attribute_values = set(attribute_values)
                 if attribute_values & values:
                     return True
         return False
     def user_has_role(request, role_id):
         try:
             group = request.user.groups.get(id=role_id)

                 if user.is_active:
                     utils.login(request, user)
                     request.session['role_uuids'] = dict.fromkeys(attributes['role-slug'])
                     idp = self.get_idp(request)
                     request.session['is_staff'] = utils.has_superuser_flag(idp, attributes)
                     self.log.info('user %s (NameID is %r) logged in using SAML', user,
                                   attributes['name_id_content'])
                     request.session['mellon_session'] = utils.flatten_datetime(attributes)
+    -

Projet

Général

Profil

Produits Entr'ouvert » django-mellon

0002-views-save-is_staff-in-session.patch