0001-authentic2-use-direct-imports-for-rbac-models-70963.patch
hobo/agent/authentic2/management/commands/hobo_deploy.py | ||
---|---|---|
5 | 5 | |
6 | 6 |
import requests |
7 | 7 |
from authentic2 import app_settings |
8 |
from authentic2.a2_rbac.models import OrganizationalUnit, Role |
|
8 | 9 |
from authentic2.a2_rbac.utils import get_default_ou |
9 | 10 |
from authentic2.compat_lasso import lasso |
10 | 11 |
from authentic2.models import Attribute |
... | ... | |
15 | 16 |
from django.core import serializers |
16 | 17 |
from django.utils.translation import activate |
17 | 18 |
from django.utils.translation import ugettext as _ |
18 |
from django_rbac.utils import get_ou_model, get_role_model |
|
19 | 19 |
from tenant_schemas.utils import tenant_context |
20 | 20 | |
21 | 21 |
from hobo.agent.authentic2.provisionning import Provisionning |
... | ... | |
185 | 185 |
provider.metadata_url = service['saml-sp-metadata-url'] |
186 | 186 |
variables = service.get('variables', {}) |
187 | 187 |
if variables.get('ou-slug'): |
188 |
ou, created = get_ou_model().objects.get_or_create(
|
|
188 |
ou, created = OrganizationalUnit.objects.get_or_create(
|
|
189 | 189 |
slug=service['variables']['ou-slug'] |
190 | 190 |
) |
191 | 191 |
ou.name = service['variables']['ou-label'] |
... | ... | |
208 | 208 |
create_ou = True |
209 | 209 |
break |
210 | 210 |
if create_ou: |
211 |
ou, created = get_ou_model().objects.get_or_create(name=service['title'])
|
|
211 |
ou, created = OrganizationalUnit.objects.get_or_create(name=service['title'])
|
|
212 | 212 |
if service_created or not provider.ou: |
213 | 213 |
provider.ou = ou |
214 | 214 |
provision_target_ous[provider.ou.id] = provider.ou |
... | ... | |
226 | 226 |
service_provider.save() |
227 | 227 | |
228 | 228 |
# add a superuser role for the service |
229 |
Role = get_role_model() |
|
230 | 229 |
name = _('Superuser of %s') % service['title'] |
231 | 230 |
su_role, created = Role.objects.get_or_create( |
232 | 231 |
service=provider, slug='_a2-hobo-superuser', defaults={'name': name} |
... | ... | |
272 | 271 |
if provision_target_ous: |
273 | 272 |
# mass provision roles on new created services |
274 | 273 |
engine = Provisionning() |
275 |
roles = get_role_model().objects.all()
|
|
274 |
roles = Role.objects.all()
|
|
276 | 275 |
engine.notify_roles(provision_target_ous, roles, full=True) |
277 | 276 | |
278 | 277 |
for service in services: |
... | ... | |
298 | 297 |
if not os.path.exists(roles_filename): |
299 | 298 |
self.logger.debug('no skeleton roles: roles file %r does not ' 'exist', roles_filename) |
300 | 299 |
return |
301 |
Role = get_role_model() |
|
302 | 300 |
if Role.objects.filter(ou=provider.ou).exclude(slug__startswith='_').exists(): |
303 | 301 |
return |
304 | 302 |
roles = [] |
hobo/agent/authentic2/management/commands/hobo_provision.py | ||
---|---|---|
1 | 1 |
import time |
2 | 2 | |
3 |
from authentic2.a2_rbac.models import OrganizationalUnit, Role |
|
3 | 4 |
from django.contrib.auth import get_user_model |
4 | 5 |
from django.core.management.base import BaseCommand |
5 |
from django_rbac.utils import get_ou_model, get_role_model |
|
6 | 6 | |
7 | 7 |
from hobo.agent.authentic2.provisionning import Provisionning |
8 | 8 | |
... | ... | |
26 | 26 |
def handle(self, *args, **options): |
27 | 27 |
self.verbosity = options['verbosity'] |
28 | 28 |
engine = Provisionning() |
29 |
ous = {ou.id: ou for ou in get_ou_model().objects.all()}
|
|
29 |
ous = {ou.id: ou for ou in OrganizationalUnit.objects.all()}
|
|
30 | 30 | |
31 | 31 |
if options['roles']: |
32 | 32 |
self.provision_roles(engine, ous) |
... | ... | |
43 | 43 |
self.stdout.write('Done.') |
44 | 44 | |
45 | 45 |
def provision_roles(self, engine, ous): |
46 |
roles = get_role_model().objects.all()
|
|
46 |
roles = Role.objects.all()
|
|
47 | 47 |
if self.verbosity > 0: |
48 | 48 |
self.stdout.write(f'Provisionning {roles.count()} roles.') |
49 | 49 |
engine.notify_roles(ous, roles, full=True) |
... | ... | |
69 | 69 |
time.sleep(batch_sleep) |
70 | 70 | |
71 | 71 |
if has_role_attributes: |
72 |
roles_with_attributes = ( |
|
73 |
get_role_model().objects.filter(attributes__name='is_superuser').children() |
|
74 |
) |
|
72 |
roles_with_attributes = Role.objects.filter(attributes__name='is_superuser').children() |
|
75 | 73 |
else: |
76 |
roles_with_attributes = get_role_model().objects.filter(is_superuser=True).children()
|
|
74 |
roles_with_attributes = Role.objects.filter(is_superuser=True).children()
|
|
77 | 75 |
# first those without and admin attribute |
78 | 76 |
normal_users = qs.exclude(roles__in=roles_with_attributes) |
79 | 77 |
hobo/agent/authentic2/provisionning.py | ||
---|---|---|
7 | 7 |
from itertools import chain, islice |
8 | 8 | |
9 | 9 |
import requests |
10 |
from authentic2.a2_rbac.models import OrganizationalUnit as OU |
|
11 |
from authentic2.a2_rbac.models import Role, RoleParenting |
|
10 | 12 |
from authentic2.models import AttributeValue |
11 | 13 |
from authentic2.saml.models import LibertyProvider |
12 | 14 |
from django.conf import settings |
... | ... | |
14 | 16 |
from django.db import connection, transaction |
15 | 17 |
from django.urls import reverse |
16 | 18 |
from django.utils.encoding import force_text |
17 |
from django_rbac.utils import get_ou_model, get_role_model, get_role_parenting_model |
|
18 | 19 | |
19 | 20 |
from hobo.agent.common import notify_agents |
20 | 21 |
from hobo.signature import sign_url |
... | ... | |
28 | 29 | |
29 | 30 | |
30 | 31 |
User = get_user_model() |
31 |
Role = get_role_model() |
|
32 |
OU = get_ou_model() |
|
33 |
RoleParenting = get_role_parenting_model() |
|
34 | 32 | |
35 | 33 |
logger = logging.getLogger(__name__) |
36 | 34 |
tests_authentic/test_provisionning.py | ||
---|---|---|
5 | 5 |
import lasso |
6 | 6 |
import pytest |
7 | 7 |
import requests |
8 |
from authentic2.a2_rbac.models import Role, RoleAttribute |
|
8 |
from authentic2.a2_rbac.models import OrganizationalUnit, Role, RoleAttribute
|
|
9 | 9 |
from authentic2.a2_rbac.utils import get_default_ou |
10 | 10 |
from authentic2.models import Attribute, AttributeValue |
11 | 11 |
from authentic2.saml.models import LibertyProvider |
12 | 12 |
from django.contrib.auth import get_user_model |
13 | 13 |
from django.core.management import call_command |
14 |
from django_rbac.utils import get_ou_model |
|
15 | 14 |
from tenant_schemas.utils import tenant_context |
16 | 15 | |
17 | 16 |
from hobo import signature |
... | ... | |
249 | 248 | |
250 | 249 |
# test a service in a second OU also get the provisionning message |
251 | 250 |
notify_agents.reset_mock() |
252 |
ou2 = get_ou_model().objects.create(name='ou2', slug='ou2')
|
|
251 |
ou2 = OrganizationalUnit.objects.create(name='ou2', slug='ou2')
|
|
253 | 252 |
LibertyProvider.objects.create( |
254 | 253 |
ou=ou2, |
255 | 254 |
name='provider2', |
... | ... | |
482 | 481 |
assert o['is_superuser'] is False |
483 | 482 | |
484 | 483 |
notify_agents.reset_mock() |
485 |
ou2 = get_ou_model().objects.create(name='ou2', slug='ou2')
|
|
484 |
ou2 = OrganizationalUnit.objects.create(name='ou2', slug='ou2')
|
|
486 | 485 |
LibertyProvider.objects.create( |
487 | 486 |
ou=get_default_ou(), |
488 | 487 |
name='provider2', |
489 |
- |