0001-attributes_ng-restore-setting-superuser-flag-71855.patch
src/authentic2/app_settings.py | ||
---|---|---|
101 | 101 |
'authentic2.attributes_ng.sources.function', |
102 | 102 |
'authentic2.attributes_ng.sources.django_user', |
103 | 103 |
'authentic2.attributes_ng.sources.ldap', |
104 |
'authentic2.attributes_ng.sources.service_roles', |
|
104 | 105 |
), |
105 | 106 |
definition='List of attribute backend classes or modules', |
106 | 107 |
), |
src/authentic2/attributes_ng/sources/service_roles.py | ||
---|---|---|
1 |
# authentic2 - versatile identity manager |
|
2 |
# Copyright (C) 2010-2019 Entr'ouvert |
|
3 |
# |
|
4 |
# This program is free software: you can redistribute it and/or modify it |
|
5 |
# under the terms of the GNU Affero General Public License as published |
|
6 |
# by the Free Software Foundation, either version 3 of the License, or |
|
7 |
# (at your option) any later version. |
|
8 |
# |
|
9 |
# This program is distributed in the hope that it will be useful, |
|
10 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
11 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
12 |
# GNU Affero General Public License for more details. |
|
13 |
# |
|
14 |
# You should have received a copy of the GNU Affero General Public License |
|
15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
16 | ||
17 |
from django.utils.translation import gettext_lazy as _ |
|
18 | ||
19 |
from authentic2.a2_rbac.models import Role |
|
20 | ||
21 |
from ...decorators import to_list |
|
22 | ||
23 | ||
24 |
@to_list |
|
25 |
def get_instances(ctx): |
|
26 |
return [None] |
|
27 | ||
28 | ||
29 |
@to_list |
|
30 |
def get_attribute_names(instance, ctx): |
|
31 |
yield ('is_superuser', 'is_superuser (%s)' % _('role attribute')) |
|
32 | ||
33 | ||
34 |
def get_dependencies(instance, ctx): |
|
35 |
return ( |
|
36 |
'user', |
|
37 |
'service', |
|
38 |
) |
|
39 | ||
40 | ||
41 |
def get_attributes(instance, ctx): |
|
42 |
user = ctx.get('user') |
|
43 |
service = ctx.get('service') |
|
44 |
if not user or not service: |
|
45 |
return ctx |
|
46 |
ctx = ctx.copy() |
|
47 |
roles = Role.objects.for_user(user).filter(service=service) |
|
48 |
for service_role in roles: |
|
49 |
if service_role.is_superuser: |
|
50 |
ctx['is_superuser'] = True |
|
51 |
return ctx |
tests/test_idp_saml2.py | ||
---|---|---|
954 | 954 |
add_attributes_all.provider.save() |
955 | 955 | |
956 | 956 |
service_role = Role.objects.create( |
957 |
name='Role of service', slug='role-of-service', ou=ou1, service=add_attributes_all.provider |
|
957 |
name='Role of service', |
|
958 |
slug='role-of-service', |
|
959 |
ou=ou1, |
|
960 |
service=add_attributes_all.provider, |
|
961 |
is_superuser=True, |
|
958 | 962 |
) |
963 | ||
959 | 964 |
user_ou1.roles.add(service_role) |
960 | 965 | |
966 |
add_attributes_all.get_definitions.return_value.append( |
|
967 |
SAMLAttribute(name_format='basic', name='is_superuser', attribute_name='is_superuser'), |
|
968 |
) |
|
969 | ||
961 | 970 |
attributes = add_attributes_all(user_ou1) |
962 | 971 |
assert attributes == { |
963 | 972 |
'a2_role_names': {'Role of service', 'role_ou2'}, |
... | ... | |
992 | 1001 |
'django_user_password': {'abba0b6ff456806bab66baed93e6d9c4'}, |
993 | 1002 |
'django_user_username': {'john.doe'}, |
994 | 1003 |
'django_user_uuid': {user_ou1.uuid}, |
1004 |
'is_superuser': {'true'}, |
|
995 | 1005 |
} |
996 | 1006 | |
997 | 1007 | |
998 |
- |