497 |
497 |
assert User.objects.first().roles.count() == 0
|
498 |
498 |
|
499 |
499 |
|
|
500 |
def test_from_slug_set_mandatory_roles(slapd, settings, db):
|
|
501 |
from authentic2.a2_rbac.models import Role
|
|
502 |
|
|
503 |
Role.objects.get_or_create(name='Tech', slug='tech')
|
|
504 |
Role.objects.get_or_create(name='Admin', slug='admin')
|
|
505 |
settings.LDAP_AUTH_SETTINGS = [{
|
|
506 |
'url': [slapd.ldap_url],
|
|
507 |
'basedn': u'o=ôrga',
|
|
508 |
'use_tls': False,
|
|
509 |
'create_group': True,
|
|
510 |
'group_mapping': [
|
|
511 |
[u'cn=group2,o=ôrga', ['Group2']],
|
|
512 |
],
|
|
513 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',
|
|
514 |
'set_mandatory_roles': ['tech', 'admin'],
|
|
515 |
}]
|
|
516 |
|
|
517 |
list(ldap_backend.LDAPBackend.get_users())
|
|
518 |
assert User.objects.first().roles.count() == 2
|
|
519 |
|
|
520 |
|
|
521 |
def test_multiple_slug_set_mandatory_roles(slapd, settings, db):
|
|
522 |
from authentic2.a2_rbac.models import Role
|
|
523 |
|
|
524 |
Role.objects.create(name='foo', slug='tech')
|
|
525 |
Role.objects.create(name='bar', slug='tech')
|
|
526 |
settings.LDAP_AUTH_SETTINGS = [{
|
|
527 |
'url': [slapd.ldap_url],
|
|
528 |
'basedn': u'o=ôrga',
|
|
529 |
'use_tls': False,
|
|
530 |
'create_group': True,
|
|
531 |
'group_mapping': [
|
|
532 |
[u'cn=group2,o=ôrga', ['Group2']],
|
|
533 |
],
|
|
534 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',
|
|
535 |
'set_mandatory_roles': ['tech'],
|
|
536 |
}]
|
|
537 |
|
|
538 |
list(ldap_backend.LDAPBackend.get_users())
|
|
539 |
assert User.objects.first().roles.count() == 0
|
|
540 |
|
|
541 |
|
|
542 |
def test_multiple_name_set_mandatory_roles(slapd, settings, db):
|
|
543 |
from authentic2.a2_rbac.models import Role
|
|
544 |
|
|
545 |
Role.objects.create(name='tech', slug='foo')
|
|
546 |
Role.objects.create(name='tech', slug='bar')
|
|
547 |
settings.LDAP_AUTH_SETTINGS = [{
|
|
548 |
'url': [slapd.ldap_url],
|
|
549 |
'basedn': u'o=ôrga',
|
|
550 |
'use_tls': False,
|
|
551 |
'create_group': True,
|
|
552 |
'group_mapping': [
|
|
553 |
[u'cn=group2,o=ôrga', ['Group2']],
|
|
554 |
],
|
|
555 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',
|
|
556 |
'set_mandatory_roles': ['tech'],
|
|
557 |
}]
|
|
558 |
|
|
559 |
list(ldap_backend.LDAPBackend.get_users())
|
|
560 |
assert User.objects.first().roles.count() == 0
|
|
561 |
|
|
562 |
|
500 |
563 |
@pytest.fixture
|
501 |
564 |
def slapd_strict_acl(slapd):
|
502 |
565 |
# forbid modifications by user themselves
|
503 |
|
-
|