From 2cf1c3e010289629db85040dea5596363d004a6f Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Mon, 21 Oct 2013 23:44:39 +0200 Subject: [PATCH 4/6] qommon.ident.idp: allow customizable rules to set is_admin flag from SAML 2 attributes refs #3852 --- po/fr.po | 13 +++++++++++++ wcs/qommon/ident/idp.ptl | 16 +++++++++++++--- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/po/fr.po b/po/fr.po index 48e2c1c..304916d 100644 --- a/po/fr.po +++ b/po/fr.po @@ -2943,6 +2943,19 @@ msgstr "Clé et certificat du client" msgid "Hide this provider from user lists" msgstr "Cacher ce fournisseur de la liste présentée à l'utilisateur" +#: ../wcs/qommon/ident/idp.ptl:293 +msgid "Administrator attribute matching rules" +msgstr "Règle de correspondance des attributs pour le status administrateur" + +#: ../wcs/qommon/ident/idp.ptl:295 +msgid "" +"First row match attribute names, second is for matching attribute value. If " +"no rule is given, admin flag is never set. Flag is set if any rule match." +msgstr "" +"La première colonne correspond au nom des attributs, la deuxième aux valeurs. " +"Si aucune règle n'est configuré, le status administrateur n'est jamais attribué. " +"Le statut est donné si n'importe laquelle des règles est validée." + #: ../wcs/qommon/ident/idp.ptl:292 ../wcs/qommon/ident/idp.ptl:293 #: ../wcs/qommon/ident/idp.ptl:466 ../wcs/qommon/ident/idp.ptl:467 msgid "New Identity Provider" diff --git a/wcs/qommon/ident/idp.ptl b/wcs/qommon/ident/idp.ptl index 29d9cf6..d0e84d3 100644 --- a/wcs/qommon/ident/idp.ptl +++ b/wcs/qommon/ident/idp.ptl @@ -286,6 +286,15 @@ class AdminIDPDir(Directory): form.add(FileWidget, 'clientcertificate', title = _('Client Key and Certificate')) form.add(CheckboxWidget, 'hide', title = _('Hide this provider from user lists'), required = False, value = instance.get('hide')) + form.add(WidgetDict, 'admin-attributes', + value = instance.get('admin-attributes', { + 'local-admin': 'true', + }), + title=_('Administrator attribute matching rules'), + element_value_type=StringWidget, + hint=_('First row match attribute names, second is for matching ' + 'attribute value. If no rule is given, admin flag is never ' + 'set. Flag is set if any rule match.')) form.add_submit('submit', _('Submit')) return form @@ -293,7 +302,7 @@ class AdminIDPDir(Directory): get_response().breadcrumb.append(('new', _('New'))) form = self.get_form() - if not form.is_submitted() or form.has_errors(): + if not ('submit' in get_request().form and form.is_submitted()) or form.has_errors(): admin_html_top('settings', title = _('New Identity Provider')) '

%s

' % _('New Identity Provider') form.render() @@ -351,7 +360,8 @@ class AdminIDPDir(Directory): 'cacertchain': cacertchain_fn, 'clientcertificate': clientcertificate_fn, } - cfg_idp[key_provider_id]['hide'] = form.get_widget('hide').parse() + for key in ('hide', 'admin-attributes'): + cfg_idp[key_provider_id][key] = form.get_widget(key).parse() idp = cfg_idp[key_provider_id] p = lasso.Provider(lasso.PROVIDER_ROLE_IDP, misc.get_abs_path(idp['metadata']), @@ -570,7 +580,7 @@ class AdminIDPUI(Directory): def edit [html] (self): form = AdminIDPDir.get_form(self.idp) - if not form.is_submitted() or form.has_errors(): + if not ('submit' in get_request().form and form.is_submitted()) or form.has_errors(): admin_html_top('settings', title = _('Edit Identity Provider')) '

%s

' % _('Edit Identity Provider') form.render() -- 1.7.10.4