0001-provisioning-only-send-user-s-roles-visible-by-the-s.patch
| hobo/agent/authentic2/provisionning.py | ||
|---|---|---|
| 98 | 98 |
issuer = unicode(self.get_entity_id()) |
| 99 | 99 |
if mode == 'provision': |
| 100 | 100 | |
| 101 |
def user_to_json(service, user, user_roles): |
|
| 101 |
def user_to_json(ou, service, user, user_roles):
|
|
| 102 | 102 |
from authentic2.api_views import BaseUserSerializer |
| 103 | 103 |
data = {}
|
| 104 |
roles = user.roles_and_parents().prefetch_related('attributes')
|
|
| 104 |
# filter user's roles visible by the service's ou |
|
| 105 |
roles = [role for role in user_roles.get(user.id, []) |
|
| 106 |
if (not role.slug.startswith('_')
|
|
| 107 |
and (role.ou_id is None or role.ou_id == ou.id))] |
|
| 105 | 108 |
data.update({
|
| 106 | 109 |
'uuid': user.uuid, |
| 107 | 110 |
'username': user.username, |
| ... | ... | |
| 166 | 169 |
'full': False, |
| 167 | 170 |
'objects': {
|
| 168 | 171 |
'@type': 'user', |
| 169 |
'data': [user_to_json(service, user, user_roles)], |
|
| 172 |
'data': [user_to_json(ou, service, user, user_roles)],
|
|
| 170 | 173 |
} |
| 171 | 174 |
}) |
| 172 | 175 |
else: |
| ... | ... | |
| 183 | 186 |
'full': False, |
| 184 | 187 |
'objects': {
|
| 185 | 188 |
'@type': 'user', |
| 186 |
'data': [user_to_json(None, user, user_roles) for user in users], |
|
| 189 |
'data': [user_to_json(ou, None, user, user_roles) for user in users],
|
|
| 187 | 190 |
} |
| 188 | 191 |
}) |
| 189 | 192 |
elif users: |
| 190 |
- |
|