0001-provisioning-only-send-user-s-roles-visible-by-the-s.patch
| hobo/agent/authentic2/provisionning.py | ||
|---|---|---|
| 98 | 98 |
issuer = unicode(self.get_entity_id()) |
| 99 | 99 |
if mode == 'provision': |
| 100 | 100 | |
| 101 |
def user_to_json(service, user, user_roles): |
|
| 101 |
def user_to_json(ou, service, user, user_roles):
|
|
| 102 | 102 |
from authentic2.api_views import BaseUserSerializer |
| 103 | 103 |
data = {}
|
| 104 |
roles = user.roles_and_parents().prefetch_related('attributes')
|
|
| 105 | 104 |
data.update({
|
| 106 | 105 |
'uuid': user.uuid, |
| 107 | 106 |
'username': user.username, |
| ... | ... | |
| 113 | 112 |
'uuid': role.uuid, |
| 114 | 113 |
'name': role.name, |
| 115 | 114 |
'slug': role.slug, |
| 116 |
} for role in roles],
|
|
| 115 |
} for role in user_roles.get(user.id, []) if role.ou_id is None or role.ou_id == ou.id],
|
|
| 117 | 116 |
}) |
| 118 | 117 |
data.update(BaseUserSerializer(user).data) |
| 119 | 118 |
# check if user is superuser through a role |
| ... | ... | |
| 166 | 165 |
'full': False, |
| 167 | 166 |
'objects': {
|
| 168 | 167 |
'@type': 'user', |
| 169 |
'data': [user_to_json(service, user, user_roles)], |
|
| 168 |
'data': [user_to_json(ou, service, user, user_roles)],
|
|
| 170 | 169 |
} |
| 171 | 170 |
}) |
| 172 | 171 |
else: |
| ... | ... | |
| 183 | 182 |
'full': False, |
| 184 | 183 |
'objects': {
|
| 185 | 184 |
'@type': 'user', |
| 186 |
'data': [user_to_json(None, user, user_roles) for user in users], |
|
| 185 |
'data': [user_to_json(ou, None, user, user_roles) for user in users],
|
|
| 187 | 186 |
} |
| 188 | 187 |
}) |
| 189 | 188 |
elif users: |
| 190 |
- |
|