Projet

Général

Profil

0001-misc-remove-compatibility-code-with-old-authentic-ve.patch

Valentin Deniaud, 05 décembre 2022 12:32

Télécharger (9,05 ko)

Voir les différences:

Subject: [PATCH] misc: remove compatibility code with old authentic version
 (#72027)

 hobo/agent/authentic2/apps.py                 |  7 +--
 .../management/commands/hobo_deploy.py        | 17 ++----
 .../management/commands/hobo_provision.py     | 12 +---
 hobo/agent/authentic2/provisionning.py        | 59 +++----------------
 4 files changed, 15 insertions(+), 80 deletions(-)
hobo/agent/authentic2/apps.py
14 14
# You should have received a copy of the GNU Affero General Public License
15 15
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
16 16

  
17
from authentic2.a2_rbac.signals import post_soft_create, post_soft_delete
17 18
from django.apps import AppConfig
18 19
from django.conf import settings
19 20
from django.db.models.signals import m2m_changed, post_save, pre_delete, pre_save
20 21

  
21
try:
22
    from authentic2.a2_rbac.signals import post_soft_create, post_soft_delete
23
except ImportError:
24
    # legacy
25
    from django_rbac.signals import post_soft_create, post_soft_delete
26

  
27 22

  
28 23
class Plugin:
29 24
    def get_before_urls(self):
hobo/agent/authentic2/management/commands/hobo_deploy.py
21 21
from hobo.agent.authentic2.provisionning import Provisionning
22 22
from hobo.agent.common.management.commands import hobo_deploy
23 23

  
24
try:
25
    from authentic2.a2_rbac.models import RoleAttribute
26

  
27
    has_role_attributes = True
28
except ImportError:
29
    has_role_attributes = False
30

  
31

  
32 24
User = get_user_model()
33 25

  
34 26

  
......
233 225
                    if su_role.name != name:
234 226
                        su_role.name = name
235 227
                        su_role.save()
236
                    if has_role_attributes:
237
                        su_role.attributes.get_or_create(name='is_superuser', kind='string', value='true')
238
                    else:
239
                        su_role.is_superuser = True
240
                        su_role.save()
228

  
229
                    su_role.is_superuser = True
230
                    su_role.save()
231

  
241 232
                    # pass the new attribute to the service
242 233
                    SAMLAttribute.objects.get_or_create(
243 234
                        name='is_superuser',
hobo/agent/authentic2/management/commands/hobo_provision.py
6 6

  
7 7
from hobo.agent.authentic2.provisionning import Provisionning
8 8

  
9
try:
10
    from authentic2.a2_rbac.models import RoleAttribute
11

  
12
    has_role_attributes = True
13
except ImportError:
14
    has_role_attributes = False
15

  
16 9

  
17 10
class Command(BaseCommand):
18 11
    help = 'Provision all roles or users'
......
68 61
                if users:
69 62
                    time.sleep(batch_sleep)
70 63

  
71
        if has_role_attributes:
72
            roles_with_attributes = Role.objects.filter(attributes__name='is_superuser').children()
73
        else:
74
            roles_with_attributes = Role.objects.filter(is_superuser=True).children()
64
        roles_with_attributes = Role.objects.filter(is_superuser=True).children()
75 65
        # first those without and admin attribute
76 66
        normal_users = qs.exclude(roles__in=roles_with_attributes)
77 67

  
hobo/agent/authentic2/provisionning.py
20 20
from hobo.agent.common import notify_agents
21 21
from hobo.signature import sign_url
22 22

  
23
try:
24
    from authentic2.a2_rbac.models import RoleAttribute
25
except ImportError:
26

  
27
    class RoleAttribute:
28
        dummy = True
29

  
30

  
31 23
User = get_user_model()
32 24

  
33 25
logger = logging.getLogger(__name__)
......
190 182
                    for role in user_roles.get(user.id, []):
191 183
                        if role.service_id != service.pk:
192 184
                            continue
193
                        if hasattr(RoleAttribute, 'dummy'):
194
                            role_is_superuser = role.is_superuser
195
                        else:
196
                            for attribute in role.attributes.all():
197
                                if attribute.name == 'is_superuser' and attribute.value == 'true':
198
                                    role_is_superuser = True
185
                        role_is_superuser = role.is_superuser
199 186
                data['is_superuser'] = user.is_superuser or role_is_superuser
200 187
                return data
201 188

  
202 189
            # Find roles giving a superuser attribute
203 190
            # If there is any role of this kind, we do one provisionning message for each user and
204 191
            # each service.
205
            if hasattr(RoleAttribute, 'dummy'):
206
                roles_with_attributes = (
207
                    Role.objects.filter(members__in=users)
208
                    .parents(include_self=True)
209
                    .filter(is_superuser=True)
210
                    .exists()
211
                )
212
            else:
213
                roles_with_attributes = (
214
                    Role.objects.filter(members__in=users)
215
                    .parents(include_self=True)
216
                    .filter(attributes__name='is_superuser')
217
                    .exists()
218
                )
192
            roles_with_attributes = (
193
                Role.objects.filter(members__in=users)
194
                .parents(include_self=True)
195
                .filter(is_superuser=True)
196
                .exists()
197
            )
219 198

  
220 199
            all_roles = Role.objects.all()
221
            if not hasattr(RoleAttribute, 'dummy'):
222
                all_roles = all_roles.prefetch_related('attributes')
223 200
            roles = {r.id: r for r in all_roles}
224 201
            user_roles = {}
225 202
            parents = {}
......
317 294
            )
318 295

  
319 296
        roles = {role for role in roles if not is_forbidden_technical_role(role)}
320
        if mode == 'provision' and not hasattr(RoleAttribute, 'dummy'):
321
            self.complete_roles(roles)
322 297

  
323 298
        if not roles:
324 299
            return
......
422 397
            qs = LibertyProvider.objects.filter(ou__isnull=True)
423 398
        return [(service, service.entity_id) for service in qs]
424 399

  
425
    def complete_roles(self, roles):
426
        for role in roles:
427
            role.emails = []
428
            role.emails_to_members = True
429
            role.details = ''
430
            for attribute in role.attributes.all():
431
                if attribute.name in ('emails', 'emails_to_members', 'details') and attribute.kind == 'json':
432
                    setattr(role, attribute.name, json.loads(attribute.value))
433

  
434 400
    def get_entity_id(self):
435 401
        tenant = getattr(connection, 'tenant', None)
436 402
        assert tenant
......
443 409
        # we skip new instances
444 410
        if not instance.pk:
445 411
            return
446
        if not isinstance(instance, (User, Role, RoleAttribute, AttributeValue)):
412
        if not isinstance(instance, (User, Role, AttributeValue)):
447 413
            return
448 414
        # ignore last_login update on login
449 415
        if isinstance(instance, User) and (update_fields and set(update_fields) == {'last_login'}):
450 416
            return
451
        if isinstance(instance, RoleAttribute):
452
            instance = instance.role
453 417
        elif isinstance(instance, AttributeValue):
454 418
            if not isinstance(instance.owner, User):
455 419
                return
......
465 429
            return
466 430
        if not created:
467 431
            return
468
        if not isinstance(instance, (User, Role, RoleAttribute, AttributeValue)):
432
        if not isinstance(instance, (User, Role, AttributeValue)):
469 433
            return
470
        if isinstance(instance, RoleAttribute):
471
            instance = instance.role
472 434
        elif isinstance(instance, AttributeValue):
473 435
            if not isinstance(instance.owner, User):
474 436
                return
......
480 442
            return
481 443
        if isinstance(instance, (User, Role)):
482 444
            self.add_deleted(copy.copy(instance))
483
        elif isinstance(instance, RoleAttribute):
484
            instance = instance.role
485
            self.add_saved(instance)
486 445
        elif isinstance(instance, AttributeValue):
487 446
            if not isinstance(instance.owner, User):
488 447
                return
489
-