0001-provisioning-only-send-user-s-roles-visible-by-the-s.patch
hobo/agent/authentic2/provisionning.py | ||
---|---|---|
98 | 98 |
issuer = unicode(self.get_entity_id()) |
99 | 99 |
if mode == 'provision': |
100 | 100 | |
101 |
def user_to_json(service, user, user_roles): |
|
101 |
def user_to_json(ou, service, user, user_roles):
|
|
102 | 102 |
from authentic2.api_views import BaseUserSerializer |
103 | 103 |
data = {} |
104 |
roles = user.roles_and_parents().prefetch_related('attributes') |
|
104 |
# filter user's roles visible by the service's ou |
|
105 |
roles = [role for role in user_roles.get(user.id, []) |
|
106 |
if (not role.slug.startswith('_') |
|
107 |
and (role.ou_id is None or role.ou_id == ou.id))] |
|
105 | 108 |
data.update({ |
106 | 109 |
'uuid': user.uuid, |
107 | 110 |
'username': user.username, |
... | ... | |
166 | 169 |
'full': False, |
167 | 170 |
'objects': { |
168 | 171 |
'@type': 'user', |
169 |
'data': [user_to_json(service, user, user_roles)], |
|
172 |
'data': [user_to_json(ou, service, user, user_roles)],
|
|
170 | 173 |
} |
171 | 174 |
}) |
172 | 175 |
else: |
... | ... | |
183 | 186 |
'full': False, |
184 | 187 |
'objects': { |
185 | 188 |
'@type': 'user', |
186 |
'data': [user_to_json(None, user, user_roles) for user in users], |
|
189 |
'data': [user_to_json(ou, None, user, user_roles) for user in users],
|
|
187 | 190 |
} |
188 | 191 |
}) |
189 | 192 |
elif users: |
190 |
- |