0003-views-save-is_staff-in-session.patch
mellon/adapters.py | ||
---|---|---|
182 | 182 |
user.save() |
183 | 183 | |
184 | 184 |
def provision_superuser(self, user, idp, saml_attributes): |
185 |
superuser_mapping = utils.get_setting(idp, 'SUPERUSER_MAPPING') |
|
186 |
if not superuser_mapping: |
|
187 |
return |
|
188 |
for key, values in superuser_mapping.items(): |
|
189 |
if key in saml_attributes: |
|
190 |
if not isinstance(values, (tuple, list)): |
|
191 |
values = [values] |
|
192 |
values = set(values) |
|
193 |
attribute_values = saml_attributes[key] |
|
194 |
if not isinstance(attribute_values, (tuple, list)): |
|
195 |
attribute_values = [attribute_values] |
|
196 |
attribute_values = set(attribute_values) |
|
197 |
if attribute_values & values: |
|
198 |
if not (user.is_staff and user.is_superuser): |
|
199 |
user.is_staff = True |
|
200 |
user.is_superuser = True |
|
201 |
user.save() |
|
202 |
self.logger.info('flag is_staff and is_superuser added to user %s', user) |
|
203 |
break |
|
185 |
if utils.has_superuser_flag(idp, saml_attributes): |
|
186 |
if not (user.is_staff and user.is_superuser): |
|
187 |
user.is_staff = True |
|
188 |
user.is_superuser = True |
|
189 |
user.save() |
|
190 |
self.logger.info('flag is_staff and is_superuser added to user %s', user) |
|
204 | 191 |
else: |
205 | 192 |
self.remove_superuser(user) |
206 | 193 |
mellon/utils.py | ||
---|---|---|
271 | 271 |
if request.META.get('SCRIPT_NAME'): |
272 | 272 |
path = path[len(request.META['SCRIPT_NAME']):] |
273 | 273 |
return path |
274 | ||
275 | ||
276 |
def has_superuser_flag(idp, saml_attributes): |
|
277 |
superuser_mapping = get_setting(idp, 'SUPERUSER_MAPPING') |
|
278 |
if not superuser_mapping: |
|
279 |
return False |
|
280 |
for key, values in superuser_mapping.items(): |
|
281 |
if key in saml_attributes: |
|
282 |
if not isinstance(values, (tuple, list)): |
|
283 |
values = [values] |
|
284 |
values = set(values) |
|
285 |
attribute_values = saml_attributes[key] |
|
286 |
if not isinstance(attribute_values, (tuple, list)): |
|
287 |
attribute_values = [attribute_values] |
|
288 |
attribute_values = set(attribute_values) |
|
289 |
if attribute_values & values: |
|
290 |
return True |
|
291 |
return False |
mellon/views.py | ||
---|---|---|
218 | 218 |
if user is not None: |
219 | 219 |
if user.is_active: |
220 | 220 |
utils.login(request, user) |
221 |
idp = self.get_idp(request) |
|
222 |
request.session['is_staff'] = utils.has_superuser_flag(idp, attributes) |
|
221 | 223 |
self.log.info('user %s (NameID is %r) logged in using SAML', user, |
222 | 224 |
attributes['name_id_content']) |
223 | 225 |
request.session['mellon_session'] = utils.flatten_datetime(attributes) |
224 |
- |