32 |
32 |
from django.utils import timezone
|
33 |
33 |
from django.utils.six.moves.urllib import parse as urlparse
|
34 |
34 |
|
|
35 |
from authentic2.models import Service
|
35 |
36 |
from authentic2.a2_rbac.utils import get_default_ou
|
36 |
37 |
from django_rbac.utils import get_ou_model
|
37 |
38 |
from authentic2.backends import ldap_backend
|
... | ... | |
497 |
498 |
assert User.objects.first().roles.count() == 0
|
498 |
499 |
|
499 |
500 |
|
|
501 |
def test_from_slug_set_mandatory_roles(slapd, settings, db):
|
|
502 |
from authentic2.a2_rbac.models import Role
|
|
503 |
|
|
504 |
Role.objects.get_or_create(name='Tech', slug='tech')
|
|
505 |
Role.objects.get_or_create(name='Admin', slug='admin')
|
|
506 |
settings.LDAP_AUTH_SETTINGS = [{
|
|
507 |
'url': [slapd.ldap_url],
|
|
508 |
'basedn': u'o=ôrga',
|
|
509 |
'use_tls': False,
|
|
510 |
'create_group': True,
|
|
511 |
'group_mapping': [
|
|
512 |
[u'cn=group2,o=ôrga', ['Group2']],
|
|
513 |
],
|
|
514 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',
|
|
515 |
'set_mandatory_roles': ['tech', 'admin'],
|
|
516 |
}]
|
|
517 |
|
|
518 |
list(ldap_backend.LDAPBackend.get_users())
|
|
519 |
assert User.objects.first().roles.count() == 2
|
|
520 |
|
|
521 |
|
|
522 |
def test_multiple_slug_set_mandatory_roles(slapd, settings, db):
|
|
523 |
from authentic2.a2_rbac.models import Role
|
|
524 |
|
|
525 |
service1 = Service.objects.create(name='s1', slug='s1')
|
|
526 |
service2 = Service.objects.create(name='s2', slug='s2')
|
|
527 |
Role.objects.create(name='foo', slug='tech', service=service1)
|
|
528 |
Role.objects.create(name='bar', slug='tech', service=service2)
|
|
529 |
settings.LDAP_AUTH_SETTINGS = [{
|
|
530 |
'url': [slapd.ldap_url],
|
|
531 |
'basedn': u'o=ôrga',
|
|
532 |
'use_tls': False,
|
|
533 |
'create_group': True,
|
|
534 |
'group_mapping': [
|
|
535 |
[u'cn=group2,o=ôrga', ['Group2']],
|
|
536 |
],
|
|
537 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',
|
|
538 |
'set_mandatory_roles': ['tech'],
|
|
539 |
}]
|
|
540 |
|
|
541 |
list(ldap_backend.LDAPBackend.get_users())
|
|
542 |
assert User.objects.first().roles.count() == 0
|
|
543 |
|
|
544 |
|
|
545 |
def test_multiple_name_set_mandatory_roles(slapd, settings, db):
|
|
546 |
from authentic2.a2_rbac.models import Role
|
|
547 |
|
|
548 |
OU = get_ou_model()
|
|
549 |
ou1 = OU.objects.create(name='test1', slug='test1')
|
|
550 |
ou2 = OU.objects.create(name='test2', slug='test2')
|
|
551 |
Role.objects.create(name='tech', slug='foo', ou=ou1)
|
|
552 |
Role.objects.create(name='tech', slug='bar', ou=ou2)
|
|
553 |
settings.LDAP_AUTH_SETTINGS = [{
|
|
554 |
'url': [slapd.ldap_url],
|
|
555 |
'basedn': u'o=ôrga',
|
|
556 |
'use_tls': False,
|
|
557 |
'create_group': True,
|
|
558 |
'group_mapping': [
|
|
559 |
[u'cn=group2,o=ôrga', ['Group2']],
|
|
560 |
],
|
|
561 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',
|
|
562 |
'set_mandatory_roles': ['tech'],
|
|
563 |
}]
|
|
564 |
|
|
565 |
list(ldap_backend.LDAPBackend.get_users())
|
|
566 |
assert User.objects.first().roles.count() == 0
|
|
567 |
|
|
568 |
|
500 |
569 |
@pytest.fixture
|
501 |
570 |
def slapd_strict_acl(slapd):
|
502 |
571 |
# forbid modifications by user themselves
|
503 |
|
-
|