0001-attributes_ng-restore-setting-superuser-flag-71855.patch
| src/authentic2/app_settings.py | ||
|---|---|---|
| 101 | 101 |
'authentic2.attributes_ng.sources.function', |
| 102 | 102 |
'authentic2.attributes_ng.sources.django_user', |
| 103 | 103 |
'authentic2.attributes_ng.sources.ldap', |
| 104 |
'authentic2.attributes_ng.sources.service_roles', |
|
| 104 | 105 |
), |
| 105 | 106 |
definition='List of attribute backend classes or modules', |
| 106 | 107 |
), |
| src/authentic2/attributes_ng/sources/service_roles.py | ||
|---|---|---|
| 1 |
# authentic2 - versatile identity manager |
|
| 2 |
# Copyright (C) 2010-2019 Entr'ouvert |
|
| 3 |
# |
|
| 4 |
# This program is free software: you can redistribute it and/or modify it |
|
| 5 |
# under the terms of the GNU Affero General Public License as published |
|
| 6 |
# by the Free Software Foundation, either version 3 of the License, or |
|
| 7 |
# (at your option) any later version. |
|
| 8 |
# |
|
| 9 |
# This program is distributed in the hope that it will be useful, |
|
| 10 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 11 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 12 |
# GNU Affero General Public License for more details. |
|
| 13 |
# |
|
| 14 |
# You should have received a copy of the GNU Affero General Public License |
|
| 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
| 16 | ||
| 17 |
from django.utils.translation import gettext_lazy as _ |
|
| 18 | ||
| 19 |
from authentic2.a2_rbac.models import Role |
|
| 20 | ||
| 21 |
from ...decorators import to_list |
|
| 22 | ||
| 23 | ||
| 24 |
@to_list |
|
| 25 |
def get_instances(ctx): |
|
| 26 |
return [None] |
|
| 27 | ||
| 28 | ||
| 29 |
@to_list |
|
| 30 |
def get_attribute_names(instance, ctx): |
|
| 31 |
yield ('is_superuser', 'is_superuser (%s)' % _('role attribute'))
|
|
| 32 | ||
| 33 | ||
| 34 |
def get_dependencies(instance, ctx): |
|
| 35 |
return ( |
|
| 36 |
'user', |
|
| 37 |
'service', |
|
| 38 |
) |
|
| 39 | ||
| 40 | ||
| 41 |
def get_attributes(instance, ctx): |
|
| 42 |
user = ctx.get('user')
|
|
| 43 |
service = ctx.get('service')
|
|
| 44 |
if not user or not service: |
|
| 45 |
return ctx |
|
| 46 |
ctx = ctx.copy() |
|
| 47 |
roles = Role.objects.for_user(user).filter(service=service) |
|
| 48 |
for service_role in roles: |
|
| 49 |
if service_role.is_superuser: |
|
| 50 |
ctx['is_superuser'] = True |
|
| 51 |
return ctx |
|
| tests/test_idp_saml2.py | ||
|---|---|---|
| 954 | 954 |
add_attributes_all.provider.save() |
| 955 | 955 | |
| 956 | 956 |
service_role = Role.objects.create( |
| 957 |
name='Role of service', slug='role-of-service', ou=ou1, service=add_attributes_all.provider |
|
| 957 |
name='Role of service', |
|
| 958 |
slug='role-of-service', |
|
| 959 |
ou=ou1, |
|
| 960 |
service=add_attributes_all.provider, |
|
| 961 |
is_superuser=True, |
|
| 958 | 962 |
) |
| 963 | ||
| 959 | 964 |
user_ou1.roles.add(service_role) |
| 960 | 965 | |
| 966 |
add_attributes_all.get_definitions.return_value.append( |
|
| 967 |
SAMLAttribute(name_format='basic', name='is_superuser', attribute_name='is_superuser'), |
|
| 968 |
) |
|
| 969 | ||
| 961 | 970 |
attributes = add_attributes_all(user_ou1) |
| 962 | 971 |
assert attributes == {
|
| 963 | 972 |
'a2_role_names': {'Role of service', 'role_ou2'},
|
| ... | ... | |
| 992 | 1001 |
'django_user_password': {'abba0b6ff456806bab66baed93e6d9c4'},
|
| 993 | 1002 |
'django_user_username': {'john.doe'},
|
| 994 | 1003 |
'django_user_uuid': {user_ou1.uuid},
|
| 1004 |
'is_superuser': {'true'},
|
|
| 995 | 1005 |
} |
| 996 | 1006 | |
| 997 | 1007 | |
| 998 |
- |
|