Projet

Général

Profil

0001-provisioning-only-send-user-s-roles-visible-by-the-s.patch

Benjamin Dauvergne, 06 août 2019 11:27

Télécharger (1,46 ko)

Voir les différences: 

Subject: [PATCH] provisioning: only send user's roles visible by the service
 (#35168)


 hobo/agent/authentic2/provisionning.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
hobo/agent/authentic2/provisionning.py
101 101 
            def user_to_json(service, user, user_roles):
102 102 
                from authentic2.api_views import BaseUserSerializer
103 103 
                data = {}
104 
                roles = user.roles_and_parents().prefetch_related('attributes')
105 104 
                data.update({
106 105 
                    'uuid': user.uuid,
107 106 
                    'username': user.username,
......
113 112 
                            'uuid': role.uuid,
114 113 
                            'name': role.name,
115 114 
                            'slug': role.slug,
116 
                        } for role in roles],
115 
                        } for role in user_roles.get(user.id, []) if role.ou_id is None or role.ou_id == service.ou_id],
117 116 
                })
118 117 
                data.update(BaseUserSerializer(user).data)
119 118 
                # check if user is superuser through a role
120 
-