0001-provisioning-only-send-user-s-roles-visible-by-the-s.patch
hobo/agent/authentic2/provisionning.py | ||
---|---|---|
98 | 98 |
issuer = unicode(self.get_entity_id()) |
99 | 99 |
if mode == 'provision': |
100 | 100 | |
101 |
def user_to_json(service, user, user_roles): |
|
101 |
def user_to_json(ou, service, user, user_roles):
|
|
102 | 102 |
from authentic2.api_views import BaseUserSerializer |
103 | 103 |
data = {} |
104 |
roles = user.roles_and_parents().prefetch_related('attributes') |
|
105 | 104 |
data.update({ |
106 | 105 |
'uuid': user.uuid, |
107 | 106 |
'username': user.username, |
... | ... | |
113 | 112 |
'uuid': role.uuid, |
114 | 113 |
'name': role.name, |
115 | 114 |
'slug': role.slug, |
116 |
} for role in roles],
|
|
115 |
} for role in user_roles.get(user.id, []) if role.ou_id is None or role.ou_id == ou.id],
|
|
117 | 116 |
}) |
118 | 117 |
data.update(BaseUserSerializer(user).data) |
119 | 118 |
# check if user is superuser through a role |
... | ... | |
166 | 165 |
'full': False, |
167 | 166 |
'objects': { |
168 | 167 |
'@type': 'user', |
169 |
'data': [user_to_json(service, user, user_roles)], |
|
168 |
'data': [user_to_json(ou, service, user, user_roles)],
|
|
170 | 169 |
} |
171 | 170 |
}) |
172 | 171 |
else: |
... | ... | |
183 | 182 |
'full': False, |
184 | 183 |
'objects': { |
185 | 184 |
'@type': 'user', |
186 |
'data': [user_to_json(None, user, user_roles) for user in users], |
|
185 |
'data': [user_to_json(ou, None, user, user_roles) for user in users],
|
|
187 | 186 |
} |
188 | 187 |
}) |
189 | 188 |
elif users: |
190 |
- |