Projet

Général

Profil

0001-attributes_ng-limit-roles-depending-on-authenticatio.patch

Valentin Deniaud, 05 juin 2019 14:30

Télécharger (2,07 ko)

Voir les différences: 

Subject: [PATCH 1/3] attributes_ng: limit roles depending on authentication
 level

This has the effect of seeing only roles currently available to the user
when getting user SAML attributes, and setting service role attributes
accordingly.

 src/authentic2/attributes_ng/sources/django_user.py   | 3 ++-
 src/authentic2/attributes_ng/sources/service_roles.py | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)
src/authentic2/attributes_ng/sources/django_user.py
99 99 
        ctx['django_user_identifier'] = splitted[0]
100 100 
    ctx['django_user_full_name'] = user.get_full_name()
101 101 
    Role = get_role_model()
102 
    roles = Role.objects.for_user(user)
102 
    user_auth_level = ctx['request'].session.get('auth_level', 1)
103 
    roles = Role.objects.for_user(user, max_auth_level=user_auth_level)
103 104 
    ctx['a2_role_slugs'] = roles.values_list('slug', flat=True)
104 105 
    ctx['a2_role_names'] = roles.values_list('name', flat=True)
105 106 
    ctx['a2_role_uuids'] = roles.values_list('uuid', flat=True)
src/authentic2/attributes_ng/sources/service_roles.py
54 54 
    if not user or not service:
55 55 
        return ctx
56 56 
    ctx = ctx.copy()
57 
    roles = Role.objects.for_user(user) \
57 
    user_auth_level = ctx['request'].session.get('auth_level', 1)
58 
    roles = Role.objects.for_user(user, max_auth_level=user_auth_level) \
58 59 
        .filter(service=service) \
59 60 
        .prefetch_related('attributes')
60 61 
    for service_role in roles:
61 
-